import samba-4.11.2-7.el8
This commit is contained in:
parent
9ee1c874fc
commit
6975dbb9a1
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
|||||||
SOURCES/gpgkey-52FBC0B86D954B0843324CDC6F33915B6568B7EA.gpg
|
SOURCES/gpgkey-52FBC0B86D954B0843324CDC6F33915B6568B7EA.gpg
|
||||||
SOURCES/samba-4.10.4.tar.xz
|
SOURCES/samba-4.11.2.tar.xz
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
6bf33724c18b74427453f0e3fc0180f84ff60818 SOURCES/gpgkey-52FBC0B86D954B0843324CDC6F33915B6568B7EA.gpg
|
6bf33724c18b74427453f0e3fc0180f84ff60818 SOURCES/gpgkey-52FBC0B86D954B0843324CDC6F33915B6568B7EA.gpg
|
||||||
c24e15add96d79950552f0ffbb44234e4142342c SOURCES/samba-4.10.4.tar.xz
|
e920c3d96119b51c1d12a2428e8830000b331fe5 SOURCES/samba-4.11.2.tar.xz
|
||||||
|
@ -0,0 +1,61 @@
|
|||||||
|
From 826e500242004b269219ad3deeacf0e01d136933 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Mon, 1 Jul 2019 16:54:15 +0200
|
||||||
|
Subject: [PATCH 001/187] s3:profile: Use SHA1 for hashing in profiling
|
||||||
|
functions.
|
||||||
|
|
||||||
|
This can use SHA NI instructions if the CPU supports it.
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Ralph Boehme <slow@samba.org>
|
||||||
|
(cherry picked from commit 6fe2193b17ac2d57c559d3b936b37238d06d6be8)
|
||||||
|
---
|
||||||
|
source3/profile/profile.c | 11 +++++------
|
||||||
|
1 file changed, 5 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source3/profile/profile.c b/source3/profile/profile.c
|
||||||
|
index df0ba5b0af3..90a30f01f58 100644
|
||||||
|
--- a/source3/profile/profile.c
|
||||||
|
+++ b/source3/profile/profile.c
|
||||||
|
@@ -124,7 +124,7 @@ static void reqprofile_message(struct messaging_context *msg_ctx,
|
||||||
|
******************************************************************/
|
||||||
|
bool profile_setup(struct messaging_context *msg_ctx, bool rdonly)
|
||||||
|
{
|
||||||
|
- unsigned char tmp[16] = {};
|
||||||
|
+ uint8_t digest[gnutls_hash_get_len(GNUTLS_DIG_SHA1)];
|
||||||
|
gnutls_hash_hd_t hash_hnd = NULL;
|
||||||
|
char *db_name;
|
||||||
|
bool ok = false;
|
||||||
|
@@ -154,7 +154,7 @@ bool profile_setup(struct messaging_context *msg_ctx, bool rdonly)
|
||||||
|
reqprofile_message);
|
||||||
|
}
|
||||||
|
|
||||||
|
- rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
|
||||||
|
+ rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_SHA1);
|
||||||
|
if (rc < 0) {
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
@@ -210,15 +210,14 @@ bool profile_setup(struct messaging_context *msg_ctx, bool rdonly)
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
- gnutls_hash_deinit(hash_hnd, tmp);
|
||||||
|
+ gnutls_hash_deinit(hash_hnd, digest);
|
||||||
|
|
||||||
|
profile_p = &smbprofile_state.stats.global;
|
||||||
|
|
||||||
|
- profile_p->magic = BVAL(tmp, 0);
|
||||||
|
+ profile_p->magic = BVAL(digest, 0);
|
||||||
|
if (profile_p->magic == 0) {
|
||||||
|
- profile_p->magic = BVAL(tmp, 8);
|
||||||
|
+ profile_p->magic = BVAL(digest, 8);
|
||||||
|
}
|
||||||
|
- ZERO_ARRAY(tmp);
|
||||||
|
|
||||||
|
ok = true;
|
||||||
|
out:
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,33 @@
|
|||||||
|
From bb29683ddc7cdacfe9129074652d97a11a9084af Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Fri, 5 Jul 2019 16:28:27 +0200
|
||||||
|
Subject: [PATCH 002/187] lib:crypto: Fix path to header file in
|
||||||
|
gnutls_helpers.h
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Ralph Boehme <slow@samba.org>
|
||||||
|
(cherry picked from commit a31a40b41a18ae09a4e2e76f41c95b011ed30bea)
|
||||||
|
---
|
||||||
|
lib/crypto/gnutls_helpers.h | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/crypto/gnutls_helpers.h b/lib/crypto/gnutls_helpers.h
|
||||||
|
index b8288c25649..7c950c79525 100644
|
||||||
|
--- a/lib/crypto/gnutls_helpers.h
|
||||||
|
+++ b/lib/crypto/gnutls_helpers.h
|
||||||
|
@@ -18,8 +18,8 @@
|
||||||
|
#ifndef _GNUTLS_HELPERS_H
|
||||||
|
#define _GNUTLS_HELPERS_H
|
||||||
|
|
||||||
|
-#include "ntstatus.h"
|
||||||
|
-#include "werror.h"
|
||||||
|
+#include "libcli/util/ntstatus.h"
|
||||||
|
+#include "libcli/util/werror.h"
|
||||||
|
|
||||||
|
NTSTATUS _gnutls_error_to_ntstatus(int gnutls_rc,
|
||||||
|
NTSTATUS blocked_status,
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,65 @@
|
|||||||
|
From bd6da0ff651385f14f8414ecb440e228d5a8a7d1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Fri, 5 Jul 2019 10:38:44 +0200
|
||||||
|
Subject: [PATCH 003/187] lib:crypto: Add GNUTLS_FIPS140_SET_(LAX|STRICT)_MODE
|
||||||
|
to helpers
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Ralph Boehme <slow@samba.org>
|
||||||
|
(cherry picked from commit 31a943fa0890438cffc67a566373f36c94c0a5a8)
|
||||||
|
---
|
||||||
|
lib/crypto/gnutls_helpers.h | 11 +++++++++++
|
||||||
|
source3/modules/hash_inode.c | 10 +---------
|
||||||
|
2 files changed, 12 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/crypto/gnutls_helpers.h b/lib/crypto/gnutls_helpers.h
|
||||||
|
index 7c950c79525..8a2a49baf73 100644
|
||||||
|
--- a/lib/crypto/gnutls_helpers.h
|
||||||
|
+++ b/lib/crypto/gnutls_helpers.h
|
||||||
|
@@ -18,9 +18,20 @@
|
||||||
|
#ifndef _GNUTLS_HELPERS_H
|
||||||
|
#define _GNUTLS_HELPERS_H
|
||||||
|
|
||||||
|
+#include <gnutls/gnutls.h>
|
||||||
|
+
|
||||||
|
#include "libcli/util/ntstatus.h"
|
||||||
|
#include "libcli/util/werror.h"
|
||||||
|
|
||||||
|
+/* Those macros are only available in GnuTLS >= 3.6.4 */
|
||||||
|
+#ifndef GNUTLS_FIPS140_SET_LAX_MODE
|
||||||
|
+#define GNUTLS_FIPS140_SET_LAX_MODE()
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+#ifndef GNUTLS_FIPS140_SET_STRICT_MODE
|
||||||
|
+#define GNUTLS_FIPS140_SET_STRICT_MODE()
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
NTSTATUS _gnutls_error_to_ntstatus(int gnutls_rc,
|
||||||
|
NTSTATUS blocked_status,
|
||||||
|
const char *function,
|
||||||
|
diff --git a/source3/modules/hash_inode.c b/source3/modules/hash_inode.c
|
||||||
|
index 231538c72cb..a9144621901 100644
|
||||||
|
--- a/source3/modules/hash_inode.c
|
||||||
|
+++ b/source3/modules/hash_inode.c
|
||||||
|
@@ -22,15 +22,7 @@
|
||||||
|
|
||||||
|
#include <gnutls/gnutls.h>
|
||||||
|
#include <gnutls/crypto.h>
|
||||||
|
-
|
||||||
|
-/* Those macros are only available in GnuTLS >= 3.6.4 */
|
||||||
|
-#ifndef GNUTLS_FIPS140_SET_LAX_MODE
|
||||||
|
-#define GNUTLS_FIPS140_SET_LAX_MODE()
|
||||||
|
-#endif
|
||||||
|
-
|
||||||
|
-#ifndef GNUTLS_FIPS140_SET_STRICT_MODE
|
||||||
|
-#define GNUTLS_FIPS140_SET_STRICT_MODE()
|
||||||
|
-#endif
|
||||||
|
+#include "lib/crypto/gnutls_helpers.h"
|
||||||
|
|
||||||
|
SMB_INO_T hash_inode(const SMB_STRUCT_STAT *sbuf, const char *sname)
|
||||||
|
{
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,63 @@
|
|||||||
|
From 4728c82b9a9d857bac4cf04434856daa8d739995 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 15 May 2019 08:41:12 +0200
|
||||||
|
Subject: [PATCH 004/187] s3:profile: Allow profile subsystem to use SHA1 in
|
||||||
|
FIPS mode
|
||||||
|
|
||||||
|
This is non-cryptographic use.
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Ralph Boehme <slow@samba.org>
|
||||||
|
|
||||||
|
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
|
||||||
|
Autobuild-Date(master): Tue Jul 9 13:31:46 UTC 2019 on sn-devel-184
|
||||||
|
|
||||||
|
(cherry picked from commit ccf3e76625c42f5aceea0882971a232a9f56a971)
|
||||||
|
---
|
||||||
|
source3/profile/profile.c | 7 +++++++
|
||||||
|
1 file changed, 7 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/source3/profile/profile.c b/source3/profile/profile.c
|
||||||
|
index 90a30f01f58..7e17d065d75 100644
|
||||||
|
--- a/source3/profile/profile.c
|
||||||
|
+++ b/source3/profile/profile.c
|
||||||
|
@@ -35,6 +35,7 @@
|
||||||
|
|
||||||
|
#include <gnutls/gnutls.h>
|
||||||
|
#include <gnutls/crypto.h>
|
||||||
|
+#include "lib/crypto/gnutls_helpers.h"
|
||||||
|
|
||||||
|
struct profile_stats *profile_p;
|
||||||
|
struct smbprofile_global_state smbprofile_state;
|
||||||
|
@@ -154,6 +155,8 @@ bool profile_setup(struct messaging_context *msg_ctx, bool rdonly)
|
||||||
|
reqprofile_message);
|
||||||
|
}
|
||||||
|
|
||||||
|
+ GNUTLS_FIPS140_SET_LAX_MODE();
|
||||||
|
+
|
||||||
|
rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_SHA1);
|
||||||
|
if (rc < 0) {
|
||||||
|
goto out;
|
||||||
|
@@ -212,6 +215,8 @@ bool profile_setup(struct messaging_context *msg_ctx, bool rdonly)
|
||||||
|
|
||||||
|
gnutls_hash_deinit(hash_hnd, digest);
|
||||||
|
|
||||||
|
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
||||||
|
+
|
||||||
|
profile_p = &smbprofile_state.stats.global;
|
||||||
|
|
||||||
|
profile_p->magic = BVAL(digest, 0);
|
||||||
|
@@ -221,6 +226,8 @@ bool profile_setup(struct messaging_context *msg_ctx, bool rdonly)
|
||||||
|
|
||||||
|
ok = true;
|
||||||
|
out:
|
||||||
|
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
||||||
|
+
|
||||||
|
return ok;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,114 @@
|
|||||||
|
From 290c078652ffcacd69b0b00ea5e5413515c5de22 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Mon, 18 Mar 2019 17:03:30 +0100
|
||||||
|
Subject: [PATCH 005/187] lib:util: Use GnuTLS random number generator in
|
||||||
|
genrand.c
|
||||||
|
|
||||||
|
FIPS requires that a random number generator from a certified crypto
|
||||||
|
library is used.
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Jeremy Allison <jra@samba.org>
|
||||||
|
|
||||||
|
Autobuild-User(master): Jeremy Allison <jra@samba.org>
|
||||||
|
Autobuild-Date(master): Thu Jul 18 01:30:20 UTC 2019 on sn-devel-184
|
||||||
|
|
||||||
|
(cherry picked from commit 664eed2e926f8f572b81e6d7c8e09b7ccbafb908)
|
||||||
|
---
|
||||||
|
lib/util/genrand.c | 31 +++++++------------------------
|
||||||
|
lib/util/genrand.h | 11 ++++-------
|
||||||
|
lib/util/wscript_build | 2 +-
|
||||||
|
3 files changed, 12 insertions(+), 32 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/util/genrand.c b/lib/util/genrand.c
|
||||||
|
index a775535c49e..55997c3dd55 100644
|
||||||
|
--- a/lib/util/genrand.c
|
||||||
|
+++ b/lib/util/genrand.c
|
||||||
|
@@ -20,35 +20,17 @@
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "replace.h"
|
||||||
|
-#include "system/filesys.h"
|
||||||
|
#include "lib/util/genrand.h"
|
||||||
|
-#include "sys_rw_data.h"
|
||||||
|
-#include "lib/util/blocking.h"
|
||||||
|
|
||||||
|
-static int urand_fd = -1;
|
||||||
|
+#include <gnutls/gnutls.h>
|
||||||
|
+#include <gnutls/crypto.h>
|
||||||
|
|
||||||
|
-static void open_urandom(void)
|
||||||
|
-{
|
||||||
|
- if (urand_fd != -1) {
|
||||||
|
- return;
|
||||||
|
- }
|
||||||
|
- urand_fd = open( "/dev/urandom", O_RDONLY,0);
|
||||||
|
- if (urand_fd == -1) {
|
||||||
|
- abort();
|
||||||
|
- }
|
||||||
|
- smb_set_close_on_exec(urand_fd);
|
||||||
|
-}
|
||||||
|
+/* TODO: Add API for generating nonce or use gnutls_rnd directly everywhere. */
|
||||||
|
|
||||||
|
_PUBLIC_ void generate_random_buffer(uint8_t *out, int len)
|
||||||
|
{
|
||||||
|
- ssize_t rw_ret;
|
||||||
|
-
|
||||||
|
- open_urandom();
|
||||||
|
-
|
||||||
|
- rw_ret = read_data(urand_fd, out, len);
|
||||||
|
- if (rw_ret != len) {
|
||||||
|
- abort();
|
||||||
|
- }
|
||||||
|
+ /* Thread and fork safe random number generator for temporary keys. */
|
||||||
|
+ gnutls_rnd(GNUTLS_RND_RANDOM, out, len);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
@@ -57,5 +39,6 @@ _PUBLIC_ void generate_random_buffer(uint8_t *out, int len)
|
||||||
|
*/
|
||||||
|
_PUBLIC_ void generate_secret_buffer(uint8_t *out, int len)
|
||||||
|
{
|
||||||
|
- generate_random_buffer(out, len);
|
||||||
|
+ /* Thread and fork safe random number generator for long term keys. */
|
||||||
|
+ gnutls_rnd(GNUTLS_RND_KEY, out, len);
|
||||||
|
}
|
||||||
|
diff --git a/lib/util/genrand.h b/lib/util/genrand.h
|
||||||
|
index ef6bbc64157..899ce8badc0 100644
|
||||||
|
--- a/lib/util/genrand.h
|
||||||
|
+++ b/lib/util/genrand.h
|
||||||
|
@@ -20,14 +20,11 @@
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
- Interface to the (hopefully) good crypto random number generator.
|
||||||
|
- Will use our internal PRNG if more than 40 bytes of random generation
|
||||||
|
- has been requested, otherwise tries to read from /dev/random
|
||||||
|
-**/
|
||||||
|
+ * Thread and fork safe random number generator for temporary keys.
|
||||||
|
+ */
|
||||||
|
void generate_random_buffer(uint8_t *out, int len);
|
||||||
|
|
||||||
|
/**
|
||||||
|
- Interface to the (hopefully) good crypto random number generator.
|
||||||
|
- Will always use /dev/urandom if available.
|
||||||
|
-**/
|
||||||
|
+ * Thread and fork safe random number generator for long term keys.
|
||||||
|
+ */
|
||||||
|
void generate_secret_buffer(uint8_t *out, int len);
|
||||||
|
diff --git a/lib/util/wscript_build b/lib/util/wscript_build
|
||||||
|
index ff1c76e3686..5f005c41e49 100644
|
||||||
|
--- a/lib/util/wscript_build
|
||||||
|
+++ b/lib/util/wscript_build
|
||||||
|
@@ -104,7 +104,7 @@ else:
|
||||||
|
|
||||||
|
bld.SAMBA_LIBRARY('genrand',
|
||||||
|
source='genrand.c',
|
||||||
|
- deps='replace socket-blocking sys_rw',
|
||||||
|
+ deps='replace gnutls',
|
||||||
|
local_include=False,
|
||||||
|
private_library=True)
|
||||||
|
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,49 @@
|
|||||||
|
From 8391caf4f4aa8fed5167b5e5cf04197a29ba40e8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Thu, 18 Jul 2019 13:27:57 +0200
|
||||||
|
Subject: [PATCH 006/187] lib:crypto: Document gnutls_error_to_werror()
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit e43678b84a3434b977f44b265599f1d9207d3b78)
|
||||||
|
---
|
||||||
|
lib/crypto/gnutls_helpers.h | 16 ++++++++++++++++
|
||||||
|
1 file changed, 16 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/crypto/gnutls_helpers.h b/lib/crypto/gnutls_helpers.h
|
||||||
|
index 8a2a49baf73..debaa701554 100644
|
||||||
|
--- a/lib/crypto/gnutls_helpers.h
|
||||||
|
+++ b/lib/crypto/gnutls_helpers.h
|
||||||
|
@@ -40,6 +40,21 @@ NTSTATUS _gnutls_error_to_ntstatus(int gnutls_rc,
|
||||||
|
_gnutls_error_to_ntstatus(gnutls_rc, blocked_status, \
|
||||||
|
__FUNCTION__, __location__)
|
||||||
|
|
||||||
|
+#ifdef DOXYGEN
|
||||||
|
+/**
|
||||||
|
+ * @brief Convert a gnutls error code to a corresponding WERROR.
|
||||||
|
+ *
|
||||||
|
+ * @param[in] gnutls_rc The GnuTLS return code.
|
||||||
|
+ *
|
||||||
|
+ * @param[in] blocked_werr The WERROR code which should be returned if e.g
|
||||||
|
+ * the cipher we want to used it not allowed to be
|
||||||
|
+ * used because of FIPS mode.
|
||||||
|
+ *
|
||||||
|
+ * @return A corresponding WERROR code.
|
||||||
|
+ */
|
||||||
|
+WERROR gnutls_error_to_werror(int gnutls_rc,
|
||||||
|
+ WERROR blocked_werr);
|
||||||
|
+#else
|
||||||
|
WERROR _gnutls_error_to_werror(int gnutls_rc,
|
||||||
|
WERROR blocked_werr,
|
||||||
|
const char *function,
|
||||||
|
@@ -47,6 +62,7 @@ WERROR _gnutls_error_to_werror(int gnutls_rc,
|
||||||
|
#define gnutls_error_to_werror(gnutls_rc, blocked_werr) \
|
||||||
|
_gnutls_error_to_werror(gnutls_rc, blocked_werr, \
|
||||||
|
__FUNCTION__, __location__)
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
enum samba_gnutls_direction {
|
||||||
|
SAMBA_GNUTLS_ENCRYPT,
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,45 @@
|
|||||||
|
From 47f922c797006a3158fa3e077a7086086917b5e4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Thu, 18 Jul 2019 13:33:54 +0200
|
||||||
|
Subject: [PATCH 007/187] lib:crypto: Document
|
||||||
|
samba_gnutls_arcfour_confounded_md5()
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit baa96ef20945638fb5ee76b03543c7b611e9c7d7)
|
||||||
|
---
|
||||||
|
lib/crypto/gnutls_helpers.h | 18 ++++++++++++++++++
|
||||||
|
1 file changed, 18 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/crypto/gnutls_helpers.h b/lib/crypto/gnutls_helpers.h
|
||||||
|
index debaa701554..d6000c7b316 100644
|
||||||
|
--- a/lib/crypto/gnutls_helpers.h
|
||||||
|
+++ b/lib/crypto/gnutls_helpers.h
|
||||||
|
@@ -69,6 +69,24 @@ enum samba_gnutls_direction {
|
||||||
|
SAMBA_GNUTLS_DECRYPT
|
||||||
|
};
|
||||||
|
|
||||||
|
+/**
|
||||||
|
+ * @brief Encrypt or decrypt a data blob using RC4 with a key and salt.
|
||||||
|
+ *
|
||||||
|
+ * One of the key input should be a session key and the other a confounder
|
||||||
|
+ * (aka salt). Which one depends on the implementation details of the
|
||||||
|
+ * protocol.
|
||||||
|
+ *
|
||||||
|
+ * @param[in] key_input1 Either a session_key or a confounder.
|
||||||
|
+ *
|
||||||
|
+ * @param[in] key_input2 Either a session_key or a confounder.
|
||||||
|
+ *
|
||||||
|
+ * @param[in] data The data blob ot either encrypt or decrypt. The data
|
||||||
|
+ * will be encrypted or decrypted in place.
|
||||||
|
+ *
|
||||||
|
+ * @param[in] encrypt The encryption direction.
|
||||||
|
+ *
|
||||||
|
+ * @return A gnutls error code.
|
||||||
|
+ */
|
||||||
|
int samba_gnutls_arcfour_confounded_md5(const DATA_BLOB *key_input1,
|
||||||
|
const DATA_BLOB *key_input2,
|
||||||
|
DATA_BLOB *data,
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,150 @@
|
|||||||
|
From bcbc9eca11583426d9b0e7ce4d4e51b16bda32f0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 29 May 2019 16:22:11 +0200
|
||||||
|
Subject: [PATCH 008/187] s3:rpc_client: Return NTSTATUS for
|
||||||
|
init_samr_CryptPassword()
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 4b9b1dbe9c8c988a39b1318a4f7aac031bc1ea8b)
|
||||||
|
---
|
||||||
|
source3/lib/netapi/user.c | 9 ++++++---
|
||||||
|
source3/libnet/libnet_join.c | 10 +++++++---
|
||||||
|
source3/rpc_client/init_samr.c | 14 ++++++++++----
|
||||||
|
source3/rpc_client/init_samr.h | 6 +++---
|
||||||
|
source3/rpcclient/cmd_samr.c | 5 ++++-
|
||||||
|
source3/utils/net_rpc.c | 9 ++++++---
|
||||||
|
6 files changed, 36 insertions(+), 17 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c
|
||||||
|
index 4b66dab2f99..2136ef47ee6 100644
|
||||||
|
--- a/source3/lib/netapi/user.c
|
||||||
|
+++ b/source3/lib/netapi/user.c
|
||||||
|
@@ -326,9 +326,12 @@ static NTSTATUS set_user_info_USER_INFO_X(TALLOC_CTX *ctx,
|
||||||
|
|
||||||
|
user_info.info23.info = info21;
|
||||||
|
|
||||||
|
- init_samr_CryptPassword(uX->usriX_password,
|
||||||
|
- session_key,
|
||||||
|
- &user_info.info23.password);
|
||||||
|
+ status = init_samr_CryptPassword(uX->usriX_password,
|
||||||
|
+ session_key,
|
||||||
|
+ &user_info.info23.password);
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ return status;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
status = dcerpc_samr_SetUserInfo2(b, talloc_tos(),
|
||||||
|
user_handle,
|
||||||
|
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
|
||||||
|
index 9d4f656ffec..abf8672d050 100644
|
||||||
|
--- a/source3/libnet/libnet_join.c
|
||||||
|
+++ b/source3/libnet/libnet_join.c
|
||||||
|
@@ -1570,9 +1570,12 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
|
||||||
|
|
||||||
|
/* retry with level 24 */
|
||||||
|
|
||||||
|
- init_samr_CryptPassword(r->in.machine_password,
|
||||||
|
- &session_key,
|
||||||
|
- &crypt_pwd);
|
||||||
|
+ status = init_samr_CryptPassword(r->in.machine_password,
|
||||||
|
+ &session_key,
|
||||||
|
+ &crypt_pwd);
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ goto error;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
user_info.info24.password = crypt_pwd;
|
||||||
|
user_info.info24.password_expired = PASS_DONT_CHANGE_AT_NEXT_LOGON;
|
||||||
|
@@ -1584,6 +1587,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
|
||||||
|
&result);
|
||||||
|
}
|
||||||
|
|
||||||
|
+error:
|
||||||
|
old_timeout = rpccli_set_timeout(pipe_hnd, old_timeout);
|
||||||
|
|
||||||
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c
|
||||||
|
index d116ece576f..8b41ec2f10f 100644
|
||||||
|
--- a/source3/rpc_client/init_samr.c
|
||||||
|
+++ b/source3/rpc_client/init_samr.c
|
||||||
|
@@ -81,12 +81,18 @@ out:
|
||||||
|
inits a samr_CryptPassword structure
|
||||||
|
*************************************************************************/
|
||||||
|
|
||||||
|
-void init_samr_CryptPassword(const char *pwd,
|
||||||
|
- DATA_BLOB *session_key,
|
||||||
|
- struct samr_CryptPassword *pwd_buf)
|
||||||
|
+NTSTATUS init_samr_CryptPassword(const char *pwd,
|
||||||
|
+ DATA_BLOB *session_key,
|
||||||
|
+ struct samr_CryptPassword *pwd_buf)
|
||||||
|
{
|
||||||
|
/* samr_CryptPassword */
|
||||||
|
+ bool ok;
|
||||||
|
|
||||||
|
- encode_pw_buffer(pwd_buf->data, pwd, STR_UNICODE);
|
||||||
|
+ ok = encode_pw_buffer(pwd_buf->data, pwd, STR_UNICODE);
|
||||||
|
+ if (!ok) {
|
||||||
|
+ return NT_STATUS_INTERNAL_ERROR;
|
||||||
|
+ }
|
||||||
|
arcfour_crypt_blob(pwd_buf->data, 516, session_key);
|
||||||
|
+
|
||||||
|
+ return NT_STATUS_OK;
|
||||||
|
}
|
||||||
|
diff --git a/source3/rpc_client/init_samr.h b/source3/rpc_client/init_samr.h
|
||||||
|
index 223fa91e3d9..4214ab55a04 100644
|
||||||
|
--- a/source3/rpc_client/init_samr.h
|
||||||
|
+++ b/source3/rpc_client/init_samr.h
|
||||||
|
@@ -25,8 +25,8 @@
|
||||||
|
void init_samr_CryptPasswordEx(const char *pwd,
|
||||||
|
DATA_BLOB *session_key,
|
||||||
|
struct samr_CryptPasswordEx *pwd_buf);
|
||||||
|
-void init_samr_CryptPassword(const char *pwd,
|
||||||
|
- DATA_BLOB *session_key,
|
||||||
|
- struct samr_CryptPassword *pwd_buf);
|
||||||
|
+NTSTATUS init_samr_CryptPassword(const char *pwd,
|
||||||
|
+ DATA_BLOB *session_key,
|
||||||
|
+ struct samr_CryptPassword *pwd_buf);
|
||||||
|
|
||||||
|
#endif /* _RPC_CLIENT_INIT_SAMR_H_ */
|
||||||
|
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
|
||||||
|
index 8cbf8ab24bd..ccaec1ada40 100644
|
||||||
|
--- a/source3/rpcclient/cmd_samr.c
|
||||||
|
+++ b/source3/rpcclient/cmd_samr.c
|
||||||
|
@@ -3063,7 +3063,10 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
- init_samr_CryptPassword(param, &session_key, &pwd_buf);
|
||||||
|
+ status = init_samr_CryptPassword(param, &session_key, &pwd_buf);
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ return status;
|
||||||
|
+ }
|
||||||
|
init_samr_CryptPasswordEx(param, &session_key, &pwd_buf_ex);
|
||||||
|
nt_lm_owf_gen(param, nt_hash, lm_hash);
|
||||||
|
|
||||||
|
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
|
||||||
|
index a56190f7be5..f6fb892a2d9 100644
|
||||||
|
--- a/source3/utils/net_rpc.c
|
||||||
|
+++ b/source3/utils/net_rpc.c
|
||||||
|
@@ -6195,9 +6195,12 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c,
|
||||||
|
|
||||||
|
ZERO_STRUCT(info.info23);
|
||||||
|
|
||||||
|
- init_samr_CryptPassword(argv[1],
|
||||||
|
- &session_key,
|
||||||
|
- &crypt_pwd);
|
||||||
|
+ status = init_samr_CryptPassword(argv[1],
|
||||||
|
+ &session_key,
|
||||||
|
+ &crypt_pwd);
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ goto done;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
info.info23.info.fields_present = SAMR_FIELD_ACCT_FLAGS |
|
||||||
|
SAMR_FIELD_NT_PASSWORD_PRESENT;
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,199 @@
|
|||||||
|
From 97f9ec9431ebf22ae06f61c97c183e04b59d6e7f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 29 May 2019 17:16:26 +0200
|
||||||
|
Subject: [PATCH 009/187] s3:rpc_client: Return NTSTATUS for
|
||||||
|
init_samr_CryptPasswordEx()
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 7915a48e53c8f72ba56da2f433427b961feeb16f)
|
||||||
|
---
|
||||||
|
source3/lib/netapi/user.c | 9 ++++---
|
||||||
|
source3/libnet/libnet_join.c | 9 ++++---
|
||||||
|
source3/rpc_client/init_samr.c | 27 +++++++++++++++------
|
||||||
|
source3/rpc_client/init_samr.h | 6 ++---
|
||||||
|
source3/rpc_server/netlogon/srv_netlog_nt.c | 9 ++++---
|
||||||
|
source3/rpcclient/cmd_samr.c | 5 +++-
|
||||||
|
6 files changed, 44 insertions(+), 21 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c
|
||||||
|
index 2136ef47ee6..827b7902040 100644
|
||||||
|
--- a/source3/lib/netapi/user.c
|
||||||
|
+++ b/source3/lib/netapi/user.c
|
||||||
|
@@ -313,9 +313,12 @@ static NTSTATUS set_user_info_USER_INFO_X(TALLOC_CTX *ctx,
|
||||||
|
|
||||||
|
user_info.info25.info = info21;
|
||||||
|
|
||||||
|
- init_samr_CryptPasswordEx(uX->usriX_password,
|
||||||
|
- session_key,
|
||||||
|
- &user_info.info25.password);
|
||||||
|
+ status = init_samr_CryptPasswordEx(uX->usriX_password,
|
||||||
|
+ session_key,
|
||||||
|
+ &user_info.info25.password);
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ return status;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
status = dcerpc_samr_SetUserInfo2(b, talloc_tos(),
|
||||||
|
user_handle,
|
||||||
|
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
|
||||||
|
index abf8672d050..eb8e0ea17f7 100644
|
||||||
|
--- a/source3/libnet/libnet_join.c
|
||||||
|
+++ b/source3/libnet/libnet_join.c
|
||||||
|
@@ -1553,9 +1553,12 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
|
||||||
|
*/
|
||||||
|
old_timeout = rpccli_set_timeout(pipe_hnd, 600000);
|
||||||
|
|
||||||
|
- init_samr_CryptPasswordEx(r->in.machine_password,
|
||||||
|
- &session_key,
|
||||||
|
- &crypt_pwd_ex);
|
||||||
|
+ status = init_samr_CryptPasswordEx(r->in.machine_password,
|
||||||
|
+ &session_key,
|
||||||
|
+ &crypt_pwd_ex);
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ goto error;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
user_info.info26.password = crypt_pwd_ex;
|
||||||
|
user_info.info26.password_expired = PASS_DONT_CHANGE_AT_NEXT_LOGON;
|
||||||
|
diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c
|
||||||
|
index 8b41ec2f10f..5f6cbc5d3c7 100644
|
||||||
|
--- a/source3/rpc_client/init_samr.c
|
||||||
|
+++ b/source3/rpc_client/init_samr.c
|
||||||
|
@@ -22,6 +22,7 @@
|
||||||
|
#include "../lib/crypto/arcfour.h"
|
||||||
|
#include "rpc_client/init_samr.h"
|
||||||
|
|
||||||
|
+#include "lib/crypto/gnutls_helpers.h"
|
||||||
|
#include <gnutls/gnutls.h>
|
||||||
|
#include <gnutls/crypto.h>
|
||||||
|
|
||||||
|
@@ -29,9 +30,9 @@
|
||||||
|
inits a samr_CryptPasswordEx structure
|
||||||
|
*************************************************************************/
|
||||||
|
|
||||||
|
-void init_samr_CryptPasswordEx(const char *pwd,
|
||||||
|
- DATA_BLOB *session_key,
|
||||||
|
- struct samr_CryptPasswordEx *pwd_buf)
|
||||||
|
+NTSTATUS init_samr_CryptPasswordEx(const char *pwd,
|
||||||
|
+ DATA_BLOB *session_key,
|
||||||
|
+ struct samr_CryptPasswordEx *pwd_buf)
|
||||||
|
{
|
||||||
|
/* samr_CryptPasswordEx */
|
||||||
|
|
||||||
|
@@ -39,42 +40,52 @@ void init_samr_CryptPasswordEx(const char *pwd,
|
||||||
|
gnutls_hash_hd_t hash_hnd = NULL;
|
||||||
|
uint8_t confounder[16];
|
||||||
|
DATA_BLOB confounded_session_key = data_blob(NULL, 16);
|
||||||
|
+ NTSTATUS status;
|
||||||
|
+ bool ok;
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
- encode_pw_buffer(pwbuf, pwd, STR_UNICODE);
|
||||||
|
+ ok = encode_pw_buffer(pwbuf, pwd, STR_UNICODE);
|
||||||
|
+ if (!ok) {
|
||||||
|
+ status = NT_STATUS_INTERNAL_ERROR;
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
generate_random_buffer((uint8_t *)confounder, 16);
|
||||||
|
|
||||||
|
rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
|
||||||
|
if (rc < 0) {
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = gnutls_hash(hash_hnd, confounder, 16);
|
||||||
|
if (rc < 0) {
|
||||||
|
gnutls_hash_deinit(hash_hnd, NULL);
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
rc = gnutls_hash(hash_hnd, session_key->data, session_key->length);
|
||||||
|
if (rc < 0) {
|
||||||
|
gnutls_hash_deinit(hash_hnd, NULL);
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
|
||||||
|
|
||||||
|
arcfour_crypt_blob(pwbuf, 516, &confounded_session_key);
|
||||||
|
- ZERO_ARRAY_LEN(confounded_session_key.data,
|
||||||
|
- confounded_session_key.length);
|
||||||
|
- data_blob_free(&confounded_session_key);
|
||||||
|
+ data_blob_clear_free(&confounded_session_key);
|
||||||
|
|
||||||
|
memcpy(&pwbuf[516], confounder, 16);
|
||||||
|
ZERO_ARRAY(confounder);
|
||||||
|
|
||||||
|
memcpy(pwd_buf->data, pwbuf, sizeof(pwbuf));
|
||||||
|
ZERO_ARRAY(pwbuf);
|
||||||
|
+
|
||||||
|
+ status = NT_STATUS_OK;
|
||||||
|
out:
|
||||||
|
- return;
|
||||||
|
+ data_blob_clear_free(&confounded_session_key);
|
||||||
|
+ return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*************************************************************************
|
||||||
|
diff --git a/source3/rpc_client/init_samr.h b/source3/rpc_client/init_samr.h
|
||||||
|
index 4214ab55a04..3f0dc847dd2 100644
|
||||||
|
--- a/source3/rpc_client/init_samr.h
|
||||||
|
+++ b/source3/rpc_client/init_samr.h
|
||||||
|
@@ -22,9 +22,9 @@
|
||||||
|
|
||||||
|
/* The following definitions come from rpc_client/init_samr.c */
|
||||||
|
|
||||||
|
-void init_samr_CryptPasswordEx(const char *pwd,
|
||||||
|
- DATA_BLOB *session_key,
|
||||||
|
- struct samr_CryptPasswordEx *pwd_buf);
|
||||||
|
+NTSTATUS init_samr_CryptPasswordEx(const char *pwd,
|
||||||
|
+ DATA_BLOB *session_key,
|
||||||
|
+ struct samr_CryptPasswordEx *pwd_buf);
|
||||||
|
NTSTATUS init_samr_CryptPassword(const char *pwd,
|
||||||
|
DATA_BLOB *session_key,
|
||||||
|
struct samr_CryptPassword *pwd_buf);
|
||||||
|
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
|
||||||
|
index c9aaa90cbb9..d5267bf7062 100644
|
||||||
|
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
|
||||||
|
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
|
||||||
|
@@ -1226,9 +1226,12 @@ static NTSTATUS netr_set_machine_account_password(TALLOC_CTX *mem_ctx,
|
||||||
|
|
||||||
|
infolevel = UserInternal5InformationNew;
|
||||||
|
|
||||||
|
- init_samr_CryptPasswordEx(cr->creds.password,
|
||||||
|
- &session_key,
|
||||||
|
- &info26.password);
|
||||||
|
+ status = init_samr_CryptPasswordEx(cr->creds.password,
|
||||||
|
+ &session_key,
|
||||||
|
+ &info26.password);
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
info26.password_expired = PASS_DONT_CHANGE_AT_NEXT_LOGON;
|
||||||
|
info->info26 = info26;
|
||||||
|
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
|
||||||
|
index ccaec1ada40..b1b7c06515c 100644
|
||||||
|
--- a/source3/rpcclient/cmd_samr.c
|
||||||
|
+++ b/source3/rpcclient/cmd_samr.c
|
||||||
|
@@ -3067,7 +3067,10 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
|
||||||
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
- init_samr_CryptPasswordEx(param, &session_key, &pwd_buf_ex);
|
||||||
|
+ status = init_samr_CryptPasswordEx(param, &session_key, &pwd_buf_ex);
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ return status;
|
||||||
|
+ }
|
||||||
|
nt_lm_owf_gen(param, nt_hash, lm_hash);
|
||||||
|
|
||||||
|
switch (level) {
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,115 @@
|
|||||||
|
From 6125794925d054da191cf6c21a76ceb904848710 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 29 May 2019 14:57:52 +0200
|
||||||
|
Subject: [PATCH 010/187] libcli:auth: Return NTSTATUS for
|
||||||
|
encode_or_decode_arc4_passwd_buffer()
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 57dd415ba49b9621deddf604a5bf148c10ebc37e)
|
||||||
|
---
|
||||||
|
libcli/auth/proto.h | 3 ++-
|
||||||
|
libcli/auth/smbencrypt.c | 10 ++++++++--
|
||||||
|
source3/rpc_server/samr/srv_samr_nt.c | 10 ++++++++--
|
||||||
|
3 files changed, 18 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
|
||||||
|
index afd7f0d148d..651f1139cf5 100644
|
||||||
|
--- a/libcli/auth/proto.h
|
||||||
|
+++ b/libcli/auth/proto.h
|
||||||
|
@@ -184,7 +184,8 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,
|
||||||
|
/***********************************************************
|
||||||
|
Decode an arc4 encrypted password change buffer.
|
||||||
|
************************************************************/
|
||||||
|
-void encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532], const DATA_BLOB *psession_key);
|
||||||
|
+NTSTATUS encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532],
|
||||||
|
+ const DATA_BLOB *psession_key);
|
||||||
|
|
||||||
|
/***********************************************************
|
||||||
|
encode a password buffer with an already unicode password. The
|
||||||
|
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
|
||||||
|
index a74ccf09b02..ae97f3cc93e 100644
|
||||||
|
--- a/libcli/auth/smbencrypt.c
|
||||||
|
+++ b/libcli/auth/smbencrypt.c
|
||||||
|
@@ -843,27 +843,32 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,
|
||||||
|
Decode an arc4 encrypted password change buffer.
|
||||||
|
************************************************************/
|
||||||
|
|
||||||
|
-void encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532], const DATA_BLOB *psession_key)
|
||||||
|
+NTSTATUS encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532],
|
||||||
|
+ const DATA_BLOB *psession_key)
|
||||||
|
{
|
||||||
|
gnutls_hash_hd_t hash_hnd = NULL;
|
||||||
|
unsigned char key_out[16];
|
||||||
|
+ NTSTATUS status;
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
/* Confounder is last 16 bytes. */
|
||||||
|
|
||||||
|
rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
|
||||||
|
if (rc < 0) {
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = gnutls_hash(hash_hnd, &pw_buf[516], 16);
|
||||||
|
if (rc < 0) {
|
||||||
|
gnutls_hash_deinit(hash_hnd, NULL);
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
rc = gnutls_hash(hash_hnd, psession_key->data, psession_key->length);
|
||||||
|
if (rc < 0) {
|
||||||
|
gnutls_hash_deinit(hash_hnd, NULL);
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
gnutls_hash_deinit(hash_hnd, key_out);
|
||||||
|
@@ -873,8 +878,9 @@ void encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532], const DATA_B
|
||||||
|
|
||||||
|
ZERO_ARRAY(key_out);
|
||||||
|
|
||||||
|
+ status = NT_STATUS_OK;
|
||||||
|
out:
|
||||||
|
- return;
|
||||||
|
+ return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
/***********************************************************
|
||||||
|
diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
|
||||||
|
index 124d6d38cd7..c2be8bfc19a 100644
|
||||||
|
--- a/source3/rpc_server/samr/srv_samr_nt.c
|
||||||
|
+++ b/source3/rpc_server/samr/srv_samr_nt.c
|
||||||
|
@@ -5185,9 +5185,12 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
|
||||||
|
if(!NT_STATUS_IS_OK(status)) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
- encode_or_decode_arc4_passwd_buffer(
|
||||||
|
+ status = encode_or_decode_arc4_passwd_buffer(
|
||||||
|
info->info25.password.data,
|
||||||
|
&session_key);
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
dump_data(100, info->info25.password.data, 532);
|
||||||
|
|
||||||
|
@@ -5201,9 +5204,12 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
|
||||||
|
if(!NT_STATUS_IS_OK(status)) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
- encode_or_decode_arc4_passwd_buffer(
|
||||||
|
+ status = encode_or_decode_arc4_passwd_buffer(
|
||||||
|
info->info26.password.data,
|
||||||
|
&session_key);
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
dump_data(100, info->info26.password.data, 516);
|
||||||
|
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,234 @@
|
|||||||
|
From f0d4f6ec31079506b01502f7b515245ace03227d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Fri, 5 Jul 2019 09:39:02 +0200
|
||||||
|
Subject: [PATCH 011/187] libcli:auth: Add test for decoding an RC4 password
|
||||||
|
buffer
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 7ccc76f951a626a25d553ac85c5bf30eb29ffa2b)
|
||||||
|
---
|
||||||
|
libcli/auth/tests/test_rc4_passwd_buffer.c | 177 +++++++++++++++++++++
|
||||||
|
libcli/auth/wscript_build | 9 ++
|
||||||
|
selftest/tests.py | 2 +
|
||||||
|
3 files changed, 188 insertions(+)
|
||||||
|
create mode 100644 libcli/auth/tests/test_rc4_passwd_buffer.c
|
||||||
|
|
||||||
|
diff --git a/libcli/auth/tests/test_rc4_passwd_buffer.c b/libcli/auth/tests/test_rc4_passwd_buffer.c
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000000..f40ac3a5655
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/libcli/auth/tests/test_rc4_passwd_buffer.c
|
||||||
|
@@ -0,0 +1,177 @@
|
||||||
|
+/*
|
||||||
|
+ * Unix SMB/CIFS implementation.
|
||||||
|
+ *
|
||||||
|
+ * Copyright (C) 2018-2019 Andreas Schneider <asn@samba.org>
|
||||||
|
+ *
|
||||||
|
+ * This program is free software; you can redistribute it and/or modify
|
||||||
|
+ * it under the terms of the GNU General Public License as published by
|
||||||
|
+ * the Free Software Foundation; either version 3 of the License, or
|
||||||
|
+ * (at your option) any later version.
|
||||||
|
+ *
|
||||||
|
+ * This program is distributed in the hope that it will be useful,
|
||||||
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
+ * GNU General Public License for more details.
