}
}
-void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *creds,
- uint16_t validation_level,
- union netr_Validation *validation)
+void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
+ uint16_t validation_level,
+ union netr_Validation *validation)
{
static const char zeros[16];
if (validation_level == 6) {
/* they aren't encrypted! */
} else if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+ /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
if (memcmp(base->key.key, zeros,
sizeof(base->key.key)) != 0) {
netlogon_creds_aes_decrypt(creds,
sizeof(base->LMSessKey.key));
}
} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
+ /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
if (memcmp(base->key.key, zeros,
sizeof(base->key.key)) != 0) {
netlogon_creds_arcfour_crypt(creds,
sizeof(base->LMSessKey.key));
}
} else {
+ /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
if (memcmp(base->LMSessKey.key, zeros,
sizeof(base->LMSessKey.key)) != 0) {
netlogon_creds_des_decrypt_LMKey(creds,
NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState *creds,
struct netr_Authenticator *received_authenticator,
struct netr_Authenticator *return_authenticator) ;
-void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *creds,
- uint16_t validation_level,
- union netr_Validation *validation) ;
+void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
+ uint16_t validation_level,
+ union netr_Validation *validation);
/* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/session.c */
return result;
}
- netlogon_creds_decrypt_samlogon(cli->dc, validation_level, &validation);
+ netlogon_creds_decrypt_samlogon_validation(cli->dc, validation_level,
+ &validation);
result = map_validation_to_info3(mem_ctx, validation_level, &validation, info3);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
- netlogon_creds_decrypt_samlogon(cli->dc, validation_level, &validation);
+ netlogon_creds_decrypt_samlogon_validation(cli->dc, validation_level,
+ &validation);
result = map_validation_to_info3(mem_ctx, validation_level, &validation, info3);
if (!NT_STATUS_IS_OK(result)) {
validation_level = r->in.validation_level;
- netlogon_creds_decrypt_samlogon(samlogon_state->creds, validation_level, r->out.validation);
+ netlogon_creds_decrypt_samlogon_validation(samlogon_state->creds,
+ validation_level,
+ r->out.validation);
switch (validation_level) {
case 2:
validation_level = r_ex->in.validation_level;
- netlogon_creds_decrypt_samlogon(samlogon_state->creds, validation_level, r_ex->out.validation);
+ netlogon_creds_decrypt_samlogon_validation(samlogon_state->creds,
+ validation_level,
+ r_ex->out.validation);
switch (validation_level) {
case 2:
validation_level = r_flags->in.validation_level;
- netlogon_creds_decrypt_samlogon(samlogon_state->creds, validation_level, r_flags->out.validation);
+ netlogon_creds_decrypt_samlogon_validation(samlogon_state->creds,
+ validation_level,
+ r_flags->out.validation);
switch (validation_level) {
case 2:
/* Decrypt the session keys before we reform the info3, so the
* person on the other end of winbindd pipe doesn't have to.
* They won't have the encryption key anyway */
- netlogon_creds_decrypt_samlogon(state->creds_state,
- state->r.in.validation_level,
- state->r.out.validation);
+ netlogon_creds_decrypt_samlogon_validation(state->creds_state,
+ state->r.in.validation_level,
+ state->r.out.validation);
/*
* we do not need the netlogon_creds lock anymore