diff options
-rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index b6182d31c6..1451e17464 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -604,8 +604,10 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call, } /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */ - if (memcmp(sam->key.key, zeros, - sizeof(sam->key.key)) != 0) { + /* It appears that level 6 is not individually encrypted */ + if ((r->in.validation_level != 6) + && memcmp(sam->key.key, zeros, + sizeof(sam->key.key)) != 0) { creds_arcfour_crypt(pipe_state->creds, sam->key.key, sizeof(sam->key.key)); @@ -619,8 +621,10 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call, } /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */ - if (memcmp(sam->LMSessKey.key, zeros, - sizeof(sam->LMSessKey.key)) != 0) { + /* It appears that level 6 is not individually encrypted */ + if ((r->in.validation_level != 6) + && memcmp(sam->LMSessKey.key, zeros, + sizeof(sam->LMSessKey.key)) != 0) { creds_arcfour_crypt(pipe_state->creds, sam->LMSessKey.key, sizeof(sam->LMSessKey.key)); |