From 301f69b0ca72e55556ac2c7b5fbf940821b41766 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 14 Dec 2012 14:18:40 +0100 Subject: libcli/auth: add netlogon_creds_encrypt_samlogon_validation(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Andrew Bartlett --- libcli/auth/credentials.c | 47 +++++++++++++++++++++++++++++++++++++++++------ libcli/auth/proto.h | 3 +++ 2 files changed, 44 insertions(+), 6 deletions(-) (limited to 'libcli/auth') diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index d5bf1a6387..9d3df9f523 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -485,9 +485,10 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState } } -void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds, - uint16_t validation_level, - union netr_Validation *validation) +static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_CredentialState *creds, + uint16_t validation_level, + union netr_Validation *validation, + bool encrypt) { static const char zeros[16]; @@ -524,16 +525,29 @@ void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_Credential /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */ if (memcmp(base->key.key, zeros, sizeof(base->key.key)) != 0) { - netlogon_creds_aes_decrypt(creds, + if (encrypt) { + netlogon_creds_aes_encrypt(creds, + base->key.key, + sizeof(base->key.key)); + } else { + netlogon_creds_aes_decrypt(creds, base->key.key, sizeof(base->key.key)); + } } if (memcmp(base->LMSessKey.key, zeros, sizeof(base->LMSessKey.key)) != 0) { - netlogon_creds_aes_decrypt(creds, + if (encrypt) { + netlogon_creds_aes_encrypt(creds, base->LMSessKey.key, sizeof(base->LMSessKey.key)); + + } else { + netlogon_creds_aes_decrypt(creds, + base->LMSessKey.key, + sizeof(base->LMSessKey.key)); + } } } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */ @@ -554,12 +568,33 @@ void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_Credential /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */ if (memcmp(base->LMSessKey.key, zeros, sizeof(base->LMSessKey.key)) != 0) { - netlogon_creds_des_decrypt_LMKey(creds, + if (encrypt) { + netlogon_creds_des_encrypt_LMKey(creds, &base->LMSessKey); + } else { + netlogon_creds_des_decrypt_LMKey(creds, + &base->LMSessKey); + } } } } +void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds, + uint16_t validation_level, + union netr_Validation *validation) +{ + return netlogon_creds_crypt_samlogon_validation(creds, validation_level, + validation, false); +} + +void netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds, + uint16_t validation_level, + union netr_Validation *validation) +{ + return netlogon_creds_crypt_samlogon_validation(creds, validation_level, + validation, true); +} + /* copy a netlogon_creds_CredentialState struct */ diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h index 15900d470b..89a732e052 100644 --- a/libcli/auth/proto.h +++ b/libcli/auth/proto.h @@ -60,6 +60,9 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds, uint16_t validation_level, union netr_Validation *validation); +void netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds, + uint16_t validation_level, + union netr_Validation *validation); /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/session.c */ -- cgit