|
||||||
|
+ *
|
||||||
|
+ * You should have received a copy of the GNU General Public License
|
||||||
|
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#include <stdarg.h>
|
||||||
|
+#include <stddef.h>
|
||||||
|
+#include <stdint.h>
|
||||||
|
+#include <setjmp.h>
|
||||||
|
+#include <cmocka.h>
|
||||||
|
+
|
||||||
|
+#include "includes.h"
|
||||||
|
+#include "libcli/auth/libcli_auth.h"
|
||||||
|
+#include "rpc_client/init_samr.h"
|
||||||
|
+
|
||||||
|
+#define PASSWORD "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
|
||||||
|
+
|
||||||
|
+static const uint8_t encrypted_test_blob[] = {
|
||||||
|
+ 0x37, 0x8e, 0x1d, 0xd5, 0xd3, 0x9f, 0xca, 0x8e,
|
||||||
|
+ 0x2f, 0x2d, 0xee, 0xc3, 0xb5, 0x50, 0xcd, 0x4e,
|
||||||
|
+ 0xc9, 0x08, 0x04, 0x68, 0x32, 0xc3, 0xac, 0x8e,
|
||||||
|
+ 0x53, 0x69, 0xd6, 0xb7, 0x56, 0xcc, 0xc0, 0xbe,
|
||||||
|
+ 0x4e, 0x96, 0xa7, 0x74, 0xe9, 0xaa, 0x10, 0x3d,
|
||||||
|
+ 0xd5, 0x8c, 0xaa, 0x12, 0x56, 0xb6, 0xf1, 0x85,
|
||||||
|
+ 0x21, 0xfa, 0xe9, 0xa1, 0x76, 0xe6, 0xa5, 0x33,
|
||||||
|
+ 0x33, 0x2f, 0x47, 0x29, 0xd6, 0xbd, 0xde, 0x64,
|
||||||
|
+ 0x4d, 0x15, 0x3e, 0x6a, 0x11, 0x9b, 0x52, 0xbf,
|
||||||
|
+ 0x7e, 0x3a, 0xeb, 0x1c, 0x55, 0xd1, 0xb2, 0xa4,
|
||||||
|
+ 0x35, 0x03, 0x6c, 0x39, 0x61, 0x28, 0x98, 0xc3,
|
||||||
|
+ 0x2d, 0xd4, 0x70, 0x69, 0x8b, 0x83, 0xe9, 0x62,
|
||||||
|
+ 0xbe, 0xd8, 0x72, 0x4e, 0xdf, 0xd4, 0xe9, 0xe3,
|
||||||
|
+ 0x46, 0x2a, 0xf9, 0x3c, 0x0f, 0x41, 0x62, 0xe1,
|
||||||
|
+ 0x43, 0xf0, 0x91, 0xbe, 0x72, 0xa0, 0xc9, 0x08,
|
||||||
|
+ 0x73, 0x20, 0x1f, 0x0d, 0x68, 0x2e, 0x32, 0xa1,
|
||||||
|
+ 0xb8, 0x9b, 0x08, 0xa1, 0xb4, 0x81, 0x6b, 0xf1,
|
||||||
|
+ 0xde, 0x0c, 0x28, 0x34, 0xe2, 0x65, 0x62, 0x54,
|
||||||
|
+ 0xeb, 0xc0, 0x71, 0x14, 0xad, 0x36, 0x43, 0x0e,
|
||||||
|
+ 0x92, 0x4d, 0x11, 0xe8, 0xdd, 0x2d, 0x5f, 0x05,
|
||||||
|
+ 0xff, 0x07, 0xda, 0x81, 0x4e, 0x27, 0x42, 0xa8,
|
||||||
|
+ 0xa9, 0x64, 0x4c, 0x74, 0xc8, 0x05, 0xbb, 0x83,
|
||||||
|
+ 0x5a, 0xd9, 0x90, 0x3e, 0x0d, 0x9d, 0xe5, 0x2f,
|
||||||
|
+ 0x08, 0xf9, 0x1b, 0xbd, 0x26, 0xc3, 0x0d, 0xac,
|
||||||
|
+ 0x43, 0xd5, 0x17, 0xf2, 0x61, 0xf5, 0x74, 0x9b,
|
||||||
|
+ 0xf3, 0x5b, 0x5f, 0xe1, 0x8a, 0xa6, 0xfd, 0xdf,
|
||||||
|
+ 0xff, 0xb5, 0x8b, 0xf1, 0x26, 0xf7, 0xe0, 0xa7,
|
||||||
|
+ 0x4f, 0x5b, 0xb8, 0x6d, 0xeb, 0xf6, 0x52, 0x68,
|
||||||
|
+ 0x8d, 0xa3, 0xd4, 0x7f, 0x56, 0x43, 0xaa, 0xec,
|
||||||
|
+ 0x58, 0x47, 0x03, 0xee, 0x9b, 0x59, 0xd9, 0x78,
|
||||||
|
+ 0x9a, 0xfb, 0x9e, 0xe9, 0xa6, 0x61, 0x4e, 0x6d,
|
||||||
|
+ 0x92, 0x35, 0xd3, 0x37, 0x6e, 0xf2, 0x34, 0x39,
|
||||||
|
+ 0xd4, 0xd2, 0xeb, 0xcf, 0x1c, 0x10, 0xb3, 0x2b,
|
||||||
|
+ 0x3e, 0x07, 0x42, 0x3e, 0x20, 0x90, 0x07, 0x3e,
|
||||||
|
+ 0xc7, 0xed, 0xd4, 0xdf, 0x50, 0xe5, 0xff, 0xaf,
|
||||||
|
+ 0x05, 0xce, 0x29, 0xbe, 0x01, 0xf8, 0xb0, 0x30,
|
||||||
|
+ 0x96, 0xae, 0x1b, 0x62, 0x23, 0x93, 0x91, 0x1a,
|
||||||
|
+ 0x52, 0x98, 0xd9, 0x59, 0xb8, 0x11, 0xec, 0xb8,
|
||||||
|
+ 0xcf, 0x20, 0x32, 0x90, 0x9e, 0xf2, 0x06, 0x43,
|
||||||
|
+ 0xb8, 0x36, 0xe3, 0x33, 0x4e, 0x6f, 0x75, 0xeb,
|
||||||
|
+ 0xf7, 0x6c, 0xac, 0x06, 0x5f, 0x24, 0x8e, 0x4a,
|
||||||
|
+ 0x03, 0xdf, 0x50, 0x31, 0xaa, 0x91, 0xd5, 0x85,
|
||||||
|
+ 0x95, 0x78, 0x5b, 0xf4, 0x7f, 0x3e, 0xbc, 0x41,
|
||||||
|
+ 0xfa, 0x10, 0xd3, 0x0f, 0x86, 0x8b, 0x23, 0xed,
|
||||||
|
+ 0xfc, 0xcc, 0x3e, 0x7d, 0x8c, 0xb4, 0x7c, 0xec,
|
||||||
|
+ 0x04, 0x7d, 0x12, 0x53, 0xa1, 0x30, 0xc5, 0xac,
|
||||||
|
+ 0xf3, 0x1e, 0x54, 0x1f, 0x97, 0x05, 0x86, 0x74,
|
||||||
|
+ 0x51, 0x13, 0x45, 0x98, 0xb8, 0x50, 0x62, 0x18,
|
||||||
|
+ 0x0f, 0x6d, 0x66, 0xa4, 0x88, 0x31, 0x76, 0xa3,
|
||||||
|
+ 0xb0, 0x75, 0x55, 0x44, 0x18, 0x7c, 0x67, 0xc7,
|
||||||
|
+ 0x09, 0x9c, 0xab, 0x53, 0x49, 0xc0, 0xc9, 0x27,
|
||||||
|
+ 0x53, 0xa6, 0x99, 0x01, 0x10, 0x49, 0x67, 0x8e,
|
||||||
|
+ 0x5b, 0x12, 0x96, 0x40, 0x16, 0x39, 0x11, 0x53,
|
||||||
|
+ 0x44, 0x8f, 0xa9, 0xbe, 0x84, 0xbe, 0xe0, 0x45,
|
||||||
|
+ 0xe3, 0xfd, 0x48, 0x46, 0x43, 0x53, 0x13, 0x5f,
|
||||||
|
+ 0xfa, 0xcf, 0x09, 0x67, 0x90, 0xa3, 0x94, 0xaa,
|
||||||
|
+ 0x0d, 0x1f, 0xc2, 0xc3, 0xd4, 0x7e, 0xc8, 0x14,
|
||||||
|
+ 0xbe, 0x84, 0xa5, 0x55, 0xee, 0x49, 0x8e, 0x03,
|
||||||
|
+ 0x1d, 0xaf, 0xad, 0x65, 0x2f, 0xf0, 0xd5, 0x90,
|
||||||
|
+ 0x5e, 0x8d, 0x29, 0x40, 0xba, 0x57, 0x26, 0xa8,
|
||||||
|
+ 0x6c, 0x4b, 0x59, 0x40, 0x4e, 0xc2, 0xc4, 0x88,
|
||||||
|
+ 0x0a, 0x06, 0x2b, 0x6c, 0x2a, 0xc7, 0x3f, 0xfe,
|
||||||
|
+ 0x37, 0x2c, 0x41, 0x58, 0xfe, 0x7e, 0xaf, 0xd1,
|
||||||
|
+ 0xd9, 0xd2, 0x9c, 0xd7, 0x8a, 0x01, 0x0e, 0x8c,
|
||||||
|
+ 0x9e, 0x8b, 0x5d, 0x72, 0x54, 0x00, 0xbe, 0xb2,
|
||||||
|
+ 0x9a, 0xc7, 0xfd, 0x83, 0x1e, 0x9c, 0x79, 0xdd,
|
||||||
|
+ 0x15, 0x13, 0xdc, 0x15,
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static void torture_decode_rc4_passwd_buffer(void **state)
|
||||||
|
+{
|
||||||
|
+ char *password_decoded = NULL;
|
||||||
|
+ size_t password_decoded_len = 0;
|
||||||
|
+ DATA_BLOB session_key = data_blob_const("SystemLibraryDTC", 16);
|
||||||
|
+ struct samr_CryptPasswordEx out_pwd_buf = {
|
||||||
|
+ .data = {0},
|
||||||
|
+ };
|
||||||
|
+ NTSTATUS status;
|
||||||
|
+ bool ok;
|
||||||
|
+
|
||||||
|
+ memcpy(out_pwd_buf.data,
|
||||||
|
+ encrypted_test_blob,
|
||||||
|
+ sizeof(out_pwd_buf.data));
|
||||||
|
+
|
||||||
|
+ status = encode_or_decode_arc4_passwd_buffer(out_pwd_buf.data,
|
||||||
|
+ &session_key);
|
||||||
|
+ assert_true(NT_STATUS_IS_OK(status));
|
||||||
|
+
|
||||||
|
+ ok = decode_pw_buffer(NULL,
|
||||||
|
+ out_pwd_buf.data,
|
||||||
|
+ &password_decoded,
|
||||||
|
+ &password_decoded_len,
|
||||||
|
+ CH_UTF16);
|
||||||
|
+ assert_true(ok);
|
||||||
|
+ assert_int_equal(password_decoded_len, strlen(PASSWORD));
|
||||||
|
+ assert_string_equal(password_decoded, PASSWORD);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static void torture_rc4_passwd_buffer(void **state)
|
||||||
|
+{
|
||||||
|
+ char *password_decoded = NULL;
|
||||||
|
+ size_t password_decoded_len = 0;
|
||||||
|
+ DATA_BLOB session_key = data_blob_const("SystemLibraryDTC", 16);
|
||||||
|
+ struct samr_CryptPasswordEx out_pwd_buf = {
|
||||||
|
+ .data = {0},
|
||||||
|
+ };
|
||||||
|
+ NTSTATUS status;
|
||||||
|
+ bool ok;
|
||||||
|
+
|
||||||
|
+ status = init_samr_CryptPasswordEx(PASSWORD,
|
||||||
|
+ &session_key,
|
||||||
|
+ &out_pwd_buf);
|
||||||
|
+ assert_true(NT_STATUS_IS_OK(status));
|
||||||
|
+
|
||||||
|
+ status = encode_or_decode_arc4_passwd_buffer(out_pwd_buf.data,
|
||||||
|
+ &session_key);
|
||||||
|
+ assert_true(NT_STATUS_IS_OK(status));
|
||||||
|
+
|
||||||
|
+ ok = decode_pw_buffer(NULL,
|
||||||
|
+ out_pwd_buf.data,
|
||||||
|
+ &password_decoded,
|
||||||
|
+ &password_decoded_len,
|
||||||
|
+ CH_UTF16);
|
||||||
|
+ assert_true(ok);
|
||||||
|
+ assert_int_equal(password_decoded_len, strlen(PASSWORD));
|
||||||
|
+ assert_string_equal(password_decoded, PASSWORD);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+int main(int argc, char *argv[])
|
||||||
|
+{
|
||||||
|
+ int rc;
|
||||||
|
+ const struct CMUnitTest tests[] = {
|
||||||
|
+ cmocka_unit_test(torture_decode_rc4_passwd_buffer),
|
||||||
|
+ cmocka_unit_test(torture_rc4_passwd_buffer),
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ if (argc == 2) {
|
||||||
|
+ cmocka_set_test_filter(argv[1]);
|
||||||
|
+ }
|
||||||
|
+ cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
|
||||||
|
+
|
||||||
|
+ rc = cmocka_run_group_tests(tests, NULL, NULL);
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
diff --git a/libcli/auth/wscript_build b/libcli/auth/wscript_build
|
||||||
|
index 04e2b09eadf..eabf3814ba1 100644
|
||||||
|
--- a/libcli/auth/wscript_build
|
||||||
|
+++ b/libcli/auth/wscript_build
|
||||||
|
@@ -62,3 +62,12 @@ bld.SAMBA_BINARY('test_schannel',
|
||||||
|
cmocka
|
||||||
|
''',
|
||||||
|
install=False)
|
||||||
|
+
|
||||||
|
+bld.SAMBA_BINARY('test_rc4_passwd_buffer',
|
||||||
|
+ source='tests/test_rc4_passwd_buffer.c',
|
||||||
|
+ deps='''
|
||||||
|
+ INIT_SAMR
|
||||||
|
+ LIBCLI_AUTH
|
||||||
|
+ cmocka
|
||||||
|
+ ''',
|
||||||
|
+ install=False)
|
||||||
|
diff --git a/selftest/tests.py b/selftest/tests.py
|
||||||
|
index bbb5709ee47..c91d9b445fe 100644
|
||||||
|
--- a/selftest/tests.py
|
||||||
|
+++ b/selftest/tests.py
|
||||||
|
@@ -392,6 +392,8 @@ plantestsuite("samba.unittests.ntlm_check", "none",
|
||||||
|
[os.path.join(bindir(), "default/libcli/auth/test_ntlm_check")])
|
||||||
|
plantestsuite("samba.unittests.schannel", "none",
|
||||||
|
[os.path.join(bindir(), "default/libcli/auth/test_schannel")])
|
||||||
|
+plantestsuite("samba.unittests.rc4_passwd_buffer", "none",
|
||||||
|
+ [os.path.join(bindir(), "default/libcli/auth/test_rc4_passwd_buffer")])
|
||||||
|
plantestsuite("samba.unittests.test_registry_regfio", "none",
|
||||||
|
[os.path.join(bindir(), "default/source3/test_registry_regfio")])
|
||||||
|
plantestsuite("samba.unittests.test_oLschema2ldif", "none",
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,94 @@
|
|||||||
|
From 6546e97d27e45db9cbfd2f7d8c4838b2fd8d6a6a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Thu, 4 Jul 2019 16:22:48 +0200
|
||||||
|
Subject: [PATCH 012/187] s3:rpc_client: Use
|
||||||
|
samba_gnutls_arcfour_confounded_md5 in init_samr_CryptPasswordEx
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 2075019ca90d7d474003c87b2f0202239891eba5)
|
||||||
|
---
|
||||||
|
source3/rpc_client/init_samr.c | 50 ++++++++++------------------------
|
||||||
|
1 file changed, 15 insertions(+), 35 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c
|
||||||
|
index 5f6cbc5d3c7..3968dfea99f 100644
|
||||||
|
--- a/source3/rpc_client/init_samr.c
|
||||||
|
+++ b/source3/rpc_client/init_samr.c
|
||||||
|
@@ -36,56 +36,36 @@ NTSTATUS init_samr_CryptPasswordEx(const char *pwd,
|
||||||
|
{
|
||||||
|
/* samr_CryptPasswordEx */
|
||||||
|
|
||||||
|
- uint8_t pwbuf[532];
|
||||||
|
- gnutls_hash_hd_t hash_hnd = NULL;
|
||||||
|
- uint8_t confounder[16];
|
||||||
|
- DATA_BLOB confounded_session_key = data_blob(NULL, 16);
|
||||||
|
- NTSTATUS status;
|
||||||
|
+ uint8_t _confounder[16] = {0};
|
||||||
|
+ DATA_BLOB confounder = data_blob_const(_confounder, 16);
|
||||||
|
+ uint8_t pwbuf[532] = {0};
|
||||||
|
+ DATA_BLOB encrypt_pwbuf = data_blob_const(pwbuf, 516);
|
||||||
|
bool ok;
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
ok = encode_pw_buffer(pwbuf, pwd, STR_UNICODE);
|
||||||
|
if (!ok) {
|
||||||
|
- status = NT_STATUS_INTERNAL_ERROR;
|
||||||
|
- goto out;
|
||||||
|
+ return NT_STATUS_INTERNAL_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
- generate_random_buffer((uint8_t *)confounder, 16);
|
||||||
|
+ generate_random_buffer(_confounder, sizeof(_confounder));
|
||||||
|
|
||||||
|
- rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
|
||||||
|
+ rc = samba_gnutls_arcfour_confounded_md5(&confounder,
|
||||||
|
+ session_key,
|
||||||
|
+ &encrypt_pwbuf,
|
||||||
|
+ SAMBA_GNUTLS_ENCRYPT);
|
||||||
|
if (rc < 0) {
|
||||||
|
- status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
||||||
|
- goto out;
|
||||||
|
+ ZERO_ARRAY(_confounder);
|
||||||
|
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
|
||||||
|
}
|
||||||
|
|
||||||
|
- rc = gnutls_hash(hash_hnd, confounder, 16);
|
||||||
|
- if (rc < 0) {
|
||||||
|
- gnutls_hash_deinit(hash_hnd, NULL);
|
||||||
|
- status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
- rc = gnutls_hash(hash_hnd, session_key->data, session_key->length);
|
||||||
|
- if (rc < 0) {
|
||||||
|
- gnutls_hash_deinit(hash_hnd, NULL);
|
||||||
|
- status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
|
||||||
|
-
|
||||||
|
- arcfour_crypt_blob(pwbuf, 516, &confounded_session_key);
|
||||||
|
- data_blob_clear_free(&confounded_session_key);
|
||||||
|
-
|
||||||
|
- memcpy(&pwbuf[516], confounder, 16);
|
||||||
|
- ZERO_ARRAY(confounder);
|
||||||
|
+ memcpy(&pwbuf[516], confounder.data, confounder.length);
|
||||||
|
+ ZERO_ARRAY(_confounder);
|
||||||
|
|
||||||
|
memcpy(pwd_buf->data, pwbuf, sizeof(pwbuf));
|
||||||
|
ZERO_ARRAY(pwbuf);
|
||||||
|
|
||||||
|
- status = NT_STATUS_OK;
|
||||||
|
-out:
|
||||||
|
- data_blob_clear_free(&confounded_session_key);
|
||||||
|
- return status;
|
||||||
|
+ return NT_STATUS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*************************************************************************
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,65 @@
|
|||||||
|
From 9913d8e981dd39fd1f7e260644f35aa6718c9bd2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 16 Jan 2019 13:15:08 +0100
|
||||||
|
Subject: [PATCH 013/187] s3:rpc_client: Use GnuTLS RC4 in
|
||||||
|
init_samr_CryptPassword()
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 95db9a81db093488e625b4ef385a184a5e517ede)
|
||||||
|
---
|
||||||
|
source3/rpc_client/init_samr.c | 23 +++++++++++++++++++++--
|
||||||
|
1 file changed, 21 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c
|
||||||
|
index 3968dfea99f..0eb50c54525 100644
|
||||||
|
--- a/source3/rpc_client/init_samr.c
|
||||||
|
+++ b/source3/rpc_client/init_samr.c
|
||||||
|
@@ -19,7 +19,6 @@
|
||||||
|
|
||||||
|
#include "includes.h"
|
||||||
|
#include "../libcli/auth/libcli_auth.h"
|
||||||
|
-#include "../lib/crypto/arcfour.h"
|
||||||
|
#include "rpc_client/init_samr.h"
|
||||||
|
|
||||||
|
#include "lib/crypto/gnutls_helpers.h"
|
||||||
|
@@ -77,13 +76,33 @@ NTSTATUS init_samr_CryptPassword(const char *pwd,
|
||||||
|
struct samr_CryptPassword *pwd_buf)
|
||||||
|
{
|
||||||
|
/* samr_CryptPassword */
|
||||||
|
+ gnutls_cipher_hd_t cipher_hnd = NULL;
|
||||||
|
+ gnutls_datum_t sess_key = {
|
||||||
|
+ .data = session_key->data,
|
||||||
|
+ .size = session_key->length,
|
||||||
|
+ };
|
||||||
|
bool ok;
|
||||||
|
+ int rc;
|
||||||
|
|
||||||
|
ok = encode_pw_buffer(pwd_buf->data, pwd, STR_UNICODE);
|
||||||
|
if (!ok) {
|
||||||
|
return NT_STATUS_INTERNAL_ERROR;
|
||||||
|
}
|
||||||
|
- arcfour_crypt_blob(pwd_buf->data, 516, session_key);
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &sess_key,
|
||||||
|
+ NULL);
|
||||||
|
+ if (rc != 0) {
|
||||||
|
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
|
||||||
|
+ }
|
||||||
|
+ rc = gnutls_cipher_encrypt(cipher_hnd,
|
||||||
|
+ pwd_buf->data,
|
||||||
|
+ 516);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
+ if (rc != 0) {
|
||||||
|
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
return NT_STATUS_OK;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,73 @@
|
|||||||
|
From 15ca4ae322f88f797c571ad7801a9e44a6262d73 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Fri, 5 Jul 2019 10:09:32 +0200
|
||||||
|
Subject: [PATCH 014/187] libcli:auth: Use
|
||||||
|
samba_gnutls_arcfour_confounded_md5() for rc4 passwd buffer
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit dea160820a393be51985a4e761a3f73da83972e7)
|
||||||
|
---
|
||||||
|
libcli/auth/smbencrypt.c | 39 +++++++++------------------------------
|
||||||
|
1 file changed, 9 insertions(+), 30 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
|
||||||
|
index ae97f3cc93e..17c1e1f69ff 100644
|
||||||
|
--- a/libcli/auth/smbencrypt.c
|
||||||
|
+++ b/libcli/auth/smbencrypt.c
|
||||||
|
@@ -846,41 +846,20 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,
|
||||||
|
NTSTATUS encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532],
|
||||||
|
const DATA_BLOB *psession_key)
|
||||||
|
{
|
||||||
|
- gnutls_hash_hd_t hash_hnd = NULL;
|
||||||
|
- unsigned char key_out[16];
|
||||||
|
- NTSTATUS status;
|
||||||
|
- int rc;
|
||||||
|
-
|
||||||
|
/* Confounder is last 16 bytes. */
|
||||||
|
+ DATA_BLOB confounder = data_blob_const(&pw_buf[516], 16);
|
||||||
|
+ DATA_BLOB pw_data = data_blob_const(pw_buf, 516);
|
||||||
|
+ int rc;
|
||||||
|
|
||||||
|
- rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
|
||||||
|
+ rc = samba_gnutls_arcfour_confounded_md5(&confounder,
|
||||||
|
+ psession_key,
|
||||||
|
+ &pw_data,
|
||||||
|
+ SAMBA_GNUTLS_DECRYPT);
|
||||||
|
if (rc < 0) {
|
||||||
|
- status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
||||||
|
- goto out;
|
||||||
|
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
|
||||||
|
}
|
||||||
|
|
||||||
|
- rc = gnutls_hash(hash_hnd, &pw_buf[516], 16);
|
||||||
|
- if (rc < 0) {
|
||||||
|
- gnutls_hash_deinit(hash_hnd, NULL);
|
||||||
|
- status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
- rc = gnutls_hash(hash_hnd, psession_key->data, psession_key->length);
|
||||||
|
- if (rc < 0) {
|
||||||
|
- gnutls_hash_deinit(hash_hnd, NULL);
|
||||||
|
- status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
- gnutls_hash_deinit(hash_hnd, key_out);
|
||||||
|
-
|
||||||
|
- /* arc4 with key_out. */
|
||||||
|
- arcfour_crypt(pw_buf, key_out, 516);
|
||||||
|
-
|
||||||
|
- ZERO_ARRAY(key_out);
|
||||||
|
-
|
||||||
|
- status = NT_STATUS_OK;
|
||||||
|
-out:
|
||||||
|
- return status;
|
||||||
|
+ return NT_STATUS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
/***********************************************************
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,97 @@
|
|||||||
|
From 228c16e06b82a3d7a33c2d4440aa258518c8c29f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Fri, 5 Jul 2019 10:12:43 +0200
|
||||||
|
Subject: [PATCH 015/187] libcli:auth: Rename
|
||||||
|
encode_or_decode_arc4_passwd_buffer()
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 89f8b028e2d595348f9996854488d7aa552ae905)
|
||||||
|
---
|
||||||
|
libcli/auth/proto.h | 4 ++--
|
||||||
|
libcli/auth/smbencrypt.c | 4 ++--
|
||||||
|
libcli/auth/tests/test_rc4_passwd_buffer.c | 6 ++----
|
||||||
|
source3/rpc_server/samr/srv_samr_nt.c | 4 ++--
|
||||||
|
4 files changed, 8 insertions(+), 10 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
|
||||||
|
index 651f1139cf5..1bcbeddb228 100644
|
||||||
|
--- a/libcli/auth/proto.h
|
||||||
|
+++ b/libcli/auth/proto.h
|
||||||
|
@@ -184,8 +184,8 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,
|
||||||
|
/***********************************************************
|
||||||
|
Decode an arc4 encrypted password change buffer.
|
||||||
|
************************************************************/
|
||||||
|
-NTSTATUS encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532],
|
||||||
|
- const DATA_BLOB *psession_key);
|
||||||
|
+NTSTATUS decode_rc4_passwd_buffer(unsigned char pw_buf[532],
|
||||||
|
+ const DATA_BLOB *psession_key);
|
||||||
|
|
||||||
|
/***********************************************************
|
||||||
|
encode a password buffer with an already unicode password. The
|
||||||
|
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
|
||||||
|
index 17c1e1f69ff..7e343f71577 100644
|
||||||
|
--- a/libcli/auth/smbencrypt.c
|
||||||
|
+++ b/libcli/auth/smbencrypt.c
|
||||||
|
@@ -843,8 +843,8 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,
|
||||||
|
Decode an arc4 encrypted password change buffer.
|
||||||
|
************************************************************/
|
||||||
|
|
||||||
|
-NTSTATUS encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532],
|
||||||
|
- const DATA_BLOB *psession_key)
|
||||||
|
+NTSTATUS decode_rc4_passwd_buffer(unsigned char pw_buf[532],
|
||||||
|
+ const DATA_BLOB *psession_key)
|
||||||
|
{
|
||||||
|
/* Confounder is last 16 bytes. */
|
||||||
|
DATA_BLOB confounder = data_blob_const(&pw_buf[516], 16);
|
||||||
|
diff --git a/libcli/auth/tests/test_rc4_passwd_buffer.c b/libcli/auth/tests/test_rc4_passwd_buffer.c
|
||||||
|
index f40ac3a5655..eb737703230 100644
|
||||||
|
--- a/libcli/auth/tests/test_rc4_passwd_buffer.c
|
||||||
|
+++ b/libcli/auth/tests/test_rc4_passwd_buffer.c
|
||||||
|
@@ -114,8 +114,7 @@ static void torture_decode_rc4_passwd_buffer(void **state)
|
||||||
|
encrypted_test_blob,
|
||||||
|
sizeof(out_pwd_buf.data));
|
||||||
|
|
||||||
|
- status = encode_or_decode_arc4_passwd_buffer(out_pwd_buf.data,
|
||||||
|
- &session_key);
|
||||||
|
+ status = decode_rc4_passwd_buffer(out_pwd_buf.data, &session_key);
|
||||||
|
assert_true(NT_STATUS_IS_OK(status));
|
||||||
|
|
||||||
|
ok = decode_pw_buffer(NULL,
|
||||||
|
@@ -144,8 +143,7 @@ static void torture_rc4_passwd_buffer(void **state)
|
||||||
|
&out_pwd_buf);
|
||||||
|
assert_true(NT_STATUS_IS_OK(status));
|
||||||
|
|
||||||
|
- status = encode_or_decode_arc4_passwd_buffer(out_pwd_buf.data,
|
||||||
|
- &session_key);
|
||||||
|
+ status = decode_rc4_passwd_buffer(out_pwd_buf.data, &session_key);
|
||||||
|
assert_true(NT_STATUS_IS_OK(status));
|
||||||
|
|
||||||
|
ok = decode_pw_buffer(NULL,
|
||||||
|
diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
|
||||||
|
index c2be8bfc19a..4dc9132511f 100644
|
||||||
|
--- a/source3/rpc_server/samr/srv_samr_nt.c
|
||||||
|
+++ b/source3/rpc_server/samr/srv_samr_nt.c
|
||||||
|
@@ -5185,7 +5185,7 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
|
||||||
|
if(!NT_STATUS_IS_OK(status)) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
- status = encode_or_decode_arc4_passwd_buffer(
|
||||||
|
+ status = decode_rc4_passwd_buffer(
|
||||||
|
info->info25.password.data,
|
||||||
|
&session_key);
|
||||||
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
@@ -5204,7 +5204,7 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
|
||||||
|
if(!NT_STATUS_IS_OK(status)) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
- status = encode_or_decode_arc4_passwd_buffer(
|
||||||
|
+ status = decode_rc4_passwd_buffer(
|
||||||
|
info->info26.password.data,
|
||||||
|
&session_key);
|
||||||
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,115 @@
|
|||||||
|
From 3eb3f3bdabd103c3858323e08a9180913c223e16 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Tue, 9 Jul 2019 12:53:31 +0200
|
||||||
|
Subject: [PATCH 016/187] libcli:auth: Pass samr_CryptPasswordEx to
|
||||||
|
decode_rc4_passwd_buffer()
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 79ca72ec3d13fea5d2ad608415757ca9870035a3)
|
||||||
|
---
|
||||||
|
libcli/auth/proto.h | 4 ++--
|
||||||
|
libcli/auth/smbencrypt.c | 8 ++++----
|
||||||
|
libcli/auth/tests/test_rc4_passwd_buffer.c | 5 +++--
|
||||||
|
source3/rpc_server/samr/srv_samr_nt.c | 10 ++++------
|
||||||
|
4 files changed, 13 insertions(+), 14 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
|
||||||
|
index 1bcbeddb228..a67c89d8552 100644
|
||||||
|
--- a/libcli/auth/proto.h
|
||||||
|
+++ b/libcli/auth/proto.h
|
||||||
|
@@ -184,8 +184,8 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,
|
||||||
|
/***********************************************************
|
||||||
|
Decode an arc4 encrypted password change buffer.
|
||||||
|
************************************************************/
|
||||||
|
-NTSTATUS decode_rc4_passwd_buffer(unsigned char pw_buf[532],
|
||||||
|
- const DATA_BLOB *psession_key);
|
||||||
|
+NTSTATUS decode_rc4_passwd_buffer(const DATA_BLOB *psession_key,
|
||||||
|
+ struct samr_CryptPasswordEx *inout_crypt_pwd);
|
||||||
|
|
||||||
|
/***********************************************************
|
||||||
|
encode a password buffer with an already unicode password. The
|
||||||
|
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
|
||||||
|
index 7e343f71577..b7b17130f07 100644
|
||||||
|
--- a/libcli/auth/smbencrypt.c
|
||||||
|
+++ b/libcli/auth/smbencrypt.c
|
||||||
|
@@ -843,12 +843,12 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,
|
||||||
|
Decode an arc4 encrypted password change buffer.
|
||||||
|
************************************************************/
|
||||||
|
|
||||||
|
-NTSTATUS decode_rc4_passwd_buffer(unsigned char pw_buf[532],
|
||||||
|
- const DATA_BLOB *psession_key)
|
||||||
|
+NTSTATUS decode_rc4_passwd_buffer(const DATA_BLOB *psession_key,
|
||||||
|
+ struct samr_CryptPasswordEx *inout_crypt_pwd)
|
||||||
|
{
|
||||||
|
/* Confounder is last 16 bytes. */
|
||||||
|
- DATA_BLOB confounder = data_blob_const(&pw_buf[516], 16);
|
||||||
|
- DATA_BLOB pw_data = data_blob_const(pw_buf, 516);
|
||||||
|
+ DATA_BLOB confounder = data_blob_const(&inout_crypt_pwd->data[516], 16);
|
||||||
|
+ DATA_BLOB pw_data = data_blob_const(&inout_crypt_pwd->data, 516);
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
rc = samba_gnutls_arcfour_confounded_md5(&confounder,
|
||||||
|
diff --git a/libcli/auth/tests/test_rc4_passwd_buffer.c b/libcli/auth/tests/test_rc4_passwd_buffer.c
|
||||||
|
index eb737703230..3bf371c5dd5 100644
|
||||||
|
--- a/libcli/auth/tests/test_rc4_passwd_buffer.c
|
||||||
|
+++ b/libcli/auth/tests/test_rc4_passwd_buffer.c
|
||||||
|
@@ -114,7 +114,7 @@ static void torture_decode_rc4_passwd_buffer(void **state)
|
||||||
|
encrypted_test_blob,
|
||||||
|
sizeof(out_pwd_buf.data));
|
||||||
|
|
||||||
|
- status = decode_rc4_passwd_buffer(out_pwd_buf.data, &session_key);
|
||||||
|
+ status = decode_rc4_passwd_buffer(&session_key, &out_pwd_buf);
|
||||||
|
assert_true(NT_STATUS_IS_OK(status));
|
||||||
|
|
||||||
|
ok = decode_pw_buffer(NULL,
|
||||||
|
@@ -143,7 +143,7 @@ static void torture_rc4_passwd_buffer(void **state)
|
||||||
|
&out_pwd_buf);
|
||||||
|
assert_true(NT_STATUS_IS_OK(status));
|
||||||
|
|
||||||
|
- status = decode_rc4_passwd_buffer(out_pwd_buf.data, &session_key);
|
||||||
|
+ status = decode_rc4_passwd_buffer(&session_key, &out_pwd_buf);
|
||||||
|
assert_true(NT_STATUS_IS_OK(status));
|
||||||
|
|
||||||
|
ok = decode_pw_buffer(NULL,
|
||||||
|
@@ -154,6 +154,7 @@ static void torture_rc4_passwd_buffer(void **state)
|
||||||
|
assert_true(ok);
|
||||||
|
assert_int_equal(password_decoded_len, strlen(PASSWORD));
|
||||||
|
assert_string_equal(password_decoded, PASSWORD);
|
||||||
|
+ talloc_free(password_decoded);
|
||||||
|
}
|
||||||
|
|
||||||
|
int main(int argc, char *argv[])
|
||||||
|
diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
|
||||||
|
index 4dc9132511f..fd5c453e0eb 100644
|
||||||
|
--- a/source3/rpc_server/samr/srv_samr_nt.c
|
||||||
|
+++ b/source3/rpc_server/samr/srv_samr_nt.c
|
||||||
|
@@ -5185,9 +5185,8 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
|
||||||
|
if(!NT_STATUS_IS_OK(status)) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
- status = decode_rc4_passwd_buffer(
|
||||||
|
- info->info25.password.data,
|
||||||
|
- &session_key);
|
||||||
|
+ status = decode_rc4_passwd_buffer(&session_key,
|
||||||
|
+ &info->info25.password);
|
||||||
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
@@ -5204,9 +5203,8 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
|
||||||
|
if(!NT_STATUS_IS_OK(status)) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
- status = decode_rc4_passwd_buffer(
|
||||||
|
- info->info26.password.data,
|
||||||
|
- &session_key);
|
||||||
|
+ status = decode_rc4_passwd_buffer(&session_key,
|
||||||
|
+ &info->info26.password);
|
||||||
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
89
SOURCES/0017-libcli-auth-Add-encode_rc4_passwd_buffer.patch
Normal file
89
SOURCES/0017-libcli-auth-Add-encode_rc4_passwd_buffer.patch
Normal file
@ -0,0 +1,89 @@
|
|||||||
|
From 13dfa7d5a1c96d78eca81eb0eb97bc0668561738 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Tue, 9 Jul 2019 13:01:10 +0200
|
||||||
|
Subject: [PATCH 017/187] libcli:auth: Add encode_rc4_passwd_buffer()
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 06d46c447e69a6b384c0089863c343b4924c7caf)
|
||||||
|
---
|
||||||
|
libcli/auth/proto.h | 7 +++++++
|
||||||
|
libcli/auth/smbencrypt.c | 42 ++++++++++++++++++++++++++++++++++++++++
|
||||||
|
2 files changed, 49 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
|
||||||
|
index a67c89d8552..67caaca8c41 100644
|
||||||
|
--- a/libcli/auth/proto.h
|
||||||
|
+++ b/libcli/auth/proto.h
|
||||||
|
@@ -181,6 +181,13 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,
|
||||||
|
size_t *new_pw_len,
|
||||||
|
charset_t string_charset);
|
||||||
|
|
||||||
|
+/***********************************************************
|
||||||
|
+ Encode an arc4 password change buffer.
|
||||||
|
+************************************************************/
|
||||||
|
+NTSTATUS encode_rc4_passwd_buffer(const char *passwd,
|
||||||
|
+ const DATA_BLOB *session_key,
|
||||||
|
+ struct samr_CryptPasswordEx *out_crypt_pwd);
|
||||||
|
+
|
||||||
|
/***********************************************************
|
||||||
|
Decode an arc4 encrypted password change buffer.
|
||||||
|
************************************************************/
|
||||||
|
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
|
||||||
|
index b7b17130f07..793012553b2 100644
|
||||||
|
--- a/libcli/auth/smbencrypt.c
|
||||||
|
+++ b/libcli/auth/smbencrypt.c
|
||||||
|
@@ -839,6 +839,48 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
+/***********************************************************
|
||||||
|
+ Encode an arc4 password change buffer.
|
||||||
|
+************************************************************/
|
||||||
|
+NTSTATUS encode_rc4_passwd_buffer(const char *passwd,
|
||||||
|
+ const DATA_BLOB *session_key,
|
||||||
|
+ struct samr_CryptPasswordEx *out_crypt_pwd)
|
||||||
|
+{
|
||||||
|
+ uint8_t _confounder[16] = {0};
|
||||||
|
+ DATA_BLOB confounder = data_blob_const(_confounder, 16);
|
||||||
|
+ DATA_BLOB pw_data = data_blob_const(out_crypt_pwd->data, 516);
|
||||||
|
+ bool ok;
|
||||||
|
+ int rc;
|
||||||
|
+
|
||||||
|
+ ok = encode_pw_buffer(pw_data.data, passwd, STR_UNICODE);
|
||||||
|
+ if (!ok) {
|
||||||
|
+ return NT_STATUS_INVALID_PARAMETER;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ generate_random_buffer(confounder.data, confounder.length);
|
||||||
|
+
|
||||||
|
+ rc = samba_gnutls_arcfour_confounded_md5(&confounder,
|
||||||
|
+ session_key,
|
||||||
|
+ &pw_data,
|
||||||
|
+ SAMBA_GNUTLS_ENCRYPT);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ ZERO_ARRAY(_confounder);
|
||||||
|
+ data_blob_clear(&pw_data);
|
||||||
|
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * The packet format is the 516 byte RC4 encrypted
|
||||||
|
+ * pasword followed by the 16 byte counfounder
|
||||||
|
+ * The confounder is a salt to prevent pre-computed hash attacks on the
|
||||||
|
+ * database.
|
||||||
|
+ */
|
||||||
|
+ memcpy(&out_crypt_pwd->data[516], confounder.data, confounder.length);
|
||||||
|
+ ZERO_ARRAY(_confounder);
|
||||||
|
+
|
||||||
|
+ return NT_STATUS_OK;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/***********************************************************
|
||||||
|
Decode an arc4 encrypted password change buffer.
