From: Stefan Metzmacher Date: Mon, 28 Oct 2024 15:30:19 +0000 (+0100) Subject: s4:rpc_server/netlogon: make use of netlogon_creds_decrypt_SendToSam X-Git-Tag: ldb-2.9.2~10 X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=6b32dcf6ea2af0949fd283dd497b08e3a1ca6b26;p=thirdparty%2Fsamba.git s4:rpc_server/netlogon: make use of netlogon_creds_decrypt_SendToSam This will make it easier to implement netr_ServerAuthenticateKerberos() later... BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425 Signed-off-by: Stefan Metzmacher Reviewed-by: Douglas Bagnall (cherry picked from commit 834197dafef0f3779ba69c8e350cbd7bb9333284) --- diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 2597ee90eab..8f1eb7abb6d 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -3161,6 +3161,10 @@ static NTSTATUS dcesrv_netr_NetrLogonSendToSam(struct dcesrv_call_state *dce_cal DATA_BLOB decrypted_blob; enum ndr_err_code ndr_err; struct netr_SendToSamBase base_msg = { 0 }; + enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE; + enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE; + + dcesrv_call_auth_info(dce_call, &auth_type, &auth_level); nt_status = dcesrv_netr_creds_server_step_check(dce_call, mem_ctx, @@ -3193,15 +3197,12 @@ static NTSTATUS dcesrv_netr_NetrLogonSendToSam(struct dcesrv_call_state *dce_cal } /* Buffer is meant to be 16-bit aligned */ - if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { - nt_status = netlogon_creds_aes_decrypt(creds, - r->in.opaque_buffer, - r->in.buffer_len); - } else { - nt_status = netlogon_creds_arcfour_crypt(creds, - r->in.opaque_buffer, - r->in.buffer_len); - } + + nt_status = netlogon_creds_decrypt_SendToSam(creds, + r->in.opaque_buffer, + r->in.buffer_len, + auth_type, + auth_level); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; }