From f6cb8049b2fe62054d254a006b8a39f000d1d1d5 Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Fri, 7 Dec 2012 12:38:16 +0100
Subject: libcli/auth: support AES decryption in
 netlogon_creds_decrypt_samlogon().
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
 libcli/auth/credentials.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'libcli/auth')

diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index 77df7f765a..63407e7988 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -520,6 +520,20 @@ void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *cred
 	/* find and decyrpt the session keys, return in parameters above */
 	if (validation_level == 6) {
 		/* they aren't encrypted! */
+	} else if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+		if (memcmp(base->key.key, zeros,
+			   sizeof(base->key.key)) != 0) {
+			netlogon_creds_aes_decrypt(creds,
+					    base->key.key,
+					    sizeof(base->key.key));
+		}
+
+		if (memcmp(base->LMSessKey.key, zeros,
+			   sizeof(base->LMSessKey.key)) != 0) {
+			netlogon_creds_aes_decrypt(creds,
+					    base->LMSessKey.key,
+					    sizeof(base->LMSessKey.key));
+		}
 	} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
 		if (memcmp(base->key.key, zeros,
 			   sizeof(base->key.key)) != 0) {
-- 
cgit