|
||||||
|
************************************************************/
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,65 @@
|
|||||||
|
From fe1f6278c7a5c54d948f6ca031686745ad653a94 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Tue, 9 Jul 2019 13:06:49 +0200
|
||||||
|
Subject: [PATCH 018/187] libcli:auth: Add test for encode_rc4_passwd_buffer()
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit fe00b3735a7e8ae16fb6443965769f1e947a6aa6)
|
||||||
|
---
|
||||||
|
libcli/auth/tests/test_rc4_passwd_buffer.c | 31 ++++++++++++++++++++++
|
||||||
|
1 file changed, 31 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/libcli/auth/tests/test_rc4_passwd_buffer.c b/libcli/auth/tests/test_rc4_passwd_buffer.c
|
||||||
|
index 3bf371c5dd5..db6ca3f3f4c 100644
|
||||||
|
--- a/libcli/auth/tests/test_rc4_passwd_buffer.c
|
||||||
|
+++ b/libcli/auth/tests/test_rc4_passwd_buffer.c
|
||||||
|
@@ -157,12 +157,43 @@ static void torture_rc4_passwd_buffer(void **state)
|
||||||
|
talloc_free(password_decoded);
|
||||||
|
}
|
||||||
|
|
||||||
|
+static void torture_endode_decode_rc4_passwd_buffer(void **state)
|
||||||
|
+{
|
||||||
|
+ char *password_decoded = NULL;
|
||||||
|
+ size_t password_decoded_len = 0;
|
||||||
|
+ DATA_BLOB session_key = data_blob_const("SystemLibraryDTC", 16);
|
||||||
|
+ struct samr_CryptPasswordEx out_pwd_buf = {
|
||||||
|
+ .data = {0},
|
||||||
|
+ };
|
||||||
|
+ NTSTATUS status;
|
||||||
|
+ bool ok;
|
||||||
|
+
|
||||||
|
+ status = encode_rc4_passwd_buffer(PASSWORD,
|
||||||
|
+ &session_key,
|
||||||
|
+ &out_pwd_buf);
|
||||||
|
+ assert_true(NT_STATUS_IS_OK(status));
|
||||||
|
+
|
||||||
|
+ status = decode_rc4_passwd_buffer(&session_key, &out_pwd_buf);
|
||||||
|
+ assert_true(NT_STATUS_IS_OK(status));
|
||||||
|
+
|
||||||
|
+ ok = decode_pw_buffer(NULL,
|
||||||
|
+ out_pwd_buf.data,
|
||||||
|
+ &password_decoded,
|
||||||
|
+ &password_decoded_len,
|
||||||
|
+ CH_UTF16);
|
||||||
|
+ assert_true(ok);
|
||||||
|
+ assert_int_equal(password_decoded_len, strlen(PASSWORD));
|
||||||
|
+ assert_string_equal(password_decoded, PASSWORD);
|
||||||
|
+ talloc_free(password_decoded);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int main(int argc, char *argv[])
|
||||||
|
{
|
||||||
|
int rc;
|
||||||
|
const struct CMUnitTest tests[] = {
|
||||||
|
cmocka_unit_test(torture_decode_rc4_passwd_buffer),
|
||||||
|
cmocka_unit_test(torture_rc4_passwd_buffer),
|
||||||
|
+ cmocka_unit_test(torture_endode_decode_rc4_passwd_buffer),
|
||||||
|
};
|
||||||
|
|
||||||
|
if (argc == 2) {
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,60 @@
|
|||||||
|
From 26b7ab9339d9e6530244bf35e38a3658d7fc8aa9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 24 Jul 2019 11:44:51 +0200
|
||||||
|
Subject: [PATCH 019/187] s3:rpc_client: Use encode_rc4_passwd_buffer() in
|
||||||
|
init_samr_CryptPasswordEx()
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit f0c0cf299eb99e7b78be2f04141b6d415bf525e2)
|
||||||
|
---
|
||||||
|
source3/rpc_client/init_samr.c | 33 +--------------------------------
|
||||||
|
1 file changed, 1 insertion(+), 32 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c
|
||||||
|
index 0eb50c54525..a98d50e3f6a 100644
|
||||||
|
--- a/source3/rpc_client/init_samr.c
|
||||||
|
+++ b/source3/rpc_client/init_samr.c
|
||||||
|
@@ -33,38 +33,7 @@ NTSTATUS init_samr_CryptPasswordEx(const char *pwd,
|
||||||
|
DATA_BLOB *session_key,
|
||||||
|
struct samr_CryptPasswordEx *pwd_buf)
|
||||||
|
{
|
||||||
|
- /* samr_CryptPasswordEx */
|
||||||
|
-
|
||||||
|
- uint8_t _confounder[16] = {0};
|
||||||
|
- DATA_BLOB confounder = data_blob_const(_confounder, 16);
|
||||||
|
- uint8_t pwbuf[532] = {0};
|
||||||
|
- DATA_BLOB encrypt_pwbuf = data_blob_const(pwbuf, 516);
|
||||||
|
- bool ok;
|
||||||
|
- int rc;
|
||||||
|
-
|
||||||
|
- ok = encode_pw_buffer(pwbuf, pwd, STR_UNICODE);
|
||||||
|
- if (!ok) {
|
||||||
|
- return NT_STATUS_INTERNAL_ERROR;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- generate_random_buffer(_confounder, sizeof(_confounder));
|
||||||
|
-
|
||||||
|
- rc = samba_gnutls_arcfour_confounded_md5(&confounder,
|
||||||
|
- session_key,
|
||||||
|
- &encrypt_pwbuf,
|
||||||
|
- SAMBA_GNUTLS_ENCRYPT);
|
||||||
|
- if (rc < 0) {
|
||||||
|
- ZERO_ARRAY(_confounder);
|
||||||
|
- return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- memcpy(&pwbuf[516], confounder.data, confounder.length);
|
||||||
|
- ZERO_ARRAY(_confounder);
|
||||||
|
-
|
||||||
|
- memcpy(pwd_buf->data, pwbuf, sizeof(pwbuf));
|
||||||
|
- ZERO_ARRAY(pwbuf);
|
||||||
|
-
|
||||||
|
- return NT_STATUS_OK;
|
||||||
|
+ return encode_rc4_passwd_buffer(pwd, session_key, pwd_buf);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*************************************************************************
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,108 @@
|
|||||||
|
From c82322be0012f8bf467d75681bd82322eba11145 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Tue, 9 Jul 2019 13:01:49 +0200
|
||||||
|
Subject: [PATCH 020/187] s4:libnet: Use encode_rc4_passwd_buffer() in
|
||||||
|
libnet_SetPassword_samr_handle_26()
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 5afa402bb7ba11a8eefc6e14047eeec1f3327681)
|
||||||
|
---
|
||||||
|
source4/libnet/libnet_passwd.c | 47 ++++++++--------------------------
|
||||||
|
1 file changed, 11 insertions(+), 36 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c
|
||||||
|
index 97ce7f58ddf..0beea077bd0 100644
|
||||||
|
--- a/source4/libnet/libnet_passwd.c
|
||||||
|
+++ b/source4/libnet/libnet_passwd.c
|
||||||
|
@@ -23,6 +23,7 @@
|
||||||
|
#include "../lib/crypto/crypto.h"
|
||||||
|
#include "libcli/auth/libcli_auth.h"
|
||||||
|
#include "librpc/gen_ndr/ndr_samr_c.h"
|
||||||
|
+#include "source4/librpc/rpc/dcerpc.h"
|
||||||
|
|
||||||
|
#include "lib/crypto/gnutls_helpers.h"
|
||||||
|
#include <gnutls/gnutls.h>
|
||||||
|
@@ -276,10 +277,6 @@ static NTSTATUS libnet_SetPassword_samr_handle_26(struct libnet_context *ctx, TA
|
||||||
|
struct samr_SetUserInfo2 sui;
|
||||||
|
union samr_UserInfo u_info;
|
||||||
|
DATA_BLOB session_key;
|
||||||
|
- DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
|
||||||
|
- uint8_t confounder[16];
|
||||||
|
- gnutls_hash_hd_t hash_hnd = NULL;
|
||||||
|
- int rc;
|
||||||
|
|
||||||
|
if (r->samr_handle.in.info21) {
|
||||||
|
return NT_STATUS_INVALID_PARAMETER_MIX;
|
||||||
|
@@ -287,9 +284,8 @@ static NTSTATUS libnet_SetPassword_samr_handle_26(struct libnet_context *ctx, TA
|
||||||
|
|
||||||
|
/* prepare samr_SetUserInfo2 level 26 */
|
||||||
|
ZERO_STRUCT(u_info);
|
||||||
|
- encode_pw_buffer(u_info.info26.password.data, r->samr_handle.in.newpassword, STR_UNICODE);
|
||||||
|
u_info.info26.password_expired = 0;
|
||||||
|
-
|
||||||
|
+
|
||||||
|
status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key);
|
||||||
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
r->samr_handle.out.error_string = talloc_asprintf(mem_ctx,
|
||||||
|
@@ -297,38 +293,18 @@ static NTSTATUS libnet_SetPassword_samr_handle_26(struct libnet_context *ctx, TA
|
||||||
|
nt_errstr(status));
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
-
|
||||||
|
- generate_random_buffer((uint8_t *)confounder, 16);
|
||||||
|
-
|
||||||
|
- rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
|
||||||
|
- if (rc < 0) {
|
||||||
|
- status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
|
||||||
|
- rc = gnutls_hash(hash_hnd, confounder, 16);
|
||||||
|
- if (rc < 0) {
|
||||||
|
- gnutls_hash_deinit(hash_hnd, NULL);
|
||||||
|
- status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
- rc = gnutls_hash(hash_hnd, session_key.data, session_key.length);
|
||||||
|
- if (rc < 0) {
|
||||||
|
- gnutls_hash_deinit(hash_hnd, NULL);
|
||||||
|
- status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
||||||
|
- goto out;
|
||||||
|
+ status = encode_rc4_passwd_buffer(r->samr_handle.in.newpassword,
|
||||||
|
+ &session_key,
|
||||||
|
+ &u_info.info26.password);
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ r->samr_handle.out.error_string =
|
||||||
|
+ talloc_asprintf(mem_ctx,
|
||||||
|
+ "encode_rc4_passwd_buffer failed: %s",
|
||||||
|
+ nt_errstr(status));
|
||||||
|
+ return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
- gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
|
||||||
|
-
|
||||||
|
- arcfour_crypt_blob(u_info.info26.password.data, 516, &confounded_session_key);
|
||||||
|
- ZERO_ARRAY_LEN(confounded_session_key.data,
|
||||||
|
- confounded_session_key.length);
|
||||||
|
- data_blob_free(&confounded_session_key);
|
||||||
|
-
|
||||||
|
- memcpy(&u_info.info26.password.data[516], confounder, 16);
|
||||||
|
- ZERO_ARRAY(confounder);
|
||||||
|
-
|
||||||
|
sui.in.user_handle = r->samr_handle.in.user_handle;
|
||||||
|
sui.in.info = &u_info;
|
||||||
|
sui.in.level = 26;
|
||||||
|
@@ -346,7 +322,6 @@ static NTSTATUS libnet_SetPassword_samr_handle_26(struct libnet_context *ctx, TA
|
||||||
|
r->samr_handle.in.account_name, nt_errstr(status));
|
||||||
|
}
|
||||||
|
|
||||||
|
-out:
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,95 @@
|
|||||||
|
From c162d52b14947990fb6102180a7e2fd6a7d8d1d5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Tue, 9 Jul 2019 13:11:54 +0200
|
||||||
|
Subject: [PATCH 021/187] s4:libnet: Use encode_rc4_passwd_buffer() in
|
||||||
|
libnet_SetPassword_samr_handle_25()
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit e44ba0397c7558e1da6a46cc38237a3b0e5cef49)
|
||||||
|
---
|
||||||
|
source4/libnet/libnet_passwd.c | 43 +++++++---------------------------
|
||||||
|
1 file changed, 9 insertions(+), 34 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c
|
||||||
|
index 0beea077bd0..b2105121523 100644
|
||||||
|
--- a/source4/libnet/libnet_passwd.c
|
||||||
|
+++ b/source4/libnet/libnet_passwd.c
|
||||||
|
@@ -331,10 +331,6 @@ static NTSTATUS libnet_SetPassword_samr_handle_25(struct libnet_context *ctx, TA
|
||||||
|
struct samr_SetUserInfo2 sui;
|
||||||
|
union samr_UserInfo u_info;
|
||||||
|
DATA_BLOB session_key;
|
||||||
|
- DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
|
||||||
|
- uint8_t confounder[16];
|
||||||
|
- gnutls_hash_hd_t hash_hnd = NULL;
|
||||||
|
- int rc;
|
||||||
|
|
||||||
|
if (!r->samr_handle.in.info21) {
|
||||||
|
return NT_STATUS_INVALID_PARAMETER_MIX;
|
||||||
|
@@ -344,7 +340,6 @@ static NTSTATUS libnet_SetPassword_samr_handle_25(struct libnet_context *ctx, TA
|
||||||
|
ZERO_STRUCT(u_info);
|
||||||
|
u_info.info25.info = *r->samr_handle.in.info21;
|
||||||
|
u_info.info25.info.fields_present |= SAMR_FIELD_NT_PASSWORD_PRESENT;
|
||||||
|
- encode_pw_buffer(u_info.info25.password.data, r->samr_handle.in.newpassword, STR_UNICODE);
|
||||||
|
|
||||||
|
status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key);
|
||||||
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
@@ -354,36 +349,17 @@ static NTSTATUS libnet_SetPassword_samr_handle_25(struct libnet_context *ctx, TA
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
- generate_random_buffer((uint8_t *)confounder, 16);
|
||||||
|
-
|
||||||
|
- rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
|
||||||
|
- if (rc < 0) {
|
||||||
|
- status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- rc = gnutls_hash(hash_hnd, confounder, 16);
|
||||||
|
- if (rc < 0) {
|
||||||
|
- gnutls_hash_deinit(hash_hnd, NULL);
|
||||||
|
- status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
- rc = gnutls_hash(hash_hnd, session_key.data, session_key.length);
|
||||||
|
- if (rc < 0) {
|
||||||
|
- gnutls_hash_deinit(hash_hnd, NULL);
|
||||||
|
- status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
||||||
|
- goto out;
|
||||||
|
+ status = encode_rc4_passwd_buffer(r->samr_handle.in.newpassword,
|
||||||
|
+ &session_key,
|
||||||
|
+ &u_info.info25.password);
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ r->samr_handle.out.error_string =
|
||||||
|
+ talloc_asprintf(mem_ctx,
|
||||||
|
+ "encode_rc4_passwd_buffer failed: %s",
|
||||||
|
+ nt_errstr(status));
|
||||||
|
+ return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
- gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
|
||||||
|
-
|
||||||
|
- arcfour_crypt_blob(u_info.info25.password.data, 516, &confounded_session_key);
|
||||||
|
- ZERO_ARRAY_LEN(confounded_session_key.data,
|
||||||
|
- confounded_session_key.length);
|
||||||
|
- data_blob_free(&confounded_session_key);
|
||||||
|
-
|
||||||
|
- memcpy(&u_info.info25.password.data[516], confounder, 16);
|
||||||
|
- ZERO_ARRAY(confounder);
|
||||||
|
|
||||||
|
sui.in.user_handle = r->samr_handle.in.user_handle;
|
||||||
|
sui.in.info = &u_info;
|
||||||
|
@@ -401,7 +377,6 @@ static NTSTATUS libnet_SetPassword_samr_handle_25(struct libnet_context *ctx, TA
|
||||||
|
r->samr_handle.in.account_name, nt_errstr(status));
|
||||||
|
}
|
||||||
|
|
||||||
|
-out:
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,72 @@
|
|||||||
|
From 5b0f5925814742ca8b7e772f1a7f4558b770c45b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Fri, 1 Feb 2019 13:38:21 +0100
|
||||||
|
Subject: [PATCH 022/187] s4:libnet: Use GnuTLS RC4 in
|
||||||
|
libnet_SetPassword_samr_handle_24()
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 18937f9ceb5aca23899555c5a34fe359f6fcb126)
|
||||||
|
---
|
||||||
|
source4/libnet/libnet_passwd.c | 29 ++++++++++++++++++++++++++++-
|
||||||
|
1 file changed, 28 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c
|
||||||
|
index b2105121523..064ef98879a 100644
|
||||||
|
--- a/source4/libnet/libnet_passwd.c
|
||||||
|
+++ b/source4/libnet/libnet_passwd.c
|
||||||
|
@@ -386,6 +386,9 @@ static NTSTATUS libnet_SetPassword_samr_handle_24(struct libnet_context *ctx, TA
|
||||||
|
struct samr_SetUserInfo2 sui;
|
||||||
|
union samr_UserInfo u_info;
|
||||||
|
DATA_BLOB session_key;
|
||||||
|
+ gnutls_cipher_hd_t cipher_hnd = NULL;
|
||||||
|
+ gnutls_datum_t enc_session_key;
|
||||||
|
+ int rc;
|
||||||
|
|
||||||
|
if (r->samr_handle.in.info21) {
|
||||||
|
return NT_STATUS_INVALID_PARAMETER_MIX;
|
||||||
|
@@ -404,7 +407,28 @@ static NTSTATUS libnet_SetPassword_samr_handle_24(struct libnet_context *ctx, TA
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
- arcfour_crypt_blob(u_info.info24.password.data, 516, &session_key);
|
||||||
|
+ enc_session_key = (gnutls_datum_t) {
|
||||||
|
+ .data = session_key.data,
|
||||||
|
+ .size = session_key.length,
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &enc_session_key,
|
||||||
|
+ NULL);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_encrypt(cipher_hnd,
|
||||||
|
+ u_info.info24.password.data,
|
||||||
|
+ 516);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
sui.in.user_handle = r->samr_handle.in.user_handle;
|
||||||
|
sui.in.info = &u_info;
|
||||||
|
@@ -421,6 +445,9 @@ static NTSTATUS libnet_SetPassword_samr_handle_24(struct libnet_context *ctx, TA
|
||||||
|
"SetUserInfo2 level 24 for [%s] failed: %s",
|
||||||
|
r->samr_handle.in.account_name, nt_errstr(status));
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+out:
|
||||||
|
+ data_blob_clear(&session_key);
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,72 @@
|
|||||||
|
From e5e6605b40f80eee699f3fde275a620022979f05 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Fri, 1 Feb 2019 13:38:21 +0100
|
||||||
|
Subject: [PATCH 023/187] s4:libnet: Use GnuTLS RC4 in
|
||||||
|
libnet_SetPassword_samr_handle_23()
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit cdb4e12765266ae767021d932870fbfcd55ccbf6)
|
||||||
|
---
|
||||||
|
source4/libnet/libnet_passwd.c | 29 ++++++++++++++++++++++++++++-
|
||||||
|
1 file changed, 28 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c
|
||||||
|
index 064ef98879a..dce3813de38 100644
|
||||||
|
--- a/source4/libnet/libnet_passwd.c
|
||||||
|
+++ b/source4/libnet/libnet_passwd.c
|
||||||
|
@@ -457,6 +457,9 @@ static NTSTATUS libnet_SetPassword_samr_handle_23(struct libnet_context *ctx, TA
|
||||||
|
struct samr_SetUserInfo2 sui;
|
||||||
|
union samr_UserInfo u_info;
|
||||||
|
DATA_BLOB session_key;
|
||||||
|
+ gnutls_cipher_hd_t cipher_hnd = NULL;
|
||||||
|
+ gnutls_datum_t _session_key;
|
||||||
|
+ int rc;
|
||||||
|
|
||||||
|
if (!r->samr_handle.in.info21) {
|
||||||
|
return NT_STATUS_INVALID_PARAMETER_MIX;
|
||||||
|
@@ -477,7 +480,29 @@ static NTSTATUS libnet_SetPassword_samr_handle_23(struct libnet_context *ctx, TA
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
- arcfour_crypt_blob(u_info.info23.password.data, 516, &session_key);
|
||||||
|
+ _session_key = (gnutls_datum_t) {
|
||||||
|
+ .data = session_key.data,
|
||||||
|
+ .size = session_key.length,
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &_session_key,
|
||||||
|
+ NULL);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_encrypt(cipher_hnd,
|
||||||
|
+ u_info.info23.password.data,
|
||||||
|
+ 516);
|
||||||
|
+ data_blob_clear_free(&session_key);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
sui.in.user_handle = r->samr_handle.in.user_handle;
|
||||||
|
sui.in.info = &u_info;
|
||||||
|
@@ -494,6 +519,8 @@ static NTSTATUS libnet_SetPassword_samr_handle_23(struct libnet_context *ctx, TA
|
||||||
|
"SetUserInfo2 level 23 for [%s] failed: %s",
|
||||||
|
r->samr_handle.in.account_name, nt_errstr(status));
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+out:
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,174 @@
|
|||||||
|
From 01c0b0ac77baae946d270d44d1c40dbdf17a8ee3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Thu, 25 Jul 2019 15:15:46 +1200
|
||||||
|
Subject: [PATCH 024/187] s4:libnet: Use GnuTLS RC4 in
|
||||||
|
libnet_ChangePassword_samr()
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 9ea736590d9b22a7518f86b18e8c55b0d0e213d5)
|
||||||
|
---
|
||||||
|
source4/libnet/libnet_passwd.c | 110 +++++++++++++++++++++++++++++++--
|
||||||
|
1 file changed, 104 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c
|
||||||
|
index dce3813de38..704a94a5864 100644
|
||||||
|
--- a/source4/libnet/libnet_passwd.c
|
||||||
|
+++ b/source4/libnet/libnet_passwd.c
|
||||||
|
@@ -20,7 +20,6 @@
|
||||||
|
|
||||||
|
#include "includes.h"
|
||||||
|
#include "libnet/libnet.h"
|
||||||
|
-#include "../lib/crypto/crypto.h"
|
||||||
|
#include "libcli/auth/libcli_auth.h"
|
||||||
|
#include "librpc/gen_ndr/ndr_samr_c.h"
|
||||||
|
#include "source4/librpc/rpc/dcerpc.h"
|
||||||
|
@@ -57,6 +56,16 @@ static NTSTATUS libnet_ChangePassword_samr(struct libnet_context *ctx, TALLOC_CT
|
||||||
|
uint8_t old_lm_hash[16], new_lm_hash[16];
|
||||||
|
struct samr_DomInfo1 *dominfo = NULL;
|
||||||
|
struct userPwdChangeFailureInformation *reject = NULL;
|
||||||
|
+ gnutls_cipher_hd_t cipher_hnd = NULL;
|
||||||
|
+ gnutls_datum_t nt_session_key = {
|
||||||
|
+ .data = old_nt_hash,
|
||||||
|
+ .size = sizeof(old_nt_hash),
|
||||||
|
+ };
|
||||||
|
+ gnutls_datum_t lm_session_key = {
|
||||||
|
+ .data = old_lm_hash,
|
||||||
|
+ .size = sizeof(old_lm_hash),
|
||||||
|
+ };
|
||||||
|
+ int rc;
|
||||||
|
|
||||||
|
ZERO_STRUCT(c);
|
||||||
|
|
||||||
|
@@ -87,11 +96,47 @@ static NTSTATUS libnet_ChangePassword_samr(struct libnet_context *ctx, TALLOC_CT
|
||||||
|
|
||||||
|
/* prepare samr_ChangePasswordUser3 */
|
||||||
|
encode_pw_buffer(lm_pass.data, r->samr.in.newpassword, STR_UNICODE);
|
||||||
|
- arcfour_crypt(lm_pass.data, old_nt_hash, 516);
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &nt_session_key,
|
||||||
|
+ NULL);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
+ goto disconnect;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_encrypt(cipher_hnd,
|
||||||
|
+ lm_pass.data,
|
||||||
|
+ 516);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
+ goto disconnect;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
|
||||||
|
|
||||||
|
encode_pw_buffer(nt_pass.data, r->samr.in.newpassword, STR_UNICODE);
|
||||||
|
- arcfour_crypt(nt_pass.data, old_nt_hash, 516);
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &nt_session_key,
|
||||||
|
+ NULL);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
+ goto disconnect;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_encrypt(cipher_hnd,
|
||||||
|
+ nt_pass.data,
|
||||||
|
+ 516);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
+ goto disconnect;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
|
||||||
|
|
||||||
|
pw3.in.server = &server;
|
||||||
|
@@ -125,11 +170,46 @@ static NTSTATUS libnet_ChangePassword_samr(struct libnet_context *ctx, TALLOC_CT
|
||||||
|
|
||||||
|
/* prepare samr_ChangePasswordUser2 */
|
||||||
|
encode_pw_buffer(lm_pass.data, r->samr.in.newpassword, STR_ASCII|STR_TERMINATE);
|
||||||
|
- arcfour_crypt(lm_pass.data, old_lm_hash, 516);
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &lm_session_key,
|
||||||
|
+ NULL);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
+ goto disconnect;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_encrypt(cipher_hnd,
|
||||||
|
+ lm_pass.data,
|
||||||
|
+ 516);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
+ goto disconnect;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
|
||||||
|
|
||||||
|
encode_pw_buffer(nt_pass.data, r->samr.in.newpassword, STR_UNICODE);
|
||||||
|
- arcfour_crypt(nt_pass.data, old_nt_hash, 516);
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &nt_session_key,
|
||||||
|
+ NULL);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
+ goto disconnect;
|
||||||
|
+ }
|
||||||
|
+ rc = gnutls_cipher_encrypt(cipher_hnd,
|
||||||
|
+ nt_pass.data,
|
||||||
|
+ 516);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
+ goto disconnect;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
|
||||||
|
|
||||||
|
pw2.in.server = &server;
|
||||||
|
@@ -161,7 +241,25 @@ static NTSTATUS libnet_ChangePassword_samr(struct libnet_context *ctx, TALLOC_CT
|
||||||
|
a_account.string = r->samr.in.account_name;
|
||||||
|
|
||||||
|
encode_pw_buffer(lm_pass.data, r->samr.in.newpassword, STR_ASCII);
|
||||||
|
- arcfour_crypt(lm_pass.data, old_lm_hash, 516);
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &lm_session_key,
|
||||||
|
+ NULL);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
+ goto disconnect;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_encrypt(cipher_hnd,
|
||||||
|
+ lm_pass.data,
|
||||||
|
+ 516);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
+ goto disconnect;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
|
||||||
|
|
||||||
|
oe2.in.server = &a_server;
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,236 @@
|
|||||||
|
From 2d6f95107af7357d1084a4ba272f865c8249510a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 29 May 2019 15:50:45 +0200
|
||||||
|
Subject: [PATCH 025/187] libcli:auth: Return WERROR for
|
||||||
|
encode_wkssvc_join_password_buffer()
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 576bcf61555fb641b2919ad84a6b26b242b57061)
|
||||||
|
---
|
||||||
|
libcli/auth/proto.h | 8 +++---
|
||||||
|
libcli/auth/smbencrypt.c | 20 ++++++++++-----
|
||||||
|
source3/lib/netapi/joindomain.c | 44 +++++++++++++++++++++------------
|
||||||
|
source4/torture/rpc/wkssvc.c | 20 ++++++++++++---
|
||||||
|
4 files changed, 62 insertions(+), 30 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
|
||||||
|
index 67caaca8c41..65ee06215dc 100644
|
||||||
|
--- a/libcli/auth/proto.h
|
||||||
|
+++ b/libcli/auth/proto.h
|
||||||
|
@@ -207,10 +207,10 @@ bool set_pw_in_buffer(uint8_t buffer[516], const DATA_BLOB *password);
|
||||||
|
bool extract_pw_from_buffer(TALLOC_CTX *mem_ctx,
|
||||||
|
uint8_t in_buffer[516], DATA_BLOB *new_pass);
|
||||||
|
struct wkssvc_PasswordBuffer;
|
||||||
|
-void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
|
||||||
|
- const char *pwd,
|
||||||
|
- DATA_BLOB *session_key,
|
||||||
|
- struct wkssvc_PasswordBuffer **pwd_buf);
|
||||||
|
+WERROR encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
|
||||||
|
+ const char *pwd,
|
||||||
|
+ DATA_BLOB *session_key,
|
||||||
|
+ struct wkssvc_PasswordBuffer **pwd_buf);
|
||||||
|
WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
|
||||||
|
struct wkssvc_PasswordBuffer *pwd_buf,
|
||||||
|
DATA_BLOB *session_key,
|
||||||
|
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
|
||||||
|
index 793012553b2..745f47999cd 100644
|
||||||
|
--- a/libcli/auth/smbencrypt.c
|
||||||
|
+++ b/libcli/auth/smbencrypt.c
|
||||||
|
@@ -965,10 +965,10 @@ bool extract_pw_from_buffer(TALLOC_CTX *mem_ctx,
|
||||||
|
* buffer), calling MD5Update() first with session_key and then with confounder
|
||||||
|
* (vice versa in samr) - Guenther */
|
||||||
|
|
||||||
|
-void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
|
||||||
|
- const char *pwd,
|
||||||
|
- DATA_BLOB *session_key,
|
||||||
|
- struct wkssvc_PasswordBuffer **pwd_buf)
|
||||||
|
+WERROR encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
|
||||||
|
+ const char *pwd,
|
||||||
|
+ DATA_BLOB *session_key,
|
||||||
|
+ struct wkssvc_PasswordBuffer **pwd_buf)
|
||||||
|
{
|
||||||
|
uint8_t buffer[516];
|
||||||
|
gnutls_hash_hd_t hash_hnd = NULL;
|
||||||
|
@@ -976,11 +976,12 @@ void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
|
||||||
|
DATA_BLOB confounded_session_key;
|
||||||
|
int confounder_len = 8;
|
||||||
|
uint8_t confounder[8];
|
||||||
|
+ WERROR werr;
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
my_pwd_buf = talloc_zero(mem_ctx, struct wkssvc_PasswordBuffer);
|
||||||
|
if (!my_pwd_buf) {
|
||||||
|
- return;
|
||||||
|
+ return WERR_NOT_ENOUGH_MEMORY;
|
||||||
|
}
|
||||||
|
|
||||||
|
confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
|
||||||
|
@@ -991,17 +992,23 @@ void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
|
||||||
|
|
||||||
|
rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
|
||||||
|
if (rc < 0) {
|
||||||
|
+ werr = gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
|
||||||
|
+
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = gnutls_hash(hash_hnd, session_key->data, session_key->length);
|
||||||
|
if (rc < 0) {
|
||||||
|
gnutls_hash_deinit(hash_hnd, NULL);
|
||||||
|
+ werr = gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
|
||||||
|
+
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
rc = gnutls_hash(hash_hnd, confounder, confounder_len);
|
||||||
|
if (rc < 0) {
|
||||||
|
gnutls_hash_deinit(hash_hnd, NULL);
|
||||||
|
+ werr = gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
|
||||||
|
+
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
|
||||||
|
@@ -1017,8 +1024,9 @@ void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
|
||||||
|
|
||||||
|
*pwd_buf = my_pwd_buf;
|
||||||
|
|
||||||
|
+ werr = WERR_OK;
|
||||||
|
out:
|
||||||
|
- return;
|
||||||
|
+ return werr;
|
||||||
|
}
|
||||||
|
|
||||||
|
WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
|
||||||
|
diff --git a/source3/lib/netapi/joindomain.c b/source3/lib/netapi/joindomain.c
|
||||||
|
index 8d0752f4531..f2d36fc00db 100644
|
||||||
|
--- a/source3/lib/netapi/joindomain.c
|
||||||
|
+++ b/source3/lib/netapi/joindomain.c
|
||||||
|
@@ -137,10 +137,13 @@ WERROR NetJoinDomain_r(struct libnetapi_ctx *ctx,
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
- encode_wkssvc_join_password_buffer(ctx,
|
||||||
|
- r->in.password,
|
||||||
|
- &session_key,
|
||||||
|
- &encrypted_password);
|
||||||
|
+ werr = encode_wkssvc_join_password_buffer(ctx,
|
||||||
|
+ r->in.password,
|
||||||
|
+ &session_key,
|
||||||
|
+ &encrypted_password);
|
||||||
|
+ if (!W_ERROR_IS_OK(werr)) {
|
||||||
|
+ goto done;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
old_timeout = rpccli_set_timeout(pipe_cli, 600000);
|
||||||
|
@@ -279,10 +282,13 @@ WERROR NetUnjoinDomain_r(struct libnetapi_ctx *ctx,
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
- encode_wkssvc_join_password_buffer(ctx,
|
||||||
|
- r->in.password,
|
||||||
|
- &session_key,
|
||||||
|
- &encrypted_password);
|
||||||
|
+ werr = encode_wkssvc_join_password_buffer(ctx,
|
||||||
|
+ r->in.password,
|
||||||
|
+ &session_key,
|
||||||
|
+ &encrypted_password);
|
||||||
|
+ if (!W_ERROR_IS_OK(werr)) {
|
||||||
|
+ goto done;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
old_timeout = rpccli_set_timeout(pipe_cli, 60000);
|
||||||
|
@@ -484,10 +490,13 @@ WERROR NetGetJoinableOUs_r(struct libnetapi_ctx *ctx,
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
- encode_wkssvc_join_password_buffer(ctx,
|
||||||
|
- r->in.password,
|
||||||
|
- &session_key,
|
||||||
|
- &encrypted_password);
|
||||||
|
+ werr = encode_wkssvc_join_password_buffer(ctx,
|
||||||
|
+ r->in.password,
|
||||||
|
+ &session_key,
|
||||||
|
+ &encrypted_password);
|
||||||
|
+ if (!W_ERROR_IS_OK(werr)) {
|
||||||
|
+ goto done;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
status = dcerpc_wkssvc_NetrGetJoinableOus2(b, talloc_tos(),
|
||||||
|
@@ -537,10 +546,13 @@ WERROR NetRenameMachineInDomain_r(struct libnetapi_ctx *ctx,
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
- encode_wkssvc_join_password_buffer(ctx,
|
||||||
|
- r->in.password,
|
||||||
|
- &session_key,
|
||||||
|
- &encrypted_password);
|
||||||
|
+ werr = encode_wkssvc_join_password_buffer(ctx,
|
||||||
|
+ r->in.password,
|
||||||
|
+ &session_key,
|
||||||
|
+ &encrypted_password);
|
||||||
|
+ if (!W_ERROR_IS_OK(werr)) {
|
||||||
|
+ goto done;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
status = dcerpc_wkssvc_NetrRenameMachineInDomain2(b, talloc_tos(),
|
||||||
|
diff --git a/source4/torture/rpc/wkssvc.c b/source4/torture/rpc/wkssvc.c
|
||||||
|
index c98ac92b39b..4bc1f9cd0c7 100644
|
||||||
|
--- a/source4/torture/rpc/wkssvc.c
|
||||||
|
+++ b/source4/torture/rpc/wkssvc.c
|
||||||
|
@@ -1199,6 +1199,7 @@ static bool test_NetrJoinDomain2(struct torture_context *tctx,
|
||||||
|
enum wkssvc_NetJoinStatus join_status;
|
||||||
|
const char *join_name = NULL;
|
||||||
|
WERROR expected_err;
|
||||||
|
+ WERROR werr;
|
||||||
|
DATA_BLOB session_key;
|
||||||
|
struct dcerpc_binding_handle *b = p->binding_handle;
|
||||||
|
|
||||||
|
@@ -1240,8 +1241,13 @@ static bool test_NetrJoinDomain2(struct torture_context *tctx,
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
- encode_wkssvc_join_password_buffer(tctx, domain_admin_password,
|
||||||
|
- &session_key, &pwd_buf);
|
||||||
|
+ werr = encode_wkssvc_join_password_buffer(tctx,
|
||||||
|
+ domain_admin_password,
|
||||||
|
+ &session_key,
|
||||||
|
+ &pwd_buf);
|
||||||
|
+ if (!W_ERROR_IS_OK(werr)) {
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
r.in.server_name = dcerpc_server_name(p);
|
||||||
|
r.in.domain_name = domain_name;
|
||||||
|
@@ -1284,6 +1290,7 @@ static bool test_NetrUnjoinDomain2(struct torture_context *tctx,
|
||||||
|
enum wkssvc_NetJoinStatus join_status;
|
||||||
|
const char *join_name = NULL;
|
||||||
|
WERROR expected_err;
|
||||||
|
+ WERROR werr;
|
||||||
|
DATA_BLOB session_key;
|
||||||
|
struct dcerpc_binding_handle *b = p->binding_handle;
|
||||||
|
|
||||||
|
@@ -1322,8 +1329,13 @@ static bool test_NetrUnjoinDomain2(struct torture_context *tctx,
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
- encode_wkssvc_join_password_buffer(tctx, domain_admin_password,
|
||||||
|
- &session_key, &pwd_buf);
|
||||||
|
+ werr = encode_wkssvc_join_password_buffer(tctx,
|
||||||
|
+ domain_admin_password,
|
||||||
|
+ &session_key,
|
||||||
|
+ &pwd_buf);
|
||||||
|
+ if (!W_ERROR_IS_OK(werr)) {
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
r.in.server_name = dcerpc_server_name(p);
|
||||||
|
r.in.account = domain_admin_account;
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,172 @@
|
|||||||
|
From 32004f3011bb6bb45f21d39c6e2830a47ec43f3e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Mon, 8 Jul 2019 17:36:58 +0200
|
||||||
|
Subject: [PATCH 026/187] libcli:auth: Add test for
|
||||||
|
(encode|decode)_wkssvc_join_password_buffer
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit f4a16bfba8d87de883d3d2e54cdc825fc5e01c2b)
|
||||||
|
---
|
||||||
|
libcli/auth/tests/test_rc4_passwd_buffer.c | 129 +++++++++++++++++++++
|
||||||
|
1 file changed, 129 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/libcli/auth/tests/test_rc4_passwd_buffer.c b/libcli/auth/tests/test_rc4_passwd_buffer.c
|
||||||
|
index db6ca3f3f4c..6d97ac6e2f7 100644
|
||||||
|
--- a/libcli/auth/tests/test_rc4_passwd_buffer.c
|
||||||
|
+++ b/libcli/auth/tests/test_rc4_passwd_buffer.c
|
||||||
|
@@ -99,6 +99,76 @@ static const uint8_t encrypted_test_blob[] = {
|
||||||
|
0x15, 0x13, 0xdc, 0x15,
|
||||||
|
};
|
||||||
|
|
||||||
|
+
|
||||||
|
+static const uint8_t encrypted_wkssvc_test_blob[] = {
|
||||||
|
+ 0x13, 0x79, 0x1f, 0x1a, 0x02, 0x15, 0x72, 0x1c,
|
||||||
|
+ 0xa6, 0x26, 0x37, 0xeb, 0x1d, 0x41, 0x7f, 0x76,
|
||||||
|
+ 0x11, 0x3f, 0x49, 0x4c, 0xf9, 0x69, 0x17, 0xc8,
|
||||||
|
+ 0x90, 0x92, 0x53, 0xb9, 0x3f, 0xcd, 0x06, 0xfe,
|
||||||
|
+ 0x5c, 0x17, 0x82, 0xbd, 0x86, 0xab, 0x49, 0xee,
|
||||||
|
+ 0x61, 0x76, 0x55, 0xc0, 0x10, 0x51, 0xcd, 0xd9,
|
||||||
|
+ 0x6f, 0x12, 0x86, 0xc6, 0x19, 0x59, 0x9a, 0x2f,
|
||||||
|
+ 0x27, 0x1d, 0x99, 0x30, 0x60, 0x0d, 0x65, 0xc6,
|
||||||
|
+ 0x43, 0xd6, 0xda, 0x6b, 0x66, 0x95, 0xd4, 0xca,
|
||||||
|
+ 0xf5, 0x04, 0xf7, 0x01, 0x5a, 0x55, 0xb0, 0x5e,
|
||||||
|
+ 0x72, 0x8a, 0x75, 0xe5, 0x33, 0x4c, 0xd8, 0xc4,
|
||||||
|
+ 0x0e, 0xf4, 0x6d, 0x23, 0xdd, 0x05, 0x90, 0xff,
|
||||||
|
+ 0xe0, 0x91, 0x7b, 0x62, 0x86, 0xee, 0x78, 0x31,
|
||||||
|
+ 0x07, 0xad, 0x8b, 0xf9, 0xdf, 0x6f, 0x8b, 0xbd,
|
||||||
|
+ 0x15, 0xde, 0x1b, 0xae, 0x84, 0x68, 0xe5, 0x41,
|
||||||
|
+ 0x7a, 0xe3, 0x47, 0x99, 0xba, 0x61, 0xe5, 0x51,
|
||||||
|
+ 0x64, 0x9a, 0xa0, 0x41, 0x44, 0xa1, 0x3a, 0x52,
|
||||||
|
+ 0x59, 0x7d, 0x6c, 0xcf, 0xcc, 0xf0, 0x11, 0xbc,
|
||||||
|
+ 0xb7, 0x51, 0xa9, 0xd8, 0xfd, 0xbf, 0x58, 0x77,
|
||||||
|
+ 0x28, 0x86, 0xa1, 0x27, 0x94, 0xe5, 0xf6, 0x1a,
|
||||||
|
+ 0x6b, 0x76, 0xf7, 0x72, 0x6e, 0x17, 0x09, 0xd8,
|
||||||
|
+ 0x3c, 0x6f, 0x39, 0x91, 0xea, 0x48, 0x98, 0xdc,
|
||||||
|
+ 0x1d, 0x50, 0x2e, 0x02, 0x6e, 0x7f, 0x80, 0x5d,
|
||||||
|
+ 0x6e, 0x96, 0xe1, 0xcf, 0x8b, 0x6b, 0xb6, 0xed,
|
||||||
|
+ 0xb4, 0x6a, 0x08, 0xd2, 0x45, 0x09, 0x88, 0x86,
|
||||||
|
+ 0x32, 0x58, 0xd8, 0x5e, 0x33, 0x8c, 0x29, 0x1a,
|
||||||
|
+ 0x8f, 0xc5, 0x54, 0x9b, 0xa8, 0x32, 0xb2, 0xc1,
|
||||||
|
+ 0x72, 0x14, 0x6c, 0x5d, 0x9d, 0xd3, 0xf2, 0x6c,
|
||||||
|
+ 0x6e, 0xa4, 0x84, 0x52, 0x26, 0x73, 0x7a, 0x30,
|
||||||
|
+ 0x56, 0x75, 0xef, 0xd1, 0x9d, 0xcd, 0xb7, 0x87,
|
||||||
|
+ 0xa9, 0x5c, 0xaf, 0xe6, 0xda, 0x1d, 0x3c, 0x9c,
|
||||||
|
+ 0xa3, 0xb1, 0x03, 0xb0, 0x8e, 0xf6, 0xc8, 0x8f,
|
||||||
|
+ 0x57, 0x1c, 0xce, 0x05, 0x54, 0x99, 0xf1, 0xf9,
|
||||||
|
+ 0x35, 0xe6, 0xf7, 0x67, 0x94, 0xb2, 0x67, 0x5b,
|
||||||
|
+ 0xe7, 0xa0, 0xa2, 0x1e, 0xa2, 0x74, 0xd3, 0x99,
|
||||||
|
+ 0x9c, 0xd5, 0xd9, 0x90, 0x86, 0x24, 0x0e, 0x1a,
|
||||||
|
+ 0x0d, 0xc8, 0x9e, 0x68, 0x4c, 0x43, 0x2f, 0x42,
|
||||||
|
+ 0xb1, 0x7c, 0xce, 0x1e, 0xb6, 0xac, 0x56, 0xb0,
|
||||||
|
+ 0x8d, 0x93, 0xf1, 0x53, 0x7d, 0x0e, 0x00, 0x46,
|
||||||
|
