}
}
-void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
- uint16_t validation_level,
- union netr_Validation *validation)
+static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
+ uint16_t validation_level,
+ union netr_Validation *validation,
+ bool encrypt)
{
static const char zeros[16];
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
if (memcmp(base->key.key, zeros,
sizeof(base->key.key)) != 0) {
- netlogon_creds_aes_decrypt(creds,
+ if (encrypt) {
+ netlogon_creds_aes_encrypt(creds,
+ base->key.key,
+ sizeof(base->key.key));
+ } else {
+ netlogon_creds_aes_decrypt(creds,
base->key.key,
sizeof(base->key.key));
+ }
}
if (memcmp(base->LMSessKey.key, zeros,
sizeof(base->LMSessKey.key)) != 0) {
- netlogon_creds_aes_decrypt(creds,
+ if (encrypt) {
+ netlogon_creds_aes_encrypt(creds,
base->LMSessKey.key,
sizeof(base->LMSessKey.key));
+
+ } else {
+ netlogon_creds_aes_decrypt(creds,
+ base->LMSessKey.key,
+ sizeof(base->LMSessKey.key));
+ }
}
} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
if (memcmp(base->LMSessKey.key, zeros,
sizeof(base->LMSessKey.key)) != 0) {
- netlogon_creds_des_decrypt_LMKey(creds,
+ if (encrypt) {
+ netlogon_creds_des_encrypt_LMKey(creds,
&base->LMSessKey);
+ } else {
+ netlogon_creds_des_decrypt_LMKey(creds,
+ &base->LMSessKey);
+ }
}
}
}
+void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
+ uint16_t validation_level,
+ union netr_Validation *validation)
+{
+ return netlogon_creds_crypt_samlogon_validation(creds, validation_level,
+ validation, false);
+}
+
+void netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
+ uint16_t validation_level,
+ union netr_Validation *validation)
+{
+ return netlogon_creds_crypt_samlogon_validation(creds, validation_level,
+ validation, true);
+}
+
/*
copy a netlogon_creds_CredentialState struct
*/