1 files changed, 8 insertions, 4 deletions

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index b6182d31c6e..1451e174646 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -604,8 +604,10 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call,
 	}
 	
 	/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
-	if (memcmp(sam->key.key, zeros,  
-		   sizeof(sam->key.key)) != 0) {
+	/* It appears that level 6 is not individually encrypted */
+	if ((r->in.validation_level != 6) 
+	    && memcmp(sam->key.key, zeros,  
+		      sizeof(sam->key.key)) != 0) {
 		creds_arcfour_crypt(pipe_state->creds, 
 				    sam->key.key, 
 				    sizeof(sam->key.key));
@@ -619,8 +621,10 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call,
 	}
 	
 	/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
-	if (memcmp(sam->LMSessKey.key, zeros,  
-		   sizeof(sam->LMSessKey.key)) != 0) {
+	/* It appears that level 6 is not individually encrypted */
+	if ((r->in.validation_level != 6) 
+	    && memcmp(sam->LMSessKey.key, zeros,  
+		      sizeof(sam->LMSessKey.key)) != 0) {
 		creds_arcfour_crypt(pipe_state->creds, 
 				    sam->LMSessKey.key, 
 				    sizeof(sam->LMSessKey.key));