+ 0xba, 0x2e, 0x14, 0x7a, 0x0b, 0xaa, 0xcb, 0x07,
|
||||||
|
+ 0x9b, 0x09, 0x05, 0xa0, 0xd3, 0xa1, 0x80, 0xc2,
|
||||||
|
+ 0xd3, 0x59, 0x92, 0x27, 0x66, 0x1f, 0xdd, 0x76,
|
||||||
|
+ 0x36, 0xb3, 0x3c, 0xeb, 0xd7, 0x61, 0x94, 0xb1,
|
||||||
|
+ 0xf8, 0x3a, 0xe0, 0xba, 0x91, 0x0f, 0xef, 0x72,
|
||||||
|
+ 0x2b, 0x26, 0xc6, 0xb8, 0x6d, 0x0b, 0xdb, 0x60,
|
||||||
|
+ 0xf8, 0xb4, 0x98, 0xd7, 0x8b, 0x8d, 0xfb, 0xa7,
|
||||||
|
+ 0x4e, 0x27, 0xeb, 0x00, 0xe8, 0xf7, 0x5a, 0xec,
|
||||||
|
+ 0xf5, 0x60, 0x28, 0x37, 0xb2, 0xc4, 0x13, 0x48,
|
||||||
|
+ 0x2a, 0xe1, 0x34, 0xb2, 0x53, 0xcb, 0x44, 0x34,
|
||||||
|
+ 0x08, 0x7e, 0x56, 0x5c, 0x2b, 0x9b, 0xe2, 0xca,
|
||||||
|
+ 0x90, 0xb0, 0x57, 0xee, 0x10, 0x88, 0x39, 0x84,
|
||||||
|
+ 0xc6, 0x66, 0x07, 0x50, 0x63, 0xcc, 0x2a, 0x7c,
|
||||||
|
+ 0x99, 0x8c, 0x05, 0xf9, 0xf0, 0xb8, 0x62, 0xf0,
|
||||||
|
+ 0x92, 0xf7, 0x2a, 0x4a, 0x17, 0x14, 0x78, 0xa1,
|
||||||
|
+ 0x71, 0xb6, 0x42, 0xf0, 0x87, 0xa8, 0xa4, 0x48,
|
||||||
|
+ 0xeb, 0xdb, 0xed, 0x8a, 0x15, 0x19, 0x1a, 0xd9,
|
||||||
|
+ 0xfe, 0x6f, 0x07, 0x93, 0x5d, 0x39, 0xe8, 0x0e,
|
||||||
|
+ 0x47, 0xe6, 0x7a, 0x7d, 0x52, 0x2e, 0x40, 0x6f,
|
||||||
|
+ 0x31, 0x1b, 0xf6, 0x0c, 0xc2, 0x83, 0xae, 0xc1,
|
||||||
|
+ 0xf0, 0xf5, 0x71, 0xcd, 0xe2, 0xf5, 0x19, 0xb6,
|
||||||
|
+ 0xd8, 0xb0, 0x4d, 0xa9, 0x51, 0x1c, 0xb4, 0xaf,
|
||||||
|
+ 0x69, 0x9a, 0x89, 0xb6, 0x5b, 0x4d, 0xfa, 0x1b,
|
||||||
|
+ 0xca, 0xc8, 0x61, 0x92, 0x3a, 0xd6, 0x76, 0xad,
|
||||||
|
+ 0x5d, 0xa6, 0x17, 0x60, 0x3e, 0xea, 0x94, 0xcf,
|
||||||
|
+ 0x6d, 0x1b, 0x98, 0x5c, 0x19, 0x9e, 0x4e, 0xd3,
|
||||||
|
+ 0x21, 0x55, 0xda, 0xe3,
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
static void torture_decode_rc4_passwd_buffer(void **state)
|
||||||
|
{
|
||||||
|
char *password_decoded = NULL;
|
||||||
|
@@ -187,6 +257,63 @@ static void torture_endode_decode_rc4_passwd_buffer(void **state)
|
||||||
|
talloc_free(password_decoded);
|
||||||
|
}
|
||||||
|
|
||||||
|
+static void torture_decode_wkssvc_join_password_buffer(void **state)
|
||||||
|
+{
|
||||||
|
+ DATA_BLOB session_key = data_blob_const("SystemLibraryDTC", 16);
|
||||||
|
+ struct wkssvc_PasswordBuffer pwd_buf = {
|
||||||
|
+ .data = {0},
|
||||||
|
+ };
|
||||||
|
+ char *password_decoded = NULL;
|
||||||
|
+ TALLOC_CTX *mem_ctx = NULL;
|
||||||
|
+ WERROR werr;
|
||||||
|
+
|
||||||
|
+ mem_ctx = talloc_new(NULL);
|
||||||
|
+ assert_non_null(mem_ctx);
|
||||||
|
+
|
||||||
|
+ memcpy(pwd_buf.data,
|
||||||
|
+ encrypted_wkssvc_test_blob,
|
||||||
|
+ sizeof(pwd_buf.data));
|
||||||
|
+
|
||||||
|
+ werr = decode_wkssvc_join_password_buffer(mem_ctx,
|
||||||
|
+ &pwd_buf,
|
||||||
|
+ &session_key,
|
||||||
|
+ &password_decoded);
|
||||||
|
+ assert_true(W_ERROR_IS_OK(werr));
|
||||||
|
+ assert_non_null(password_decoded);
|
||||||
|
+ assert_string_equal(password_decoded, PASSWORD);
|
||||||
|
+
|
||||||
|
+ TALLOC_FREE(mem_ctx);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static void torture_wkssvc_join_password_buffer(void **state)
|
||||||
|
+{
|
||||||
|
+ DATA_BLOB session_key = data_blob_const("SystemLibraryDTC", 16);
|
||||||
|
+ struct wkssvc_PasswordBuffer *pwd_buf = NULL;
|
||||||
|
+ char *password_decoded = NULL;
|
||||||
|
+ TALLOC_CTX *mem_ctx = NULL;
|
||||||
|
+ WERROR werr;
|
||||||
|
+
|
||||||
|
+ mem_ctx = talloc_new(NULL);
|
||||||
|
+ assert_non_null(mem_ctx);
|
||||||
|
+
|
||||||
|
+ werr = encode_wkssvc_join_password_buffer(mem_ctx,
|
||||||
|
+ PASSWORD,
|
||||||
|
+ &session_key,
|
||||||
|
+ &pwd_buf);
|
||||||
|
+ assert_true(W_ERROR_IS_OK(werr));
|
||||||
|
+ assert_non_null(pwd_buf);
|
||||||
|
+
|
||||||
|
+ werr = decode_wkssvc_join_password_buffer(mem_ctx,
|
||||||
|
+ pwd_buf,
|
||||||
|
+ &session_key,
|
||||||
|
+ &password_decoded);
|
||||||
|
+ assert_true(W_ERROR_IS_OK(werr));
|
||||||
|
+ assert_non_null(password_decoded);
|
||||||
|
+ assert_string_equal(password_decoded, PASSWORD);
|
||||||
|
+
|
||||||
|
+ TALLOC_FREE(mem_ctx);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int main(int argc, char *argv[])
|
||||||
|
{
|
||||||
|
int rc;
|
||||||
|
@@ -194,6 +321,8 @@ int main(int argc, char *argv[])
|
||||||
|
cmocka_unit_test(torture_decode_rc4_passwd_buffer),
|
||||||
|
cmocka_unit_test(torture_rc4_passwd_buffer),
|
||||||
|
cmocka_unit_test(torture_endode_decode_rc4_passwd_buffer),
|
||||||
|
+ cmocka_unit_test(torture_decode_wkssvc_join_password_buffer),
|
||||||
|
+ cmocka_unit_test(torture_wkssvc_join_password_buffer),
|
||||||
|
};
|
||||||
|
|
||||||
|
if (argc == 2) {
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,111 @@
|
|||||||
|
From cbabf1224f61900eb96ea15841950c26b8b88cb5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Mon, 8 Jul 2019 18:03:00 +0200
|
||||||
|
Subject: [PATCH 027/187] libcli:auth: Use
|
||||||
|
samba_gnutls_arcfour_confounded_md5() in encode_wkssvc_join_password_buffer()
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 85e2a3c96ad9acc1a85db189f6418c9d880b4718)
|
||||||
|
---
|
||||||
|
libcli/auth/smbencrypt.c | 69 ++++++++++++++--------------------------
|
||||||
|
1 file changed, 23 insertions(+), 46 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
|
||||||
|
index 745f47999cd..823e16a3387 100644
|
||||||
|
--- a/libcli/auth/smbencrypt.c
|
||||||
|
+++ b/libcli/auth/smbencrypt.c
|
||||||
|
@@ -968,65 +968,42 @@ bool extract_pw_from_buffer(TALLOC_CTX *mem_ctx,
|
||||||
|
WERROR encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
|
||||||
|
const char *pwd,
|
||||||
|
DATA_BLOB *session_key,
|
||||||
|
- struct wkssvc_PasswordBuffer **pwd_buf)
|
||||||
|
+ struct wkssvc_PasswordBuffer **out_pwd_buf)
|
||||||
|
{
|
||||||
|
- uint8_t buffer[516];
|
||||||
|
- gnutls_hash_hd_t hash_hnd = NULL;
|
||||||
|
- struct wkssvc_PasswordBuffer *my_pwd_buf = NULL;
|
||||||
|
- DATA_BLOB confounded_session_key;
|
||||||
|
- int confounder_len = 8;
|
||||||
|
- uint8_t confounder[8];
|
||||||
|
- WERROR werr;
|
||||||
|
+ struct wkssvc_PasswordBuffer *pwd_buf = NULL;
|
||||||
|
+ uint8_t _confounder[8] = {0};
|
||||||
|
+ DATA_BLOB confounder = data_blob_const(_confounder, 8);
|
||||||
|
+ uint8_t pwbuf[516] = {0};
|
||||||
|
+ DATA_BLOB encrypt_pwbuf = data_blob_const(pwbuf, 516);
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
- my_pwd_buf = talloc_zero(mem_ctx, struct wkssvc_PasswordBuffer);
|
||||||
|
- if (!my_pwd_buf) {
|
||||||
|
+ pwd_buf = talloc_zero(mem_ctx, struct wkssvc_PasswordBuffer);
|
||||||
|
+ if (pwd_buf == NULL) {
|
||||||
|
return WERR_NOT_ENOUGH_MEMORY;
|
||||||
|
}
|
||||||
|
|
||||||
|
- confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
|
||||||
|
-
|
||||||
|
- encode_pw_buffer(buffer, pwd, STR_UNICODE);
|
||||||
|
+ encode_pw_buffer(pwbuf, pwd, STR_UNICODE);
|
||||||
|
|
||||||
|
- generate_random_buffer((uint8_t *)confounder, confounder_len);
|
||||||
|
-
|
||||||
|
- rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
|
||||||
|
- if (rc < 0) {
|
||||||
|
- werr = gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
|
||||||
|
-
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- rc = gnutls_hash(hash_hnd, session_key->data, session_key->length);
|
||||||
|
- if (rc < 0) {
|
||||||
|
- gnutls_hash_deinit(hash_hnd, NULL);
|
||||||
|
- werr = gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
|
||||||
|
+ generate_random_buffer(_confounder, sizeof(_confounder));
|
||||||
|
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
- rc = gnutls_hash(hash_hnd, confounder, confounder_len);
|
||||||
|
+ rc = samba_gnutls_arcfour_confounded_md5(session_key,
|
||||||
|
+ &confounder,
|
||||||
|
+ &encrypt_pwbuf,
|
||||||
|
+ SAMBA_GNUTLS_ENCRYPT);
|
||||||
|
if (rc < 0) {
|
||||||
|
- gnutls_hash_deinit(hash_hnd, NULL);
|
||||||
|
- werr = gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
|
||||||
|
-
|
||||||
|
- goto out;
|
||||||
|
+ ZERO_ARRAY(_confounder);
|
||||||
|
+ TALLOC_FREE(pwd_buf);
|
||||||
|
+ return gnutls_error_to_werror(rc, WERR_CONTENT_BLOCKED);
|
||||||
|
}
|
||||||
|
- gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
|
||||||
|
|
||||||
|
- arcfour_crypt_blob(buffer, 516, &confounded_session_key);
|
||||||
|
-
|
||||||
|
- memcpy(&my_pwd_buf->data[0], confounder, confounder_len);
|
||||||
|
- ZERO_ARRAY(confounder);
|
||||||
|
- memcpy(&my_pwd_buf->data[8], buffer, 516);
|
||||||
|
- ZERO_ARRAY(buffer);
|
||||||
|
-
|
||||||
|
- data_blob_clear_free(&confounded_session_key);
|
||||||
|
+ memcpy(&pwd_buf->data[0], confounder.data, confounder.length);
|
||||||
|
+ ZERO_ARRAY(_confounder);
|
||||||
|
+ memcpy(&pwd_buf->data[8], encrypt_pwbuf.data, encrypt_pwbuf.length);
|
||||||
|
+ ZERO_ARRAY(pwbuf);
|
||||||
|
|
||||||
|
- *pwd_buf = my_pwd_buf;
|
||||||
|
+ *out_pwd_buf = pwd_buf;
|
||||||
|
|
||||||
|
- werr = WERR_OK;
|
||||||
|
-out:
|
||||||
|
- return werr;
|
||||||
|
+ return WERR_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,117 @@
|
|||||||
|
From 0d2898429e7eb2ca144885d5a1f9485cca620464 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Mon, 8 Jul 2019 18:21:18 +0200
|
||||||
|
Subject: [PATCH 028/187] libcli:auth: Use
|
||||||
|
samba_gnutls_arcfour_confounded_md5() in decode_wkssvc_join_password_buffer()
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit bcf7808d3aa8a5932a40955e4b764f55061e07d7)
|
||||||
|
---
|
||||||
|
libcli/auth/smbencrypt.c | 71 ++++++++++++++--------------------------
|
||||||
|
1 file changed, 24 insertions(+), 47 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
|
||||||
|
index 823e16a3387..cc5e1fbb899 100644
|
||||||
|
--- a/libcli/auth/smbencrypt.c
|
||||||
|
+++ b/libcli/auth/smbencrypt.c
|
||||||
|
@@ -1011,70 +1011,47 @@ WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
|
||||||
|
DATA_BLOB *session_key,
|
||||||
|
char **pwd)
|
||||||
|
{
|
||||||
|
- gnutls_hash_hd_t hash_hnd = NULL;
|
||||||
|
- uint8_t buffer[516];
|
||||||
|
- size_t pwd_len;
|
||||||
|
- WERROR result;
|
||||||
|
+ uint8_t _confounder[8];
|
||||||
|
+ DATA_BLOB confounder = data_blob_const(_confounder, 8);
|
||||||
|
+ uint8_t pwbuf[516] = {0};
|
||||||
|
+ DATA_BLOB decrypt_pwbuf = data_blob_const(pwbuf, 516);
|
||||||
|
bool ok;
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
- DATA_BLOB confounded_session_key;
|
||||||
|
-
|
||||||
|
- int confounder_len = 8;
|
||||||
|
- uint8_t confounder[8];
|
||||||
|
-
|
||||||
|
- *pwd = NULL;
|
||||||
|
-
|
||||||
|
- if (!pwd_buf) {
|
||||||
|
+ if (pwd_buf == NULL) {
|
||||||
|
return WERR_INVALID_PASSWORD;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ *pwd = NULL;
|
||||||
|
+
|
||||||
|
if (session_key->length != 16) {
|
||||||
|
DEBUG(10,("invalid session key\n"));
|
||||||
|
return WERR_INVALID_PASSWORD;
|
||||||
|
}
|
||||||
|
|
||||||
|
- confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
|
||||||
|
+ confounder = data_blob_const(&pwd_buf->data[0], 8);
|
||||||
|
+ memcpy(&pwbuf, &pwd_buf->data[8], 516);
|
||||||
|
|
||||||
|
- memcpy(&confounder, &pwd_buf->data[0], confounder_len);
|
||||||
|
- memcpy(&buffer, &pwd_buf->data[8], 516);
|
||||||
|
-
|
||||||
|
- rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
|
||||||
|
- if (rc < 0) {
|
||||||
|
- result = gnutls_error_to_werror(rc, WERR_CONTENT_BLOCKED);
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- rc = gnutls_hash(hash_hnd, session_key->data, session_key->length);
|
||||||
|
- if (rc < 0) {
|
||||||
|
- gnutls_hash_deinit(hash_hnd, NULL);
|
||||||
|
- result = gnutls_error_to_werror(rc, WERR_CONTENT_BLOCKED);
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
- rc = gnutls_hash(hash_hnd, confounder, confounder_len);
|
||||||
|
+ rc = samba_gnutls_arcfour_confounded_md5(session_key,
|
||||||
|
+ &confounder,
|
||||||
|
+ &decrypt_pwbuf,
|
||||||
|
+ SAMBA_GNUTLS_ENCRYPT);
|
||||||
|
if (rc < 0) {
|
||||||
|
- gnutls_hash_deinit(hash_hnd, NULL);
|
||||||
|
- result = gnutls_error_to_werror(rc, WERR_CONTENT_BLOCKED);
|
||||||
|
- goto out;
|
||||||
|
+ ZERO_ARRAY(_confounder);
|
||||||
|
+ TALLOC_FREE(pwd_buf);
|
||||||
|
+ return gnutls_error_to_werror(rc, WERR_CONTENT_BLOCKED);
|
||||||
|
}
|
||||||
|
- gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
|
||||||
|
|
||||||
|
- arcfour_crypt_blob(buffer, 516, &confounded_session_key);
|
||||||
|
-
|
||||||
|
- ok = decode_pw_buffer(mem_ctx, buffer, pwd, &pwd_len, CH_UTF16);
|
||||||
|
-
|
||||||
|
- ZERO_ARRAY(confounder);
|
||||||
|
- ZERO_ARRAY(buffer);
|
||||||
|
-
|
||||||
|
- data_blob_clear_free(&confounded_session_key);
|
||||||
|
+ ok = decode_pw_buffer(mem_ctx,
|
||||||
|
+ decrypt_pwbuf.data,
|
||||||
|
+ pwd,
|
||||||
|
+ &decrypt_pwbuf.length,
|
||||||
|
+ CH_UTF16);
|
||||||
|
+ ZERO_ARRAY(pwbuf);
|
||||||
|
|
||||||
|
if (!ok) {
|
||||||
|
- result = WERR_INVALID_PASSWORD;
|
||||||
|
- goto out;
|
||||||
|
+ return WERR_INVALID_PASSWORD;
|
||||||
|
}
|
||||||
|
|
||||||
|
- result = WERR_OK;
|
||||||
|
-out:
|
||||||
|
- return result;
|
||||||
|
+ return WERR_OK;
|
||||||
|
}
|
||||||
|
-
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,66 @@
|
|||||||
|
From ba125c495c950570017d84b1cb2a223679250961 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Fri, 9 Nov 2018 12:29:55 +0100
|
||||||
|
Subject: [PATCH 029/187] auth:ntlmssp: Use GnuTLS RC4 in ntlmssp client
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit cb4025a50232f24139f21d87e50b6e6ea69238ba)
|
||||||
|
---
|
||||||
|
auth/ntlmssp/ntlmssp_client.c | 28 +++++++++++++++++++++++++++-
|
||||||
|
1 file changed, 27 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
|
||||||
|
index df891f8d933..b8d1190466b 100644
|
||||||
|
--- a/auth/ntlmssp/ntlmssp_client.c
|
||||||
|
+++ b/auth/ntlmssp/ntlmssp_client.c
|
||||||
|
@@ -690,17 +690,43 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
|
||||||
|
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
|
||||||
|
/* Make up a new session key */
|
||||||
|
uint8_t client_session_key[16];
|
||||||
|
+ gnutls_cipher_hd_t cipher_hnd;
|
||||||
|
+ gnutls_datum_t enc_session_key = {
|
||||||
|
+ .data = session_key.data,
|
||||||
|
+ .size = session_key.length,
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
generate_secret_buffer(client_session_key, sizeof(client_session_key));
|
||||||
|
|
||||||
|
/* Encrypt the new session key with the old one */
|
||||||
|
encrypted_session_key = data_blob_talloc(ntlmssp_state,
|
||||||
|
client_session_key, sizeof(client_session_key));
|
||||||
|
dump_data_pw("KEY_EXCH session key:\n", encrypted_session_key.data, encrypted_session_key.length);
|
||||||
|
- arcfour_crypt(encrypted_session_key.data, session_key.data, encrypted_session_key.length);
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &enc_session_key,
|
||||||
|
+ NULL);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
|
||||||
|
+ ZERO_ARRAY(client_session_key);
|
||||||
|
+ goto done;
|
||||||
|
+ }
|
||||||
|
+ rc = gnutls_cipher_encrypt(cipher_hnd,
|
||||||
|
+ encrypted_session_key.data,
|
||||||
|
+ encrypted_session_key.length);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
|
||||||
|
+ ZERO_ARRAY(client_session_key);
|
||||||
|
+ goto done;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
dump_data_pw("KEY_EXCH session key (enc):\n", encrypted_session_key.data, encrypted_session_key.length);
|
||||||
|
|
||||||
|
/* Mark the new session key as the 'real' session key */
|
||||||
|
session_key = data_blob_talloc(mem_ctx, client_session_key, sizeof(client_session_key));
|
||||||
|
+ ZERO_ARRAY(client_session_key);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* this generates the actual auth packet */
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,411 @@
|
|||||||
|
From 73f0d5f5a62edbcfeb8f79fffa422416b83edf3e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Thu, 6 Dec 2018 18:11:14 +0100
|
||||||
|
Subject: [PATCH 030/187] auth:ntlmssp: Use GnuTLS RC4 for ntlmssp signing
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 7bd502dcdb44c7d0f8a56b2ba489ae8cf2b886bd)
|
||||||
|
---
|
||||||
|
auth/ntlmssp/ntlmssp_private.h | 5 +-
|
||||||
|
auth/ntlmssp/ntlmssp_sign.c | 212 ++++++++++++++++++++++++++-------
|
||||||
|
2 files changed, 174 insertions(+), 43 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/auth/ntlmssp/ntlmssp_private.h b/auth/ntlmssp/ntlmssp_private.h
|
||||||
|
index 95ec6374f51..4d84e3347b6 100644
|
||||||
|
--- a/auth/ntlmssp/ntlmssp_private.h
|
||||||
|
+++ b/auth/ntlmssp/ntlmssp_private.h
|
||||||
|
@@ -20,14 +20,15 @@
|
||||||
|
|
||||||
|
/* For structures internal to the NTLMSSP implementation that should not be exposed */
|
||||||
|
|
||||||
|
-#include "../lib/crypto/arcfour.h"
|
||||||
|
+#include <gnutls/gnutls.h>
|
||||||
|
+#include <gnutls/crypto.h>
|
||||||
|
|
||||||
|
struct auth_session_info;
|
||||||
|
|
||||||
|
struct ntlmssp_crypt_direction {
|
||||||
|
uint32_t seq_num;
|
||||||
|
uint8_t sign_key[16];
|
||||||
|
- struct arcfour_state seal_state;
|
||||||
|
+ gnutls_cipher_hd_t seal_state;
|
||||||
|
};
|
||||||
|
|
||||||
|
union ntlmssp_crypt_state {
|
||||||
|
diff --git a/auth/ntlmssp/ntlmssp_sign.c b/auth/ntlmssp/ntlmssp_sign.c
|
||||||
|
index 8ba2e246b34..89f1aa04f7a 100644
|
||||||
|
--- a/auth/ntlmssp/ntlmssp_sign.c
|
||||||
|
+++ b/auth/ntlmssp/ntlmssp_sign.c
|
||||||
|
@@ -47,9 +47,9 @@
|
||||||
|
*/
|
||||||
|
|
||||||
|
static void dump_arc4_state(const char *description,
|
||||||
|
- struct arcfour_state *state)
|
||||||
|
+ gnutls_cipher_hd_t *state)
|
||||||
|
{
|
||||||
|
- dump_data_pw(description, state->sbox, sizeof(state->sbox));
|
||||||
|
+ DBG_DEBUG("%s\n", description);
|
||||||
|
}
|
||||||
|
|
||||||
|
static NTSTATUS calc_ntlmv2_key(uint8_t subkey[16],
|
||||||
|
@@ -90,13 +90,13 @@ static NTSTATUS ntlmssp_make_packet_signature(struct ntlmssp_state *ntlmssp_stat
|
||||||
|
enum ntlmssp_direction direction,
|
||||||
|
DATA_BLOB *sig, bool encrypt_sig)
|
||||||
|
{
|
||||||
|
- NTSTATUS status;
|
||||||
|
+ NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
|
||||||
|
+ int rc;
|
||||||
|
|
||||||
|
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
|
||||||
|
gnutls_hmac_hd_t hmac_hnd = NULL;
|
||||||
|
uint8_t digest[16];
|
||||||
|
uint8_t seq_num[4];
|
||||||
|
- int rc;
|
||||||
|
|
||||||
|
*sig = data_blob_talloc(sig_mem_ctx, NULL, NTLMSSP_SIG_SIZE);
|
||||||
|
if (!sig->data) {
|
||||||
|
@@ -158,14 +158,24 @@ static NTSTATUS ntlmssp_make_packet_signature(struct ntlmssp_state *ntlmssp_stat
|
||||||
|
if (encrypt_sig && (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)) {
|
||||||
|
switch (direction) {
|
||||||
|
case NTLMSSP_SEND:
|
||||||
|
- arcfour_crypt_sbox(&ntlmssp_state->crypt->ntlm2.sending.seal_state,
|
||||||
|
- digest, 8);
|
||||||
|
+ rc = gnutls_cipher_encrypt(ntlmssp_state->crypt->ntlm2.sending.seal_state,
|
||||||
|
+ digest,
|
||||||
|
+ 8);
|
||||||
|
break;
|
||||||
|
case NTLMSSP_RECEIVE:
|
||||||
|
- arcfour_crypt_sbox(&ntlmssp_state->crypt->ntlm2.receiving.seal_state,
|
||||||
|
- digest, 8);
|
||||||
|
+ rc = gnutls_cipher_encrypt(ntlmssp_state->crypt->ntlm2.receiving.seal_state,
|
||||||
|
+ digest,
|
||||||
|
+ 8);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ DBG_ERR("gnutls_cipher_encrypt for NTLMv2 EXCH "
|
||||||
|
+ "%s packet signature failed: %s\n",
|
||||||
|
+ direction == NTLMSSP_SEND ?
|
||||||
|
+ "send" : "receive",
|
||||||
|
+ gnutls_strerror(rc));
|
||||||
|
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
SIVAL(sig->data, 0, NTLMSSP_SIGN_VERSION);
|
||||||
|
@@ -194,8 +204,15 @@ static NTSTATUS ntlmssp_make_packet_signature(struct ntlmssp_state *ntlmssp_stat
|
||||||
|
|
||||||
|
dump_arc4_state("ntlmssp hash: \n",
|
||||||
|
&ntlmssp_state->crypt->ntlm.seal_state);
|
||||||
|
- arcfour_crypt_sbox(&ntlmssp_state->crypt->ntlm.seal_state,
|
||||||
|
- sig->data+4, sig->length-4);
|
||||||
|
+ rc = gnutls_cipher_encrypt(ntlmssp_state->crypt->ntlm.seal_state,
|
||||||
|
+ sig->data + 4,
|
||||||
|
+ sig->length - 4);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ DBG_ERR("gnutls_cipher_encrypt for NTLM packet "
|
||||||
|
+ "signature failed: %s\n",
|
||||||
|
+ gnutls_strerror(rc));
|
||||||
|
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
return NT_STATUS_OK;
|
||||||
|
@@ -317,6 +334,8 @@ NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state,
|
||||||
|
const uint8_t *whole_pdu, size_t pdu_length,
|
||||||
|
DATA_BLOB *sig)
|
||||||
|
{
|
||||||
|
+ int rc;
|
||||||
|
+
|
||||||
|
if (!(ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) {
|
||||||
|
DEBUG(3, ("NTLMSSP Sealing not negotiated - cannot seal packet!\n"));
|
||||||
|
return NT_STATUS_INVALID_PARAMETER;
|
||||||
|
@@ -353,11 +372,25 @@ NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state,
|
||||||
|
return nt_status;
|
||||||
|
}
|
||||||
|
|
||||||
|
- arcfour_crypt_sbox(&ntlmssp_state->crypt->ntlm2.sending.seal_state,
|
||||||
|
- data, length);
|
||||||
|
+ rc = gnutls_cipher_encrypt(ntlmssp_state->crypt->ntlm2.sending.seal_state,
|
||||||
|
+ data,
|
||||||
|
+ length);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ DBG_ERR("gnutls_cipher_encrypt ntlmv2 sealing the data "
|
||||||
|
+ "failed: %s\n",
|
||||||
|
+ gnutls_strerror(rc));
|
||||||
|
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
|
||||||
|
+ }
|
||||||
|
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
|
||||||
|
- arcfour_crypt_sbox(&ntlmssp_state->crypt->ntlm2.sending.seal_state,
|
||||||
|
- sig->data+4, 8);
|
||||||
|
+ rc = gnutls_cipher_encrypt(ntlmssp_state->crypt->ntlm2.sending.seal_state,
|
||||||
|
+ sig->data + 4,
|
||||||
|
+ 8);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ DBG_ERR("gnutls_cipher_encrypt ntlmv2 sealing "
|
||||||
|
+ "the EXCH signature data failed: %s\n",
|
||||||
|
+ gnutls_strerror(rc));
|
||||||
|
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
NTSTATUS status;
|
||||||
|
@@ -381,17 +414,30 @@ NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state,
|
||||||
|
* is not constant, but is is rather updated with
|
||||||
|
* each iteration
|
||||||
|
*/
|
||||||
|
-
|
||||||
|
dump_arc4_state("ntlmv1 arc4 state:\n",
|
||||||
|
&ntlmssp_state->crypt->ntlm.seal_state);
|
||||||
|
- arcfour_crypt_sbox(&ntlmssp_state->crypt->ntlm.seal_state,
|
||||||
|
- data, length);
|
||||||
|
+ rc = gnutls_cipher_encrypt(ntlmssp_state->crypt->ntlm.seal_state,
|
||||||
|
+ data,
|
||||||
|
+ length);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ DBG_ERR("gnutls_cipher_encrypt ntlmv1 sealing data"
|
||||||
|
+ "failed: %s\n",
|
||||||
|
+ gnutls_strerror(rc));
|
||||||
|
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
dump_arc4_state("ntlmv1 arc4 state:\n",
|
||||||
|
&ntlmssp_state->crypt->ntlm.seal_state);
|
||||||
|
|
||||||
|
- arcfour_crypt_sbox(&ntlmssp_state->crypt->ntlm.seal_state,
|
||||||
|
- sig->data+4, sig->length-4);
|
||||||
|
+ rc = gnutls_cipher_encrypt(ntlmssp_state->crypt->ntlm.seal_state,
|
||||||
|
+ sig->data + 4,
|
||||||
|
+ sig->length - 4);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ DBG_ERR("gnutls_cipher_encrypt ntlmv1 sealing signing "
|
||||||
|
+ "data failed: %s\n",
|
||||||
|
+ gnutls_strerror(rc));
|
||||||
|
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
ntlmssp_state->crypt->ntlm.seq_num++;
|
||||||
|
}
|
||||||
|
@@ -412,6 +458,8 @@ NTSTATUS ntlmssp_unseal_packet(struct ntlmssp_state *ntlmssp_state,
|
||||||
|
const DATA_BLOB *sig)
|
||||||
|
{
|
||||||
|
NTSTATUS status;
|
||||||
|
+ int rc;
|
||||||
|
+
|
||||||
|
if (!ntlmssp_state->session_key.length) {
|
||||||
|
DEBUG(3, ("NO session key, cannot unseal packet\n"));
|
||||||
|
return NT_STATUS_NO_USER_SESSION_KEY;
|
||||||
|
@@ -422,14 +470,29 @@ NTSTATUS ntlmssp_unseal_packet(struct ntlmssp_state *ntlmssp_state,
|
||||||
|
|
||||||
|
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
|
||||||
|
/* First unseal the data. */
|
||||||
|
- arcfour_crypt_sbox(&ntlmssp_state->crypt->ntlm2.receiving.seal_state,
|
||||||
|
- data, length);
|
||||||
|
+ rc = gnutls_cipher_decrypt(ntlmssp_state->crypt->ntlm2.receiving.seal_state,
|
||||||
|
+ data,
|
||||||
|
+ length);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ DBG_ERR("gnutls_cipher_decrypt ntlmv2 unsealing the "
|
||||||
|
+ "data failed: %s\n",
|
||||||
|
+ gnutls_strerror(rc));
|
||||||
|
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
|
||||||
|
+ }
|
||||||
|
dump_data_pw("ntlmv2 clear data\n", data, length);
|
||||||
|
} else {
|
||||||
|
- arcfour_crypt_sbox(&ntlmssp_state->crypt->ntlm.seal_state,
|
||||||
|
- data, length);
|
||||||
|
+ rc = gnutls_cipher_decrypt(ntlmssp_state->crypt->ntlm.seal_state,
|
||||||
|
+ data,
|
||||||
|
+ length);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ DBG_ERR("gnutls_cipher_decrypt ntlmv1 unsealing the "
|
||||||
|
+ "data failed: %s\n",
|
||||||
|
+ gnutls_strerror(rc));
|
||||||
|
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
|
||||||
|
+ }
|
||||||
|
dump_data_pw("ntlmv1 clear data\n", data, length);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
status = ntlmssp_check_packet(ntlmssp_state,
|
||||||
|
data, length,
|
||||||
|
whole_pdu, pdu_length,
|
||||||
|
@@ -555,6 +618,8 @@ NTSTATUS ntlmssp_unwrap(struct ntlmssp_state *ntlmssp_state,
|
||||||
|
NTSTATUS ntlmssp_sign_reset(struct ntlmssp_state *ntlmssp_state,
|
||||||
|
bool reset_seqnums)
|
||||||
|
{
|
||||||
|
+ int rc;
|
||||||
|
+
|
||||||
|
DEBUG(3, ("NTLMSSP Sign/Seal - Initialising with flags:\n"));
|
||||||
|
debug_ntlmssp_flags(ntlmssp_state->neg_flags);
|
||||||
|
|
||||||
|
@@ -584,12 +649,16 @@ NTSTATUS ntlmssp_sign_reset(struct ntlmssp_state *ntlmssp_state,
|
||||||
|
const char *send_seal_const;
|
||||||
|
const char *recv_sign_const;
|
||||||
|
const char *recv_seal_const;
|
||||||
|
- uint8_t send_seal_key[16];
|
||||||
|
- DATA_BLOB send_seal_blob = data_blob_const(send_seal_key,
|
||||||
|
- sizeof(send_seal_key));
|
||||||
|
- uint8_t recv_seal_key[16];
|
||||||
|
- DATA_BLOB recv_seal_blob = data_blob_const(recv_seal_key,
|
||||||
|
- sizeof(recv_seal_key));
|
||||||
|
+ uint8_t send_seal_key[16] = {0};
|
||||||
|
+ gnutls_datum_t send_seal_blob = {
|
||||||
|
+ .data = send_seal_key,
|
||||||
|
+ .size = sizeof(send_seal_key),
|
||||||
|
+ };
|
||||||
|
+ uint8_t recv_seal_key[16] = {0};
|
||||||
|
+ gnutls_datum_t recv_seal_blob = {
|
||||||
|
+ .data = recv_seal_key,
|
||||||
|
+ .size = sizeof(recv_seal_key),
|
||||||
|
+ };
|
||||||
|
NTSTATUS status;
|
||||||
|
|
||||||
|
switch (ntlmssp_state->role) {
|
||||||
|
@@ -648,10 +717,22 @@ NTSTATUS ntlmssp_sign_reset(struct ntlmssp_state *ntlmssp_state,
|
||||||
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
- dump_data_pw("NTLMSSP send seal key:\n", send_seal_key, 16);
|
||||||
|
+ dump_data_pw("NTLMSSP send seal key:\n",
|
||||||
|
+ send_seal_key,
|
||||||
|
+ sizeof(send_seal_key));
|
||||||
|
|
||||||
|
- arcfour_init(&ntlmssp_state->crypt->ntlm2.sending.seal_state,
|
||||||
|
- &send_seal_blob);
|
||||||
|
+ if (ntlmssp_state->crypt->ntlm2.sending.seal_state != NULL) {
|
||||||
|
+ gnutls_cipher_deinit(ntlmssp_state->crypt->ntlm2.sending.seal_state);
|
||||||
|
+ }
|
||||||
|
+ rc = gnutls_cipher_init(&ntlmssp_state->crypt->ntlm2.sending.seal_state,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &send_seal_blob,
|
||||||
|
+ NULL);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ DBG_ERR("gnutls_cipher_init failed: %s\n",
|
||||||
|
+ gnutls_strerror(rc));
|
||||||
|
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
dump_arc4_state("NTLMSSP send seal arc4 state:\n",
|
||||||
|
&ntlmssp_state->crypt->ntlm2.sending.seal_state);
|
||||||
|
@@ -677,10 +758,22 @@ NTSTATUS ntlmssp_sign_reset(struct ntlmssp_state *ntlmssp_state,
|
||||||
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
- dump_data_pw("NTLMSSP recv seal key:\n", recv_seal_key, 16);
|
||||||
|
+ dump_data_pw("NTLMSSP recv seal key:\n",
|
||||||
|
+ recv_seal_key,
|
||||||
|
+ sizeof(recv_seal_key));
|
||||||
|
|
||||||
|
- arcfour_init(&ntlmssp_state->crypt->ntlm2.receiving.seal_state,
|
||||||
|
- &recv_seal_blob);
|
||||||
|
+ if (ntlmssp_state->crypt->ntlm2.receiving.seal_state != NULL) {
|
||||||
|
+ gnutls_cipher_deinit(ntlmssp_state->crypt->ntlm2.receiving.seal_state);
|
||||||
|
+ }
|
||||||
|
+ rc = gnutls_cipher_init(&ntlmssp_state->crypt->ntlm2.receiving.seal_state,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &recv_seal_blob,
|
||||||
|
+ NULL);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ DBG_ERR("gnutls_cipher_init failed: %s\n",
|
||||||
|
+ gnutls_strerror(rc));
|
||||||
|
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
dump_arc4_state("NTLMSSP recv seal arc4 state:\n",
|
||||||
|
&ntlmssp_state->crypt->ntlm2.receiving.seal_state);
|
||||||
|
@@ -690,8 +783,10 @@ NTSTATUS ntlmssp_sign_reset(struct ntlmssp_state *ntlmssp_state,
|
||||||
|
ntlmssp_state->crypt->ntlm2.receiving.seq_num = 0;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
- uint8_t weak_session_key[8];
|
||||||
|
- DATA_BLOB seal_session_key = ntlmssp_state->session_key;
|
||||||
|
+ gnutls_datum_t seal_session_key = {
|
||||||
|
+ .data = ntlmssp_state->session_key.data,
|
||||||
|
+ .size = ntlmssp_state->session_key.length,
|
||||||
|
+ };
|
||||||
|
bool do_weak = false;
|
||||||
|
|
||||||
|
DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n"));
|
||||||
|
@@ -709,14 +804,19 @@ NTSTATUS ntlmssp_sign_reset(struct ntlmssp_state *ntlmssp_state,
|
||||||
|
* Nothing to weaken.
|
||||||
|
* We certainly don't want to 'extend' the length...
|
||||||
|
*/
|
||||||
|
- if (seal_session_key.length < 16) {
|
||||||
|
+ if (ntlmssp_state->session_key.length < 16) {
|
||||||
|
/* TODO: is this really correct? */
|
||||||
|
do_weak = false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (do_weak) {
|
||||||
|
+ uint8_t weak_session_key[8];
|
||||||
|
+
|
||||||
|
memcpy(weak_session_key, seal_session_key.data, 8);
|
||||||
|
- seal_session_key = data_blob_const(weak_session_key, 8);
|
||||||
|
+ seal_session_key = (gnutls_datum_t) {
|
||||||
|
+ .data = weak_session_key,
|
||||||
|
+ .size = sizeof(weak_session_key),
|
||||||
|
+ };
|
||||||
|
|
||||||
|
/*
|
||||||
|
* LM key doesn't support 128 bit crypto, so this is
|
||||||
|
@@ -732,8 +832,18 @@ NTSTATUS ntlmssp_sign_reset(struct ntlmssp_state *ntlmssp_state,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- arcfour_init(&ntlmssp_state->crypt->ntlm.seal_state,
|
||||||
|
- &seal_session_key);
|
||||||
|
+ if (ntlmssp_state->crypt->ntlm.seal_state != NULL) {
|
||||||
|
+ gnutls_cipher_deinit(ntlmssp_state->crypt->ntlm.seal_state);
|
||||||
|
+ }
|
||||||
|
+ rc = gnutls_cipher_init(&ntlmssp_state->crypt->ntlm.seal_state,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &seal_session_key,
|
||||||
|
+ NULL);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ DBG_ERR("gnutls_cipher_init failed: %s\n",
|
||||||
|
+ gnutls_strerror(rc));
|
||||||
|
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
dump_arc4_state("NTLMv1 arc4 state:\n",
|
||||||
|
&ntlmssp_state->crypt->ntlm.seal_state);
|
||||||
|
@@ -746,6 +856,24 @@ NTSTATUS ntlmssp_sign_reset(struct ntlmssp_state *ntlmssp_state,
|
||||||
|
return NT_STATUS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static int ntlmssp_crypt_free_gnutls_cipher_state(union ntlmssp_crypt_state *c)
|
||||||
|
+{
|
||||||
|
+ if (c->ntlm2.sending.seal_state != NULL) {
|
||||||
|
+ gnutls_cipher_deinit(c->ntlm2.sending.seal_state);
|
||||||
|
+ c->ntlm2.sending.seal_state = NULL;
|
||||||
|
+ }
|
||||||
|
+ if (c->ntlm2.receiving.seal_state != NULL) {
|
||||||
|
+ gnutls_cipher_deinit(c->ntlm2.receiving.seal_state);
|
||||||
|
+ c->ntlm2.receiving.seal_state = NULL;
|
||||||
|
+ }
|
||||||
|
+ if (c->ntlm.seal_state != NULL) {
|
||||||
|
+ gnutls_cipher_deinit(c->ntlm.seal_state);
|
||||||
|
+ c->ntlm.seal_state = NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
|
||||||
|
{
|
||||||
|
if (ntlmssp_state->session_key.length < 8) {
|
||||||
|
@@ -758,6 +886,8 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
|
||||||
|
if (ntlmssp_state->crypt == NULL) {
|
||||||
|
return NT_STATUS_NO_MEMORY;
|
||||||
|
}
|
||||||
|
+ talloc_set_destructor(ntlmssp_state->crypt,
|
||||||
|
+ ntlmssp_crypt_free_gnutls_cipher_state);
|
||||||
|
|
||||||
|
return ntlmssp_sign_reset(ntlmssp_state, true);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
76
SOURCES/0031-s3-libsmb-Use-GnuTLS-RC4-in-clirap.patch
Normal file
76
SOURCES/0031-s3-libsmb-Use-GnuTLS-RC4-in-clirap.patch
Normal file
@ -0,0 +1,76 @@
|
|||||||
|
From c7e79b33a10a8e393df78fd7adf60a5a3dbebcc6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Tue, 15 Jan 2019 18:14:17 +0100
|
||||||
|
Subject: [PATCH 031/187] s3:libsmb: Use GnuTLS RC4 in clirap
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 0947d8388def40b01b322d0deee4dba386983410)
|
||||||
|
---
|
||||||
|
source3/libsmb/clirap.c | 27 +++++++++++++++++++++++++--
|
||||||
|
1 file changed, 25 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c
|
||||||
|
index b4b40ebdab4..c0b9dcdff39 100644
|
||||||
|
--- a/source3/libsmb/clirap.c
|
||||||
|
+++ b/source3/libsmb/clirap.c
|
||||||
|
@@ -22,7 +22,6 @@
|
||||||
|
#include "includes.h"
|
||||||
|
#include "../libcli/auth/libcli_auth.h"
|
||||||
|
#include "../librpc/gen_ndr/rap.h"
|
||||||
|
-#include "../lib/crypto/arcfour.h"
|
||||||
|
#include "../lib/util/tevent_ntstatus.h"
|
||||||
|
#include "async_smb.h"
|
||||||
|
#include "libsmb/libsmb.h"
|
||||||
|
@@ -31,6 +30,9 @@
|
||||||
|
#include "../libcli/smb/smbXcli_base.h"
|
||||||
|
#include "cli_smb2_fnum.h"
|
||||||
|
|
||||||
|
+#include <gnutls/gnutls.h>
|
||||||
|
+#include <gnutls/crypto.h>
|
||||||
|
+
|
||||||
|
#define PIPE_LANMAN "\\PIPE\\LANMAN"
|
||||||
|
|
||||||
|
/****************************************************************************
|
||||||
|
@@ -508,6 +510,12 @@ bool cli_oem_change_password(struct cli_state *cli, const char *user, const char
|
||||||
|
char *rparam = NULL;
|
||||||
|
char *rdata = NULL;
|
||||||
|
unsigned int rprcnt, rdrcnt;
|
||||||
|
+ gnutls_cipher_hd_t cipher_hnd = NULL;
|
||||||
|
+ gnutls_datum_t old_pw_key = {
|
||||||
|
+ .data = old_pw_hash,
|
||||||
|
+ .size = sizeof(old_pw_hash),
|
||||||
|
+ };
|
||||||
|
+ int rc;
|
||||||
|
|
||||||
|
if (strlen(user) >= sizeof(fstring)-1) {
|
||||||
|
DEBUG(0,("cli_oem_change_password: user name %s is too long.\n", user));
|
||||||
|
@@ -539,7 +547,22 @@ bool cli_oem_change_password(struct cli_state *cli, const char *user, const char
|
||||||
|
DEBUG(100,("make_oem_passwd_hash\n"));
|
||||||
|
dump_data(100, data, 516);
|
||||||
|
#endif
|
||||||
|
- arcfour_crypt( (unsigned char *)data, (unsigned char *)old_pw_hash, 516);
|
||||||
|
+ rc = gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &old_pw_key,
|
||||||
|
+ NULL);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ DBG_ERR("gnutls_cipher_init failed: %s\n",
|
||||||
|
+ gnutls_strerror(rc));
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+ rc = gnutls_cipher_encrypt(cipher_hnd,
|
||||||
|
+ data,
|
||||||
|
+ 516);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Now place the old password hash in the data.
