From d8461992dbc6005f02240cf1eae8a56ba4c55148 Mon Sep 17 00:00:00 2001
From: =?utf8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Tue, 11 Dec 2012 23:53:22 +0100
Subject: [PATCH] s4-rpc_server: use netlogon_creds_encrypt_samlogon().
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Sun Dec 16 01:34:01 CET 2012 on sn-devel-104
---
 source4/rpc_server/netlogon/dcerpc_netlogon.c | 37 +++------------------------
 1 file changed, 3 insertions(+), 34 deletions(-)

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 3eaf0d4e1df..d463e85af15 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -619,7 +619,6 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
 	struct auth_usersupplied_info *user_info;
 	struct auth_user_info_dc *user_info_dc;
 	NTSTATUS nt_status;
-	static const char zeros[16];
 	struct netr_SamBaseInfo *sam;
 	struct netr_SamInfo2 *sam2;
 	struct netr_SamInfo3 *sam3;
@@ -817,39 +816,9 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
 		return NT_STATUS_INVALID_INFO_CLASS;
 	}
 
-	/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
-	/* It appears that level 6 is not individually encrypted */
-	if ((r->in.validation_level != 6) &&
-	    memcmp(sam->key.key, zeros, sizeof(sam->key.key)) != 0) {
-		/* This key is sent unencrypted without the ARCFOUR or AES flag set */
-		if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
-			netlogon_creds_aes_encrypt(creds,
-					    sam->key.key,
-					    sizeof(sam->key.key));
-		} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
-			netlogon_creds_arcfour_crypt(creds,
-					    sam->key.key,
-					    sizeof(sam->key.key));
-		}
-	}
-
-	/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
-	/* It appears that level 6 is not individually encrypted */
-	if ((r->in.validation_level != 6) &&
-	    memcmp(sam->LMSessKey.key, zeros, sizeof(sam->LMSessKey.key)) != 0) {
-		if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
-			netlogon_creds_aes_encrypt(creds,
-					    sam->LMSessKey.key,
-					    sizeof(sam->LMSessKey.key));
-		} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
-			netlogon_creds_arcfour_crypt(creds,
-					    sam->LMSessKey.key,
-					    sizeof(sam->LMSessKey.key));
-		} else {
-			netlogon_creds_des_encrypt_LMKey(creds,
-						&sam->LMSessKey);
-		}
-	}
+	netlogon_creds_encrypt_samlogon_validation(creds,
+						   r->in.validation_level,
+						   r->out.validation);
 
 	/* TODO: Describe and deal with these flags */
 	*r->out.flags = 0;
-- 
2.11.4.GIT