From 64df8e7e0b732afd26e944fc53bbbfbe174f88d8 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 22 Sep 2004 12:17:51 +0000
Subject: r2515: Fixes from smbtorture - these session keys are not
 individually encrypted.

Andrew Bartlett
(This used to be commit 131420b45e88cb72090c9b28a53295edfa364cfe)
---
 source4/rpc_server/netlogon/dcerpc_netlogon.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index b6182d31c6..1451e17464 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -604,8 +604,10 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call,
 	}
 	
 	/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
-	if (memcmp(sam->key.key, zeros,  
-		   sizeof(sam->key.key)) != 0) {
+	/* It appears that level 6 is not individually encrypted */
+	if ((r->in.validation_level != 6) 
+	    && memcmp(sam->key.key, zeros,  
+		      sizeof(sam->key.key)) != 0) {
 		creds_arcfour_crypt(pipe_state->creds, 
 				    sam->key.key, 
 				    sizeof(sam->key.key));
@@ -619,8 +621,10 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call,
 	}
 	
 	/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
-	if (memcmp(sam->LMSessKey.key, zeros,  
-		   sizeof(sam->LMSessKey.key)) != 0) {
+	/* It appears that level 6 is not individually encrypted */
+	if ((r->in.validation_level != 6) 
+	    && memcmp(sam->LMSessKey.key, zeros,  
+		      sizeof(sam->LMSessKey.key)) != 0) {
 		creds_arcfour_crypt(pipe_state->creds, 
 				    sam->LMSessKey.key, 
 				    sizeof(sam->LMSessKey.key));
-- 
cgit