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,160 @@
|
|||||||
|
From 36dfd6496dc9b954b2243bbb5293af8ce332cf4f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 16 Jan 2019 12:41:32 +0100
|
||||||
|
Subject: [PATCH 032/187] s3:rpc_client: Use init_samr_CryptPassword in
|
||||||
|
cli_samr rpc_client
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit a95647e12ac75ffda42d95b41144596a078aebd6)
|
||||||
|
---
|
||||||
|
source3/rpc_client/cli_samr.c | 59 ++++++++++++++++++++++++++++-------
|
||||||
|
source3/wscript_build | 2 +-
|
||||||
|
2 files changed, 48 insertions(+), 13 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
|
||||||
|
index 7764e1a8540..452e9593f6a 100644
|
||||||
|
--- a/source3/rpc_client/cli_samr.c
|
||||||
|
+++ b/source3/rpc_client/cli_samr.c
|
||||||
|
@@ -26,8 +26,8 @@
|
||||||
|
#include "../libcli/auth/libcli_auth.h"
|
||||||
|
#include "../librpc/gen_ndr/ndr_samr_c.h"
|
||||||
|
#include "rpc_client/cli_samr.h"
|
||||||
|
-#include "../lib/crypto/arcfour.h"
|
||||||
|
#include "rpc_client/init_lsa.h"
|
||||||
|
+#include "rpc_client/init_samr.h"
|
||||||
|
|
||||||
|
/* User change password */
|
||||||
|
|
||||||
|
@@ -128,6 +128,8 @@ NTSTATUS dcerpc_samr_chgpasswd_user2(struct dcerpc_binding_handle *h,
|
||||||
|
uint8_t new_lanman_hash[16];
|
||||||
|
struct lsa_String server, account;
|
||||||
|
|
||||||
|
+ DATA_BLOB session_key = data_blob_const(old_nt_hash, 16);
|
||||||
|
+
|
||||||
|
DEBUG(10,("rpccli_samr_chgpasswd_user2\n"));
|
||||||
|
|
||||||
|
init_lsa_String(&server, srv_name_slash);
|
||||||
|
@@ -144,19 +146,25 @@ NTSTATUS dcerpc_samr_chgpasswd_user2(struct dcerpc_binding_handle *h,
|
||||||
|
DOS chars). This allows us to match Win2k, which
|
||||||
|
does not store a LM hash for these passwords (which
|
||||||
|
would reduce the effective password length to 14) */
|
||||||
|
+ status = init_samr_CryptPassword(newpassword,
|
||||||
|
+ &session_key,
|
||||||
|
+ &new_lm_password);
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ return status;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE);
|
||||||
|
-
|
||||||
|
- arcfour_crypt(new_lm_password.data, old_nt_hash, 516);
|
||||||
|
E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
|
||||||
|
} else {
|
||||||
|
ZERO_STRUCT(new_lm_password);
|
||||||
|
ZERO_STRUCT(old_lanman_hash_enc);
|
||||||
|
}
|
||||||
|
|
||||||
|
- encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE);
|
||||||
|
-
|
||||||
|
- arcfour_crypt(new_nt_password.data, old_nt_hash, 516);
|
||||||
|
+ status = init_samr_CryptPassword(newpassword,
|
||||||
|
+ &session_key,
|
||||||
|
+ &new_nt_password);
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ return status;
|
||||||
|
+ }
|
||||||
|
E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
|
||||||
|
|
||||||
|
status = dcerpc_samr_ChangePasswordUser2(h,
|
||||||
|
@@ -170,6 +178,15 @@ NTSTATUS dcerpc_samr_chgpasswd_user2(struct dcerpc_binding_handle *h,
|
||||||
|
&old_lanman_hash_enc,
|
||||||
|
presult);
|
||||||
|
|
||||||
|
+ ZERO_STRUCT(new_nt_password);
|
||||||
|
+ ZERO_STRUCT(new_lm_password);
|
||||||
|
+ ZERO_STRUCT(old_nt_hash_enc);
|
||||||
|
+ ZERO_STRUCT(old_lanman_hash_enc);
|
||||||
|
+ ZERO_ARRAY(new_nt_hash);
|
||||||
|
+ ZERO_ARRAY(new_lanman_hash);
|
||||||
|
+ ZERO_ARRAY(old_nt_hash);
|
||||||
|
+ ZERO_ARRAY(old_lanman_hash);
|
||||||
|
+
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -308,6 +325,8 @@ NTSTATUS dcerpc_samr_chgpasswd_user3(struct dcerpc_binding_handle *h,
|
||||||
|
|
||||||
|
struct lsa_String server, account;
|
||||||
|
|
||||||
|
+ DATA_BLOB session_key = data_blob_const(old_nt_hash, 16);
|
||||||
|
+
|
||||||
|
DEBUG(10,("rpccli_samr_chgpasswd_user3\n"));
|
||||||
|
|
||||||
|
init_lsa_String(&server, srv_name_slash);
|
||||||
|
@@ -324,19 +343,26 @@ NTSTATUS dcerpc_samr_chgpasswd_user3(struct dcerpc_binding_handle *h,
|
||||||
|
DOS chars). This allows us to match Win2k, which
|
||||||
|
does not store a LM hash for these passwords (which
|
||||||
|
would reduce the effective password length to 14) */
|
||||||
|
+ status = init_samr_CryptPassword(newpassword,
|
||||||
|
+ &session_key,
|
||||||
|
+ &new_lm_password);
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ return status;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE);
|
||||||
|
-
|
||||||
|
- arcfour_crypt(new_lm_password.data, old_nt_hash, 516);
|
||||||
|
E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
|
||||||
|
} else {
|
||||||
|
ZERO_STRUCT(new_lm_password);
|
||||||
|
ZERO_STRUCT(old_lanman_hash_enc);
|
||||||
|
}
|
||||||
|
|
||||||
|
- encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE);
|
||||||
|
+ status = init_samr_CryptPassword(newpassword,
|
||||||
|
+ &session_key,
|
||||||
|
+ &new_nt_password);
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ return status;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- arcfour_crypt(new_nt_password.data, old_nt_hash, 516);
|
||||||
|
E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
|
||||||
|
|
||||||
|
status = dcerpc_samr_ChangePasswordUser3(h,
|
||||||
|
@@ -353,6 +379,15 @@ NTSTATUS dcerpc_samr_chgpasswd_user3(struct dcerpc_binding_handle *h,
|
||||||
|
reject,
|
||||||
|
presult);
|
||||||
|
|
||||||
|
+ ZERO_STRUCT(new_nt_password);
|
||||||
|
+ ZERO_STRUCT(new_lm_password);
|
||||||
|
+ ZERO_STRUCT(old_nt_hash_enc);
|
||||||
|
+ ZERO_STRUCT(old_lanman_hash_enc);
|
||||||
|
+ ZERO_ARRAY(new_nt_hash);
|
||||||
|
+ ZERO_ARRAY(new_lanman_hash);
|
||||||
|
+ ZERO_ARRAY(old_nt_hash);
|
||||||
|
+ ZERO_ARRAY(old_lanman_hash);
|
||||||
|
+
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/source3/wscript_build b/source3/wscript_build
|
||||||
|
index aa3c7175202..b73f6dc0664 100644
|
||||||
|
--- a/source3/wscript_build
|
||||||
|
+++ b/source3/wscript_build
|
||||||
|
@@ -1009,7 +1009,7 @@ bld.SAMBA3_SUBSYSTEM('errors3',
|
||||||
|
|
||||||
|
bld.SAMBA3_SUBSYSTEM('LIBCLI_SAMR',
|
||||||
|
source='rpc_client/cli_samr.c',
|
||||||
|
- deps='RPC_NDR_SAMR')
|
||||||
|
+ deps='RPC_NDR_SAMR INIT_SAMR')
|
||||||
|
|
||||||
|
bld.SAMBA3_LIBRARY('libcli_lsa3',
|
||||||
|
source='rpc_client/cli_lsarpc.c',
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,77 @@
|
|||||||
|
From 07925f22341c508792b3ce8feeae2abc939a61f2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 16 Jan 2019 17:40:13 +0100
|
||||||
|
Subject: [PATCH 033/187] s3:rpc_server: Use GnuTLS RC4 in samr password check
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit d31f6a6803c86b8de0a97927731091f5a7bee4f1)
|
||||||
|
---
|
||||||
|
source3/rpc_server/samr/srv_samr_chgpasswd.c | 30 ++++++++++++++++++--
|
||||||
|
1 file changed, 28 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source3/rpc_server/samr/srv_samr_chgpasswd.c b/source3/rpc_server/samr/srv_samr_chgpasswd.c
|
||||||
|
index 3749edbb044..fc509494ebc 100644
|
||||||
|
--- a/source3/rpc_server/samr/srv_samr_chgpasswd.c
|
||||||
|
+++ b/source3/rpc_server/samr/srv_samr_chgpasswd.c
|
||||||
|
@@ -50,12 +50,15 @@
|
||||||
|
#include "system/passwd.h"
|
||||||
|
#include "system/filesys.h"
|
||||||
|
#include "../libcli/auth/libcli_auth.h"
|
||||||
|
-#include "../lib/crypto/arcfour.h"
|
||||||
|
#include "rpc_server/samr/srv_samr_util.h"
|
||||||
|
#include "passdb.h"
|
||||||
|
#include "auth.h"
|
||||||
|
#include "lib/util/sys_rw.h"
|
||||||
|
|
||||||
|
+#include "lib/crypto/gnutls_helpers.h"
|
||||||
|
+#include <gnutls/gnutls.h>
|
||||||
|
+#include <gnutls/crypto.h>
|
||||||
|
+
|
||||||
|
#ifndef ALLOW_CHANGE_PASSWORD
|
||||||
|
#if (defined(HAVE_TERMIOS_H) && defined(HAVE_DUP2) && defined(HAVE_SETSID))
|
||||||
|
#define ALLOW_CHANGE_PASSWORD 1
|
||||||
|
@@ -685,6 +688,10 @@ static NTSTATUS check_oem_password(const char *user,
|
||||||
|
bool lm_pass_set = (password_encrypted_with_lm_hash && old_lm_hash_encrypted);
|
||||||
|
enum ntlm_auth_level ntlm_auth_level = lp_ntlm_auth();
|
||||||
|
|
||||||
|
+ gnutls_cipher_hd_t cipher_hnd = NULL;
|
||||||
|
+ gnutls_datum_t enc_key;
|
||||||
|
+ int rc;
|
||||||
|
+
|
||||||
|
/* this call should be disabled without NTLM auth */
|
||||||
|
if (ntlm_auth_level == NTLM_AUTH_DISABLED) {
|
||||||
|
DBG_WARNING("NTLM password changes not"
|
||||||
|
@@ -752,7 +759,26 @@ static NTSTATUS check_oem_password(const char *user,
|
||||||
|
/*
|
||||||
|
* Decrypt the password with the key
|
||||||
|
*/
|
||||||
|
- arcfour_crypt( password_encrypted, encryption_key, 516);
|
||||||
|
+ enc_key = (gnutls_datum_t) {
|
||||||
|
+ .data = discard_const_p(unsigned char, encryption_key),
|
||||||
|
+ .size = 16,
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &enc_key,
|
||||||
|
+ NULL);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_decrypt(cipher_hnd,
|
||||||
|
+ password_encrypted,
|
||||||
|
+ 516);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (!decode_pw_buffer(talloc_tos(),
|
||||||
|
password_encrypted,
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,119 @@
|
|||||||
|
From 6eb8a45387ae6400d4b48d838ec89510afe2b37a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 15 May 2019 14:04:31 +0200
|
||||||
|
Subject: [PATCH 034/187] s3:rpc_server: Use GnuTLS RC4 to decrypt samr
|
||||||
|
password buffers
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit cd0b5e5d9377bc79b4468081f3999ad39be3cb8f)
|
||||||
|
---
|
||||||
|
source3/rpc_server/samr/srv_samr_nt.c | 58 ++++++++++++++++++++++++---
|
||||||
|
1 file changed, 52 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
|
||||||
|
index fd5c453e0eb..ad1d1853bda 100644
|
||||||
|
--- a/source3/rpc_server/samr/srv_samr_nt.c
|
||||||
|
+++ b/source3/rpc_server/samr/srv_samr_nt.c
|
||||||
|
@@ -37,7 +37,6 @@
|
||||||
|
#include "ntdomain.h"
|
||||||
|
#include "../librpc/gen_ndr/srv_samr.h"
|
||||||
|
#include "rpc_server/samr/srv_samr_util.h"
|
||||||
|
-#include "../lib/crypto/arcfour.h"
|
||||||
|
#include "secrets.h"
|
||||||
|
#include "rpc_client/init_lsa.h"
|
||||||
|
#include "../libcli/security/security.h"
|
||||||
|
@@ -47,6 +46,10 @@
|
||||||
|
#include "../lib/tsocket/tsocket.h"
|
||||||
|
#include "lib/util/base64.h"
|
||||||
|
|
||||||
|
+#include "lib/crypto/gnutls_helpers.h"
|
||||||
|
+#include <gnutls/gnutls.h>
|
||||||
|
+#include <gnutls/crypto.h>
|
||||||
|
+
|
||||||
|
#undef DBGC_CLASS
|
||||||
|
#define DBGC_CLASS DBGC_RPC_SRV
|
||||||
|
|
||||||
|
@@ -4946,6 +4949,41 @@ static uint32_t samr_set_user_info_map_fields_to_access_mask(uint32_t fields)
|
||||||
|
return acc_required;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static NTSTATUS arc4_decrypt_data(DATA_BLOB session_key,
|
||||||
|
+ uint8_t *data,
|
||||||
|
+ size_t data_size)
|
||||||
|
+{
|
||||||
|
+ gnutls_cipher_hd_t cipher_hnd = NULL;
|
||||||
|
+ gnutls_datum_t my_session_key = {
|
||||||
|
+ .data = session_key.data,
|
||||||
|
+ .size = session_key.length,
|
||||||
|
+ };
|
||||||
|
+ NTSTATUS status = NT_STATUS_INTERNAL_ERROR;
|
||||||
|
+ int rc;
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &my_session_key,
|
||||||
|
+ NULL);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_decrypt(cipher_hnd,
|
||||||
|
+ data,
|
||||||
|
+ data_size);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ status = NT_STATUS_OK;
|
||||||
|
+out:
|
||||||
|
+ return status;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/*******************************************************************
|
||||||
|
samr_SetUserInfo
|
||||||
|
********************************************************************/
|
||||||
|
@@ -5153,8 +5191,12 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
|
||||||
|
if(!NT_STATUS_IS_OK(status)) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
- arcfour_crypt_blob(info->info23.password.data, 516,
|
||||||
|
- &session_key);
|
||||||
|
+ status = arc4_decrypt_data(session_key,
|
||||||
|
+ info->info23.password.data,
|
||||||
|
+ 516);
|
||||||
|
+ if(!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
dump_data(100, info->info23.password.data, 516);
|
||||||
|
|
||||||
|
@@ -5165,13 +5207,17 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 24:
|
||||||
|
+
|
||||||
|
status = session_extract_session_key(p->session_info, &session_key, KEY_USE_16BYTES);
|
||||||
|
if(!NT_STATUS_IS_OK(status)) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
- arcfour_crypt_blob(info->info24.password.data,
|
||||||
|
- 516,
|
||||||
|
- &session_key);
|
||||||
|
+ status = arc4_decrypt_data(session_key,
|
||||||
|
+ info->info24.password.data,
|
||||||
|
+ 516);
|
||||||
|
+ if(!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
dump_data(100, info->info24.password.data, 516);
|
||||||
|
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
110
SOURCES/0035-s3-utils-Use-GnuTLS-RC4-in-ntlm_auth.patch
Normal file
110
SOURCES/0035-s3-utils-Use-GnuTLS-RC4-in-ntlm_auth.patch
Normal file
@ -0,0 +1,110 @@
|
|||||||
|
From ef374b9b3b98b498545d40f0aa2e537bdf81ae59 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Thu, 17 Jan 2019 12:40:21 +0100
|
||||||
|
Subject: [PATCH 035/187] s3:utils: Use GnuTLS RC4 in ntlm_auth
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 359ae5be0d21e7ab235035aab65710c9459e9593)
|
||||||
|
---
|
||||||
|
source3/utils/ntlm_auth.c | 45 ++++++++++++++++++++++++++++++++++++---
|
||||||
|
1 file changed, 42 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
|
||||||
|
index 87f6554ae4f..8a6218ac9ec 100644
|
||||||
|
--- a/source3/utils/ntlm_auth.c
|
||||||
|
+++ b/source3/utils/ntlm_auth.c
|
||||||
|
@@ -37,7 +37,6 @@
|
||||||
|
#include "librpc/crypto/gse.h"
|
||||||
|
#include "smb_krb5.h"
|
||||||
|
#include "lib/util/tiniparser.h"
|
||||||
|
-#include "../lib/crypto/arcfour.h"
|
||||||
|
#include "nsswitch/winbind_client.h"
|
||||||
|
#include "librpc/gen_ndr/krb5pac.h"
|
||||||
|
#include "../lib/util/asn1.h"
|
||||||
|
@@ -49,6 +48,9 @@
|
||||||
|
#include "lib/util/base64.h"
|
||||||
|
#include "cmdline_contexts.h"
|
||||||
|
|
||||||
|
+#include <gnutls/gnutls.h>
|
||||||
|
+#include <gnutls/crypto.h>
|
||||||
|
+
|
||||||
|
#ifdef HAVE_KRB5
|
||||||
|
#include "auth/kerberos/pac_utils.h"
|
||||||
|
#endif
|
||||||
|
@@ -1937,6 +1939,13 @@ static void manage_ntlm_change_password_1_request(enum stdio_helper_mode stdio_h
|
||||||
|
uchar new_nt_hash[16];
|
||||||
|
uchar new_lm_hash[16];
|
||||||
|
|
||||||
|
+ gnutls_cipher_hd_t cipher_hnd = NULL;
|
||||||
|
+ gnutls_datum_t old_nt_key = {
|
||||||
|
+ .data = old_nt_hash,
|
||||||
|
+ .size = sizeof(old_nt_hash),
|
||||||
|
+ };
|
||||||
|
+ int rc;
|
||||||
|
+
|
||||||
|
new_nt_pswd = data_blob(NULL, 516);
|
||||||
|
old_nt_hash_enc = data_blob(NULL, 16);
|
||||||
|
|
||||||
|
@@ -1956,6 +1965,19 @@ static void manage_ntlm_change_password_1_request(enum stdio_helper_mode stdio_h
|
||||||
|
Likewise, obey the admin's restriction
|
||||||
|
*/
|
||||||
|
|
||||||
|
+ rc = gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &old_nt_key,
|
||||||
|
+ NULL);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ DBG_ERR("gnutls_cipher_init failed: %s\n",
|
||||||
|
+ gnutls_strerror(rc));
|
||||||
|
+ if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
|
||||||
|
+ DBG_ERR("Running in FIPS mode, NTLM blocked\n");
|
||||||
|
+ }
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (lp_client_lanman_auth() &&
|
||||||
|
E_deshash(newpswd, new_lm_hash) &&
|
||||||
|
E_deshash(oldpswd, old_lm_hash)) {
|
||||||
|
@@ -1964,7 +1986,13 @@ static void manage_ntlm_change_password_1_request(enum stdio_helper_mode stdio_h
|
||||||
|
encode_pw_buffer(new_lm_pswd.data, newpswd,
|
||||||
|
STR_UNICODE);
|
||||||
|
|
||||||
|
- arcfour_crypt(new_lm_pswd.data, old_nt_hash, 516);
|
||||||
|
+ rc = gnutls_cipher_encrypt(cipher_hnd,
|
||||||
|
+ new_lm_pswd.data,
|
||||||
|
+ 516);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
E_old_pw_hash(new_nt_hash, old_lm_hash,
|
||||||
|
old_lm_hash_enc.data);
|
||||||
|
} else {
|
||||||
|
@@ -1977,9 +2005,20 @@ static void manage_ntlm_change_password_1_request(enum stdio_helper_mode stdio_h
|
||||||
|
encode_pw_buffer(new_nt_pswd.data, newpswd,
|
||||||
|
STR_UNICODE);
|
||||||
|
|
||||||
|
- arcfour_crypt(new_nt_pswd.data, old_nt_hash, 516);
|
||||||
|
+ rc = gnutls_cipher_encrypt(cipher_hnd,
|
||||||
|
+ new_nt_pswd.data,
|
||||||
|
+ 516);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
E_old_pw_hash(new_nt_hash, old_nt_hash,
|
||||||
|
old_nt_hash_enc.data);
|
||||||
|
+
|
||||||
|
+ ZERO_ARRAY(old_nt_hash);
|
||||||
|
+ ZERO_ARRAY(old_lm_hash);
|
||||||
|
+ ZERO_ARRAY(new_nt_hash);
|
||||||
|
+ ZERO_ARRAY(new_lm_hash);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!full_username && !username) {
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,76 @@
|
|||||||
|
From e81c7a540896c9a3fed8d6a8b080f76c83d70369 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Date: Thu, 25 Jul 2019 12:50:57 +1200
|
||||||
|
Subject: [PATCH 036/187] s4:rpc_server: Use
|
||||||
|
samba_gnutls_arcfour_confounded_md5() in samr_set_password_ex()
|
||||||
|
|
||||||
|
This allows the use of GnuTLS for the underlying RC4 crypto operations.
|
||||||
|
|
||||||
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||||
|
(cherry picked from commit 9363abfb5fcfeff30295ce0cf94c18941a6c4e9f)
|
||||||
|
---
|
||||||
|
source4/rpc_server/samr/samr_password.c | 34 ++++++-------------------
|
||||||
|
1 file changed, 8 insertions(+), 26 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
|
||||||
|
index 7c441f38ce2..fde0de2c3cc 100644
|
||||||
|
--- a/source4/rpc_server/samr/samr_password.c
|
||||||
|
+++ b/source4/rpc_server/samr/samr_password.c
|
||||||
|
@@ -586,9 +586,11 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
|
||||||
|
{
|
||||||
|
NTSTATUS nt_status;
|
||||||
|
DATA_BLOB new_password;
|
||||||
|
- DATA_BLOB co_session_key;
|
||||||
|
+
|
||||||
|
+ /* The confounder is in the last 16 bytes of the buffer */
|
||||||
|
+ DATA_BLOB confounder = data_blob_const(&pwbuf->data[516], 16);
|
||||||
|
+ DATA_BLOB pw_data = data_blob_const(pwbuf->data, 516);
|
||||||
|
DATA_BLOB session_key = data_blob(NULL, 0);
|
||||||
|
- gnutls_hash_hd_t hash_hnd = NULL;
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
nt_status = dcesrv_transport_session_key(dce_call, &session_key);
|
||||||
|
@@ -599,35 +601,15 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
|
||||||
|
return NT_STATUS_WRONG_PASSWORD;
|
||||||
|
}
|
||||||
|
|
||||||
|
- co_session_key = data_blob_talloc(mem_ctx, NULL, 16);
|
||||||
|
- if (!co_session_key.data) {
|
||||||
|
- return NT_STATUS_NO_MEMORY;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
|
||||||
|
+ rc = samba_gnutls_arcfour_confounded_md5(&confounder,
|
||||||
|
+ &session_key,
|
||||||
|
+ &pw_data,
|
||||||
|
+ SAMBA_GNUTLS_DECRYPT);
|
||||||
|
if (rc < 0) {
|
||||||
|
nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
- rc = gnutls_hash(hash_hnd, &pwbuf->data[516], 16);
|
||||||
|
- if (rc < 0) {
|
||||||
|
- gnutls_hash_deinit(hash_hnd, NULL);
|
||||||
|
- nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
- rc = gnutls_hash(hash_hnd, session_key.data, session_key.length);
|
||||||
|
- if (rc < 0) {
|
||||||
|
- gnutls_hash_deinit(hash_hnd, NULL);
|
||||||
|
- nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
- gnutls_hash_deinit(hash_hnd, co_session_key.data);
|
||||||
|
-
|
||||||
|
- arcfour_crypt_blob(pwbuf->data, 516, &co_session_key);
|
||||||
|
- ZERO_ARRAY_LEN(co_session_key.data,
|
||||||
|
- co_session_key.length);
|
||||||
|
-
|
||||||
|
if (!extract_pw_from_buffer(mem_ctx, pwbuf->data, &new_password)) {
|
||||||
|
DEBUG(3,("samr: failed to decode password buffer\n"));
|
||||||
|
nt_status = NT_STATUS_WRONG_PASSWORD;
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,195 @@
|
|||||||
|
From 23f422c0df67c0f9e701e0deb5f1708a930a98bd Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Tue, 19 Feb 2019 17:40:29 +0100
|
||||||
|
Subject: [PATCH 037/187] s4:rpc_server: Use GnuTLS RC4 for samr password
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 4326e7de6ba0ce02ab23af7297d2f7242988daa4)
|
||||||
|
---
|
||||||
|
source4/rpc_server/samr/samr_password.c | 105 ++++++++++++++++++++----
|
||||||
|
1 file changed, 89 insertions(+), 16 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
|
||||||
|
index fde0de2c3cc..b04e37f06f3 100644
|
||||||
|
--- a/source4/rpc_server/samr/samr_password.c
|
||||||
|
+++ b/source4/rpc_server/samr/samr_password.c
|
||||||
|
@@ -24,7 +24,7 @@
|
||||||
|
#include "rpc_server/dcerpc_server.h"
|
||||||
|
#include "rpc_server/samr/dcesrv_samr.h"
|
||||||
|
#include "system/time.h"
|
||||||
|
-#include "../lib/crypto/crypto.h"
|
||||||
|
+#include "lib/crypto/md4.h"
|
||||||
|
#include "dsdb/samdb/samdb.h"
|
||||||
|
#include "auth/auth.h"
|
||||||
|
#include "libcli/auth/libcli_auth.h"
|
||||||
|
@@ -119,13 +119,15 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
|
||||||
|
"samAccountName",
|
||||||
|
NULL };
|
||||||
|
struct samr_Password *lm_pwd;
|
||||||
|
- DATA_BLOB lm_pwd_blob;
|
||||||
|
uint8_t new_lm_hash[16];
|
||||||
|
struct samr_Password lm_verifier;
|
||||||
|
size_t unicode_pw_len;
|
||||||
|
size_t converted_size = 0;
|
||||||
|
const char *user_samAccountName = NULL;
|
||||||
|
struct dom_sid *user_objectSid = NULL;
|
||||||
|
+ gnutls_cipher_hd_t cipher_hnd = NULL;
|
||||||
|
+ gnutls_datum_t lm_session_key;
|
||||||
|
+ int rc;
|
||||||
|
|
||||||
|
if (pwbuf == NULL) {
|
||||||
|
return NT_STATUS_INVALID_PARAMETER;
|
||||||
|
@@ -179,9 +181,28 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
|
||||||
|
}
|
||||||
|
|
||||||
|
/* decrypt the password we have been given */
|
||||||
|
- lm_pwd_blob = data_blob(lm_pwd->hash, sizeof(lm_pwd->hash));
|
||||||
|
- arcfour_crypt_blob(pwbuf->data, 516, &lm_pwd_blob);
|
||||||
|
- data_blob_free(&lm_pwd_blob);
|
||||||
|
+ lm_session_key = (gnutls_datum_t) {
|
||||||
|
+ .data = lm_pwd->hash,
|
||||||
|
+ .size = sizeof(lm_pwd->hash),
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &lm_session_key,
|
||||||
|
+ NULL);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
+ goto failed;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_decrypt(cipher_hnd,
|
||||||
|
+ pwbuf->data,
|
||||||
|
+ 516);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
+ goto failed;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (!extract_pw_from_buffer(mem_ctx, pwbuf->data, &new_password)) {
|
||||||
|
DEBUG(3,("samr: failed to decode password buffer\n"));
|
||||||
|
@@ -315,7 +336,6 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
|
||||||
|
"badPwdCount", "badPasswordTime",
|
||||||
|
"objectSid", NULL };
|
||||||
|
struct samr_Password *nt_pwd, *lm_pwd;
|
||||||
|
- DATA_BLOB nt_pwd_blob;
|
||||||
|
struct samr_DomInfo1 *dominfo = NULL;
|
||||||
|
struct userPwdChangeFailureInformation *reject = NULL;
|
||||||
|
enum samPwdChangeReason reason = SAM_PWD_CHANGE_NO_ERROR;
|
||||||
|
@@ -325,6 +345,9 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
|
||||||
|
struct dom_sid *user_objectSid = NULL;
|
||||||
|
enum ntlm_auth_level ntlm_auth_level
|
||||||
|
= lpcfg_ntlm_auth(dce_call->conn->dce_ctx->lp_ctx);
|
||||||
|
+ gnutls_cipher_hd_t cipher_hnd = NULL;
|
||||||
|
+ gnutls_datum_t nt_session_key;
|
||||||
|
+ int rc;
|
||||||
|
|
||||||
|
*r->out.dominfo = NULL;
|
||||||
|
*r->out.reject = NULL;
|
||||||
|
@@ -381,9 +404,28 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
|
||||||
|
}
|
||||||
|
|
||||||
|
/* decrypt the password we have been given */
|
||||||
|
- nt_pwd_blob = data_blob(nt_pwd->hash, sizeof(nt_pwd->hash));
|
||||||
|
- arcfour_crypt_blob(r->in.nt_password->data, 516, &nt_pwd_blob);
|
||||||
|
- data_blob_free(&nt_pwd_blob);
|
||||||
|
+ nt_session_key = (gnutls_datum_t) {
|
||||||
|
+ .data = nt_pwd->hash,
|
||||||
|
+ .size = sizeof(nt_pwd->hash),
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &nt_session_key,
|
||||||
|
+ NULL);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
+ goto failed;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_decrypt(cipher_hnd,
|
||||||
|
+ r->in.nt_password->data,
|
||||||
|
+ 516);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
+ goto failed;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (!extract_pw_from_buffer(mem_ctx, r->in.nt_password->data, &new_password)) {
|
||||||
|
DEBUG(3,("samr: failed to decode password buffer\n"));
|
||||||
|
@@ -547,6 +589,9 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
|
||||||
|
NTSTATUS nt_status;
|
||||||
|
DATA_BLOB new_password;
|
||||||
|
DATA_BLOB session_key = data_blob(NULL, 0);
|
||||||
|
+ gnutls_cipher_hd_t cipher_hnd = NULL;
|
||||||
|
+ gnutls_datum_t _session_key;
|
||||||
|
+ int rc;
|
||||||
|
|
||||||
|
nt_status = dcesrv_transport_session_key(dce_call, &session_key);
|
||||||
|
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||||
|
@@ -556,7 +601,28 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
|
||||||
|
return NT_STATUS_WRONG_PASSWORD;
|
||||||
|
}
|
||||||
|
|
||||||
|
- arcfour_crypt_blob(pwbuf->data, 516, &session_key);
|
||||||
|
+ _session_key = (gnutls_datum_t) {
|
||||||
|
+ .data = session_key.data,
|
||||||
|
+ .size = session_key.length,
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &_session_key,
|
||||||
|
+ NULL);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_decrypt(cipher_hnd,
|
||||||
|
+ pwbuf->data,
|
||||||
|
+ 516);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (!extract_pw_from_buffer(mem_ctx, pwbuf->data, &new_password)) {
|
||||||
|
DEBUG(3,("samr: failed to decode password buffer\n"));
|
||||||
|
@@ -565,12 +631,19 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
|
||||||
|
|
||||||
|
/* set the password - samdb needs to know both the domain and user DNs,
|
||||||
|
so the domain password policy can be used */
|
||||||
|
- return samdb_set_password(sam_ctx, mem_ctx,
|
||||||
|
- account_dn, domain_dn,
|
||||||
|
- &new_password,
|
||||||
|
- NULL, NULL,
|
||||||
|
- NULL, NULL, /* This is a password set, not change */
|
||||||
|
- NULL, NULL);
|
||||||
|
+ nt_status = samdb_set_password(sam_ctx,
|
||||||
|
+ mem_ctx,
|
||||||
|
+ account_dn,
|
||||||
|
+ domain_dn,
|
||||||
|
+ &new_password,
|
||||||
|
+ NULL,
|
||||||
|
+ NULL,
|
||||||
|
+ NULL,
|
||||||
|
+ NULL, /* This is a password set, not change */
|
||||||
|
+ NULL,
|
||||||
|
+ NULL);
|
||||||
|
+out:
|
||||||
|
+ return nt_status;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,64 @@
|
|||||||
|
From 7839408010ba413f766e950192dd5a0632234ce7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 20 Feb 2019 15:52:49 +0100
|
||||||
|
Subject: [PATCH 038/187] s4:torture: Use GnuTLS RC4 for RAP SAM test
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 811c412da5c24d7274f9aa4c7d653bbb1191e6a6)
|
||||||
|
---
|
||||||
|
source4/torture/rap/sam.c | 19 +++++++++++++++++--
|
||||||
|
1 file changed, 17 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/torture/rap/sam.c b/source4/torture/rap/sam.c
|
||||||
|
index 4ca7b793dec..3c13849b398 100644
|
||||||
|
--- a/source4/torture/rap/sam.c
|
||||||
|
+++ b/source4/torture/rap/sam.c
|
||||||
|
@@ -26,10 +26,12 @@
|
||||||
|
#include "torture/util.h"
|
||||||
|
#include "libcli/rap/rap.h"
|
||||||
|
#include "torture/rap/proto.h"
|
||||||
|
-#include "../lib/crypto/crypto.h"
|
||||||
|
#include "../libcli/auth/libcli_auth.h"
|
||||||
|
#include "torture/rpc/torture_rpc.h"
|
||||||
|
|
||||||
|
+#include <gnutls/gnutls.h>
|
||||||
|
+#include <gnutls/crypto.h>
|
||||||
|
+
|
||||||
|
#define TEST_RAP_USER "torture_rap_user"
|
||||||
|
|
||||||
|
static char *samr_rand_pass(TALLOC_CTX *mem_ctx, int min_len)
|
||||||
|
@@ -137,6 +139,11 @@ static bool test_oemchangepassword_args(struct torture_context *tctx,
|
||||||
|
char *newpass = samr_rand_pass(tctx, 9);
|
||||||
|
uint8_t old_pw_hash[16];
|
||||||
|
uint8_t new_pw_hash[16];
|
||||||
|
+ gnutls_cipher_hd_t cipher_hnd = NULL;
|
||||||
|
+ gnutls_datum_t pw_key = {
|
||||||
|
+ .data = old_pw_hash,
|
||||||
|
+ .size = sizeof(old_pw_hash),
|
||||||
|
+ };
|
||||||
|
|
||||||
|
r.in.UserName = username;
|
||||||
|
|
||||||
|
@@ -144,7 +151,15 @@ static bool test_oemchangepassword_args(struct torture_context *tctx,
|
||||||
|
E_deshash(newpass, new_pw_hash);
|
||||||
|
|
||||||
|
encode_pw_buffer(r.in.crypt_password, newpass, STR_ASCII);
|
||||||
|
- arcfour_crypt(r.in.crypt_password, old_pw_hash, 516);
|
||||||
|
+
|
||||||
|
+ gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &pw_key,
|
||||||
|
+ NULL);
|
||||||
|
+ gnutls_cipher_encrypt(cipher_hnd,
|
||||||
|
+ r.in.crypt_password,
|
||||||
|
+ 516);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
E_old_pw_hash(new_pw_hash, old_pw_hash, r.in.password_hash);
|
||||||
|
|
||||||
|
torture_comment(tctx, "Testing rap_NetOEMChangePassword(%s)\n", r.in.UserName);
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,121 @@
|
|||||||
|
From d68771ee1f47bc238a2967ac43ccded3717d4bb5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Thu, 21 Feb 2019 10:21:39 +0100
|
||||||
|
Subject: [PATCH 039/187] s4:torture: Use init_samr_CryptPassword(Ex) in
|
||||||
|
samba3rpc test
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 80f5beb4804c694ee6e5f5b450e751f538677593)
|
||||||
|
---
|
||||||
|
source4/torture/rpc/samba3rpc.c | 43 ++++++++++++++-------------------
|
||||||
|
1 file changed, 18 insertions(+), 25 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c
|
||||||
|
index bf1de04a5b5..d55d6c47b57 100644
|
||||||
|
--- a/source4/torture/rpc/samba3rpc.c
|
||||||
|
+++ b/source4/torture/rpc/samba3rpc.c
|
||||||
|
@@ -36,7 +36,6 @@
|
||||||
|
#include "libcli/libcli.h"
|
||||||
|
#include "libcli/smb_composite/smb_composite.h"
|
||||||
|
#include "libcli/auth/libcli_auth.h"
|
||||||
|
-#include "../lib/crypto/crypto.h"
|
||||||
|
#include "libcli/security/security.h"
|
||||||
|
#include "param/param.h"
|
||||||
|
#include "lib/registry/registry.h"
|
||||||
|
@@ -47,9 +46,7 @@
|
||||||
|
#include "librpc/rpc/dcerpc.h"
|
||||||
|
#include "librpc/rpc/dcerpc_proto.h"
|
||||||
|
#include "libcli/smb/smbXcli_base.h"
|
||||||
|
-
|
||||||
|
-#include <gnutls/gnutls.h>
|
||||||
|
-#include <gnutls/crypto.h>
|
||||||
|
+#include "source3/rpc_client/init_samr.h"
|
||||||
|
|
||||||
|
/*
|
||||||
|
* open pipe and bind, given an IPC$ context
|
||||||
|
@@ -666,7 +663,6 @@ static bool create_user(struct torture_context *tctx,
|
||||||
|
union samr_UserInfo *info;
|
||||||
|
DATA_BLOB session_key;
|
||||||
|
|
||||||
|
-
|
||||||
|
ZERO_STRUCT(u_info);
|
||||||
|
encode_pw_buffer(u_info.info23.password.data, password,
|
||||||
|
STR_UNICODE);
|
||||||
|
@@ -676,8 +672,15 @@ static bool create_user(struct torture_context *tctx,
|
||||||
|
torture_comment(tctx, "dcerpc_fetch_session_key failed\n");
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
- arcfour_crypt_blob(u_info.info23.password.data, 516,
|
||||||
|
- &session_key);
|
||||||
|
+
|
||||||
|
+ status = init_samr_CryptPassword(password,
|
||||||
|
+ &session_key,
|
||||||
|
+ &u_info.info23.password);
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ torture_comment(tctx, "init_samr_CryptPassword failed\n");
|
||||||
|
+ goto done;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
u_info.info23.info.password_expired = 0;
|
||||||
|
u_info.info23.info.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT |
|
||||||
|
SAMR_FIELD_LM_PASSWORD_PRESENT |
|
||||||
|
@@ -872,10 +875,6 @@ static bool join3(struct torture_context *tctx,
|
||||||
|
union samr_UserInfo u_info;
|
||||||
|
struct samr_UserInfo21 *i21 = &u_info.info25.info;
|
||||||
|
DATA_BLOB session_key;
|
||||||
|
- DATA_BLOB confounded_session_key = data_blob_talloc(
|
||||||
|
- mem_ctx, NULL, 16);
|
||||||
|
- gnutls_hash_hd_t hash_hnd;
|
||||||
|
- uint8_t confounder[16];
|
||||||
|
|
||||||
|
ZERO_STRUCT(u_info);
|
||||||
|
|
||||||
|
@@ -890,25 +889,16 @@ static bool join3(struct torture_context *tctx,
|
||||||
|
i21->password_expired = 1;
|
||||||
|
*/
|
||||||
|
|
||||||
|
- encode_pw_buffer(u_info.info25.password.data,
|
||||||
|
- cli_credentials_get_password(wks_creds),
|
||||||
|
- STR_UNICODE);
|
||||||
|
status = dcerpc_fetch_session_key(samr_pipe, &session_key);
|
||||||
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
torture_comment(tctx, "dcerpc_fetch_session_key failed: %s\n",
|
||||||
|
nt_errstr(status));
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
- generate_random_buffer((uint8_t *)confounder, 16);
|
||||||
|
|
||||||
|
- gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
|
||||||
|
- gnutls_hash(hash_hnd, confounder, 16);
|
||||||
|
- gnutls_hash(hash_hnd, session_key.data, session_key.length);
|
||||||
|
- gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
|
||||||
|
-
|
||||||
|
- arcfour_crypt_blob(u_info.info25.password.data, 516,
|
||||||
|
- &confounded_session_key);
|
||||||
|
- memcpy(&u_info.info25.password.data[516], confounder, 16);
|
||||||
|
+ status = init_samr_CryptPasswordEx(cli_credentials_get_password(wks_creds),
|
||||||
|
+ &session_key,
|
||||||
|
+ &u_info.info25.password);
|
||||||
|
|
||||||
|
sui2.in.user_handle = wks_handle;
|
||||||
|
sui2.in.level = 25;
|
||||||
|
@@ -942,8 +932,11 @@ static bool join3(struct torture_context *tctx,
|
||||||
|
torture_comment(tctx, "dcerpc_fetch_session_key failed\n");
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
- arcfour_crypt_blob(u_info.info24.password.data, 516,
|
||||||
|
- &session_key);
|
||||||
|
+
|
||||||
|
+ status = init_samr_CryptPassword(cli_credentials_get_password(wks_creds),
|
||||||
|
+ &session_key,
|
||||||
|
+ &u_info.info24.password);
|
||||||
|
+
|
||||||
|
sui2.in.user_handle = wks_handle;
|
||||||
|
sui2.in.info = &u_info;
|
||||||
|
sui2.in.level = 24;
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,60 @@
|
|||||||
|
From 92a1bd505e5bb9c793f05b386d4e9ee2b2b74027 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 24 Jul 2019 15:56:08 +0200
|
||||||
|
Subject: [PATCH 040/187] s4:torture: Use init_samr_CryptPassword in
|
||||||
|
test_SetUserPass
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 70e05d7eb78a0c363dbd72cbbf4f3a264636c840)
|
||||||
|
---
|
||||||
|
source4/torture/rpc/samr.c | 12 +++++++++---
|
||||||
|
1 file changed, 9 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
|
||||||
|
index eb1bb14a555..f281be654cc 100644
|
||||||
|
--- a/source4/torture/rpc/samr.c
|
||||||
|
+++ b/source4/torture/rpc/samr.c
|
||||||
|
@@ -31,7 +31,7 @@
|
||||||
|
#include "librpc/gen_ndr/ndr_netlogon_c.h"
|
||||||
|
#include "librpc/gen_ndr/ndr_samr_c.h"
|
||||||
|
#include "librpc/gen_ndr/ndr_lsa_c.h"
|
||||||
|
-#include "../lib/crypto/crypto.h"
|
||||||
|
+#include "lib/crypto/crypto.h"
|
||||||
|
#include "libcli/auth/libcli_auth.h"
|
||||||
|
#include "libcli/security/security.h"
|
||||||
|
#include "torture/rpc/torture_rpc.h"
|
||||||
|
@@ -40,6 +40,8 @@
|
||||||
|
#include "auth/gensec/gensec_proto.h"
|
||||||
|
#include "../libcli/auth/schannel.h"
|
||||||
|
#include "torture/util.h"
|
||||||
|
+#include "source4/librpc/rpc/dcerpc.h"
|
||||||
|
+#include "source3/rpc_client/init_samr.h"
|
||||||
|
|
||||||
|
#define TEST_ACCOUNT_NAME "samrtorturetest"
|
||||||
|
#define TEST_ACCOUNT_NAME_PWD "samrpwdlastset"
|
||||||
|
@@ -637,7 +639,6 @@ static bool test_SetUserPass(struct dcerpc_pipe *p, struct torture_context *tctx
|
||||||
|
s.in.info = &u;
|
||||||
|
s.in.level = 24;
|
||||||
|
|
||||||
|
- encode_pw_buffer(u.info24.password.data, newpass, STR_UNICODE);
|
||||||
|
u.info24.password_expired = 0;
|
||||||
|
|
||||||
|
status = dcerpc_fetch_session_key(p, &session_key);
|
||||||
|
@@ -647,7 +648,12 @@ static bool test_SetUserPass(struct dcerpc_pipe *p, struct torture_context *tctx
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
- arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
|
||||||
|
+ status = init_samr_CryptPassword(newpass,
|
||||||
|
+ &session_key,
|
||||||
|
+ &u.info24.password);
|
||||||
|
+ torture_assert_ntstatus_ok(tctx,
|
||||||
|
+ status,
|
||||||
|
+ "init_samr_CryptPassword failed");
|
||||||
|
|
||||||
|
torture_comment(tctx, "Testing SetUserInfo level 24 (set password)\n");
|
||||||
|
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,72 @@
|
|||||||
|
From 2f7cd9ededefa6499f4fad15758fec27a15a5de3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 24 Jul 2019 15:57:25 +0200
|
||||||
|
Subject: [PATCH 041/187] s4:torture: Use init_samr_CryptPassword in
|
||||||
|
test_SetUserPass_23
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit b0b9cabc4de64497140d33d0fdaf2927f2915987)
|
||||||
|
---
|
||||||
|
source4/torture/rpc/samr.c | 24 +++++++++++++++++-------
|
||||||
|
1 file changed, 17 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
|
||||||
|
index f281be654cc..543ef64e9ac 100644
|
||||||
|
--- a/source4/torture/rpc/samr.c
|
||||||
|
+++ b/source4/torture/rpc/samr.c
|
||||||
|
@@ -706,8 +706,6 @@ static bool test_SetUserPass_23(struct dcerpc_pipe *p, struct torture_context *t
|
||||||
|
|
||||||
|
u.info23.info.fields_present = fields_present;
|
||||||
|
|
||||||
|
- encode_pw_buffer(u.info23.password.data, newpass, STR_UNICODE);
|
||||||
|
-
|
||||||
|
status = dcerpc_fetch_session_key(p, &session_key);
|
||||||
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u - no session key - %s\n",
|
||||||
|
@@ -715,7 +713,12 @@ static bool test_SetUserPass_23(struct dcerpc_pipe *p, struct torture_context *t
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
- arcfour_crypt_blob(u.info23.password.data, 516, &session_key);
|
||||||
|
+ status = init_samr_CryptPassword(newpass,
|
||||||
|
+ &session_key,
|
||||||
|
+ &u.info23.password);
|
||||||
|
+ torture_assert_ntstatus_ok(tctx,
|
||||||
|
+ status,
|
||||||
|
+ "init_samr_CryptPassword failed");
|
||||||
|
|
||||||
|
torture_comment(tctx, "Testing SetUserInfo level 23 (set password)\n");
|
||||||
|
|
||||||
|
@@ -732,8 +735,6 @@ static bool test_SetUserPass_23(struct dcerpc_pipe *p, struct torture_context *t
|
||||||
|
*password = newpass;
|
||||||
|
}
|
||||||
|
|
||||||
|
- encode_pw_buffer(u.info23.password.data, newpass, STR_UNICODE);
|
||||||
|
-
|
||||||
|
status = dcerpc_fetch_session_key(p, &session_key);
|
||||||
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u - no session key - %s\n",
|
||||||
|
@@ -742,8 +743,17 @@ static bool test_SetUserPass_23(struct dcerpc_pipe *p, struct torture_context *t
|
||||||
|
}
|
||||||
|
|
||||||
|
/* This should break the key nicely */
|
||||||
|
- session_key.length--;
|
||||||
|
- arcfour_crypt_blob(u.info23.password.data, 516, &session_key);
|
||||||
|
+ session_key.data[0]++;
|
||||||
|
+
|
||||||
|
+ status = init_samr_CryptPassword(newpass,
|
||||||
|
+ &session_key,
|
||||||
|
+ &u.info23.password);
|
||||||
|
+ torture_assert_ntstatus_ok(tctx,
|
||||||
|
+ status,
|
||||||
|
+ "init_samr_CryptPassword failed");
|
||||||
|
+
|
||||||
|
+ /* Reset the session key */
|
||||||
|
+ session_key.data[0]--;
|
||||||
|
|
||||||
|
torture_comment(tctx, "Testing SetUserInfo level 23 (set password) with wrong password\n");
|
||||||
|
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,87 @@
|
|||||||
|
From d56d8f629ea89a9a3cc7aecc17331ac5c57a61fa Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 24 Jul 2019 15:58:06 +0200
|
||||||
|
Subject: [PATCH 042/187] s4:torture: Use init_samr_CryptPassword in
|
||||||
|
test_SetUserPassEx
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit e398ecbd8e32bb428073f3635d9178abfae28255)
|
||||||
|
---
|
||||||
|
source4/torture/rpc/samr.c | 33 +++++++++++++++++----------------
|
||||||
|
1 file changed, 17 insertions(+), 16 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
|
||||||
|
index 543ef64e9ac..0e9989449be 100644
|
||||||
|
--- a/source4/torture/rpc/samr.c
|
||||||
|
+++ b/source4/torture/rpc/samr.c
|
||||||
|
@@ -781,14 +781,12 @@ static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tc
|
||||||
|
union samr_UserInfo u;
|
||||||
|
bool ret = true;
|
||||||
|
DATA_BLOB session_key;
|
||||||
|
- DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16);
|
||||||
|
- uint8_t confounder[16];
|
||||||
|
char *newpass;
|
||||||
|
struct dcerpc_binding_handle *b = p->binding_handle;
|
||||||
|
- gnutls_hash_hd_t hash_hnd;
|
||||||
|
struct samr_GetUserPwInfo pwp;
|
||||||
|
struct samr_PwInfo info;
|
||||||
|
int policy_min_pw_len = 0;
|
||||||
|
+
|
||||||
|
pwp.in.user_handle = handle;
|
||||||
|
pwp.out.info = &info;
|
||||||
|
|
||||||
|
@@ -807,7 +805,6 @@ static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tc
|
||||||
|
s.in.info = &u;
|
||||||
|
s.in.level = 26;
|
||||||
|
|
||||||
|
- encode_pw_buffer(u.info26.password.data, newpass, STR_UNICODE);
|
||||||
|
u.info26.password_expired = 0;
|
||||||
|
|
||||||
|
status = dcerpc_fetch_session_key(p, &session_key);
|
||||||
|
@@ -817,15 +814,12 @@ static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tc
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
- generate_random_buffer((uint8_t *)confounder, 16);
|
||||||
|
-
|
||||||
|
- gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
|
||||||
|
- gnutls_hash(hash_hnd, confounder, 16);
|
||||||
|
- gnutls_hash(hash_hnd, session_key.data, session_key.length);
|
||||||
|
- gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
|
||||||
|
-
|
||||||
|
- arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key);
|
||||||
|
- memcpy(&u.info26.password.data[516], confounder, 16);
|
||||||
|
+ status = init_samr_CryptPasswordEx(newpass,
|
||||||
|
+ &session_key,
|
||||||
|
+ &u.info26.password);
|
||||||
|
+ torture_assert_ntstatus_ok(tctx,
|
||||||
|
+ status,
|
||||||
|
+ "init_samr_CryptPasswordEx failed");
|
||||||
|
|
||||||
|
torture_comment(tctx, "Testing SetUserInfo level 26 (set password ex)\n");
|
||||||
|
|
||||||
|
@@ -843,10 +837,17 @@ static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tc
|
||||||
|
}
|
||||||
|
|
||||||
|
/* This should break the key nicely */
|
||||||
|
- confounded_session_key.data[0]++;
|
||||||
|
+ session_key.data[0]++;
|
||||||
|
|
||||||
|
- arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key);
|
||||||
|
- memcpy(&u.info26.password.data[516], confounder, 16);
|
||||||
|
+ status = init_samr_CryptPasswordEx(newpass,
|
||||||
|
+ &session_key,
|
||||||
|
+ &u.info26.password);
|
||||||
|
+ torture_assert_ntstatus_ok(tctx,
|
||||||
|
+ status,
|
||||||
|
+ "init_samr_CryptPasswordEx failed");
|
||||||
|
+
|
||||||
|
+ /* Reset the key */
|
||||||
|
+ session_key.data[0]--;
|
||||||
|
|
||||||
|
torture_comment(tctx, "Testing SetUserInfo level 26 (set password ex) with wrong session key\n");
|
||||||
|
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,88 @@
|
|||||||
|
From 9f2f94aff0be089658eabd0c62896775332e1acb Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 24 Jul 2019 15:58:38 +0200
|
||||||
|
Subject: [PATCH 043/187] s4:torture: Use init_samr_CryptPassword in
|
||||||
|
test_SetUserPass_25
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 3b9496d905408b75c21919b35b2105e2b0b0325f)
|
||||||
|
---
|
||||||
|
source4/torture/rpc/samr.c | 34 +++++++++++++++++-----------------
|
||||||
|
1 file changed, 17 insertions(+), 17 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
|
||||||
|
index 0e9989449be..2f67bcf6be7 100644
|
||||||
|
--- a/source4/torture/rpc/samr.c
|
||||||
|
+++ b/source4/torture/rpc/samr.c
|
||||||
|
@@ -876,14 +876,12 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *t
|
||||||
|
union samr_UserInfo u;
|
||||||
|
bool ret = true;
|
||||||
|
DATA_BLOB session_key;
|
||||||
|
- DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16);
|
||||||
|
- gnutls_hash_hd_t hash_hnd;
|
||||||
|
- uint8_t confounder[16];
|
||||||
|
char *newpass;
|
||||||
|
struct dcerpc_binding_handle *b = p->binding_handle;
|
||||||
|
struct samr_GetUserPwInfo pwp;
|
||||||
|
struct samr_PwInfo info;
|
||||||
|
int policy_min_pw_len = 0;
|
||||||
|
+
|
||||||
|
pwp.in.user_handle = handle;
|
||||||
|
pwp.out.info = &info;
|
||||||
|
|
||||||
|
@@ -902,8 +900,6 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *t
|
||||||
|
|
||||||
|
u.info25.info.fields_present = fields_present;
|
||||||
|
|
||||||
|
- encode_pw_buffer(u.info25.password.data, newpass, STR_UNICODE);
|
||||||
|
-
|
||||||
|
status = dcerpc_fetch_session_key(p, &session_key);
|
||||||
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u - no session key - %s\n",
|
||||||
|
@@ -911,15 +907,12 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *t
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
- generate_random_buffer((uint8_t *)confounder, 16);
|
||||||
|
-
|
||||||
|
- gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
|
||||||
|
- gnutls_hash(hash_hnd, confounder, 16);
|
||||||
|
- gnutls_hash(hash_hnd, session_key.data, session_key.length);
|
||||||
|
- gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
|
||||||
|
-
|
||||||
|
- arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
|
||||||
|
- memcpy(&u.info25.password.data[516], confounder, 16);
|
||||||
|
+ status = init_samr_CryptPasswordEx(newpass,
|
||||||
|
+ &session_key,
|
||||||
|
+ &u.info25.password);
|
||||||
|
+ torture_assert_ntstatus_ok(tctx,
|
||||||
|
+ status,
|
||||||
|
+ "init_samr_CryptPasswordEx failed");
|
||||||
|
|
||||||
|
torture_comment(tctx, "Testing SetUserInfo level 25 (set password ex)\n");
|
||||||
|
|
||||||
|
@@ -937,10 +930,17 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *t
|
||||||
|
}
|
||||||
|
|
||||||
|
/* This should break the key nicely */
|
||||||
|
- confounded_session_key.data[0]++;
|
||||||
|
+ session_key.data[0]++;
|
||||||
|
|
||||||
|
- arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
|
||||||
|
- memcpy(&u.info25.password.data[516], confounder, 16);
|
||||||
|
+ status = init_samr_CryptPasswordEx(newpass,
|
||||||
|
+ &session_key,
|
||||||
|
+ &u.info25.password);
|
||||||
|
+ torture_assert_ntstatus_ok(tctx,
|
||||||
|
+ status,
|
||||||
|
+ "init_samr_CryptPasswordEx failed");
|
||||||
|
+
|
||||||
|
+ /* Reset the key */
|
||||||
|
+ session_key.data[0]--;
|
||||||
|
|
||||||
|
torture_comment(tctx, "Testing SetUserInfo level 25 (set password ex) with wrong session key\n");
|
||||||
|
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,116 @@
|
|||||||
|
From 905ffa85002a4100172835c550547bab024ef30f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 24 Jul 2019 15:59:19 +0200
|
||||||
|
Subject: [PATCH 044/187] s4:torture: Use init_samr_CryptPassword in
|
||||||
|
test_SetUserPass_level_ex
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit f45ba47afb11c1f7bbb8c5c84670395500e1afc1)
|
||||||
|
---
|
||||||
|
source4/torture/rpc/samr.c | 48 +++++++++++++++++++-------------------
|
||||||
|
1 file changed, 24 insertions(+), 24 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
|
||||||
|
index 2f67bcf6be7..530c457bbd9 100644
|
||||||
|
--- a/source4/torture/rpc/samr.c
|
||||||
|
+++ b/source4/torture/rpc/samr.c
|
||||||
|
@@ -1166,9 +1166,6 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p,
|
||||||
|
union samr_UserInfo u;
|
||||||
|
bool ret = true;
|
||||||
|
DATA_BLOB session_key;
|
||||||
|
- DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16);
|
||||||
|
- gnutls_hash_hd_t hash_hnd;
|
||||||
|
- uint8_t confounder[16];
|
||||||
|
char *newpass;
|
||||||
|
struct dcerpc_binding_handle *b = p->binding_handle;
|
||||||
|
struct samr_GetUserPwInfo pwp;
|
||||||
|
@@ -1244,28 +1241,20 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p,
|
||||||
|
u.info23.info.password_expired = password_expired;
|
||||||
|
u.info23.info.comment.string = comment;
|
||||||
|
|
||||||
|
- encode_pw_buffer(u.info23.password.data, newpass, STR_UNICODE);
|
||||||
|
-
|
||||||
|
break;
|
||||||
|
case 24:
|
||||||
|
u.info24.password_expired = password_expired;
|
||||||
|
|
||||||
|
- encode_pw_buffer(u.info24.password.data, newpass, STR_UNICODE);
|
||||||
|
-
|
||||||
|
break;
|
||||||
|
case 25:
|
||||||
|
u.info25.info.fields_present = fields_present;
|
||||||
|
u.info25.info.password_expired = password_expired;
|
||||||
|
u.info25.info.comment.string = comment;
|
||||||
|
|
||||||
|
- encode_pw_buffer(u.info25.password.data, newpass, STR_UNICODE);
|
||||||
|
-
|
||||||
|
break;
|
||||||
|
case 26:
|
||||||
|
u.info26.password_expired = password_expired;
|
||||||
|
|
||||||
|
- encode_pw_buffer(u.info26.password.data, newpass, STR_UNICODE);
|
||||||
|
-
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1276,13 +1265,6 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p,
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
- generate_random_buffer((uint8_t *)confounder, 16);
|
||||||
|
-
|
||||||
|
- gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
|
||||||
|
- gnutls_hash(hash_hnd, confounder, 16);
|
||||||
|
- gnutls_hash(hash_hnd, session_key.data, session_key.length);
|
||||||
|
- gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
|
||||||
|
-
|
||||||
|
switch (level) {
|
||||||
|
case 18:
|
||||||
|
{
|
||||||
|
@@ -1320,18 +1302,36 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p,
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case 23:
|
||||||
|
- arcfour_crypt_blob(u.info23.password.data, 516, &session_key);
|
||||||
|
+ status = init_samr_CryptPassword(newpass,
|
||||||
|
+ &session_key,
|
||||||
|
+ &u.info23.password);
|
||||||
|
+ torture_assert_ntstatus_ok(tctx,
|
||||||
|
+ status,
|
||||||
|
+ "init_samr_CryptPassword failed");
|
||||||
|
break;
|
||||||
|
case 24:
|
||||||
|
- arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
|
||||||
|
+ status = init_samr_CryptPassword(newpass,
|
||||||
|
+ &session_key,
|
||||||
|
+ &u.info24.password);
|
||||||
|
+ torture_assert_ntstatus_ok(tctx,
|
||||||
|
+ status,
|
||||||
|
+ "init_samr_CryptPassword failed");
|
||||||
|
break;
|
||||||
|
case 25:
|
||||||
|
- arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
|
||||||
|
- memcpy(&u.info25.password.data[516], confounder, 16);
|
||||||
|
+ status = init_samr_CryptPasswordEx(newpass,
|
||||||
|
+ &session_key,
|
||||||
|
+ &u.info25.password);
|
||||||
|
+ torture_assert_ntstatus_ok(tctx,
|
||||||
|
+ status,
|
||||||
|
+ "init_samr_CryptPasswordEx failed");
|
||||||
|
break;
|
||||||
|
case 26:
|
||||||
|
- arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key);
|
||||||
|
- memcpy(&u.info26.password.data[516], confounder, 16);
|
||||||
|
+ status = init_samr_CryptPasswordEx(newpass,
|
||||||
|
+ &session_key,
|
||||||
|
+ &u.info26.password);
|
||||||
|
+ torture_assert_ntstatus_ok(tctx,
|
||||||
|
+ status,
|
||||||
|
+ "init_samr_CryptPasswordEx failed");
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,91 @@
|
|||||||
|
From 752f6efc6ac65cba6b8ebf125b19a6685a0d40c2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 24 Jul 2019 16:49:53 +0200
|
||||||
|
Subject: [PATCH 045/187] s4:torture: Use GnuTLS RC4 in
|
||||||
|
test_OemChangePasswordUser2
|
||||||
|
|
||||||
|
This uses STR_ASCII for password encoding!
