svn commit: samba r10847 - in branches/SAMBA_4_0/source: libcli/auth torture/rpc

abartlet at samba.org abartlet at samba.org
Sun Oct 9 13:03:52 GMT 2005 

Author: abartlet
Date: 2005-10-09 13:03:52 +0000 (Sun, 09 Oct 2005)
New Revision: 10847

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10847

Log:
Fix up new 'decrypt samlogon reply' routine to be more robust, and use
it in the RPC-SAMLOGON test.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/libcli/auth/credentials.c
   branches/SAMBA_4_0/source/torture/rpc/samlogon.c


Changeset:
Modified: branches/SAMBA_4_0/source/libcli/auth/credentials.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/auth/credentials.c	2005-10-09 12:50:35 UTC (rev 10846)
+++ branches/SAMBA_4_0/source/libcli/auth/credentials.c	2005-10-09 13:03:52 UTC (rev 10847)
@@ -322,18 +322,32 @@
 {
 	static const char zeros[16];
 
-	struct netr_SamBaseInfo *base;
+	struct netr_SamBaseInfo *base = NULL;
 	switch (validation_level) {
 	case 2:
-		base = &validation->sam2->base;
+		if (validation->sam2) {
+			base = &validation->sam2->base;
+		}
 		break;
 	case 3:
-		base = &validation->sam3->base;
+		if (validation->sam3) {
+			base = &validation->sam3->base;
+		}
 		break;
 	case 6:
-		base = &validation->sam6->base;
+		if (validation->sam6) {
+			base = &validation->sam6->base;
+		}
 		break;
+	default:
+		/* If we can't find it, we can't very well decrypt it */
+		return;
 	}
+
+	if (!base) {
+		return;
+	}
+
 	/* find and decyrpt the session keys, return in parameters above */
 	if (validation_level == 6) {
 		/* they aren't encrypted! */

Modified: branches/SAMBA_4_0/source/torture/rpc/samlogon.c
===================================================================
--- branches/SAMBA_4_0/source/torture/rpc/samlogon.c	2005-10-09 12:50:35 UTC (rev 10846)
+++ branches/SAMBA_4_0/source/torture/rpc/samlogon.c	2005-10-09 13:03:52 UTC (rev 10847)
@@ -151,9 +151,13 @@
 			if (error_string) {
 				*error_string = strdup(nt_errstr(status));
 			}
+			return status;
 		}
 
 		validation_level = r->in.validation_level;
+
+		creds_decrypt_samlogon(samlogon_state->creds, validation_level, &r->out.validation);
+
 		switch (validation_level) {
 		case 2:
 			base = &r->out.validation.sam2->base;
@@ -172,9 +176,13 @@
 			if (error_string) {
 				*error_string = strdup(nt_errstr(status));
 			}
+			return status;
 		}
 
 		validation_level = r_ex->in.validation_level;
+
+		creds_decrypt_samlogon(samlogon_state->creds, validation_level, &r_ex->out.validation);
+
 		switch (validation_level) {
 		case 2:
 			base = &r_ex->out.validation.sam2->base;
@@ -201,9 +209,13 @@
 			if (error_string) {
 				*error_string = strdup(nt_errstr(status));
 			}
+			return status;
 		}
-
+		
 		validation_level = r_flags->in.validation_level;
+
+		creds_decrypt_samlogon(samlogon_state->creds, validation_level, &r_flags->out.validation);
+
 		switch (validation_level) {
 		case 2:
 			base = &r_flags->out.validation.sam2->base;
@@ -218,68 +230,18 @@
 		break;
 	}
 		
-
-	if (!NT_STATUS_IS_OK(status)) {
-		/* we cannot check the session key, if the logon failed... */
-		return status;
-	}
-
 	if (!base) {
 		printf("No user info returned from 'successful' SamLogon*() call!\n");
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	/* find and decyrpt the session keys, return in parameters above */
-	if (validation_level == 6) {
-		/* they aren't encrypted! */
-		if (user_session_key) {
-			memcpy(user_session_key, base->key.key, 16);
-		}
-		if (lm_key) {
-			memcpy(lm_key, base->LMSessKey.key, 8);
-		}
-	} else if (samlogon_state->creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
-		static const char zeros[16];
-			
-		if (memcmp(base->key.key, zeros,  
-			   sizeof(base->key.key)) != 0) {
-			creds_arcfour_crypt(samlogon_state->creds, 
-					    base->key.key, 
-					    sizeof(base->key.key));
-		}
-			
-		if (user_session_key) {
-			memcpy(user_session_key, base->key.key, 16);
-		}
-			
-		if (memcmp(base->LMSessKey.key, zeros,  
-			   sizeof(base->LMSessKey.key)) != 0) {
-			creds_arcfour_crypt(samlogon_state->creds, 
-					    base->LMSessKey.key, 
-					    sizeof(base->LMSessKey.key));
-		}
-			
-		if (lm_key) {
-			memcpy(lm_key, base->LMSessKey.key, 8);
-		}
-	} else {
-		static const char zeros[16];
-			
-		if (user_session_key) {
-			memcpy(user_session_key, base->key.key, 16);
-		}
-
-		if (memcmp(base->LMSessKey.key, zeros,  
-			   sizeof(base->LMSessKey.key)) != 0) {
-			creds_des_decrypt_LMKey(samlogon_state->creds, 
-						&base->LMSessKey);
-		}
-			
-		if (lm_key) {
-			memcpy(lm_key, base->LMSessKey.key, 8);
-		}
+	if (user_session_key) {
+		memcpy(user_session_key, base->key.key, 16);
 	}
-	
+	if (lm_key) {
+		memcpy(lm_key, base->LMSessKey.key, 8);
+	}
+			
 	return status;
 }

More information about the samba-cvs mailing list