diff options
Diffstat (limited to 'libcli/auth')
-rw-r--r-- | libcli/auth/credentials.c | 9 | ||||
-rw-r--r-- | libcli/auth/proto.h | 6 |
2 files changed, 9 insertions, 6 deletions
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index 63407e7988..d5bf1a6387 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -485,9 +485,9 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState } } -void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *creds, - uint16_t validation_level, - union netr_Validation *validation) +void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds, + uint16_t validation_level, + union netr_Validation *validation) { static const char zeros[16]; @@ -521,6 +521,7 @@ void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *cred if (validation_level == 6) { /* they aren't encrypted! */ } else if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { + /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */ if (memcmp(base->key.key, zeros, sizeof(base->key.key)) != 0) { netlogon_creds_aes_decrypt(creds, @@ -535,6 +536,7 @@ void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *cred sizeof(base->LMSessKey.key)); } } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { + /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */ if (memcmp(base->key.key, zeros, sizeof(base->key.key)) != 0) { netlogon_creds_arcfour_crypt(creds, @@ -549,6 +551,7 @@ void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *cred sizeof(base->LMSessKey.key)); } } else { + /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */ if (memcmp(base->LMSessKey.key, zeros, sizeof(base->LMSessKey.key)) != 0) { netlogon_creds_des_decrypt_LMKey(creds, diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h index b9d91d04ea..15900d470b 100644 --- a/libcli/auth/proto.h +++ b/libcli/auth/proto.h @@ -57,9 +57,9 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState *creds, struct netr_Authenticator *received_authenticator, struct netr_Authenticator *return_authenticator) ; -void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *creds, - uint16_t validation_level, - union netr_Validation *validation) ; +void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds, + uint16_t validation_level, + union netr_Validation *validation); /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/session.c */ |