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit b512b5974494fe41010800f60df0f248b8ea850e)
|
||||||
|
---
|
||||||
|
source4/torture/rpc/samr.c | 34 ++++++++++++++++++++++++++++++----
|
||||||
|
1 file changed, 30 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
|
||||||
|
index 530c457bbd9..eb032905dc8 100644
|
||||||
|
--- a/source4/torture/rpc/samr.c
|
||||||
|
+++ b/source4/torture/rpc/samr.c
|
||||||
|
@@ -2032,6 +2032,11 @@ static bool test_OemChangePasswordUser2(struct dcerpc_pipe *p,
|
||||||
|
char *newpass;
|
||||||
|
struct dcerpc_binding_handle *b = p->binding_handle;
|
||||||
|
uint8_t old_lm_hash[16], new_lm_hash[16];
|
||||||
|
+ gnutls_cipher_hd_t cipher_hnd = NULL;
|
||||||
|
+ gnutls_datum_t session_key = {
|
||||||
|
+ .data = old_lm_hash,
|
||||||
|
+ .size = 16
|
||||||
|
+ };
|
||||||
|
|
||||||
|
struct samr_GetDomPwInfo dom_pw_info;
|
||||||
|
struct samr_PwInfo info;
|
||||||
|
@@ -2065,7 +2070,13 @@ static bool test_OemChangePasswordUser2(struct dcerpc_pipe *p,
|
||||||
|
E_deshash(newpass, new_lm_hash);
|
||||||
|
|
||||||
|
encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
|
||||||
|
- arcfour_crypt(lm_pass.data, old_lm_hash, 516);
|
||||||
|
+
|
||||||
|
+ gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &session_key,
|
||||||
|
+ NULL);
|
||||||
|
+ gnutls_cipher_encrypt(cipher_hnd, lm_pass.data, 516);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
|
||||||
|
|
||||||
|
r.in.server = &server;
|
||||||
|
@@ -2092,7 +2103,12 @@ static bool test_OemChangePasswordUser2(struct dcerpc_pipe *p,
|
||||||
|
encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
|
||||||
|
/* Break the old password */
|
||||||
|
old_lm_hash[0]++;
|
||||||
|
- arcfour_crypt(lm_pass.data, old_lm_hash, 516);
|
||||||
|
+ gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &session_key,
|
||||||
|
+ NULL);
|
||||||
|
+ gnutls_cipher_encrypt(cipher_hnd, lm_pass.data, 516);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
/* unbreak it for the next operation */
|
||||||
|
old_lm_hash[0]--;
|
||||||
|
E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
|
||||||
|
@@ -2116,7 +2132,12 @@ static bool test_OemChangePasswordUser2(struct dcerpc_pipe *p,
|
||||||
|
}
|
||||||
|
|
||||||
|
encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
|
||||||
|
- arcfour_crypt(lm_pass.data, old_lm_hash, 516);
|
||||||
|
+ gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &session_key,
|
||||||
|
+ NULL);
|
||||||
|
+ gnutls_cipher_encrypt(cipher_hnd, lm_pass.data, 516);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
|
||||||
|
r.in.server = &server;
|
||||||
|
r.in.account = &account;
|
||||||
|
@@ -2192,7 +2213,12 @@ static bool test_OemChangePasswordUser2(struct dcerpc_pipe *p,
|
||||||
|
E_deshash(newpass, new_lm_hash);
|
||||||
|
|
||||||
|
encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
|
||||||
|
- arcfour_crypt(lm_pass.data, old_lm_hash, 516);
|
||||||
|
+ gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &session_key,
|
||||||
|
+ NULL);
|
||||||
|
+ gnutls_cipher_encrypt(cipher_hnd, lm_pass.data, 516);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
|
||||||
|
|
||||||
|
r.in.server = &server;
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,53 @@
|
|||||||
|
From 88d136aae60d4aa8b6fe622e0e92a8bddbba1b1e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Date: Thu, 25 Jul 2019 16:46:06 +1200
|
||||||
|
Subject: [PATCH 046/187] s4:torture: Use init_samr_CryptPassword in
|
||||||
|
test_ChangePasswordUser2
|
||||||
|
|
||||||
|
This allows the use of GnuTLS for the RC4 crypto operation
|
||||||
|
|
||||||
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||||
|
(cherry picked from commit dfda49472e0b4a81653963e80d8d65788f80a591)
|
||||||
|
---
|
||||||
|
source4/torture/rpc/samr.c | 13 ++++++++++---
|
||||||
|
1 file changed, 10 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
|
||||||
|
index eb032905dc8..6cc508a2d44 100644
|
||||||
|
--- a/source4/torture/rpc/samr.c
|
||||||
|
+++ b/source4/torture/rpc/samr.c
|
||||||
|
@@ -2259,11 +2259,13 @@ static bool test_ChangePasswordUser2(struct dcerpc_pipe *p, struct torture_conte
|
||||||
|
struct dcerpc_binding_handle *b = p->binding_handle;
|
||||||
|
uint8_t old_nt_hash[16], new_nt_hash[16];
|
||||||
|
uint8_t old_lm_hash[16], new_lm_hash[16];
|
||||||
|
-
|
||||||
|
+ DATA_BLOB old_nt_hash_blob
|
||||||
|
+ = data_blob_const(old_nt_hash, sizeof(old_nt_hash));
|
||||||
|
struct samr_GetDomPwInfo dom_pw_info;
|
||||||
|
struct samr_PwInfo info;
|
||||||
|
|
||||||
|
struct lsa_String domain_name;
|
||||||
|
+ NTSTATUS status;
|
||||||
|
|
||||||
|
domain_name.string = "";
|
||||||
|
dom_pw_info.in.domain_name = &domain_name;
|
||||||
|
@@ -2299,8 +2301,13 @@ static bool test_ChangePasswordUser2(struct dcerpc_pipe *p, struct torture_conte
|
||||||
|
arcfour_crypt(lm_pass.data, old_lm_hash, 516);
|
||||||
|
E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
|
||||||
|
|
||||||
|
- encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
|
||||||
|
- arcfour_crypt(nt_pass.data, old_nt_hash, 516);
|
||||||
|
+ status = init_samr_CryptPassword(newpass,
|
||||||
|
+ &old_nt_hash_blob,
|
||||||
|
+ &nt_pass);
|
||||||
|
+ torture_assert_ntstatus_ok(tctx,
|
||||||
|
+ status,
|
||||||
|
+ "init_samr_CryptPassword failed");
|
||||||
|
+
|
||||||
|
E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
|
||||||
|
|
||||||
|
r.in.server = &server;
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,54 @@
|
|||||||
|
From 90bdf8b2063c05576450975df0983953d6febd95 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Date: Thu, 25 Jul 2019 16:52:41 +1200
|
||||||
|
Subject: [PATCH 047/187] s4:torture: Use init_samr_CryptPassword in
|
||||||
|
test_ChangePasswordUser2_ntstatus
|
||||||
|
|
||||||
|
This allows the use of GnuTLS for the RC4 crypto operation
|
||||||
|
|
||||||
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||||
|
(cherry picked from commit 1b1c302a7db23bf4377b8fa742ebf7ae913e3511)
|
||||||
|
---
|
||||||
|
source4/torture/rpc/samr.c | 13 +++++++++++--
|
||||||
|
1 file changed, 11 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
|
||||||
|
index 6cc508a2d44..5bf758e2fb2 100644
|
||||||
|
--- a/source4/torture/rpc/samr.c
|
||||||
|
+++ b/source4/torture/rpc/samr.c
|
||||||
|
@@ -2349,11 +2349,15 @@ static bool test_ChangePasswordUser2_ntstatus(struct dcerpc_pipe *p, struct tort
|
||||||
|
struct dcerpc_binding_handle *b = p->binding_handle;
|
||||||
|
uint8_t old_nt_hash[16], new_nt_hash[16];
|
||||||
|
uint8_t old_lm_hash[16], new_lm_hash[16];
|
||||||
|
+ DATA_BLOB old_nt_hash_blob
|
||||||
|
+ = data_blob_const(old_nt_hash, sizeof(old_nt_hash));
|
||||||
|
|
||||||
|
struct samr_GetDomPwInfo dom_pw_info;
|
||||||
|
struct samr_PwInfo info;
|
||||||
|
|
||||||
|
struct lsa_String domain_name;
|
||||||
|
+ NTSTATUS crypt_status;
|
||||||
|
+
|
||||||
|
char *newpass;
|
||||||
|
int policy_min_pw_len = 0;
|
||||||
|
|
||||||
|
@@ -2386,8 +2390,13 @@ static bool test_ChangePasswordUser2_ntstatus(struct dcerpc_pipe *p, struct tort
|
||||||
|
arcfour_crypt(lm_pass.data, old_lm_hash, 516);
|
||||||
|
E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
|
||||||
|
|
||||||
|
- encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
|
||||||
|
- arcfour_crypt(nt_pass.data, old_nt_hash, 516);
|
||||||
|
+ crypt_status = init_samr_CryptPassword(newpass,
|
||||||
|
+ &old_nt_hash_blob,
|
||||||
|
+ &nt_pass);
|
||||||
|
+ torture_assert_ntstatus_ok(tctx,
|
||||||
|
+ crypt_status,
|
||||||
|
+ "init_samr_CryptPassword failed");
|
||||||
|
+
|
||||||
|
E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
|
||||||
|
|
||||||
|
r.in.server = &server;
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,57 @@
|
|||||||
|
From b21a4ac4a6d92d720e1e04b9eadf50cc59a4ebe5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 24 Jul 2019 16:24:18 +0200
|
||||||
|
Subject: [PATCH 048/187] s4_torture: Use GnuTLS RC4 in
|
||||||
|
test_ChangePasswordUser2
|
||||||
|
|
||||||
|
This uses STR_ASCII as string encodings.
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 9cbdf7b2e5f734e9b5e0e447d54d720d18977950)
|
||||||
|
---
|
||||||
|
source4/torture/rpc/samr.c | 21 ++++++++++++++++++++-
|
||||||
|
1 file changed, 20 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
|
||||||
|
index 5bf758e2fb2..7f1da86d19a 100644
|
||||||
|
--- a/source4/torture/rpc/samr.c
|
||||||
|
+++ b/source4/torture/rpc/samr.c
|
||||||
|
@@ -2267,6 +2267,16 @@ static bool test_ChangePasswordUser2(struct dcerpc_pipe *p, struct torture_conte
|
||||||
|
struct lsa_String domain_name;
|
||||||
|
NTSTATUS status;
|
||||||
|
|
||||||
|
+ gnutls_cipher_hd_t cipher_hnd = NULL;
|
||||||
|
+ gnutls_datum_t old_lm_key = {
|
||||||
|
+ .data = old_lm_hash,
|
||||||
|
+ .size = sizeof(old_lm_hash),
|
||||||
|
+ };
|
||||||
|
+ gnutls_datum_t old_nt_key = {
|
||||||
|
+ .data = old_nt_hash,
|
||||||
|
+ .size = sizeof(old_nt_hash),
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
domain_name.string = "";
|
||||||
|
dom_pw_info.in.domain_name = &domain_name;
|
||||||
|
dom_pw_info.out.info = &info;
|
||||||
|
@@ -2298,7 +2308,16 @@ static bool test_ChangePasswordUser2(struct dcerpc_pipe *p, struct torture_conte
|
||||||
|
E_deshash(newpass, new_lm_hash);
|
||||||
|
|
||||||
|
encode_pw_buffer(lm_pass.data, newpass, STR_ASCII|STR_TERMINATE);
|
||||||
|
- arcfour_crypt(lm_pass.data, old_lm_hash, 516);
|
||||||
|
+
|
||||||
|
+ gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &old_lm_key,
|
||||||
|
+ NULL);
|
||||||
|
+ gnutls_cipher_encrypt(cipher_hnd,
|
||||||
|
+ lm_pass.data,
|
||||||
|
+ 516);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
+
|
||||||
|
E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
|
||||||
|
|
||||||
|
status = init_samr_CryptPassword(newpass,
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,61 @@
|
|||||||
|
From b7700aa619a69f652b350b89a5a67a989658a474 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 24 Jul 2019 16:00:32 +0200
|
||||||
|
Subject: [PATCH 049/187] s4:torture: Use GnuTLS RC4 in
|
||||||
|
test_ChangePasswordUser2_ntstatus
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit a476a2e3322a550e2857cb5a66096fa3e46416d3)
|
||||||
|
---
|
||||||
|
source4/torture/rpc/samr.c | 20 +++++++++++++++-----
|
||||||
|
1 file changed, 15 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
|
||||||
|
index 7f1da86d19a..307b0b03594 100644
|
||||||
|
--- a/source4/torture/rpc/samr.c
|
||||||
|
+++ b/source4/torture/rpc/samr.c
|
||||||
|
@@ -2272,10 +2272,6 @@ static bool test_ChangePasswordUser2(struct dcerpc_pipe *p, struct torture_conte
|
||||||
|
.data = old_lm_hash,
|
||||||
|
.size = sizeof(old_lm_hash),
|
||||||
|
};
|
||||||
|
- gnutls_datum_t old_nt_key = {
|
||||||
|
- .data = old_nt_hash,
|
||||||
|
- .size = sizeof(old_nt_hash),
|
||||||
|
- };
|
||||||
|
|
||||||
|
domain_name.string = "";
|
||||||
|
dom_pw_info.in.domain_name = &domain_name;
|
||||||
|
@@ -2370,6 +2366,11 @@ static bool test_ChangePasswordUser2_ntstatus(struct dcerpc_pipe *p, struct tort
|
||||||
|
uint8_t old_lm_hash[16], new_lm_hash[16];
|
||||||
|
DATA_BLOB old_nt_hash_blob
|
||||||
|
= data_blob_const(old_nt_hash, sizeof(old_nt_hash));
|
||||||
|
+ gnutls_cipher_hd_t cipher_hnd = NULL;
|
||||||
|
+ gnutls_datum_t old_lm_key = {
|
||||||
|
+ .data = old_lm_hash,
|
||||||
|
+ .size = sizeof(old_lm_hash),
|
||||||
|
+ };
|
||||||
|
|
||||||
|
struct samr_GetDomPwInfo dom_pw_info;
|
||||||
|
struct samr_PwInfo info;
|
||||||
|
@@ -2406,7 +2407,16 @@ static bool test_ChangePasswordUser2_ntstatus(struct dcerpc_pipe *p, struct tort
|
||||||
|
E_deshash(newpass, new_lm_hash);
|
||||||
|
|
||||||
|
encode_pw_buffer(lm_pass.data, newpass, STR_ASCII|STR_TERMINATE);
|
||||||
|
- arcfour_crypt(lm_pass.data, old_lm_hash, 516);
|
||||||
|
+
|
||||||
|
+ gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &old_lm_key,
|
||||||
|
+ NULL);
|
||||||
|
+ gnutls_cipher_encrypt(cipher_hnd,
|
||||||
|
+ lm_pass.data,
|
||||||
|
+ 516);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
+
|
||||||
|
E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
|
||||||
|
|
||||||
|
crypt_status = init_samr_CryptPassword(newpass,
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,119 @@
|
|||||||
|
From e3c6cd617dc324d86212a50555adbeffb966555c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 24 Jul 2019 16:01:02 +0200
|
||||||
|
Subject: [PATCH 050/187] s4:torture: Use init_samr_CryptPassword in
|
||||||
|
test_ChangePasswordUser3
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 5b7c21fca576bf6e44233d69b47273058b9197c8)
|
||||||
|
---
|
||||||
|
source4/torture/rpc/samr.c | 64 +++++++++++++++++++++++++++++---------
|
||||||
|
1 file changed, 49 insertions(+), 15 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
|
||||||
|
index 307b0b03594..55059a26b43 100644
|
||||||
|
--- a/source4/torture/rpc/samr.c
|
||||||
|
+++ b/source4/torture/rpc/samr.c
|
||||||
|
@@ -2472,6 +2472,8 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
|
||||||
|
NTTIME t;
|
||||||
|
struct samr_DomInfo1 *dominfo = NULL;
|
||||||
|
struct userPwdChangeFailureInformation *reject = NULL;
|
||||||
|
+ DATA_BLOB session_key = data_blob_const(old_nt_hash, 16);
|
||||||
|
+ NTSTATUS status;
|
||||||
|
|
||||||
|
torture_comment(tctx, "Testing ChangePasswordUser3\n");
|
||||||
|
|
||||||
|
@@ -2500,12 +2502,22 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
|
||||||
|
E_deshash(oldpass, old_lm_hash);
|
||||||
|
E_deshash(newpass, new_lm_hash);
|
||||||
|
|
||||||
|
- encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE);
|
||||||
|
- arcfour_crypt(lm_pass.data, old_nt_hash, 516);
|
||||||
|
+ status = init_samr_CryptPassword(newpass,
|
||||||
|
+ &session_key,
|
||||||
|
+ &lm_pass);
|
||||||
|
+ torture_assert_ntstatus_ok(tctx,
|
||||||
|
+ status,
|
||||||
|
+ "init_samr_CryptPassword");
|
||||||
|
+
|
||||||
|
E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
|
||||||
|
|
||||||
|
- encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
|
||||||
|
- arcfour_crypt(nt_pass.data, old_nt_hash, 516);
|
||||||
|
+ status = init_samr_CryptPassword(newpass,
|
||||||
|
+ &session_key,
|
||||||
|
+ &nt_pass);
|
||||||
|
+ torture_assert_ntstatus_ok(tctx,
|
||||||
|
+ status,
|
||||||
|
+ "init_samr_CryptPassword");
|
||||||
|
+
|
||||||
|
E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
|
||||||
|
|
||||||
|
/* Break the verification */
|
||||||
|
@@ -2534,16 +2546,28 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
|
||||||
|
ret = false;
|
||||||
|
}
|
||||||
|
|
||||||
|
- encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE);
|
||||||
|
- arcfour_crypt(lm_pass.data, old_nt_hash, 516);
|
||||||
|
+ status = init_samr_CryptPassword(newpass,
|
||||||
|
+ &session_key,
|
||||||
|
+ &lm_pass);
|
||||||
|
+ torture_assert_ntstatus_ok(tctx,
|
||||||
|
+ status,
|
||||||
|
+ "init_samr_CryptPassword");
|
||||||
|
+
|
||||||
|
E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
|
||||||
|
|
||||||
|
- encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
|
||||||
|
- /* Break the NT hash */
|
||||||
|
- old_nt_hash[0]++;
|
||||||
|
- arcfour_crypt(nt_pass.data, old_nt_hash, 516);
|
||||||
|
+ /* Break the session key */
|
||||||
|
+ session_key.data[0]++;
|
||||||
|
+
|
||||||
|
+ status = init_samr_CryptPassword(newpass,
|
||||||
|
+ &session_key,
|
||||||
|
+ &nt_pass);
|
||||||
|
+ torture_assert_ntstatus_ok(tctx,
|
||||||
|
+ status,
|
||||||
|
+ "init_samr_CryptPassword");
|
||||||
|
+
|
||||||
|
/* Unbreak it again */
|
||||||
|
- old_nt_hash[0]--;
|
||||||
|
+ session_key.data[0]--;
|
||||||
|
+
|
||||||
|
E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
|
||||||
|
|
||||||
|
r.in.server = &server;
|
||||||
|
@@ -2590,12 +2614,22 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
|
||||||
|
E_deshash(oldpass, old_lm_hash);
|
||||||
|
E_deshash(newpass, new_lm_hash);
|
||||||
|
|
||||||
|
- encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE);
|
||||||
|
- arcfour_crypt(lm_pass.data, old_nt_hash, 516);
|
||||||
|
+ status = init_samr_CryptPassword(newpass,
|
||||||
|
+ &session_key,
|
||||||
|
+ &lm_pass);
|
||||||
|
+ torture_assert_ntstatus_ok(tctx,
|
||||||
|
+ status,
|
||||||
|
+ "init_samr_CryptPassword");
|
||||||
|
+
|
||||||
|
E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
|
||||||
|
|
||||||
|
- encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
|
||||||
|
- arcfour_crypt(nt_pass.data, old_nt_hash, 516);
|
||||||
|
+ status = init_samr_CryptPassword(newpass,
|
||||||
|
+ &session_key,
|
||||||
|
+ &nt_pass);
|
||||||
|
+ torture_assert_ntstatus_ok(tctx,
|
||||||
|
+ status,
|
||||||
|
+ "init_samr_CryptPassword");
|
||||||
|
+
|
||||||
|
E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
|
||||||
|
|
||||||
|
r.in.server = &server;
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,130 @@
|
|||||||
|
From f0d05dc2dce30f851f9e1eb6a1952730dfe907f6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Date: Thu, 25 Jul 2019 17:18:50 +1200
|
||||||
|
Subject: [PATCH 051/187] s4:torture: clarify comments and variable names in
|
||||||
|
"ChangePasswordUser3 tests
|
||||||
|
|
||||||
|
There is no session key here, the buffers are directly encrypted
|
||||||
|
with the long-term passwords.
|
||||||
|
|
||||||
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||||
|
(cherry picked from commit 8380668be7963b74cbbd31bfab3d01d1f3089034)
|
||||||
|
---
|
||||||
|
source4/torture/rpc/samr.c | 43 +++++++++++++++++++++++++++++---------
|
||||||
|
1 file changed, 33 insertions(+), 10 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
|
||||||
|
index 55059a26b43..20afa9392e2 100644
|
||||||
|
--- a/source4/torture/rpc/samr.c
|
||||||
|
+++ b/source4/torture/rpc/samr.c
|
||||||
|
@@ -2472,7 +2472,7 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
|
||||||
|
NTTIME t;
|
||||||
|
struct samr_DomInfo1 *dominfo = NULL;
|
||||||
|
struct userPwdChangeFailureInformation *reject = NULL;
|
||||||
|
- DATA_BLOB session_key = data_blob_const(old_nt_hash, 16);
|
||||||
|
+ DATA_BLOB old_nt_hash_blob = data_blob_const(old_nt_hash, 16);
|
||||||
|
NTSTATUS status;
|
||||||
|
|
||||||
|
torture_comment(tctx, "Testing ChangePasswordUser3\n");
|
||||||
|
@@ -2502,22 +2502,45 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
|
||||||
|
E_deshash(oldpass, old_lm_hash);
|
||||||
|
E_deshash(newpass, new_lm_hash);
|
||||||
|
|
||||||
|
+ /*
|
||||||
|
+ * The new plaintext password is encrypted using RC4 with the
|
||||||
|
+ * old NT password hash (directly, with no confounder). The
|
||||||
|
+ * password is at the end of the random padded buffer,
|
||||||
|
+ * offering a little protection.
|
||||||
|
+ *
|
||||||
|
+ * This is almost certainly wrong, it should be the old LM
|
||||||
|
+ * hash, it was switched in an unrelated commit
|
||||||
|
+ * 579c13da43d5b40ac6d6c1436399fbc1d8dfd054 in 2004.
|
||||||
|
+ */
|
||||||
|
status = init_samr_CryptPassword(newpass,
|
||||||
|
- &session_key,
|
||||||
|
+ &old_nt_hash_blob,
|
||||||
|
&lm_pass);
|
||||||
|
torture_assert_ntstatus_ok(tctx,
|
||||||
|
status,
|
||||||
|
"init_samr_CryptPassword");
|
||||||
|
|
||||||
|
+ /*
|
||||||
|
+ * Now we prepare a DES cross-hash of the old LM and new NT
|
||||||
|
+ * passwords to link the two buffers
|
||||||
|
+ */
|
||||||
|
E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
|
||||||
|
|
||||||
|
+ /*
|
||||||
|
+ * The new plaintext password is also encrypted using RC4 with
|
||||||
|
+ * the old NT password hash (directly, with no confounder).
|
||||||
|
+ * The password is at the end of the random padded buffer,
|
||||||
|
+ * offering a little protection.
