From f2d9589b178c0e3374e1c1ad363639b9e2bdce5f Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Thu, 6 Dec 2012 15:21:02 +0100
Subject: s3-auth: remove crypto from serverinfo_to_SamInfoX calls.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

All crypto is dealt with within the netlogon samlogon server now.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
 source3/rpc_server/netlogon/srv_netlog_nt.c | 32 +++++++++++++++++++++++++----
 1 file changed, 28 insertions(+), 4 deletions(-)

(limited to 'source3/rpc_server')

diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index 4be2355bb8..9b506552fb 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1466,6 +1466,7 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
 	struct auth_serversupplied_info *server_info = NULL;
 	struct auth_context *auth_context = NULL;
 	const char *fn;
+	struct netr_SamBaseInfo *base;
 
 	switch (p->opnum) {
 		case NDR_NETR_LOGONSAMLOGON:
@@ -1690,22 +1691,45 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
 
 	switch (r->in.validation_level) {
 	case 2:
-		status = serverinfo_to_SamInfo2(server_info, creds->session_key, 16,
+		status = serverinfo_to_SamInfo2(server_info,
 						r->out.validation->sam2);
+		base = &r->out.validation->sam2->base;
 		break;
 	case 3:
-		status = serverinfo_to_SamInfo3(server_info, creds->session_key, 16,
+		status = serverinfo_to_SamInfo3(server_info,
 						r->out.validation->sam3);
+		base = &r->out.validation->sam3->base;
 		break;
 	case 6:
-		status = serverinfo_to_SamInfo6(server_info, creds->session_key, 16,
+		status = serverinfo_to_SamInfo6(server_info,
 						r->out.validation->sam6);
+		base = &r->out.validation->sam6->base;
 		break;
 	}
 
 	TALLOC_FREE(server_info);
 
-	return status;
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (r->in.validation_level == 6) {
+		/* no further crypto to be applied - gd */
+		return NT_STATUS_OK;
+	}
+
+	if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+		netlogon_creds_aes_encrypt(creds, base->key.key, 16);
+		netlogon_creds_aes_encrypt(creds, base->LMSessKey.key, 8);
+	} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
+		netlogon_creds_arcfour_crypt(creds, base->key.key, 16);
+		netlogon_creds_arcfour_crypt(creds, base->LMSessKey.key, 8);
+	} else {
+		/* key is unencrypted when neither AES nor RC4 bits are set */
+		netlogon_creds_des_encrypt_LMKey(creds, &base->LMSessKey);
+	}
+
+	return NT_STATUS_OK;
 }
 
 /****************************************************************
-- 
cgit