From 645289216eeb718eab1201dd3ad0a50fdf85753c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 5 Dec 2012 19:49:52 +0100 Subject: s3-rpc_server: support AES for interactive netlogon samlogon password decryption. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Still need to fix AES support for the returned validation info. Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher --- source3/auth/auth_util.c | 34 +-------------------------- source3/auth/proto.h | 3 +-- source3/rpc_server/netlogon/srv_netlog_nt.c | 36 +++++++++++++++++++++++++++-- 3 files changed, 36 insertions(+), 37 deletions(-) (limited to 'source3') diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 83c95a9d4d..b75a390f36 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -207,16 +207,12 @@ bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_in uint32 logon_parameters, const uchar chal[8], const uchar lm_interactive_pwd[16], - const uchar nt_interactive_pwd[16], - const uchar *dc_sess_key) + const uchar nt_interactive_pwd[16]) { struct samr_Password lm_pwd; struct samr_Password nt_pwd; unsigned char local_lm_response[24]; unsigned char local_nt_response[24]; - unsigned char key[16]; - - memcpy(key, dc_sess_key, 16); if (lm_interactive_pwd) memcpy(lm_pwd.hash, lm_interactive_pwd, sizeof(lm_pwd.hash)); @@ -224,31 +220,6 @@ bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_in if (nt_interactive_pwd) memcpy(nt_pwd.hash, nt_interactive_pwd, sizeof(nt_pwd.hash)); -#ifdef DEBUG_PASSWORD - DEBUG(100,("key:")); - dump_data(100, key, sizeof(key)); - - DEBUG(100,("lm owf password:")); - dump_data(100, lm_pwd.hash, sizeof(lm_pwd.hash)); - - DEBUG(100,("nt owf password:")); - dump_data(100, nt_pwd.hash, sizeof(nt_pwd.hash)); -#endif - - if (lm_interactive_pwd) - arcfour_crypt(lm_pwd.hash, key, sizeof(lm_pwd.hash)); - - if (nt_interactive_pwd) - arcfour_crypt(nt_pwd.hash, key, sizeof(nt_pwd.hash)); - -#ifdef DEBUG_PASSWORD - DEBUG(100,("decrypt of lm owf password:")); - dump_data(100, lm_pwd.hash, sizeof(lm_pwd)); - - DEBUG(100,("decrypt of nt owf password:")); - dump_data(100, nt_pwd.hash, sizeof(nt_pwd)); -#endif - if (lm_interactive_pwd) SMBOWFencrypt(lm_pwd.hash, chal, local_lm_response); @@ -257,9 +228,6 @@ bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_in SMBOWFencrypt(nt_pwd.hash, chal, local_nt_response); - /* Password info paranoia */ - ZERO_STRUCT(key); - { bool ret; NTSTATUS nt_status; diff --git a/source3/auth/proto.h b/source3/auth/proto.h index 98b48df998..6c9967227e 100644 --- a/source3/auth/proto.h +++ b/source3/auth/proto.h @@ -174,8 +174,7 @@ bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_in uint32 logon_parameters, const uchar chal[8], const uchar lm_interactive_pwd[16], - const uchar nt_interactive_pwd[16], - const uchar *dc_sess_key); + const uchar nt_interactive_pwd[16]); bool make_user_info_for_reply(struct auth_usersupplied_info **user_info, const char *smb_name, const char *client_domain, diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c index 16542f8306..cb932b473a 100644 --- a/source3/rpc_server/netlogon/srv_netlog_nt.c +++ b/source3/rpc_server/netlogon/srv_netlog_nt.c @@ -1596,6 +1596,39 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, { uint8_t chal[8]; +#ifdef DEBUG_PASSWORD + DEBUG(100,("lm owf password:")); + dump_data(100, logon->password->lmpassword.hash, 16); + + DEBUG(100,("nt owf password:")); + dump_data(100, logon->password->ntpassword.hash, 16); +#endif + if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { + netlogon_creds_aes_decrypt(creds, + logon->password->lmpassword.hash, + 16); + netlogon_creds_aes_decrypt(creds, + logon->password->ntpassword.hash, + 16); + } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { + netlogon_creds_arcfour_crypt(creds, + logon->password->lmpassword.hash, + 16); + netlogon_creds_arcfour_crypt(creds, + logon->password->ntpassword.hash, + 16); + } else { + netlogon_creds_des_decrypt(creds, &logon->password->lmpassword); + netlogon_creds_des_decrypt(creds, &logon->password->ntpassword); + } + +#ifdef DEBUG_PASSWORD + DEBUG(100,("decrypt of lm owf password:")); + dump_data(100, logon->password->lmpassword.hash, 16); + + DEBUG(100,("decrypt of nt owf password:")); + dump_data(100, logon->password->ntpassword.hash, 16); +#endif status = make_auth_context_subsystem(talloc_tos(), &auth_context); if (!NT_STATUS_IS_OK(status)) { @@ -1611,8 +1644,7 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, logon->password->identity_info.parameter_control, chal, logon->password->lmpassword.hash, - logon->password->ntpassword.hash, - creds->session_key)) { + logon->password->ntpassword.hash)) { status = NT_STATUS_NO_MEMORY; } break; -- cgit