|
||||||
|
+ */
|
||||||
|
status = init_samr_CryptPassword(newpass,
|
||||||
|
- &session_key,
|
||||||
|
+ &old_nt_hash_blob,
|
||||||
|
&nt_pass);
|
||||||
|
torture_assert_ntstatus_ok(tctx,
|
||||||
|
status,
|
||||||
|
"init_samr_CryptPassword");
|
||||||
|
|
||||||
|
+ /*
|
||||||
|
+ * Another DES based cross-hash
|
||||||
|
+ */
|
||||||
|
E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
|
||||||
|
|
||||||
|
/* Break the verification */
|
||||||
|
@@ -2547,7 +2570,7 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
|
||||||
|
}
|
||||||
|
|
||||||
|
status = init_samr_CryptPassword(newpass,
|
||||||
|
- &session_key,
|
||||||
|
+ &old_nt_hash_blob,
|
||||||
|
&lm_pass);
|
||||||
|
torture_assert_ntstatus_ok(tctx,
|
||||||
|
status,
|
||||||
|
@@ -2555,18 +2578,18 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
|
||||||
|
|
||||||
|
E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
|
||||||
|
|
||||||
|
- /* Break the session key */
|
||||||
|
- session_key.data[0]++;
|
||||||
|
+ /* Break the NT Hash */
|
||||||
|
+ old_nt_hash[0]++;
|
||||||
|
|
||||||
|
status = init_samr_CryptPassword(newpass,
|
||||||
|
- &session_key,
|
||||||
|
+ &old_nt_hash_blob,
|
||||||
|
&nt_pass);
|
||||||
|
torture_assert_ntstatus_ok(tctx,
|
||||||
|
status,
|
||||||
|
"init_samr_CryptPassword");
|
||||||
|
|
||||||
|
/* Unbreak it again */
|
||||||
|
- session_key.data[0]--;
|
||||||
|
+ old_nt_hash[0]--;
|
||||||
|
|
||||||
|
E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
|
||||||
|
|
||||||
|
@@ -2615,7 +2638,7 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
|
||||||
|
E_deshash(newpass, new_lm_hash);
|
||||||
|
|
||||||
|
status = init_samr_CryptPassword(newpass,
|
||||||
|
- &session_key,
|
||||||
|
+ &old_nt_hash_blob,
|
||||||
|
&lm_pass);
|
||||||
|
torture_assert_ntstatus_ok(tctx,
|
||||||
|
status,
|
||||||
|
@@ -2624,7 +2647,7 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
|
||||||
|
E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
|
||||||
|
|
||||||
|
status = init_samr_CryptPassword(newpass,
|
||||||
|
- &session_key,
|
||||||
|
+ &old_nt_hash_blob,
|
||||||
|
&nt_pass);
|
||||||
|
torture_assert_ntstatus_ok(tctx,
|
||||||
|
status,
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,48 @@
|
|||||||
|
From 7ce6d4730f7ff8c5008ad91d665a172fec8e5ba8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Date: Thu, 25 Jul 2019 17:43:23 +1200
|
||||||
|
Subject: [PATCH 052/187] s4:torture: Use init_samr_CryptPassword in
|
||||||
|
test_ChangePasswordRandomBytes
|
||||||
|
|
||||||
|
This allows the use of GnuTLS for the underlying RC4 crypto
|
||||||
|
|
||||||
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||||
|
(cherry picked from commit 19d9c2c01a54957bc3852e2565d92c1cdd89498b)
|
||||||
|
---
|
||||||
|
source4/torture/rpc/samr.c | 12 ++++++++++--
|
||||||
|
1 file changed, 10 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
|
||||||
|
index 20afa9392e2..10377850314 100644
|
||||||
|
--- a/source4/torture/rpc/samr.c
|
||||||
|
+++ b/source4/torture/rpc/samr.c
|
||||||
|
@@ -2790,6 +2790,9 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
|
||||||
|
char *oldpass;
|
||||||
|
struct dcerpc_binding_handle *b = p->binding_handle;
|
||||||
|
uint8_t old_nt_hash[16], new_nt_hash[16];
|
||||||
|
+ DATA_BLOB old_nt_hash_blob
|
||||||
|
+ = data_blob_const(old_nt_hash,
|
||||||
|
+ sizeof(old_nt_hash));
|
||||||
|
NTTIME t;
|
||||||
|
struct samr_DomInfo1 *dominfo = NULL;
|
||||||
|
struct userPwdChangeFailureInformation *reject = NULL;
|
||||||
|
@@ -2893,8 +2896,13 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
|
||||||
|
|
||||||
|
E_md4hash(newpass, new_nt_hash);
|
||||||
|
|
||||||
|
- encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
|
||||||
|
- arcfour_crypt(nt_pass.data, old_nt_hash, 516);
|
||||||
|
+ status = init_samr_CryptPassword(newpass,
|
||||||
|
+ &old_nt_hash_blob,
|
||||||
|
+ &nt_pass);
|
||||||
|
+ torture_assert_ntstatus_ok(tctx,
|
||||||
|
+ status,
|
||||||
|
+ "init_samr_CryptPassword failed");
|
||||||
|
+
|
||||||
|
E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
|
||||||
|
|
||||||
|
r.in.server = &server;
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,51 @@
|
|||||||
|
From 74f61d6ecf74311a12e8454f2ce12a4b63bbfe90 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 24 Jul 2019 16:01:31 +0200
|
||||||
|
Subject: [PATCH 053/187] s4:torture: Use GnuTLS RC4 in
|
||||||
|
test_ChangePasswordRandomBytes
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 82a6480611f791a3c26fcf70975e6f8b3b1757ad)
|
||||||
|
---
|
||||||
|
source4/torture/rpc/samr.c | 16 +++++++++++++++-
|
||||||
|
1 file changed, 15 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
|
||||||
|
index 10377850314..10bdd52fd47 100644
|
||||||
|
--- a/source4/torture/rpc/samr.c
|
||||||
|
+++ b/source4/torture/rpc/samr.c
|
||||||
|
@@ -2796,6 +2796,11 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
|
||||||
|
NTTIME t;
|
||||||
|
struct samr_DomInfo1 *dominfo = NULL;
|
||||||
|
struct userPwdChangeFailureInformation *reject = NULL;
|
||||||
|
+ gnutls_cipher_hd_t cipher_hnd = NULL;
|
||||||
|
+ gnutls_datum_t old_nt_key = {
|
||||||
|
+ .data = old_nt_hash,
|
||||||
|
+ .size = sizeof(old_nt_hash),
|
||||||
|
+ };
|
||||||
|
|
||||||
|
new_random_pass = samr_very_rand_pass(tctx, 128);
|
||||||
|
|
||||||
|
@@ -2855,7 +2860,16 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
|
||||||
|
mdfour(new_nt_hash, new_random_pass.data, new_random_pass.length);
|
||||||
|
|
||||||
|
set_pw_in_buffer(nt_pass.data, &new_random_pass);
|
||||||
|
- arcfour_crypt(nt_pass.data, old_nt_hash, 516);
|
||||||
|
+
|
||||||
|
+ gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &old_nt_key,
|
||||||
|
+ NULL);
|
||||||
|
+ gnutls_cipher_encrypt(cipher_hnd,
|
||||||
|
+ nt_pass.data,
|
||||||
|
+ 516);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
+
|
||||||
|
E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
|
||||||
|
|
||||||
|
r.in.server = &server;
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,84 @@
|
|||||||
|
From 0f56ee5720764eec28ce23bc82a01c16411df5fb Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Date: Thu, 25 Jul 2019 13:07:48 +1200
|
||||||
|
Subject: [PATCH 054/187] s4:torture: Use samba_gnutls_arcfour_confounded_md5()
|
||||||
|
in test_ChangePasswordRandomBytes
|
||||||
|
|
||||||
|
This ensures GnuTLS is used as the underlying RC4 crypto engine
|
||||||
|
|
||||||
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||||
|
(cherry picked from commit 5740e9516f3587e3a9f72cf52cfe1eedd940b2a9)
|
||||||
|
---
|
||||||
|
source4/torture/rpc/samr.c | 25 +++++++++++++++----------
|
||||||
|
1 file changed, 15 insertions(+), 10 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
|
||||||
|
index 10bdd52fd47..4b3ad093bf6 100644
|
||||||
|
--- a/source4/torture/rpc/samr.c
|
||||||
|
+++ b/source4/torture/rpc/samr.c
|
||||||
|
@@ -42,6 +42,7 @@
|
||||||
|
#include "torture/util.h"
|
||||||
|
#include "source4/librpc/rpc/dcerpc.h"
|
||||||
|
#include "source3/rpc_client/init_samr.h"
|
||||||
|
+#include "lib/crypto/gnutls_helpers.h"
|
||||||
|
|
||||||
|
#define TEST_ACCOUNT_NAME "samrtorturetest"
|
||||||
|
#define TEST_ACCOUNT_NAME_PWD "samrpwdlastset"
|
||||||
|
@@ -2777,9 +2778,6 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
|
||||||
|
struct samr_SetUserInfo s;
|
||||||
|
union samr_UserInfo u;
|
||||||
|
DATA_BLOB session_key;
|
||||||
|
- DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16);
|
||||||
|
- uint8_t confounder[16];
|
||||||
|
- gnutls_hash_hd_t hash_hnd;
|
||||||
|
|
||||||
|
bool ret = true;
|
||||||
|
struct lsa_String server, account;
|
||||||
|
@@ -2797,6 +2795,11 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
|
||||||
|
struct samr_DomInfo1 *dominfo = NULL;
|
||||||
|
struct userPwdChangeFailureInformation *reject = NULL;
|
||||||
|
gnutls_cipher_hd_t cipher_hnd = NULL;
|
||||||
|
+ uint8_t _confounder[16] = {0};
|
||||||
|
+ DATA_BLOB confounder
|
||||||
|
+ = data_blob_const(_confounder,
|
||||||
|
+ sizeof(_confounder));
|
||||||
|
+ DATA_BLOB pw_data;
|
||||||
|
gnutls_datum_t old_nt_key = {
|
||||||
|
.data = old_nt_hash,
|
||||||
|
.size = sizeof(old_nt_hash),
|
||||||
|
@@ -2821,6 +2824,8 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
|
||||||
|
|
||||||
|
set_pw_in_buffer(u.info25.password.data, &new_random_pass);
|
||||||
|
|
||||||
|
+ pw_data = data_blob_const(u.info25.password.data, 516);
|
||||||
|
+
|
||||||
|
status = dcerpc_fetch_session_key(p, &session_key);
|
||||||
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u - no session key - %s\n",
|
||||||
|
@@ -2828,15 +2833,15 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
- generate_random_buffer((uint8_t *)confounder, 16);
|
||||||
|
+ generate_random_buffer(_confounder,
|
||||||
|
+ sizeof(_confounder));
|
||||||
|
|
||||||
|
- gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
|
||||||
|
- gnutls_hash(hash_hnd, confounder, 16);
|
||||||
|
- gnutls_hash(hash_hnd, session_key.data, session_key.length);
|
||||||
|
- gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
|
||||||
|
+ samba_gnutls_arcfour_confounded_md5(&confounder,
|
||||||
|
+ &session_key,
|
||||||
|
+ &pw_data,
|
||||||
|
+ SAMBA_GNUTLS_ENCRYPT);
|
||||||
|
|
||||||
|
- arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
|
||||||
|
- memcpy(&u.info25.password.data[516], confounder, 16);
|
||||||
|
+ memcpy(&u.info25.password.data[516], _confounder, sizeof(_confounder));
|
||||||
|
|
||||||
|
torture_comment(tctx, "Testing SetUserInfo level 25 (set password ex) with a password made up of only random bytes\n");
|
||||||
|
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,68 @@
|
|||||||
|
From e1fd1c24002f30d31367d1caa59ccb057e8c9794 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Fri, 22 Feb 2019 13:06:34 +0100
|
||||||
|
Subject: [PATCH 055/187] s4:torture: Use init_samr_CryptPassword in testjoin
|
||||||
|
RPC test
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 301544ab2b0c85752d5307f2daab59652c08e1e0)
|
||||||
|
---
|
||||||
|
source4/torture/rpc/testjoin.c | 11 +++++++----
|
||||||
|
1 file changed, 7 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/torture/rpc/testjoin.c b/source4/torture/rpc/testjoin.c
|
||||||
|
index c4e287d579b..11394b1c277 100644
|
||||||
|
--- a/source4/torture/rpc/testjoin.c
|
||||||
|
+++ b/source4/torture/rpc/testjoin.c
|
||||||
|
@@ -26,7 +26,6 @@
|
||||||
|
|
||||||
|
#include "includes.h"
|
||||||
|
#include "system/time.h"
|
||||||
|
-#include "../lib/crypto/crypto.h"
|
||||||
|
#include "libnet/libnet.h"
|
||||||
|
#include "lib/cmdline/popt_common.h"
|
||||||
|
#include "librpc/gen_ndr/ndr_lsa_c.h"
|
||||||
|
@@ -36,6 +35,7 @@
|
||||||
|
#include "torture/rpc/torture_rpc.h"
|
||||||
|
#include "libcli/security/security.h"
|
||||||
|
#include "param/param.h"
|
||||||
|
+#include "source3/rpc_client/init_samr.h"
|
||||||
|
|
||||||
|
struct test_join {
|
||||||
|
struct dcerpc_pipe *p;
|
||||||
|
@@ -145,7 +145,6 @@ struct test_join *torture_create_testuser_max_pwlen(struct torture_context *tctx
|
||||||
|
char *random_pw;
|
||||||
|
const char *dc_binding = torture_setting_string(tctx, "dc_binding", NULL);
|
||||||
|
struct dcerpc_binding_handle *b = NULL;
|
||||||
|
-
|
||||||
|
join = talloc(NULL, struct test_join);
|
||||||
|
if (join == NULL) {
|
||||||
|
return NULL;
|
||||||
|
@@ -330,7 +329,6 @@ again:
|
||||||
|
s.in.info = &u;
|
||||||
|
s.in.level = 24;
|
||||||
|
|
||||||
|
- encode_pw_buffer(u.info24.password.data, random_pw, STR_UNICODE);
|
||||||
|
u.info24.password_expired = 0;
|
||||||
|
|
||||||
|
status = dcerpc_fetch_session_key(join->p, &session_key);
|
||||||
|
@@ -341,7 +339,12 @@ again:
|
||||||
|
goto failed;
|
||||||
|
}
|
||||||
|
|
||||||
|
- arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
|
||||||
|
+ status = init_samr_CryptPassword(random_pw,
|
||||||
|
+ &session_key,
|
||||||
|
+ &u.info24.password);
|
||||||
|
+ torture_assert_ntstatus_ok(tctx,
|
||||||
|
+ status,
|
||||||
|
+ "init_samr_CryptPassword failed");
|
||||||
|
|
||||||
|
status = dcerpc_samr_SetUserInfo_r(b, join, &s);
|
||||||
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
91
SOURCES/0056-lib-crypto-Use-GnuTLS-RC4-in-py_crypto.patch
Normal file
91
SOURCES/0056-lib-crypto-Use-GnuTLS-RC4-in-py_crypto.patch
Normal file
@ -0,0 +1,91 @@
|
|||||||
|
From f20d681243aed9c4e2c1a669cb04964b380413f3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Fri, 22 Feb 2019 12:59:13 +0100
|
||||||
|
Subject: [PATCH 056/187] lib:crypto: Use GnuTLS RC4 in py_crypto
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit fc4ae06001fbb0045318a8cec7af6af81241c60e)
|
||||||
|
---
|
||||||
|
lib/crypto/py_crypto.c | 34 +++++++++++++++++++++++++++++-----
|
||||||
|
lib/crypto/wscript_build | 7 +++----
|
||||||
|
2 files changed, 32 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/crypto/py_crypto.c b/lib/crypto/py_crypto.c
|
||||||
|
index 13e2569945d..c85cd2c13d2 100644
|
||||||
|
--- a/lib/crypto/py_crypto.c
|
||||||
|
+++ b/lib/crypto/py_crypto.c
|
||||||
|
@@ -21,13 +21,18 @@
|
||||||
|
#include <Python.h>
|
||||||
|
#include "includes.h"
|
||||||
|
#include "python/py3compat.h"
|
||||||
|
-#include "lib/crypto/arcfour.h"
|
||||||
|
+
|
||||||
|
+#include <gnutls/gnutls.h>
|
||||||
|
+#include <gnutls/crypto.h>
|
||||||
|
|
||||||
|
static PyObject *py_crypto_arcfour_crypt_blob(PyObject *module, PyObject *args)
|
||||||
|
{
|
||||||
|
- DATA_BLOB data, key;
|
||||||
|
+ DATA_BLOB data;
|
||||||
|
PyObject *py_data, *py_key, *result;
|
||||||
|
TALLOC_CTX *ctx;
|
||||||
|
+ gnutls_cipher_hd_t cipher_hnd = NULL;
|
||||||
|
+ gnutls_datum_t key;
|
||||||
|
+ int rc;
|
||||||
|
|
||||||
|
if (!PyArg_ParseTuple(args, "OO", &py_data, &py_key))
|
||||||
|
return NULL;
|
||||||
|
@@ -51,10 +56,29 @@ static PyObject *py_crypto_arcfour_crypt_blob(PyObject *module, PyObject *args)
|
||||||
|
return PyErr_NoMemory();
|
||||||
|
}
|
||||||
|
|
||||||
|
- key.data = (uint8_t *)PyBytes_AsString(py_key);
|
||||||
|
- key.length = PyBytes_Size(py_key);
|
||||||
|
+ key = (gnutls_datum_t) {
|
||||||
|
+ .data = (uint8_t *)PyBytes_AsString(py_key),
|
||||||
|
+ .size = PyBytes_Size(py_key),
|
||||||
|
+ };
|
||||||
|
|
||||||
|
- arcfour_crypt_blob(data.data, data.length, &key);
|
||||||
|
+ rc = gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
||||||
|
+ &key,
|
||||||
|
+ NULL);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ talloc_free(ctx);
|
||||||
|
+ PyErr_Format(PyExc_OSError, "encryption failed");
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ rc = gnutls_cipher_encrypt(cipher_hnd,
|
||||||
|
+ data.data,
|
||||||
|
+ data.length);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ talloc_free(ctx);
|
||||||
|
+ PyErr_Format(PyExc_OSError, "encryption failed");
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
result = PyBytes_FromStringAndSize((const char*) data.data, data.length);
|
||||||
|
talloc_free(ctx);
|
||||||
|
diff --git a/lib/crypto/wscript_build b/lib/crypto/wscript_build
|
||||||
|
index 2ad8dfe2cd0..46b0e084328 100644
|
||||||
|
--- a/lib/crypto/wscript_build
|
||||||
|
+++ b/lib/crypto/wscript_build
|
||||||
|
@@ -28,7 +28,6 @@ bld.SAMBA_SUBSYSTEM('TORTURE_LIBCRYPTO',
|
||||||
|
)
|
||||||
|
|
||||||
|
bld.SAMBA_PYTHON('python_crypto',
|
||||||
|
- source='py_crypto.c',
|
||||||
|
- deps='LIBCRYPTO',
|
||||||
|
- realname='samba/crypto.so'
|
||||||
|
- )
|
||||||
|
+ source='py_crypto.c',
|
||||||
|
+ deps='gnutls talloc',
|
||||||
|
+ realname='samba/crypto.so')
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
29
SOURCES/0057-lib-crypto-Remove-arcfour.h-from-crypto.h.patch
Normal file
29
SOURCES/0057-lib-crypto-Remove-arcfour.h-from-crypto.h.patch
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
From d40afca3d8b1881ecebc171fede2aa36aa0240d0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Tue, 26 Feb 2019 18:18:36 +0100
|
||||||
|
Subject: [PATCH 057/187] lib:crypto: Remove arcfour.h from crypto.h
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 14c4a075875860e709a9e2e52aad83aa4c58a5ad)
|
||||||
|
---
|
||||||
|
lib/crypto/crypto.h | 1 -
|
||||||
|
1 file changed, 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lib/crypto/crypto.h b/lib/crypto/crypto.h
|
||||||
|
index 12aebaecefd..d7409f9a46d 100644
|
||||||
|
--- a/lib/crypto/crypto.h
|
||||||
|
+++ b/lib/crypto/crypto.h
|
||||||
|
@@ -21,7 +21,6 @@
|
||||||
|
#define _SAMBA_CRYPTO_H_
|
||||||
|
|
||||||
|
#include "../lib/crypto/md4.h"
|
||||||
|
-#include "../lib/crypto/arcfour.h"
|
||||||
|
#include "../lib/crypto/aes.h"
|
||||||
|
#include "../lib/crypto/aes_cmac_128.h"
|
||||||
|
#include "../lib/crypto/aes_ccm_128.h"
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,59 @@
|
|||||||
|
From 32aea65d8f1c896a78f93d1183fb9bdf88eee7df Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Fri, 22 Feb 2019 13:28:01 +0100
|
||||||
|
Subject: [PATCH 058/187] lib:crypto: Don't build RC4 if we have GnuTLS >=
|
||||||
|
3.4.7
|
||||||
|
|
||||||
|
We have a GnuTLS DCEPRC backupkey implementation for the server and the
|
||||||
|
test. However this is only working with GnuTLS >= 3.4.7. So we need to
|
||||||
|
keep this around till we can require at least GnuTLS in a newer version.
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 9ede63fbada7842cd9ae120936bc6bd4b6ad16ac)
|
||||||
|
---
|
||||||
|
lib/crypto/wscript_build | 25 ++++++++++++++++++++-----
|
||||||
|
1 file changed, 20 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/crypto/wscript_build b/lib/crypto/wscript_build
|
||||||
|
index 46b0e084328..a26c10b627b 100644
|
||||||
|
--- a/lib/crypto/wscript_build
|
||||||
|
+++ b/lib/crypto/wscript_build
|
||||||
|
@@ -12,12 +12,27 @@ bld.SAMBA_SUBSYSTEM('GNUTLS_HELPERS',
|
||||||
|
''',
|
||||||
|
deps='gnutls samba-errors');
|
||||||
|
|
||||||
|
+# We have a GnuTLS DCEPRC backupkey implementation for the server and the test.
|
||||||
|
+# However this is only working with GnuTLS >= 3.4.7. So we need to keep this
|
||||||
|
+# around till we can require at least GnuTLS in a newer version.
|
||||||
|
+bld.SAMBA_SUBSYSTEM('LIBCRYPTO_RC4',
|
||||||
|
+ source='arcfour.c',
|
||||||
|
+ deps='talloc',
|
||||||
|
+ enabled=not bld.CONFIG_SET('HAVE_GNUTLS_3_4_7'))
|
||||||
|
+
|
||||||
|
bld.SAMBA_SUBSYSTEM('LIBCRYPTO',
|
||||||
|
- source='''md4.c arcfour.c
|
||||||
|
- aes.c rijndael-alg-fst.c aes_cmac_128.c aes_ccm_128.c aes_gcm_128.c
|
||||||
|
- ''',
|
||||||
|
- deps='talloc' + extra_deps
|
||||||
|
- )
|
||||||
|
+ source='''
|
||||||
|
+ md4.c
|
||||||
|
+ aes.c
|
||||||
|
+ rijndael-alg-fst.c
|
||||||
|
+ aes_cmac_128.c
|
||||||
|
+ aes_ccm_128.c
|
||||||
|
+ aes_gcm_128.c
|
||||||
|
+ ''',
|
||||||
|
+ deps='''
|
||||||
|
+ talloc
|
||||||
|
+ LIBCRYPTO_RC4
|
||||||
|
+ ''' + extra_deps)
|
||||||
|
|
||||||
|
bld.SAMBA_SUBSYSTEM('TORTURE_LIBCRYPTO',
|
||||||
|
source='''md4test.c
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,56 @@
|
|||||||
|
From 0fb7a341e75794027de988894da7547a5258d705 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Tue, 16 Jul 2019 15:20:23 +0200
|
||||||
|
Subject: [PATCH 059/187] s3:lib: Use the passed mem_ctx instead of
|
||||||
|
talloc_tos()
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit fa09e811ca6fb08a66940380b310ce9794397071)
|
||||||
|
---
|
||||||
|
source3/lib/netapi/user.c | 8 ++++----
|
||||||
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c
|
||||||
|
index 827b7902040..fc236e55d1f 100644
|
||||||
|
--- a/source3/lib/netapi/user.c
|
||||||
|
+++ b/source3/lib/netapi/user.c
|
||||||
|
@@ -290,7 +290,7 @@ static NTSTATUS construct_USER_INFO_X(uint32_t level,
|
||||||
|
/****************************************************************
|
||||||
|
****************************************************************/
|
||||||
|
|
||||||
|
-static NTSTATUS set_user_info_USER_INFO_X(TALLOC_CTX *ctx,
|
||||||
|
+static NTSTATUS set_user_info_USER_INFO_X(TALLOC_CTX *mem_ctx,
|
||||||
|
struct rpc_pipe_client *pipe_cli,
|
||||||
|
DATA_BLOB *session_key,
|
||||||
|
struct policy_handle *user_handle,
|
||||||
|
@@ -320,7 +320,7 @@ static NTSTATUS set_user_info_USER_INFO_X(TALLOC_CTX *ctx,
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
- status = dcerpc_samr_SetUserInfo2(b, talloc_tos(),
|
||||||
|
+ status = dcerpc_samr_SetUserInfo2(b, mem_ctx,
|
||||||
|
user_handle,
|
||||||
|
25,
|
||||||
|
&user_info,
|
||||||
|
@@ -336,7 +336,7 @@ static NTSTATUS set_user_info_USER_INFO_X(TALLOC_CTX *ctx,
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
- status = dcerpc_samr_SetUserInfo2(b, talloc_tos(),
|
||||||
|
+ status = dcerpc_samr_SetUserInfo2(b, mem_ctx,
|
||||||
|
user_handle,
|
||||||
|
23,
|
||||||
|
&user_info,
|
||||||
|
@@ -353,7 +353,7 @@ static NTSTATUS set_user_info_USER_INFO_X(TALLOC_CTX *ctx,
|
||||||
|
|
||||||
|
user_info.info21 = info21;
|
||||||
|
|
||||||
|
- status = dcerpc_samr_SetUserInfo(b, talloc_tos(),
|
||||||
|
+ status = dcerpc_samr_SetUserInfo(b, mem_ctx,
|
||||||
|
user_handle,
|
||||||
|
21,
|
||||||
|
&user_info,
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,188 @@
|
|||||||
|
From a2b0dcbb525b7aa3a6f79ca8f8cca4ef7fc2f8f7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Tue, 16 Jul 2019 15:45:51 +0200
|
||||||
|
Subject: [PATCH 060/187] s3:rpcclient: Use a stackframe for temporary memory
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 9158a6ba8693070f3b2b71dd15089488869ab6cd)
|
||||||
|
---
|
||||||
|
source3/rpcclient/cmd_samr.c | 56 +++++++++++++++++++++++++-----------
|
||||||
|
1 file changed, 39 insertions(+), 17 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
|
||||||
|
index b1b7c06515c..0cd8b50058e 100644
|
||||||
|
--- a/source3/rpcclient/cmd_samr.c
|
||||||
|
+++ b/source3/rpcclient/cmd_samr.c
|
||||||
|
@@ -3043,6 +3043,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
|
||||||
|
DATA_BLOB session_key;
|
||||||
|
uint8_t password_expired = 0;
|
||||||
|
struct dcerpc_binding_handle *b = cli->binding_handle;
|
||||||
|
+ TALLOC_CTX *frame = NULL;
|
||||||
|
|
||||||
|
if (argc < 4) {
|
||||||
|
printf("Usage: %s username level password [password_expired]\n",
|
||||||
|
@@ -3050,6 +3051,8 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
|
||||||
|
return NT_STATUS_INVALID_PARAMETER;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ frame = talloc_stackframe();
|
||||||
|
+
|
||||||
|
user = argv[1];
|
||||||
|
level = atoi(argv[2]);
|
||||||
|
param = argv[3];
|
||||||
|
@@ -3058,18 +3061,18 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
|
||||||
|
password_expired = atoi(argv[4]);
|
||||||
|
}
|
||||||
|
|
||||||
|
- status = cli_get_session_key(mem_ctx, cli, &session_key);
|
||||||
|
+ status = cli_get_session_key(frame, cli, &session_key);
|
||||||
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
- return status;
|
||||||
|
+ goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
status = init_samr_CryptPassword(param, &session_key, &pwd_buf);
|
||||||
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
- return status;
|
||||||
|
+ goto done;
|
||||||
|
}
|
||||||
|
status = init_samr_CryptPasswordEx(param, &session_key, &pwd_buf_ex);
|
||||||
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
- return status;
|
||||||
|
+ goto done;
|
||||||
|
}
|
||||||
|
nt_lm_owf_gen(param, nt_hash, lm_hash);
|
||||||
|
|
||||||
|
@@ -3078,14 +3081,22 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
|
||||||
|
{
|
||||||
|
DATA_BLOB in,out;
|
||||||
|
in = data_blob_const(nt_hash, 16);
|
||||||
|
- out = data_blob_talloc_zero(mem_ctx, 16);
|
||||||
|
+ out = data_blob_talloc_zero(frame, 16);
|
||||||
|
+ if (out.data == NULL) {
|
||||||
|
+ status = NT_STATUS_NO_MEMORY;
|
||||||
|
+ goto done;
|
||||||
|
+ }
|
||||||
|
sess_crypt_blob(&out, &in, &session_key, true);
|
||||||
|
memcpy(nt_hash, out.data, out.length);
|
||||||
|
}
|
||||||
|
{
|
||||||
|
DATA_BLOB in,out;
|
||||||
|
in = data_blob_const(lm_hash, 16);
|
||||||
|
- out = data_blob_talloc_zero(mem_ctx, 16);
|
||||||
|
+ out = data_blob_talloc_zero(frame, 15);
|
||||||
|
+ if (out.data == NULL) {
|
||||||
|
+ status = NT_STATUS_NO_MEMORY;
|
||||||
|
+ goto done;
|
||||||
|
+ }
|
||||||
|
sess_crypt_blob(&out, &in, &session_key, true);
|
||||||
|
memcpy(lm_hash, out.data, out.length);
|
||||||
|
}
|
||||||
|
@@ -3118,18 +3129,26 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
|
||||||
|
{
|
||||||
|
DATA_BLOB in,out;
|
||||||
|
in = data_blob_const(nt_hash, 16);
|
||||||
|
- out = data_blob_talloc_zero(mem_ctx, 16);
|
||||||
|
+ out = data_blob_talloc_zero(frame, 16);
|
||||||
|
+ if (out.data == NULL) {
|
||||||
|
+ status = NT_STATUS_NO_MEMORY;
|
||||||
|
+ goto done;
|
||||||
|
+ }
|
||||||
|
sess_crypt_blob(&out, &in, &session_key, true);
|
||||||
|
info.info21.nt_owf_password.array =
|
||||||
|
- (uint16_t *)talloc_memdup(mem_ctx, out.data, 16);
|
||||||
|
+ (uint16_t *)talloc_memdup(frame, out.data, 16);
|
||||||
|
}
|
||||||
|
{
|
||||||
|
DATA_BLOB in,out;
|
||||||
|
in = data_blob_const(lm_hash, 16);
|
||||||
|
- out = data_blob_talloc_zero(mem_ctx, 16);
|
||||||
|
+ out = data_blob_talloc_zero(frame, 16);
|
||||||
|
sess_crypt_blob(&out, &in, &session_key, true);
|
||||||
|
info.info21.lm_owf_password.array =
|
||||||
|
- (uint16_t *)talloc_memdup(mem_ctx, out.data, 16);
|
||||||
|
+ (uint16_t *)talloc_memdup(frame, out.data, 16);
|
||||||
|
+ if (out.data == NULL) {
|
||||||
|
+ status = NT_STATUS_NO_MEMORY;
|
||||||
|
+ goto done;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
break;
|
||||||
|
@@ -3175,7 +3194,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
|
||||||
|
|
||||||
|
/* Get sam policy handle */
|
||||||
|
|
||||||
|
- status = rpccli_try_samr_connects(cli, mem_ctx,
|
||||||
|
+ status = rpccli_try_samr_connects(cli, frame,
|
||||||
|
MAXIMUM_ALLOWED_ACCESS,
|
||||||
|
&connect_pol);
|
||||||
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
@@ -3184,7 +3203,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
|
||||||
|
|
||||||
|
/* Get domain policy handle */
|
||||||
|
|
||||||
|
- status = dcerpc_samr_OpenDomain(b, mem_ctx,
|
||||||
|
+ status = dcerpc_samr_OpenDomain(b, frame,
|
||||||
|
&connect_pol,
|
||||||
|
access_mask,
|
||||||
|
&domain_sid,
|
||||||
|
@@ -3200,7 +3219,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
|
||||||
|
|
||||||
|
user_rid = strtol(user, NULL, 0);
|
||||||
|
if (user_rid) {
|
||||||
|
- status = dcerpc_samr_OpenUser(b, mem_ctx,
|
||||||
|
+ status = dcerpc_samr_OpenUser(b, frame,
|
||||||
|
&domain_pol,
|
||||||
|
access_mask,
|
||||||
|
user_rid,
|
||||||
|
@@ -3222,7 +3241,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
|
||||||
|
|
||||||
|
init_lsa_String(&lsa_acct_name, user);
|
||||||
|
|
||||||
|
- status = dcerpc_samr_LookupNames(b, mem_ctx,
|
||||||
|
+ status = dcerpc_samr_LookupNames(b, frame,
|
||||||
|
&domain_pol,
|
||||||
|
1,
|
||||||
|
&lsa_acct_name,
|
||||||
|
@@ -3242,7 +3261,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
|
||||||
|
return NT_STATUS_INVALID_NETWORK_RESPONSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
- status = dcerpc_samr_OpenUser(b, mem_ctx,
|
||||||
|
+ status = dcerpc_samr_OpenUser(b, frame,
|
||||||
|
&domain_pol,
|
||||||
|
access_mask,
|
||||||
|
rids.ids[0],
|
||||||
|
@@ -3258,14 +3277,14 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
|
||||||
|
|
||||||
|
switch (opcode) {
|
||||||
|
case NDR_SAMR_SETUSERINFO:
|
||||||
|
- status = dcerpc_samr_SetUserInfo(b, mem_ctx,
|
||||||
|
+ status = dcerpc_samr_SetUserInfo(b, frame,
|
||||||
|
&user_pol,
|
||||||
|
level,
|
||||||
|
&info,
|
||||||
|
&result);
|
||||||
|
break;
|
||||||
|
case NDR_SAMR_SETUSERINFO2:
|
||||||
|
- status = dcerpc_samr_SetUserInfo2(b, mem_ctx,
|
||||||
|
+ status = dcerpc_samr_SetUserInfo2(b, frame,
|
||||||
|
&user_pol,
|
||||||
|
level,
|
||||||
|
&info,
|
||||||
|
@@ -3283,7 +3302,10 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
|
||||||
|
DEBUG(0,("result: %s\n", nt_errstr(status)));
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ status = NT_STATUS_OK;
|
||||||
|
done:
|
||||||
|
+ TALLOC_FREE(frame);
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,104 @@
|
|||||||
|
From 5a4fb7d50cfa71a57ce62fdd0e090b70da56b33c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Tue, 16 Jul 2019 15:49:43 +0200
|
||||||
|
Subject: [PATCH 061/187] s3:utils: Use a stackframe for temporary memory
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 52b3f921ad2d04cb30232a6aadf261c9fc9aafb2)
|
||||||
|
---
|
||||||
|
source3/utils/net_rpc.c | 21 +++++++++++++--------
|
||||||
|
1 file changed, 13 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
|
||||||
|
index f6fb892a2d9..03462d89e1b 100644
|
||||||
|
--- a/source3/utils/net_rpc.c
|
||||||
|
+++ b/source3/utils/net_rpc.c
|
||||||
|
@@ -6095,6 +6095,7 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c,
|
||||||
|
unsigned int orig_timeout;
|
||||||
|
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
|
||||||
|
DATA_BLOB session_key = data_blob_null;
|
||||||
|
+ TALLOC_CTX *frame = NULL;
|
||||||
|
|
||||||
|
if (argc != 2) {
|
||||||
|
d_printf("%s\n%s",
|
||||||
|
@@ -6104,22 +6105,24 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c,
|
||||||
|
return NT_STATUS_INVALID_PARAMETER;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ frame = talloc_stackframe();
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* Make valid trusting domain account (ie. uppercased and with '$' appended)
|
||||||
|
*/
|
||||||
|
|
||||||
|
if (asprintf(&acct_name, "%s$", argv[0]) < 0) {
|
||||||
|
- return NT_STATUS_NO_MEMORY;
|
||||||
|
+ status = NT_STATUS_NO_MEMORY;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!strupper_m(acct_name)) {
|
||||||
|
- SAFE_FREE(acct_name);
|
||||||
|
- return NT_STATUS_INVALID_PARAMETER;
|
||||||
|
+ status = NT_STATUS_INVALID_PARAMETER;
|
||||||
|
+ goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
init_lsa_String(&lsa_acct_name, acct_name);
|
||||||
|
|
||||||
|
- status = cli_get_session_key(mem_ctx, pipe_hnd, &session_key);
|
||||||
|
+ status = cli_get_session_key(frame, pipe_hnd, &session_key);
|
||||||
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
DEBUG(0,("Error getting session_key of SAM pipe. Error was %s\n",
|
||||||
|
nt_errstr(status)));
|
||||||
|
@@ -6127,7 +6130,7 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c,
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Get samr policy handle */
|
||||||
|
- status = dcerpc_samr_Connect2(b, mem_ctx,
|
||||||
|
+ status = dcerpc_samr_Connect2(b, frame,
|
||||||
|
pipe_hnd->desthost,
|
||||||
|
MAXIMUM_ALLOWED_ACCESS,
|
||||||
|
&connect_pol,
|
||||||
|
@@ -6141,7 +6144,7 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c,
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Get domain policy handle */
|
||||||
|
- status = dcerpc_samr_OpenDomain(b, mem_ctx,
|
||||||
|
+ status = dcerpc_samr_OpenDomain(b, frame,
|
||||||
|
&connect_pol,
|
||||||
|
MAXIMUM_ALLOWED_ACCESS,
|
||||||
|
discard_const_p(struct dom_sid2, domain_sid),
|
||||||
|
@@ -6168,7 +6171,7 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c,
|
||||||
|
SAMR_USER_ACCESS_GET_ATTRIBUTES |
|
||||||
|
SAMR_USER_ACCESS_SET_ATTRIBUTES;
|
||||||
|
|
||||||
|
- status = dcerpc_samr_CreateUser2(b, mem_ctx,
|
||||||
|
+ status = dcerpc_samr_CreateUser2(b, frame,
|
||||||
|
&domain_pol,
|
||||||
|
&lsa_acct_name,
|
||||||
|
acb_info,
|
||||||
|
@@ -6207,7 +6210,7 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c,
|
||||||
|
info.info23.info.acct_flags = ACB_DOMTRUST;
|
||||||
|
info.info23.password = crypt_pwd;
|
||||||
|
|
||||||
|
- status = dcerpc_samr_SetUserInfo2(b, mem_ctx,
|
||||||
|
+ status = dcerpc_samr_SetUserInfo2(b, frame,
|
||||||
|
&user_pol,
|
||||||
|
23,
|
||||||
|
&info,
|
||||||
|
@@ -6224,9 +6227,11 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ status = NT_STATUS_OK;
|
||||||
|
done:
|
||||||
|
SAFE_FREE(acct_name);
|
||||||
|
data_blob_clear_free(&session_key);
|
||||||
|
+ TALLOC_FREE(frame);
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,96 @@
|
|||||||
|
From cb51fd8abb0f0d3fa672452cd15d49af193de6ee Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Tue, 16 Jul 2019 16:02:12 +0200
|
||||||
|
Subject: [PATCH 062/187] s3:rpc_server: Use a stackframe for temporary memory
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 1c84bda361678cb6c4685cff17a2d5a5026f2bce)
|
||||||
|
---
|
||||||
|
source3/rpc_server/netlogon/srv_netlog_nt.c | 20 +++++++++++++-------
|
||||||
|
1 file changed, 13 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
|
||||||
|
index d5267bf7062..791aa7acaff 100644
|
||||||
|
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
|
||||||
|
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
|
||||||
|
@@ -1134,6 +1134,7 @@ static NTSTATUS netr_set_machine_account_password(TALLOC_CTX *mem_ctx,
|
||||||
|
int rc;
|
||||||
|
DATA_BLOB session_key;
|
||||||
|
enum samr_UserInfoLevel infolevel;
|
||||||
|
+ TALLOC_CTX *frame = talloc_stackframe();
|
||||||
|
|
||||||
|
ZERO_STRUCT(user_handle);
|
||||||
|
|
||||||
|
@@ -1144,7 +1145,7 @@ static NTSTATUS netr_set_machine_account_password(TALLOC_CTX *mem_ctx,
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
- rc = tsocket_address_inet_from_strings(mem_ctx,
|
||||||
|
+ rc = tsocket_address_inet_from_strings(frame,
|
||||||
|
"ip",
|
||||||
|
"127.0.0.1",
|
||||||
|
0,
|
||||||
|
@@ -1154,7 +1155,7 @@ static NTSTATUS netr_set_machine_account_password(TALLOC_CTX *mem_ctx,
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
- status = rpcint_binding_handle(mem_ctx,
|
||||||
|
+ status = rpcint_binding_handle(frame,
|
||||||
|
&ndr_table_samr,
|
||||||
|
local,
|
||||||
|
NULL,
|
||||||
|
@@ -1166,7 +1167,7 @@ static NTSTATUS netr_set_machine_account_password(TALLOC_CTX *mem_ctx,
|
||||||
|
}
|
||||||
|
|
||||||
|
become_root();
|
||||||
|
- status = samr_find_machine_account(mem_ctx,
|
||||||
|
+ status = samr_find_machine_account(frame,
|
||||||
|
h,
|
||||||
|
account_name,
|
||||||
|
SEC_FLAG_MAXIMUM_ALLOWED,
|
||||||
|
@@ -1179,7 +1180,7 @@ static NTSTATUS netr_set_machine_account_password(TALLOC_CTX *mem_ctx,
|
||||||
|
}
|
||||||
|
|
||||||
|
status = dcerpc_samr_QueryUserInfo2(h,
|
||||||
|
- mem_ctx,
|
||||||
|
+ frame,
|
||||||
|
&user_handle,
|
||||||
|
UserControlInformation,
|
||||||
|
&info,
|
||||||
|
@@ -1213,7 +1214,11 @@ static NTSTATUS netr_set_machine_account_password(TALLOC_CTX *mem_ctx,
|
||||||
|
infolevel = UserInternal1Information;
|
||||||
|
|
||||||
|
in = data_blob_const(cr->creds.nt_hash, 16);
|
||||||
|
- out = data_blob_talloc_zero(mem_ctx, 16);
|
||||||
|
+ out = data_blob_talloc_zero(frame, 16);
|
||||||
|
+ if (out.data == NULL) {
|
||||||
|
+ status = NT_STATUS_NO_MEMORY;
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
sess_crypt_blob(&out, &in, &session_key, true);
|
||||||
|
memcpy(info18.nt_pwd.hash, out.data, out.length);
|
||||||
|
|
||||||
|
@@ -1244,7 +1249,7 @@ static NTSTATUS netr_set_machine_account_password(TALLOC_CTX *mem_ctx,
|
||||||
|
|
||||||
|
become_root();
|
||||||
|
status = dcerpc_samr_SetUserInfo2(h,
|
||||||
|
- mem_ctx,
|
||||||
|
+ frame,
|
||||||
|
&user_handle,
|
||||||
|
infolevel,
|
||||||
|
info,
|
||||||
|
@@ -1260,8 +1265,9 @@ static NTSTATUS netr_set_machine_account_password(TALLOC_CTX *mem_ctx,
|
||||||
|
|
||||||
|
out:
|
||||||
|
if (h && is_valid_policy_hnd(&user_handle)) {
|
||||||
|
- dcerpc_samr_Close(h, mem_ctx, &user_handle, &result);
|
||||||
|
+ dcerpc_samr_Close(h, frame, &user_handle, &result);
|
||||||
|
}
|
||||||
|
+ TALLOC_FREE(frame);
|
||||||
|
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,32 @@
|
|||||||
|
From b26c0a881c5a71ee310a942ffd65960974eabea8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: David Disseldorp <ddiss@samba.org>
|
||||||
|
Date: Fri, 12 Jul 2019 17:29:23 +0200
|
||||||
|
Subject: [PATCH 063/187] netlogon: Fix potential use of uninitialized variable
|
||||||
|
|
||||||
|
The _netr_NetrEnumerateTrustedDomains()->dcerpc_lsa_open_policy2() error
|
||||||
|
path checks the policy handle and closes it if non-empty. The policy
|
||||||
|
handle may be uninitialized in this code-path - fix this.
|
||||||
|
|
||||||
|
Signed-off-by: David Disseldorp <ddiss@samba.org>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 93d424528f1c3d0d50ebd8a784f4624b2721d416)
|
||||||
|
---
|
||||||
|
source3/rpc_server/netlogon/srv_netlog_nt.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
|
||||||
|
index 791aa7acaff..08bce367bf0 100644
|
||||||
|
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
|
||||||
|
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
|
||||||
|
@@ -419,6 +419,7 @@ NTSTATUS _netr_NetrEnumerateTrustedDomains(struct pipes_struct *p,
|
||||||
|
int i;
|
||||||
|
uint32_t max_size = (uint32_t)-1;
|
||||||
|
|
||||||
|
+ ZERO_STRUCT(pol);
|
||||||
|
DEBUG(6,("_netr_NetrEnumerateTrustedDomains: %d\n", __LINE__));
|
||||||
|
|
||||||
|
status = rpcint_binding_handle(p->mem_ctx,
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,64 @@
|
|||||||
|
From 8746734f6874d62825209a49b29b06f28183559d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Tue, 16 Jul 2019 16:13:17 +0200
|
||||||
|
Subject: [PATCH 064/187] s3:rpc_server: Only dump passwords in developer
|
||||||
|
builds
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
|
||||||
|
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Autobuild-Date(master): Fri Jul 26 03:05:01 UTC 2019 on sn-devel-184
|
||||||
|
|
||||||
|
(cherry picked from commit 1f923e067dbe358c17cbccfe179baa811aa3b8b3)
|
||||||
|
---
|
||||||
|
source3/rpc_server/samr/srv_samr_nt.c | 8 ++++++++
|
||||||
|
1 file changed, 8 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
|
||||||
|
index ad1d1853bda..87214b2899e 100644
|
||||||
|
--- a/source3/rpc_server/samr/srv_samr_nt.c
|
||||||
|
+++ b/source3/rpc_server/samr/srv_samr_nt.c
|
||||||
|
@@ -5198,7 +5198,9 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef DEBUG_PASSWORD
|
||||||
|
dump_data(100, info->info23.password.data, 516);
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
status = set_user_info_23(p->mem_ctx,
|
||||||
|
&info->info23,
|
||||||
|
@@ -5219,7 +5221,9 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef DEBUG_PASSWORD
|
||||||
|
dump_data(100, info->info24.password.data, 516);
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
status = set_user_info_24(p->mem_ctx,
|
||||||
|
rhost,
|
||||||
|
@@ -5237,7 +5241,9 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef DEBUG_PASSWORD
|
||||||
|
dump_data(100, info->info25.password.data, 532);
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
status = set_user_info_25(p->mem_ctx,
|
||||||
|
rhost,
|
||||||
|
@@ -5255,7 +5261,9 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef DEBUG_PASSWORD
|
||||||
|
dump_data(100, info->info26.password.data, 516);
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
status = set_user_info_26(p->mem_ctx,
|
||||||
|
rhost,
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,38 @@
|
|||||||
|
From 595df06b59c80cbb7a484a893e1ebaf917ddddb6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Thu, 8 Aug 2019 11:57:02 +0200
|
||||||
|
Subject: [PATCH 065/187] libcli:smb: Add forward declaration for
|
||||||
|
gnutls_hmac_hd_t
|
||||||
|
|
||||||
|
This file is basically included everywhere. So use a forward declaration
|
||||||
|
for gnutls_hmac_hd_t. This way we don't have to link everthing against
|
||||||
|
gnutls to get access to the header path.
