From 645289216eeb718eab1201dd3ad0a50fdf85753c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 5 Dec 2012 19:49:52 +0100 Subject: s3-rpc_server: support AES for interactive netlogon samlogon password decryption. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Still need to fix AES support for the returned validation info. Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher --- source3/auth/auth_util.c | 34 +--------------------------------- source3/auth/proto.h | 3 +-- 2 files changed, 2 insertions(+), 35 deletions(-) (limited to 'source3/auth') diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 83c95a9d4d..b75a390f36 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -207,16 +207,12 @@ bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_in uint32 logon_parameters, const uchar chal[8], const uchar lm_interactive_pwd[16], - const uchar nt_interactive_pwd[16], - const uchar *dc_sess_key) + const uchar nt_interactive_pwd[16]) { struct samr_Password lm_pwd; struct samr_Password nt_pwd; unsigned char local_lm_response[24]; unsigned char local_nt_response[24]; - unsigned char key[16]; - - memcpy(key, dc_sess_key, 16); if (lm_interactive_pwd) memcpy(lm_pwd.hash, lm_interactive_pwd, sizeof(lm_pwd.hash)); @@ -224,31 +220,6 @@ bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_in if (nt_interactive_pwd) memcpy(nt_pwd.hash, nt_interactive_pwd, sizeof(nt_pwd.hash)); -#ifdef DEBUG_PASSWORD - DEBUG(100,("key:")); - dump_data(100, key, sizeof(key)); - - DEBUG(100,("lm owf password:")); - dump_data(100, lm_pwd.hash, sizeof(lm_pwd.hash)); - - DEBUG(100,("nt owf password:")); - dump_data(100, nt_pwd.hash, sizeof(nt_pwd.hash)); -#endif - - if (lm_interactive_pwd) - arcfour_crypt(lm_pwd.hash, key, sizeof(lm_pwd.hash)); - - if (nt_interactive_pwd) - arcfour_crypt(nt_pwd.hash, key, sizeof(nt_pwd.hash)); - -#ifdef DEBUG_PASSWORD - DEBUG(100,("decrypt of lm owf password:")); - dump_data(100, lm_pwd.hash, sizeof(lm_pwd)); - - DEBUG(100,("decrypt of nt owf password:")); - dump_data(100, nt_pwd.hash, sizeof(nt_pwd)); -#endif - if (lm_interactive_pwd) SMBOWFencrypt(lm_pwd.hash, chal, local_lm_response); @@ -257,9 +228,6 @@ bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_in SMBOWFencrypt(nt_pwd.hash, chal, local_nt_response); - /* Password info paranoia */ - ZERO_STRUCT(key); - { bool ret; NTSTATUS nt_status; diff --git a/source3/auth/proto.h b/source3/auth/proto.h index 98b48df998..6c9967227e 100644 --- a/source3/auth/proto.h +++ b/source3/auth/proto.h @@ -174,8 +174,7 @@ bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_in uint32 logon_parameters, const uchar chal[8], const uchar lm_interactive_pwd[16], - const uchar nt_interactive_pwd[16], - const uchar *dc_sess_key); + const uchar nt_interactive_pwd[16]); bool make_user_info_for_reply(struct auth_usersupplied_info **user_info, const char *smb_name, const char *client_domain, -- cgit