diff options
-rw-r--r-- | libcli/auth/credentials.c | 47 | ||||
-rw-r--r-- | libcli/auth/proto.h | 3 |
2 files changed, 44 insertions, 6 deletions
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index d5bf1a6387..9d3df9f523 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -485,9 +485,10 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState } } -void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds, - uint16_t validation_level, - union netr_Validation *validation) +static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_CredentialState *creds, + uint16_t validation_level, + union netr_Validation *validation, + bool encrypt) { static const char zeros[16]; @@ -524,16 +525,29 @@ void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_Credential /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */ if (memcmp(base->key.key, zeros, sizeof(base->key.key)) != 0) { - netlogon_creds_aes_decrypt(creds, + if (encrypt) { + netlogon_creds_aes_encrypt(creds, + base->key.key, + sizeof(base->key.key)); + } else { + netlogon_creds_aes_decrypt(creds, base->key.key, sizeof(base->key.key)); + } } if (memcmp(base->LMSessKey.key, zeros, sizeof(base->LMSessKey.key)) != 0) { - netlogon_creds_aes_decrypt(creds, + if (encrypt) { + netlogon_creds_aes_encrypt(creds, base->LMSessKey.key, sizeof(base->LMSessKey.key)); + + } else { + netlogon_creds_aes_decrypt(creds, + base->LMSessKey.key, + sizeof(base->LMSessKey.key)); + } } } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */ @@ -554,12 +568,33 @@ void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_Credential /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */ if (memcmp(base->LMSessKey.key, zeros, sizeof(base->LMSessKey.key)) != 0) { - netlogon_creds_des_decrypt_LMKey(creds, + if (encrypt) { + netlogon_creds_des_encrypt_LMKey(creds, &base->LMSessKey); + } else { + netlogon_creds_des_decrypt_LMKey(creds, + &base->LMSessKey); + } } } } +void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds, + uint16_t validation_level, + union netr_Validation *validation) +{ + return netlogon_creds_crypt_samlogon_validation(creds, validation_level, + validation, false); +} + +void netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds, + uint16_t validation_level, + union netr_Validation *validation) +{ + return netlogon_creds_crypt_samlogon_validation(creds, validation_level, + validation, true); +} + /* copy a netlogon_creds_CredentialState struct */ diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h index 15900d470b..89a732e052 100644 --- a/libcli/auth/proto.h +++ b/libcli/auth/proto.h @@ -60,6 +60,9 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds, uint16_t validation_level, union netr_Validation *validation); +void netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds, + uint16_t validation_level, + union netr_Validation *validation); /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/session.c */ |