libcli/auth: rename netlogon_creds_decrypt_samlogon() to netlogon_creds_decrypt_samlo...
authorGünther Deschner <gd@samba.org>
Fri, 14 Dec 2012 13:17:22 +0000 (14:17 +0100)
committerGünther Deschner <gd@samba.org>
Sat, 15 Dec 2012 20:50:36 +0000 (21:50 +0100)
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
libcli/auth/credentials.c
libcli/auth/proto.h
source3/rpc_client/cli_netlogon.c
source4/torture/rpc/samlogon.c
source4/winbind/wb_sam_logon.c

index 63407e7..d5bf1a6 100644 (file)
@@ -485,9 +485,9 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState
        }
 }
 
-void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *creds,
-                           uint16_t validation_level,
-                           union netr_Validation *validation)
+void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
+                                               uint16_t validation_level,
+                                               union netr_Validation *validation)
 {
        static const char zeros[16];
 
@@ -521,6 +521,7 @@ void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *cred
        if (validation_level == 6) {
                /* they aren't encrypted! */
        } else if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+               /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
                if (memcmp(base->key.key, zeros,
                           sizeof(base->key.key)) != 0) {
                        netlogon_creds_aes_decrypt(creds,
@@ -535,6 +536,7 @@ void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *cred
                                            sizeof(base->LMSessKey.key));
                }
        } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
+               /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
                if (memcmp(base->key.key, zeros,
                           sizeof(base->key.key)) != 0) {
                        netlogon_creds_arcfour_crypt(creds,
@@ -549,6 +551,7 @@ void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *cred
                                            sizeof(base->LMSessKey.key));
                }
        } else {
+               /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
                if (memcmp(base->LMSessKey.key, zeros,
                           sizeof(base->LMSessKey.key)) != 0) {
                        netlogon_creds_des_decrypt_LMKey(creds,
index b9d91d0..15900d4 100644 (file)
@@ -57,9 +57,9 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me
 NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState *creds,
                                 struct netr_Authenticator *received_authenticator,
                                 struct netr_Authenticator *return_authenticator) ;
-void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *creds,
-                           uint16_t validation_level,
-                           union netr_Validation *validation) ;
+void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
+                                               uint16_t validation_level,
+                                               union netr_Validation *validation);
 
 /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/session.c  */
 
index a0a9457..66a50a8 100644 (file)
@@ -467,7 +467,8 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli,
                return result;
        }
 
-       netlogon_creds_decrypt_samlogon(cli->dc, validation_level, &validation);
+       netlogon_creds_decrypt_samlogon_validation(cli->dc, validation_level,
+                                                  &validation);
 
        result = map_validation_to_info3(mem_ctx, validation_level, &validation, info3);
        if (!NT_STATUS_IS_OK(result)) {
@@ -575,7 +576,8 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli,
                return result;
        }
 
-       netlogon_creds_decrypt_samlogon(cli->dc, validation_level, &validation);
+       netlogon_creds_decrypt_samlogon_validation(cli->dc, validation_level,
+                                                  &validation);
 
        result = map_validation_to_info3(mem_ctx, validation_level, &validation, info3);
        if (!NT_STATUS_IS_OK(result)) {
index 8d13a63..bd85c22 100644 (file)
@@ -176,7 +176,9 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
 
                validation_level = r->in.validation_level;
 
-               netlogon_creds_decrypt_samlogon(samlogon_state->creds, validation_level, r->out.validation);
+               netlogon_creds_decrypt_samlogon_validation(samlogon_state->creds,
+                                                          validation_level,
+                                                          r->out.validation);
 
                switch (validation_level) {
                case 2:
@@ -208,7 +210,9 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
 
                validation_level = r_ex->in.validation_level;
 
-               netlogon_creds_decrypt_samlogon(samlogon_state->creds, validation_level, r_ex->out.validation);
+               netlogon_creds_decrypt_samlogon_validation(samlogon_state->creds,
+                                                          validation_level,
+                                                          r_ex->out.validation);
 
                switch (validation_level) {
                case 2:
@@ -248,7 +252,9 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
 
                validation_level = r_flags->in.validation_level;
 
-               netlogon_creds_decrypt_samlogon(samlogon_state->creds, validation_level, r_flags->out.validation);
+               netlogon_creds_decrypt_samlogon_validation(samlogon_state->creds,
+                                                          validation_level,
+                                                          r_flags->out.validation);
 
                switch (validation_level) {
                case 2:
index 32fddd2..e940082 100644 (file)
@@ -208,9 +208,9 @@ static void wb_sam_logon_recv_samlogon(struct tevent_req *subreq)
        /* Decrypt the session keys before we reform the info3, so the
         * person on the other end of winbindd pipe doesn't have to.
         * They won't have the encryption key anyway */
-       netlogon_creds_decrypt_samlogon(state->creds_state,
-                                       state->r.in.validation_level,
-                                       state->r.out.validation);
+       netlogon_creds_decrypt_samlogon_validation(state->creds_state,
+                                                  state->r.in.validation_level,
+                                                  state->r.out.validation);
 
        /*
         * we do not need the netlogon_creds lock anymore