summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-09-22 12:17:51 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:59:01 -0500
commit64df8e7e0b732afd26e944fc53bbbfbe174f88d8 (patch)
tree12e49d914bac8b823f56fd63c3c0f9f878b57a07
parentdb9ea34fd13405ecfa5644a7d27333d0e96ecef7 (diff)
downloadsamba-64df8e7e0b732afd26e944fc53bbbfbe174f88d8.tar.gz
samba-64df8e7e0b732afd26e944fc53bbbfbe174f88d8.tar.xz
samba-64df8e7e0b732afd26e944fc53bbbfbe174f88d8.zip
r2515: Fixes from smbtorture - these session keys are not individually encrypted.
Andrew Bartlett (This used to be commit 131420b45e88cb72090c9b28a53295edfa364cfe)
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index b6182d31c6..1451e17464 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -604,8 +604,10 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call,
}
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
- if (memcmp(sam->key.key, zeros,
- sizeof(sam->key.key)) != 0) {
+ /* It appears that level 6 is not individually encrypted */
+ if ((r->in.validation_level != 6)
+ && memcmp(sam->key.key, zeros,
+ sizeof(sam->key.key)) != 0) {
creds_arcfour_crypt(pipe_state->creds,
sam->key.key,
sizeof(sam->key.key));
@@ -619,8 +621,10 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call,
}
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
- if (memcmp(sam->LMSessKey.key, zeros,
- sizeof(sam->LMSessKey.key)) != 0) {
+ /* It appears that level 6 is not individually encrypted */
+ if ((r->in.validation_level != 6)
+ && memcmp(sam->LMSessKey.key, zeros,
+ sizeof(sam->LMSessKey.key)) != 0) {
creds_arcfour_crypt(pipe_state->creds,
sam->LMSessKey.key,
sizeof(sam->LMSessKey.key));