libcli/auth: support AES decryption in netlogon_creds_decrypt_samlogon().

author Günther Deschner <gd@samba.org>

Fri, 7 Dec 2012 11:38:16 +0000 (12:38 +0100)

committer Stefan Metzmacher <metze@samba.org>

Sun, 9 Dec 2012 18:39:08 +0000 (19:39 +0100)
author Günther Deschner <gd@samba.org>
Fri, 7 Dec 2012 11:38:16 +0000 (12:38 +0100)
committer Stefan Metzmacher <metze@samba.org>
Sun, 9 Dec 2012 18:39:08 +0000 (19:39 +0100)
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c

index 77df7f765a5e238967f7bf73ada5f9d542d4119c..63407e798871f592a53a4dbbba5d6b90dbda5f38 100644 (file)
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -520,6 +520,20 @@ void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *cred
         /* find and decyrpt the session keys, return in parameters above */
         if (validation_level == 6) {
                 /* they aren't encrypted! */
+       } else if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+               if (memcmp(base->key.key, zeros,
+                          sizeof(base->key.key)) != 0) {
+                       netlogon_creds_aes_decrypt(creds,
+                                           base->key.key,
+                                           sizeof(base->key.key));
+               }
+
+               if (memcmp(base->LMSessKey.key, zeros,
+                          sizeof(base->LMSessKey.key)) != 0) {
+                       netlogon_creds_aes_decrypt(creds,
+                                           base->LMSessKey.key,
+                                           sizeof(base->LMSessKey.key));
+               }
         } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
                 if (memcmp(base->key.key, zeros,
                            sizeof(base->key.key)) != 0) {
author	Günther Deschner <gd@samba.org>
	Fri, 7 Dec 2012 11:38:16 +0000 (12:38 +0100)
committer	Stefan Metzmacher <metze@samba.org>
	Sun, 9 Dec 2012 18:39:08 +0000 (19:39 +0100)