From 563cc67ac65c2061971c4b02ac7037e00f1f9ae8 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 14 Dec 2012 14:17:22 +0100 Subject: libcli/auth: rename netlogon_creds_decrypt_samlogon() to netlogon_creds_decrypt_samlogon_validation(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Andrew Bartlett --- libcli/auth/credentials.c | 9 ++++++--- libcli/auth/proto.h | 6 +++--- 2 files changed, 9 insertions(+), 6 deletions(-) (limited to 'libcli/auth') diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index 63407e7988..d5bf1a6387 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -485,9 +485,9 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState } } -void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *creds, - uint16_t validation_level, - union netr_Validation *validation) +void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds, + uint16_t validation_level, + union netr_Validation *validation) { static const char zeros[16]; @@ -521,6 +521,7 @@ void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *cred if (validation_level == 6) { /* they aren't encrypted! */ } else if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { + /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */ if (memcmp(base->key.key, zeros, sizeof(base->key.key)) != 0) { netlogon_creds_aes_decrypt(creds, @@ -535,6 +536,7 @@ void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *cred sizeof(base->LMSessKey.key)); } } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { + /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */ if (memcmp(base->key.key, zeros, sizeof(base->key.key)) != 0) { netlogon_creds_arcfour_crypt(creds, @@ -549,6 +551,7 @@ void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *cred sizeof(base->LMSessKey.key)); } } else { + /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */ if (memcmp(base->LMSessKey.key, zeros, sizeof(base->LMSessKey.key)) != 0) { netlogon_creds_des_decrypt_LMKey(creds, diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h index b9d91d04ea..15900d470b 100644 --- a/libcli/auth/proto.h +++ b/libcli/auth/proto.h @@ -57,9 +57,9 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState *creds, struct netr_Authenticator *received_authenticator, struct netr_Authenticator *return_authenticator) ; -void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *creds, - uint16_t validation_level, - union netr_Validation *validation) ; +void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds, + uint16_t validation_level, + union netr_Validation *validation); /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/session.c */ -- cgit