CVE-2016-2111: libcli/auth: add NTLMv2_RESPONSE_verify_netlogon_creds() helper function

This is the function that prevents spoofing like Microsoft's CVE-2015-0005. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2016-02-23 19:08:31 +0100
committer: Stefan Metzmacher <metze@samba.org> 2016-04-12 19:25:24 +0200
commit: 423e95b430eea1bb55cddf6c0eedd10dec7b03a1 (patch)
tree: 31fc3ca88ee4a593669d1bd2438f4767b7ddbb6e /libcli/auth/proto.h
parent: 847192d4939401d7bc2dec495082f08bffc1c6cc (diff)
download: samba-423e95b430eea1bb55cddf6c0eedd10dec7b03a1.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index acf39e15287..cc9ae336685 100644
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -155,6 +155,11 @@ bool SMBNTLMv2encrypt(TALLOC_CTX *mem_ctx,
 		      const DATA_BLOB *names_blob,
 		      DATA_BLOB *lm_response, DATA_BLOB *nt_response, 
 		      DATA_BLOB *lm_session_key, DATA_BLOB *user_session_key) ;
+NTSTATUS NTLMv2_RESPONSE_verify_netlogon_creds(const char *account_name,
+			const char *account_domain,
+			const DATA_BLOB response,
+			const struct netlogon_creds_CredentialState *creds,
+			const char *workgroup);
 
 /***********************************************************
  encode a password buffer with a unicode password.  The buffer
author	Stefan Metzmacher <metze@samba.org>	2016-02-23 19:08:31 +0100
committer	Stefan Metzmacher <metze@samba.org>	2016-04-12 19:25:24 +0200
commit	423e95b430eea1bb55cddf6c0eedd10dec7b03a1 (patch)
tree	31fc3ca88ee4a593669d1bd2438f4767b7ddbb6e /libcli/auth/proto.h
parent	847192d4939401d7bc2dec495082f08bffc1c6cc (diff)
download	samba-423e95b430eea1bb55cddf6c0eedd10dec7b03a1.tar.gz