s4-rpc_server: use netlogon_creds_encrypt_samlogon().

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Sun Dec 16 01:34:01 CET 2012 on sn-devel-104

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 3eaf0d4e1df2279df2169789b7d56e2cb54bc7f4..d463e85af15b571b44d1e3ca4a84770d29d95d6c 100644 (file)
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -619,7 +619,6 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
        struct auth_usersupplied_info *user_info;
        struct auth_user_info_dc *user_info_dc;
        NTSTATUS nt_status;
-       static const char zeros[16];
        struct netr_SamBaseInfo *sam;
        struct netr_SamInfo2 *sam2;
        struct netr_SamInfo3 *sam3;
@@ -817,39 +816,9 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
                return NT_STATUS_INVALID_INFO_CLASS;
        }
 
-       /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
-       /* It appears that level 6 is not individually encrypted */
-       if ((r->in.validation_level != 6) &&
-           memcmp(sam->key.key, zeros, sizeof(sam->key.key)) != 0) {
-               /* This key is sent unencrypted without the ARCFOUR or AES flag set */
-               if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
-                       netlogon_creds_aes_encrypt(creds,
-                                           sam->key.key,
-                                           sizeof(sam->key.key));
-               } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
-                       netlogon_creds_arcfour_crypt(creds,
-                                           sam->key.key,
-                                           sizeof(sam->key.key));
-               }
-       }
-
-       /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
-       /* It appears that level 6 is not individually encrypted */
-       if ((r->in.validation_level != 6) &&
-           memcmp(sam->LMSessKey.key, zeros, sizeof(sam->LMSessKey.key)) != 0) {
-               if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
-                       netlogon_creds_aes_encrypt(creds,
-                                           sam->LMSessKey.key,
-                                           sizeof(sam->LMSessKey.key));
-               } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
-                       netlogon_creds_arcfour_crypt(creds,
-                                           sam->LMSessKey.key,
-                                           sizeof(sam->LMSessKey.key));
-               } else {
-                       netlogon_creds_des_encrypt_LMKey(creds,
-                                               &sam->LMSessKey);
-               }
-       }
+       netlogon_creds_encrypt_samlogon_validation(creds,
+                                                  r->in.validation_level,
+                                                  r->out.validation);
 
        /* TODO: Describe and deal with these flags */
        *r->out.flags = 0;