diff options
-rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 28 |
1 files changed, 6 insertions, 22 deletions
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index d463e85af1..5cc3b34dbf 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -629,29 +629,15 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal user_info = talloc_zero(mem_ctx, struct auth_usersupplied_info); NT_STATUS_HAVE_NO_MEMORY(user_info); + netlogon_creds_decrypt_samlogon_logon(creds, + r->in.logon_level, + r->in.logon); + switch (r->in.logon_level) { case NetlogonInteractiveInformation: case NetlogonServiceInformation: case NetlogonInteractiveTransitiveInformation: case NetlogonServiceTransitiveInformation: - if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { - netlogon_creds_aes_decrypt(creds, - r->in.logon->password->lmpassword.hash, - sizeof(r->in.logon->password->lmpassword.hash)); - netlogon_creds_aes_decrypt(creds, - r->in.logon->password->ntpassword.hash, - sizeof(r->in.logon->password->ntpassword.hash)); - } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { - netlogon_creds_arcfour_crypt(creds, - r->in.logon->password->lmpassword.hash, - sizeof(r->in.logon->password->lmpassword.hash)); - netlogon_creds_arcfour_crypt(creds, - r->in.logon->password->ntpassword.hash, - sizeof(r->in.logon->password->ntpassword.hash)); - } else { - netlogon_creds_des_decrypt(creds, &r->in.logon->password->lmpassword); - netlogon_creds_des_decrypt(creds, &r->in.logon->password->ntpassword); - } /* TODO: we need to deny anonymous access here */ nt_status = auth_context_create(mem_ctx, @@ -705,11 +691,9 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal case NetlogonGenericInformation: { if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { - netlogon_creds_aes_decrypt(creds, - r->in.logon->generic->data, r->in.logon->generic->length); + /* OK */ } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { - netlogon_creds_arcfour_crypt(creds, - r->in.logon->generic->data, r->in.logon->generic->length); + /* OK */ } else { /* Using DES to verify kerberos tickets makes no sense */ return NT_STATUS_INVALID_PARAMETER; |