srv_flgs |= NETLOGON_NEG_STRONG_KEYS;
}
+ if (in_neg_flags & NETLOGON_NEG_SUPPORTS_AES) {
+ srv_flgs |= NETLOGON_NEG_SUPPORTS_AES;
+ }
+
if (lp_server_schannel() != false) {
srv_flgs |= NETLOGON_NEG_SCHANNEL;
}
struct samr_UserInfo18 info18;
DATA_BLOB in,out;
int rc;
+ DATA_BLOB session_key;
ZERO_STRUCT(user_handle);
+ status = session_extract_session_key(session_info,
+ &session_key,
+ KEY_USE_16BYTES);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+
rc = tsocket_address_inet_from_strings(mem_ctx,
"ip",
"127.0.0.1",
in = data_blob_const(nt_hash->hash, 16);
out = data_blob_talloc_zero(mem_ctx, 16);
- sess_crypt_blob(&out, &in, &session_info->session_key, true);
+ sess_crypt_blob(&out, &in, &session_key, true);
memcpy(info18.nt_pwd.hash, out.data, out.length);
info18.nt_pwd_active = true;
memcpy(password_buf.data, r->in.new_password->data, 512);
SIVAL(password_buf.data, 512, r->in.new_password->length);
- netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
+
+ if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+ netlogon_creds_aes_decrypt(creds, password_buf.data, 516);
+ } else {
+ netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
+ }
if (!extract_pw_from_buffer(p->mem_ctx, password_buf.data, &plaintext)) {
TALLOC_FREE(creds);
static NTSTATUS get_password_from_trustAuth(TALLOC_CTX *mem_ctx,
const DATA_BLOB *trustAuth_blob,
- const DATA_BLOB *session_key,
+ struct netlogon_creds_CredentialState *creds,
struct samr_Password *current_pw_enc,
struct samr_Password *previous_pw_enc)
{
return NT_STATUS_UNSUCCESSFUL;
}
- arcfour_crypt_blob(current_pw_enc->hash, sizeof(current_pw_enc->hash),
- session_key);
+ netlogon_creds_arcfour_crypt(creds, current_pw_enc->hash, sizeof(current_pw_enc->hash));
if (trustAuth.previous.count != 0 &&
trustAuth.previous.array[0].AuthType == TRUST_AUTH_TYPE_CLEAR) {
} else {
mdfour(previous_pw_enc->hash, NULL, 0);
}
- arcfour_crypt_blob(previous_pw_enc->hash, sizeof(previous_pw_enc->hash),
- session_key);
+
+ netlogon_creds_arcfour_crypt(creds, previous_pw_enc->hash, sizeof(previous_pw_enc->hash));
return NT_STATUS_OK;
}
DATA_BLOB trustAuth_blob;
struct samr_Password *new_owf_enc;
struct samr_Password *old_owf_enc;
- DATA_BLOB session_key;
struct loadparm_context *lp_ctx;
lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_helpers());
trustAuth_blob = td->trust_auth_outgoing;
}
- session_key.data = creds->session_key;
- session_key.length = sizeof(creds->session_key);
status = get_password_from_trustAuth(p->mem_ctx, &trustAuth_blob,
- &session_key,
+ creds,
new_owf_enc, old_owf_enc);
if (!NT_STATUS_IS_OK(status)) {