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 6bf6cb1643ae5e8fff66a7cbec50f58ede632666)
|
||||||
|
---
|
||||||
|
libcli/smb/smb2_signing.h | 6 +++---
|
||||||
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libcli/smb/smb2_signing.h b/libcli/smb/smb2_signing.h
|
||||||
|
index 6e1682955c9..96a002f4a0c 100644
|
||||||
|
--- a/libcli/smb/smb2_signing.h
|
||||||
|
+++ b/libcli/smb/smb2_signing.h
|
||||||
|
@@ -21,10 +21,10 @@
|
||||||
|
#ifndef _LIBCLI_SMB_SMB2_SIGNING_H_
|
||||||
|
#define _LIBCLI_SMB_SMB2_SIGNING_H_
|
||||||
|
|
||||||
|
-#include <gnutls/gnutls.h>
|
||||||
|
-#include <gnutls/crypto.h>
|
||||||
|
-
|
||||||
|
struct iovec;
|
||||||
|
+ /* Forward declaration of GnuTLS typedefs */
|
||||||
|
+struct hmac_hd_st;
|
||||||
|
+typedef struct hmac_hd_st* gnutls_hmac_hd_t;
|
||||||
|
|
||||||
|
struct smb2_signing_key {
|
||||||
|
gnutls_hmac_hd_t hmac_hnd;
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,29 @@
|
|||||||
|
From 5132a12a30ccc008644be11fa6af4a3d253a8a27 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Thu, 8 Aug 2019 13:14:45 +0200
|
||||||
|
Subject: [PATCH 066/187] s3:modules: Link vfs_acl_common against gnutls
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit b81cb04d03d57b8175d862ba48ac476fedf23636)
|
||||||
|
---
|
||||||
|
source3/modules/wscript_build | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/source3/modules/wscript_build b/source3/modules/wscript_build
|
||||||
|
index 80b0ce9ff90..b8b965c8edd 100644
|
||||||
|
--- a/source3/modules/wscript_build
|
||||||
|
+++ b/source3/modules/wscript_build
|
||||||
|
@@ -10,7 +10,8 @@ bld.SAMBA3_BINARY('test_nfs4_acls',
|
||||||
|
install=False)
|
||||||
|
|
||||||
|
bld.SAMBA3_SUBSYSTEM('vfs_acl_common',
|
||||||
|
- source='vfs_acl_common.c')
|
||||||
|
+ source='vfs_acl_common.c',
|
||||||
|
+ deps='gnutls')
|
||||||
|
|
||||||
|
bld.SAMBA3_SUBSYSTEM('POSIXACL_XATTR',
|
||||||
|
source='posixacl_xattr.c',
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
62
SOURCES/0067-lib-util-Add-generate_nonce_buffer.patch
Normal file
62
SOURCES/0067-lib-util-Add-generate_nonce_buffer.patch
Normal file
@ -0,0 +1,62 @@
|
|||||||
|
From 45c34e04c2018d839be71371bee594bc4794de2d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 31 Jul 2019 15:16:37 +0200
|
||||||
|
Subject: [PATCH 067/187] lib:util: Add generate_nonce_buffer()
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 70ff216935acc099b762b527033b6191ba3307d0)
|
||||||
|
---
|
||||||
|
lib/util/genrand.c | 12 ++++++++++--
|
||||||
|
lib/util/genrand.h | 11 +++++++++++
|
||||||
|
2 files changed, 21 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/util/genrand.c b/lib/util/genrand.c
|
||||||
|
index 55997c3dd55..76c2cb81962 100644
|
||||||
|
--- a/lib/util/genrand.c
|
||||||
|
+++ b/lib/util/genrand.c
|
||||||
|
@@ -25,8 +25,6 @@
|
||||||
|
#include <gnutls/gnutls.h>
|
||||||
|
#include <gnutls/crypto.h>
|
||||||
|
|
||||||
|
-/* TODO: Add API for generating nonce or use gnutls_rnd directly everywhere. */
|
||||||
|
-
|
||||||
|
_PUBLIC_ void generate_random_buffer(uint8_t *out, int len)
|
||||||
|
{
|
||||||
|
/* Thread and fork safe random number generator for temporary keys. */
|
||||||
|
@@ -42,3 +40,13 @@ _PUBLIC_ void generate_secret_buffer(uint8_t *out, int len)
|
||||||
|
/* Thread and fork safe random number generator for long term keys. */
|
||||||
|
gnutls_rnd(GNUTLS_RND_KEY, out, len);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+_PUBLIC_ void generate_nonce_buffer(uint8_t *out, int len)
|
||||||
|
+{
|
||||||
|
+ /*
|
||||||
|
+ * The nonce generator will reseed after outputting a fixed amount of
|
||||||
|
+ * bytes (typically few megabytes), or after few hours of operation
|
||||||
|
+ * without reaching the limit has passed.
|
||||||
|
+ */
|
||||||
|
+ gnutls_rnd(GNUTLS_RND_NONCE, out, len);
|
||||||
|
+}
|
||||||
|
diff --git a/lib/util/genrand.h b/lib/util/genrand.h
|
||||||
|
index 899ce8badc0..5af23100596 100644
|
||||||
|
--- a/lib/util/genrand.h
|
||||||
|
+++ b/lib/util/genrand.h
|
||||||
|
@@ -28,3 +28,14 @@ void generate_random_buffer(uint8_t *out, int len);
|
||||||
|
* Thread and fork safe random number generator for long term keys.
|
||||||
|
*/
|
||||||
|
void generate_secret_buffer(uint8_t *out, int len);
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
+ * @brief Generate random values for a nonce buffer.
|
||||||
|
+ *
|
||||||
|
+ * This is also known as initialization vector.
|
||||||
|
+ *
|
||||||
|
+ * @param[in] out A pointer to the buffer to fill with random data.
|
||||||
|
+ *
|
||||||
|
+ * @param[in] len The size of the buffer to fill.
|
||||||
|
+ */
|
||||||
|
+void generate_nonce_buffer(uint8_t *out, int len);
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,31 @@
|
|||||||
|
From 85272ea8c52056f559b7bfde79805ce2b7ab4f72 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 31 Jul 2019 15:25:35 +0200
|
||||||
|
Subject: [PATCH 068/187] libcli:smb: Use generate_nonce_buffer() for AES-CCM
|
||||||
|
and AES-GCM nonce
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit b2506f2407429efb40c3e4e4c360f5817ac13d27)
|
||||||
|
---
|
||||||
|
libcli/smb/smbXcli_base.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
|
||||||
|
index c9b396106ae..5db86720c9c 100644
|
||||||
|
--- a/libcli/smb/smbXcli_base.c
|
||||||
|
+++ b/libcli/smb/smbXcli_base.c
|
||||||
|
@@ -6253,8 +6253,8 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
|
||||||
|
*
|
||||||
|
* NOTE: We assume nonces greater than 8 bytes.
|
||||||
|
*/
|
||||||
|
- generate_random_buffer((uint8_t *)&session->smb2->nonce_high_random,
|
||||||
|
- sizeof(session->smb2->nonce_high_random));
|
||||||
|
+ generate_nonce_buffer((uint8_t *)&session->smb2->nonce_high_random,
|
||||||
|
+ sizeof(session->smb2->nonce_high_random));
|
||||||
|
switch (conn->smb2.server.cipher) {
|
||||||
|
case SMB2_ENCRYPTION_AES128_CCM:
|
||||||
|
nonce_size = AES_CCM_128_NONCE_SIZE;
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,31 @@
|
|||||||
|
From 230457a6c024e236815b6f9f0351b236044ad515 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 31 Jul 2019 15:28:34 +0200
|
||||||
|
Subject: [PATCH 069/187] s3:smbd: Use generate_nonce_buffer() for AES-CCM and
|
||||||
|
AES-GCM nonce
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 2b2df6cd398c9cb62989710f9b1642665ec89406)
|
||||||
|
---
|
||||||
|
source3/smbd/smb2_sesssetup.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
|
||||||
|
index 770c22b00f1..591d5c37160 100644
|
||||||
|
--- a/source3/smbd/smb2_sesssetup.c
|
||||||
|
+++ b/source3/smbd/smb2_sesssetup.c
|
||||||
|
@@ -419,8 +419,8 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
|
||||||
|
*
|
||||||
|
* NOTE: We assume nonces greater than 8 bytes.
|
||||||
|
*/
|
||||||
|
- generate_random_buffer((uint8_t *)&x->nonce_high_random,
|
||||||
|
- sizeof(x->nonce_high_random));
|
||||||
|
+ generate_nonce_buffer((uint8_t *)&x->nonce_high_random,
|
||||||
|
+ sizeof(x->nonce_high_random));
|
||||||
|
switch (xconn->smb2.server.cipher) {
|
||||||
|
case SMB2_ENCRYPTION_AES128_CCM:
|
||||||
|
nonce_size = AES_CCM_128_NONCE_SIZE;
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,70 @@
|
|||||||
|
From deeb93c2fb7cc131741ced4877b75bcd3a64cef4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 31 Jul 2019 15:38:50 +0200
|
||||||
|
Subject: [PATCH 070/187] lib:util: Add better documentation for
|
||||||
|
generate_secret_buffer()
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit bf52ab7d2982de84a68a1b9c6d2f68250b7e7cca)
|
||||||
|
---
|
||||||
|
lib/util/genrand.c | 17 ++++++++++++-----
|
||||||
|
lib/util/genrand.h | 6 +++++-
|
||||||
|
2 files changed, 17 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/util/genrand.c b/lib/util/genrand.c
|
||||||
|
index 76c2cb81962..a5809aa2bc9 100644
|
||||||
|
--- a/lib/util/genrand.c
|
||||||
|
+++ b/lib/util/genrand.c
|
||||||
|
@@ -25,19 +25,26 @@
|
||||||
|
#include <gnutls/gnutls.h>
|
||||||
|
#include <gnutls/crypto.h>
|
||||||
|
|
||||||
|
+/*
|
||||||
|
+ * Details about the GnuTLS CSPRNG:
|
||||||
|
+ *
|
||||||
|
+ * https://nikmav.blogspot.com/2017/03/improving-by-simplifying-gnutls-prng.html
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
_PUBLIC_ void generate_random_buffer(uint8_t *out, int len)
|
||||||
|
{
|
||||||
|
/* Thread and fork safe random number generator for temporary keys. */
|
||||||
|
gnutls_rnd(GNUTLS_RND_RANDOM, out, len);
|
||||||
|
}
|
||||||
|
|
||||||
|
-/*
|
||||||
|
- * Keep generate_secret_buffer in case we ever want to do something
|
||||||
|
- * different
|
||||||
|
- */
|
||||||
|
_PUBLIC_ void generate_secret_buffer(uint8_t *out, int len)
|
||||||
|
{
|
||||||
|
- /* Thread and fork safe random number generator for long term keys. */
|
||||||
|
+ /* The key generator, will re-seed after a fixed amount of bytes is
|
||||||
|
+ * generated (typically less than the nonce), and will also re-seed
|
||||||
|
+ * based on time, i.e., after few hours of operation without reaching
|
||||||
|
+ * the limit for a re-seed. For its re-seed it mixes mixes data obtained
|
||||||
|
+ * from the OS random device with the previous key.
|
||||||
|
+ */
|
||||||
|
gnutls_rnd(GNUTLS_RND_KEY, out, len);
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/lib/util/genrand.h b/lib/util/genrand.h
|
||||||
|
index 5af23100596..abb8ce2c10a 100644
|
||||||
|
--- a/lib/util/genrand.h
|
||||||
|
+++ b/lib/util/genrand.h
|
||||||
|
@@ -25,7 +25,11 @@
|
||||||
|
void generate_random_buffer(uint8_t *out, int len);
|
||||||
|
|
||||||
|
/**
|
||||||
|
- * Thread and fork safe random number generator for long term keys.
|
||||||
|
+ * @brief Generate random values for key buffers (e.g. session keys)
|
||||||
|
+ *
|
||||||
|
+ * @param[in] out A pointer to the buffer to fill with random data.
|
||||||
|
+ *
|
||||||
|
+ * @param[in] len The size of the buffer to fill.
|
||||||
|
*/
|
||||||
|
void generate_secret_buffer(uint8_t *out, int len);
|
||||||
|
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,33 @@
|
|||||||
|
From 299dd35d7816770560a17a0e30886c08d9687589 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 31 Jul 2019 15:40:12 +0200
|
||||||
|
Subject: [PATCH 071/187] s4:rpc_server: Use generate_secret_buffer() to create
|
||||||
|
a session key
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 4b2480518bd3887be3a6cfb713523ac084e09fd5)
|
||||||
|
---
|
||||||
|
source4/rpc_server/samr/samr_password.c | 5 +++--
|
||||||
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
|
||||||
|
index b04e37f06f3..6bf907181c8 100644
|
||||||
|
--- a/source4/rpc_server/samr/samr_password.c
|
||||||
|
+++ b/source4/rpc_server/samr/samr_password.c
|
||||||
|
@@ -733,9 +733,10 @@ NTSTATUS samr_set_password_buffers(struct dcesrv_call_state *dce_call,
|
||||||
|
nt_errstr(nt_status)));
|
||||||
|
|
||||||
|
/*
|
||||||
|
- * Windows just uses a random key
|
||||||
|
+ * Windows just uses a random key. We need to use a CSPRNG
|
||||||
|
+ * which reseeds for generating session keys.
|
||||||
|
*/
|
||||||
|
- generate_random_buffer(random_session_key,
|
||||||
|
+ generate_secret_buffer(random_session_key,
|
||||||
|
sizeof(random_session_key));
|
||||||
|
session_key = data_blob_const(random_session_key,
|
||||||
|
sizeof(random_session_key));
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,30 @@
|
|||||||
|
From 5cd54770ca2055eee9ae651510b0ff5d1c914f6c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 31 Jul 2019 15:41:29 +0200
|
||||||
|
Subject: [PATCH 072/187] s4:rpc_server: Use generate_secret_buffer() for
|
||||||
|
backupkey wap_key
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 5a62056b4530e4c509444be9164a1fca1dce193f)
|
||||||
|
---
|
||||||
|
source4/rpc_server/backupkey/dcesrv_backupkey.c | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
|
||||||
|
index a826ae083f4..d192858e468 100644
|
||||||
|
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
|
||||||
|
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
|
||||||
|
@@ -1263,7 +1263,8 @@ static WERROR generate_bkrp_server_wrap_key(TALLOC_CTX *ctx, struct ldb_context
|
||||||
|
char *secret_name;
|
||||||
|
TALLOC_CTX *frame = talloc_stackframe();
|
||||||
|
|
||||||
|
- generate_random_buffer(wrap_key.key, sizeof(wrap_key.key));
|
||||||
|
+ /* We need to use a CSPRNG which reseeds for generating session keys. */
|
||||||
|
+ generate_secret_buffer(wrap_key.key, sizeof(wrap_key.key));
|
||||||
|
|
||||||
|
ndr_err = ndr_push_struct_blob(&blob_wrap_key, ctx, &wrap_key, (ndr_push_flags_fn_t)ndr_push_bkrp_dc_serverwrap_key);
|
||||||
|
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,30 @@
|
|||||||
|
From a9efbcf21a5dc8b8b8195916b8a5eaa03ccbf5a5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 31 Jul 2019 15:42:26 +0200
|
||||||
|
Subject: [PATCH 073/187] s4:rpc_server: Use generate_secret_buffer() for
|
||||||
|
netlogon challange
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit a21770cfdffd2a21045a1bc87e489af0f4c6f130)
|
||||||
|
---
|
||||||
|
source4/rpc_server/netlogon/dcerpc_netlogon.c | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
|
||||||
|
index ac745e32b02..f4e24b7fd7f 100644
|
||||||
|
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
|
||||||
|
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
|
||||||
|
@@ -90,7 +90,8 @@ static NTSTATUS dcesrv_netr_ServerReqChallenge(struct dcesrv_call_state *dce_cal
|
||||||
|
|
||||||
|
pipe_state->client_challenge = *r->in.credentials;
|
||||||
|
|
||||||
|
- generate_random_buffer(pipe_state->server_challenge.data,
|
||||||
|
+ /* We need to use a CSPRNG which reseeds for generating session keys. */
|
||||||
|
+ generate_secret_buffer(pipe_state->server_challenge.data,
|
||||||
|
sizeof(pipe_state->server_challenge.data));
|
||||||
|
|
||||||
|
*r->out.return_credentials = pipe_state->server_challenge;
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,34 @@
|
|||||||
|
From 34c4199f21f5d2dfbf3d732fd4da7be390ce095b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 31 Jul 2019 15:44:24 +0200
|
||||||
|
Subject: [PATCH 074/187] libcli:auth: Use generate_secret_buffer() for
|
||||||
|
netlogon challenge
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
|
||||||
|
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
|
||||||
|
Autobuild-Date(master): Mon Aug 12 10:42:35 UTC 2019 on sn-devel-184
|
||||||
|
|
||||||
|
(cherry picked from commit c3ba556f52b15dd80efc26e4fb8f43ce2ee3a7f0)
|
||||||
|
---
|
||||||
|
libcli/auth/netlogon_creds_cli.c | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
|
||||||
|
index 50a5f50a57d..18143ca36d0 100644
|
||||||
|
--- a/libcli/auth/netlogon_creds_cli.c
|
||||||
|
+++ b/libcli/auth/netlogon_creds_cli.c
|
||||||
|
@@ -1177,7 +1177,8 @@ static void netlogon_creds_cli_auth_challenge_start(struct tevent_req *req)
|
||||||
|
|
||||||
|
TALLOC_FREE(state->creds);
|
||||||
|
|
||||||
|
- generate_random_buffer(state->client_challenge.data,
|
||||||
|
+ /* We need to use a CSPRNG which reseeds for generating session keys. */
|
||||||
|
+ generate_secret_buffer(state->client_challenge.data,
|
||||||
|
sizeof(state->client_challenge.data));
|
||||||
|
|
||||||
|
subreq = dcerpc_netr_ServerReqChallenge_send(state, state->ev,
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,72 @@
|
|||||||
|
From 5d53f417762503b9c73edcdb1364834f3b665e74 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Mon, 12 Aug 2019 16:10:20 +0200
|
||||||
|
Subject: [PATCH 075/187] lib:util: Fix documentation for random number
|
||||||
|
functions
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Alexander Bokovoy <ab@samba.org>
|
||||||
|
(cherry picked from commit 97c441d7c28feb29168e81ebbc5c55b09a845087)
|
||||||
|
---
|
||||||
|
lib/util/genrand.c | 9 +++++++--
|
||||||
|
lib/util/genrand.h | 8 ++++++--
|
||||||
|
2 files changed, 13 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/util/genrand.c b/lib/util/genrand.c
|
||||||
|
index a5809aa2bc9..18ffa0d95e6 100644
|
||||||
|
--- a/lib/util/genrand.c
|
||||||
|
+++ b/lib/util/genrand.c
|
||||||
|
@@ -33,13 +33,16 @@
|
||||||
|
|
||||||
|
_PUBLIC_ void generate_random_buffer(uint8_t *out, int len)
|
||||||
|
{
|
||||||
|
- /* Thread and fork safe random number generator for temporary keys. */
|
||||||
|
+ /* Random number generator for temporary keys. */
|
||||||
|
gnutls_rnd(GNUTLS_RND_RANDOM, out, len);
|
||||||
|
}
|
||||||
|
|
||||||
|
_PUBLIC_ void generate_secret_buffer(uint8_t *out, int len)
|
||||||
|
{
|
||||||
|
- /* The key generator, will re-seed after a fixed amount of bytes is
|
||||||
|
+ /*
|
||||||
|
+ * Random number generator for long term keys.
|
||||||
|
+ *
|
||||||
|
+ * The key generator, will re-seed after a fixed amount of bytes is
|
||||||
|
* generated (typically less than the nonce), and will also re-seed
|
||||||
|
* based on time, i.e., after few hours of operation without reaching
|
||||||
|
* the limit for a re-seed. For its re-seed it mixes mixes data obtained
|
||||||
|
@@ -51,6 +54,8 @@ _PUBLIC_ void generate_secret_buffer(uint8_t *out, int len)
|
||||||
|
_PUBLIC_ void generate_nonce_buffer(uint8_t *out, int len)
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
+ * Random number generator for nonce and initialization vectors.
|
||||||
|
+ *
|
||||||
|
* The nonce generator will reseed after outputting a fixed amount of
|
||||||
|
* bytes (typically few megabytes), or after few hours of operation
|
||||||
|
* without reaching the limit has passed.
|
||||||
|
diff --git a/lib/util/genrand.h b/lib/util/genrand.h
|
||||||
|
index abb8ce2c10a..70f36312e58 100644
|
||||||
|
--- a/lib/util/genrand.h
|
||||||
|
+++ b/lib/util/genrand.h
|
||||||
|
@@ -20,12 +20,16 @@
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
- * Thread and fork safe random number generator for temporary keys.
|
||||||
|
+ * @brief Generate random values for session and temporary keys.
|
||||||
|
+ *
|
||||||
|
+ * @param[in] out A pointer to the buffer to fill with random data.
|
||||||
|
+ *
|
||||||
|
+ * @param[in] len The size of the buffer to fill.
|
||||||
|
*/
|
||||||
|
void generate_random_buffer(uint8_t *out, int len);
|
||||||
|
|
||||||
|
/**
|
||||||
|
- * @brief Generate random values for key buffers (e.g. session keys)
|
||||||
|
+ * @brief Generate random values for long term keys and passwords.
|
||||||
|
*
|
||||||
|
* @param[in] out A pointer to the buffer to fill with random data.
|
||||||
|
*
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,31 @@
|
|||||||
|
From 5b8d3df9856f081cbca601926ca909085cc73f05 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Mon, 12 Aug 2019 18:49:31 +0200
|
||||||
|
Subject: [PATCH 076/187] Revert "libcli:auth: Use generate_secret_buffer() for
|
||||||
|
netlogon challenge"
|
||||||
|
|
||||||
|
This reverts commit c3ba556f52b15dd80efc26e4fb8f43ce2ee3a7f0.
|
||||||
|
|
||||||
|
Reviewed-by: Alexander Bokovoy <ab@samba.org>
|
||||||
|
(cherry picked from commit 689760f26521fe5b4c8964a25ddd3ab1c9e9977c)
|
||||||
|
---
|
||||||
|
libcli/auth/netlogon_creds_cli.c | 3 +--
|
||||||
|
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
|
||||||
|
index 18143ca36d0..50a5f50a57d 100644
|
||||||
|
--- a/libcli/auth/netlogon_creds_cli.c
|
||||||
|
+++ b/libcli/auth/netlogon_creds_cli.c
|
||||||
|
@@ -1177,8 +1177,7 @@ static void netlogon_creds_cli_auth_challenge_start(struct tevent_req *req)
|
||||||
|
|
||||||
|
TALLOC_FREE(state->creds);
|
||||||
|
|
||||||
|
- /* We need to use a CSPRNG which reseeds for generating session keys. */
|
||||||
|
- generate_secret_buffer(state->client_challenge.data,
|
||||||
|
+ generate_random_buffer(state->client_challenge.data,
|
||||||
|
sizeof(state->client_challenge.data));
|
||||||
|
|
||||||
|
subreq = dcerpc_netr_ServerReqChallenge_send(state, state->ev,
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,31 @@
|
|||||||
|
From c08b8c1b2ccbd3c180c730940d7efce8fcef8b5b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Mon, 12 Aug 2019 18:49:37 +0200
|
||||||
|
Subject: [PATCH 077/187] Revert "s4:rpc_server: Use generate_secret_buffer()
|
||||||
|
for netlogon challange"
|
||||||
|
|
||||||
|
This reverts commit a21770cfdffd2a21045a1bc87e489af0f4c6f130.
|
||||||
|
|
||||||
|
Reviewed-by: Alexander Bokovoy <ab@samba.org>
|
||||||
|
(cherry picked from commit 1c68085404cd467c217640e3eabfc4b7f8b1ce9f)
|
||||||
|
---
|
||||||
|
source4/rpc_server/netlogon/dcerpc_netlogon.c | 3 +--
|
||||||
|
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
|
||||||
|
index f4e24b7fd7f..ac745e32b02 100644
|
||||||
|
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
|
||||||
|
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
|
||||||
|
@@ -90,8 +90,7 @@ static NTSTATUS dcesrv_netr_ServerReqChallenge(struct dcesrv_call_state *dce_cal
|
||||||
|
|
||||||
|
pipe_state->client_challenge = *r->in.credentials;
|
||||||
|
|
||||||
|
- /* We need to use a CSPRNG which reseeds for generating session keys. */
|
||||||
|
- generate_secret_buffer(pipe_state->server_challenge.data,
|
||||||
|
+ generate_random_buffer(pipe_state->server_challenge.data,
|
||||||
|
sizeof(pipe_state->server_challenge.data));
|
||||||
|
|
||||||
|
*r->out.return_credentials = pipe_state->server_challenge;
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,31 @@
|
|||||||
|
From 5576562cc327cfa6cc77d5962ee8ec85d9ca0ad6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Mon, 12 Aug 2019 18:49:52 +0200
|
||||||
|
Subject: [PATCH 078/187] Revert "s4:rpc_server: Use generate_secret_buffer()
|
||||||
|
for backupkey wap_key"
|
||||||
|
|
||||||
|
This reverts commit 5a62056b4530e4c509444be9164a1fca1dce193f.
|
||||||
|
|
||||||
|
Reviewed-by: Alexander Bokovoy <ab@samba.org>
|
||||||
|
(cherry picked from commit 38b0695ddac244c67b2a33eb927ad3e95d2e8bd6)
|
||||||
|
---
|
||||||
|
source4/rpc_server/backupkey/dcesrv_backupkey.c | 3 +--
|
||||||
|
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
|
||||||
|
index d192858e468..a826ae083f4 100644
|
||||||
|
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
|
||||||
|
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
|
||||||
|
@@ -1263,8 +1263,7 @@ static WERROR generate_bkrp_server_wrap_key(TALLOC_CTX *ctx, struct ldb_context
|
||||||
|
char *secret_name;
|
||||||
|
TALLOC_CTX *frame = talloc_stackframe();
|
||||||
|
|
||||||
|
- /* We need to use a CSPRNG which reseeds for generating session keys. */
|
||||||
|
- generate_secret_buffer(wrap_key.key, sizeof(wrap_key.key));
|
||||||
|
+ generate_random_buffer(wrap_key.key, sizeof(wrap_key.key));
|
||||||
|
|
||||||
|
ndr_err = ndr_push_struct_blob(&blob_wrap_key, ctx, &wrap_key, (ndr_push_flags_fn_t)ndr_push_bkrp_dc_serverwrap_key);
|
||||||
|
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,34 @@
|
|||||||
|
From ea69efd5e269e3ec0c93121d0448a1f6fb4275ac Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Mon, 12 Aug 2019 18:50:02 +0200
|
||||||
|
Subject: [PATCH 079/187] Revert "s4:rpc_server: Use generate_secret_buffer()
|
||||||
|
to create a session key"
|
||||||
|
|
||||||
|
This reverts commit 4b2480518bd3887be3a6cfb713523ac084e09fd5.
|
||||||
|
|
||||||
|
Reviewed-by: Alexander Bokovoy <ab@samba.org>
|
||||||
|
(cherry picked from commit d73be972ea58d564c770698bf6374a6074f111fe)
|
||||||
|
---
|
||||||
|
source4/rpc_server/samr/samr_password.c | 5 ++---
|
||||||
|
1 file changed, 2 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
|
||||||
|
index 6bf907181c8..b04e37f06f3 100644
|
||||||
|
--- a/source4/rpc_server/samr/samr_password.c
|
||||||
|
+++ b/source4/rpc_server/samr/samr_password.c
|
||||||
|
@@ -733,10 +733,9 @@ NTSTATUS samr_set_password_buffers(struct dcesrv_call_state *dce_call,
|
||||||
|
nt_errstr(nt_status)));
|
||||||
|
|
||||||
|
/*
|
||||||
|
- * Windows just uses a random key. We need to use a CSPRNG
|
||||||
|
- * which reseeds for generating session keys.
|
||||||
|
+ * Windows just uses a random key
|
||||||
|
*/
|
||||||
|
- generate_secret_buffer(random_session_key,
|
||||||
|
+ generate_random_buffer(random_session_key,
|
||||||
|
sizeof(random_session_key));
|
||||||
|
session_key = data_blob_const(random_session_key,
|
||||||
|
sizeof(random_session_key));
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,47 @@
|
|||||||
|
From d2cc9f2ef31092c1ce5e5ad967a6be4f3bc84c06 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Mon, 12 Aug 2019 18:55:56 +0200
|
||||||
|
Subject: [PATCH 080/187] lib:util: Use generate_secret_buffer() for long term
|
||||||
|
passwords
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Alexander Bokovoy <ab@samba.org>
|
||||||
|
(cherry picked from commit 93196dd823e114f260a68d28bb59eac3909c30d8)
|
||||||
|
---
|
||||||
|
lib/util/genrand_util.c | 6 +++---
|
||||||
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/util/genrand_util.c b/lib/util/genrand_util.c
|
||||||
|
index d7b74c6cf1a..05d1f3ef6e5 100644
|
||||||
|
--- a/lib/util/genrand_util.c
|
||||||
|
+++ b/lib/util/genrand_util.c
|
||||||
|
@@ -185,7 +185,7 @@ _PUBLIC_ char *generate_random_str_list(TALLOC_CTX *mem_ctx, size_t len, const c
|
||||||
|
char *retstr = talloc_array(mem_ctx, char, len + 1);
|
||||||
|
if (!retstr) return NULL;
|
||||||
|
|
||||||
|
- generate_random_buffer((uint8_t *)retstr, len);
|
||||||
|
+ generate_secret_buffer((uint8_t *)retstr, len);
|
||||||
|
for (i = 0; i < len; i++) {
|
||||||
|
retstr[i] = list[retstr[i] % list_len];
|
||||||
|
}
|
||||||
|
@@ -247,7 +247,7 @@ _PUBLIC_ char *generate_random_password(TALLOC_CTX *mem_ctx, size_t min, size_t
|
||||||
|
if (diff > 0 ) {
|
||||||
|
size_t tmp;
|
||||||
|
|
||||||
|
- generate_random_buffer((uint8_t *)&tmp, sizeof(tmp));
|
||||||
|
+ generate_secret_buffer((uint8_t *)&tmp, sizeof(tmp));
|
||||||
|
|
||||||
|
tmp %= diff;
|
||||||
|
|
||||||
|
@@ -317,7 +317,7 @@ _PUBLIC_ char *generate_random_machine_password(TALLOC_CTX *mem_ctx, size_t min,
|
||||||
|
if (diff > 0) {
|
||||||
|
size_t tmp;
|
||||||
|
|
||||||
|
- generate_random_buffer((uint8_t *)&tmp, sizeof(tmp));
|
||||||
|
+ generate_secret_buffer((uint8_t *)&tmp, sizeof(tmp));
|
||||||
|
|
||||||
|
tmp %= diff;
|
||||||
|
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,29 @@
|
|||||||
|
From 3a22faf5aa81b8a2e918e250cb201440094f9757 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Mon, 12 Aug 2019 18:56:35 +0200
|
||||||
|
Subject: [PATCH 081/187] s4:samdb: Use generate_nonce_buffer() for AEC GCM
|
||||||
|
nonce
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Alexander Bokovoy <ab@samba.org>
|
||||||
|
(cherry picked from commit a3e36dd8f43a5c06969ae158fa54fbc649f44d03)
|
||||||
|
---
|
||||||
|
source4/dsdb/samdb/ldb_modules/encrypted_secrets.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
|
||||||
|
index b2df15c08f4..deaa03cbb35 100644
|
||||||
|
--- a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
|
||||||
|
+++ b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
|
||||||
|
@@ -447,7 +447,7 @@ static struct ldb_val samba_encrypt_aead(int *err,
|
||||||
|
goto error_exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
- generate_random_buffer(iv, AES_GCM_128_IV_SIZE);
|
||||||
|
+ generate_nonce_buffer(iv, AES_GCM_128_IV_SIZE);
|
||||||
|
|
||||||
|
es->iv.length = AES_GCM_128_IV_SIZE;
|
||||||
|
es->iv.data = iv;
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,30 @@
|
|||||||
|
From 8057d84f33d96a3143b1908b47e65e6a89d4f861 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Mon, 12 Aug 2019 18:57:06 +0200
|
||||||
|
Subject: [PATCH 082/187] s3:passdb: Use generate_secret_buffer() for
|
||||||
|
generating passwords
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Alexander Bokovoy <ab@samba.org>
|
||||||
|
(cherry picked from commit 6fa3e4de7c168dc7c869ec9966729a36bda27f57)
|
||||||
|
---
|
||||||
|
source3/passdb/pdb_nds.c | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/source3/passdb/pdb_nds.c b/source3/passdb/pdb_nds.c
|
||||||
|
index 349ea0b6c38..216c9e6b50b 100644
|
||||||
|
--- a/source3/passdb/pdb_nds.c
|
||||||
|
+++ b/source3/passdb/pdb_nds.c
|
||||||
|
@@ -814,7 +814,8 @@ static NTSTATUS pdb_nds_update_login_attempts(struct pdb_methods *methods,
|
||||||
|
got_clear_text_pw = True;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
- generate_random_buffer((unsigned char *)clear_text_pw, 24);
|
||||||
|
+ /* This is a long term key */
|
||||||
|
+ generate_secret_buffer((unsigned char *)clear_text_pw, 24);
|
||||||
|
clear_text_pw[24] = '\0';
|
||||||
|
DEBUG(5,("pdb_nds_update_login_attempts: using random password %s\n", clear_text_pw));
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,33 @@
|
|||||||
|
From 9a257522e3c811853b2b9f0b93992b07ecdad5d9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Mon, 12 Aug 2019 19:07:15 +0200
|
||||||
|
Subject: [PATCH 083/187] auth:ntlmssp: Use generate_random_buffer() for
|
||||||
|
session keys
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Alexander Bokovoy <ab@samba.org>
|
||||||
|
|
||||||
|
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
|
||||||
|
Autobuild-Date(master): Wed Aug 14 16:26:47 UTC 2019 on sn-devel-184
|
||||||
|
|
||||||
|
(cherry picked from commit 9b7825d2d387bcb2515154418a990669ab96358d)
|
||||||
|
---
|
||||||
|
auth/ntlmssp/ntlmssp_client.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
|
||||||
|
index b8d1190466b..2a80feb4fed 100644
|
||||||
|
--- a/auth/ntlmssp/ntlmssp_client.c
|
||||||
|
+++ b/auth/ntlmssp/ntlmssp_client.c
|
||||||
|
@@ -696,7 +696,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
|
||||||
|
.size = session_key.length,
|
||||||
|
};
|
||||||
|
|
||||||
|
- generate_secret_buffer(client_session_key, sizeof(client_session_key));
|
||||||
|
+ generate_random_buffer(client_session_key, sizeof(client_session_key));
|
||||||
|
|
||||||
|
/* Encrypt the new session key with the old one */
|
||||||
|
encrypted_session_key = data_blob_talloc(ntlmssp_state,
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,84 @@
|
|||||||
|
From 40a13974c5279d43fa2e13b8a274ba41ec051533 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Date: Thu, 15 Aug 2019 15:27:30 +1200
|
||||||
|
Subject: [PATCH 084/187] encrypted_secrets: Add known and expected value test
|
||||||
|
|
||||||
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||||
|
(cherry picked from commit 92b9cdf99da1f8657c166d413c5136c8db938a9e)
|
||||||
|
---
|
||||||
|
.../tests/test_encrypted_secrets.c | 51 +++++++++++++++++++
|
||||||
|
1 file changed, 51 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c b/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c
|
||||||
|
index 258e1ba829f..cfea95ae544 100644
|
||||||
|
--- a/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c
|
||||||
|
+++ b/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c
|
||||||
|
@@ -1101,6 +1101,53 @@ static void test_unencrypted_secret(void **state)
|
||||||
|
assert_int_equal(LDB_ERR_OPERATIONS_ERROR, ret);
|
||||||
|
}
|
||||||
|
|
||||||
|
+/*
|
||||||
|
+ * Test full decryption of a static value with static key
|
||||||
|
+ */
|
||||||
|
+static void test_record_decryption(void **state)
|
||||||
|
+{
|
||||||
|
+ struct ldbtest_ctx *test_ctx =
|
||||||
|
+ talloc_get_type_abort(*state, struct ldbtest_ctx);
|
||||||
|
+ unsigned char plain_data[] = {
|
||||||
|
+ 0xe6, 0xa6, 0xb8, 0xff, 0xdf, 0x06, 0x6c, 0xe3,
|
||||||
|
+ 0xea, 0xd0, 0x94, 0xbb, 0x79, 0xbd, 0x0a, 0x24
|
||||||
|
+ };
|
||||||
|
+ unsigned char encrypted_data[] = {
|
||||||
|
+ 0x0c, 0x00, 0x00, 0x00, 0x33, 0x91, 0x74, 0x25,
|
||||||
|
+ 0x26, 0xcc, 0x0b, 0x8c, 0x21, 0xc1, 0x13, 0xe2,
|
||||||
|
+ 0xed, 0xad, 0x5c, 0xca, 0x01, 0x00, 0x00, 0x00,
|
||||||
|
+ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
+ 0x1a, 0xdc, 0xc9, 0x11, 0x08, 0xca, 0x2c, 0xfb,
|
||||||
|
+ 0xc8, 0x32, 0x6b, 0x1b, 0x25, 0x7f, 0x52, 0xbb,
|
||||||
|
+ 0xae, 0x9b, 0x88, 0x52, 0xb0, 0x18, 0x6d, 0x9d,
|
||||||
|
+ 0x9b, 0xdd, 0xcd, 0x1b, 0x5f, 0x4a, 0x5c, 0x29,
|
||||||
|
+ 0xca, 0x0b, 0x36, 0xaa
|
||||||
|
+ };
|
||||||
|
+ struct ldb_val cipher_text
|
||||||
|
+ = data_blob_const(encrypted_data,
|
||||||
|
+ sizeof(encrypted_data));
|
||||||
|
+ unsigned char es_keys_blob[] = {
|
||||||
|
+ 0x1d, 0xae, 0xf5, 0xaa, 0xa3, 0x85, 0x0d, 0x0a,
|
||||||
|
+ 0x8c, 0x24, 0x5c, 0x4c, 0xa7, 0x0f, 0x81, 0x79
|
||||||
|
+ };
|
||||||
|
+ struct es_data data = {
|
||||||
|
+ .encrypt_secrets = true,
|
||||||
|
+ .keys[0] = {
|
||||||
|
+ .data = es_keys_blob,
|
||||||
|
+ .length = sizeof(es_keys_blob),
|
||||||
|
+ },
|
||||||
|
+#ifdef HAVE_GNUTLS_AEAD
|
||||||
|
+ .encryption_algorithm = GNUTLS_CIPHER_AES_128_GCM,
|
||||||
|
+#endif
|
||||||
|
+ };
|
||||||
|
+ int err = LDB_SUCCESS;
|
||||||
|
+ struct ldb_val dec = decrypt_value(&err, test_ctx, test_ctx->ldb, cipher_text,
|
||||||
|
+ &data);
|
||||||
|
+ assert_int_equal(LDB_SUCCESS, err);
|
||||||
|
+ assert_int_equal(sizeof(plain_data), dec.length);
|
||||||
|
+ assert_memory_equal(dec.data, plain_data, sizeof(plain_data));
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
|
||||||
|
int main(void) {
|
||||||
|
const struct CMUnitTest tests[] = {
|
||||||
|
@@ -1166,6 +1213,10 @@ int main(void) {
|
||||||
|
test_unencrypted_secret,
|
||||||
|
setup_with_key,
|
||||||
|
teardown),
|
||||||
|
+ cmocka_unit_test_setup_teardown(
|
||||||
|
+ test_record_decryption,
|
||||||
|
+ setup_with_key,
|
||||||
|
+ teardown),
|
||||||
|
};
|
||||||
|
|
||||||
|
cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,154 @@
|
|||||||
|
From ce7a5f793d0d5983504be61189ec7c57cfbf07d0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Tue, 26 Feb 2019 18:32:34 +0100
|
||||||
|
Subject: [PATCH 085/187] s4:samdb: Remove dual-stack mode from
|
||||||
|
(test_)encrypted_secrets
|
||||||
|
|
||||||
|
Now we either build with GnuTLS or Samba crypto. If a modern GnuTLS
|
||||||
|
version is detected that will be used and Samba crypto wont be
|
||||||
|
available.
|
||||||
|
|
||||||
|
This removes the dual-stack mode that encrypted with one and decrypted
|
||||||
|
with the other in the testsuite.
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
|
||||||
|
Commit message clarified by Andrew Bartlett
|
||||||
|
|
||||||
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 7bf3c5d7640daaf5dc799eaf698618903ec09127)
|
||||||
|
---
|
||||||
|
.../samdb/ldb_modules/encrypted_secrets.c | 16 ++----
|
||||||
|
.../tests/test_encrypted_secrets.c | 49 ++-----------------
|
||||||
|
2 files changed, 10 insertions(+), 55 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
|
||||||
|
index deaa03cbb35..5f8cd8747ea 100644
|
||||||
|
--- a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
|
||||||
|
+++ b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
|
||||||
|
@@ -39,18 +39,12 @@
|
||||||
|
#include "dsdb/samdb/samdb.h"
|
||||||
|
#include "dsdb/samdb/ldb_modules/util.h"
|
||||||
|
|
||||||
|
-#ifdef TEST_ENCRYPTED_SECRETS
|
||||||
|
+/* Build either with GnuTLS crypto or Samba crypto. */
|
||||||
|
+#ifdef HAVE_GNUTLS_AEAD
|
||||||
|
+ #define BUILD_WITH_GNUTLS_AEAD
|
||||||
|
+#else /* !HAVE_GNUTLS_AEAD */
|
||||||
|
#define BUILD_WITH_SAMBA_AES_GCM
|
||||||
|
- #ifdef HAVE_GNUTLS_AEAD
|
||||||
|
- #define BUILD_WITH_GNUTLS_AEAD
|
||||||
|
- #endif
|
||||||
|
-#else
|
||||||
|
- #ifdef HAVE_GNUTLS_AEAD
|
||||||
|
- #define BUILD_WITH_GNUTLS_AEAD
|
||||||
|
- #else
|
||||||
|
- #define BUILD_WITH_SAMBA_AES_GCM
|
||||||
|
- #endif
|
||||||
|
-#endif
|
||||||
|
+#endif /* HAVE_GNUTLS_AEAD */
|
||||||
|
|
||||||
|
#ifdef BUILD_WITH_GNUTLS_AEAD
|
||||||
|
#include <gnutls/gnutls.h>
|
||||||
|
diff --git a/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c b/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c
|
||||||
|
index cfea95ae544..a33781d703d 100644
|
||||||
|
--- a/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c
|
||||||
|
+++ b/source4/dsdb/samdb/ldb_modules/tests/test_encrypted_secrets.c
|
||||||
|
@@ -390,26 +390,6 @@ static void test_gnutls_value_encryption(void **state)
|
||||||
|
&decrypted->cleartext,
|
||||||
|
&plain_text));
|
||||||
|
}
|
||||||
|
-
|
||||||
|
- {
|
||||||
|
- struct PlaintextSecret *decrypted =
|
||||||
|
- talloc_zero(test_ctx, struct PlaintextSecret);
|
||||||
|
- samba_decrypt_aead(
|
||||||
|
- &err,
|
||||||
|
- test_ctx,
|
||||||
|
- test_ctx->ldb,
|
||||||
|
- &es,
|
||||||
|
- decrypted,
|
||||||
|
- data);
|
||||||
|
- assert_int_equal(LDB_SUCCESS, err);
|
||||||
|
- assert_int_equal(
|
||||||
|
- plain_text.length,
|
||||||
|
- decrypted->cleartext.length);
|
||||||
|
- assert_int_equal(0,
|
||||||
|
- data_blob_cmp(
|
||||||
|
- &decrypted->cleartext,
|
||||||
|
- &plain_text));
|
||||||
|
- }
|
||||||
|
}
|
||||||
|
#endif /* HAVE_GNUTLS_AEAD */
|
||||||
|
|
||||||
|
@@ -613,9 +593,11 @@ static void test_gnutls_altered_iv(void **state)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif /* HAVE_GNUTLS_AEAD */
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* Test samba encryption and decryption and decryption.
|
||||||
|
*/
|
||||||
|
+#ifndef HAVE_GNUTLS_AEAD
|
||||||
|
static void test_samba_value_encryption(void **state)
|
||||||
|
{
|
||||||
|
struct ldbtest_ctx *test_ctx =
|
||||||
|
@@ -647,29 +629,6 @@ static void test_samba_value_encryption(void **state)
|
||||||
|
assert_true(NDR_ERR_CODE_IS_SUCCESS(rc));
|
||||||
|
assert_true(check_header(&es));
|
||||||
|
|
||||||
|
-#ifdef HAVE_GNUTLS_AEAD
|
||||||
|
- {
|
||||||
|
- struct PlaintextSecret *decrypted =
|
||||||
|
- talloc_zero(test_ctx, struct PlaintextSecret);
|
||||||
|
- gnutls_decrypt_aead(
|
||||||
|
- &err,
|
||||||
|
- test_ctx,
|
||||||
|
- test_ctx->ldb,
|
||||||
|
- &es,
|
||||||
|
- decrypted,
|
||||||
|
- data);
|
||||||
|
- assert_int_equal(LDB_SUCCESS, err);
|
||||||
|
- assert_int_equal(
|
||||||
|
- plain_text.length,
|
||||||
|
- decrypted->cleartext.length);
|
||||||
|
- assert_int_equal(0,
|
||||||
|
- data_blob_cmp(
|
||||||
|
- &decrypted->cleartext,
|
||||||
|
- &plain_text));
|
||||||
|
- }
|
||||||
|
-#endif /* HAVE_GNUTLS_AEAD */
|
||||||
|
-
|
||||||
|
-
|
||||||
|
{
|
||||||
|
struct PlaintextSecret *decrypted =
|
||||||
|
talloc_zero(test_ctx, struct PlaintextSecret);
|
||||||
|
@@ -886,6 +845,7 @@ static void test_samba_altered_iv(void **state)
|
||||||
|
assert_int_equal(LDB_ERR_OPERATIONS_ERROR, err);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Test message encryption.
|
||||||
|
@@ -1188,7 +1148,7 @@ int main(void) {
|
||||||
|
test_gnutls_altered_iv,
|
||||||
|
setup_with_key,
|
||||||
|
teardown),
|
||||||
|
-#endif /* HAVE_GNUTLS_AEAD */
|
||||||
|
+#else
|
||||||
|
cmocka_unit_test_setup_teardown(
|
||||||
|
test_samba_value_encryption,
|
||||||
|
setup_with_key,
|
||||||
|
@@ -1205,6 +1165,7 @@ int main(void) {
|
||||||
|
test_samba_altered_iv,
|
||||||
|
setup_with_key,
|
||||||
|
teardown),
|
||||||
|
+#endif /* HAVE_GNUTLS_AEAD */
|
||||||
|
cmocka_unit_test_setup_teardown(
|
||||||
|
test_message_encryption_decryption,
|
||||||
|
setup_with_key,
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,30 @@
|
|||||||
|
From 23e2849f8f5b119ebce9cb0aeee098a8c1a388e0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Tue, 26 Feb 2019 18:33:09 +0100
|
||||||
|
Subject: [PATCH 086/187] s4:samdb: Only include necessary header files in
|
||||||
|
encrypted_secrets
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit d46e538d52433f5f30a5696e5b18bc4b82101951)
|
||||||
|
---
|
||||||
|
source4/dsdb/samdb/ldb_modules/encrypted_secrets.c | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
|
||||||
|
index 5f8cd8747ea..e0932858588 100644
|
||||||
|
--- a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
|
||||||
|
+++ b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
|
||||||
|
@@ -52,7 +52,8 @@
|
||||||
|
#endif /* BUILD_WITH_GNUTLS_AEAD */
|
||||||
|
|
||||||
|
#ifdef BUILD_WITH_SAMBA_AES_GCM
|
||||||
|
- #include "lib/crypto/crypto.h"
|
||||||
|
+ #include "lib/crypto/aes.h"
|
||||||
|
+ #include "lib/crypto/aes_gcm_128.h"
|
||||||
|
#endif /* BUILD_WITH_SAMBA_AES_GCM */
|
||||||
|
|
||||||
|
static const char * const secret_attributes[] = {DSDB_SECRET_ATTRIBUTES};
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
29
SOURCES/0087-waf-Check-for-GNUTLS-AES-CFB-support.patch
Normal file
29
SOURCES/0087-waf-Check-for-GNUTLS-AES-CFB-support.patch
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
From ea3711fc1f4459a9654dd237ffbc71a42375629c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Fri, 1 Mar 2019 17:35:02 +0100
|
||||||
|
Subject: [PATCH 087/187] waf: Check for GNUTLS AES CFB support
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 20a42459df4fdd57cdf1807a3d97dc5b1c553476)
|
||||||
|
---
|
||||||
|
wscript_configure_system_gnutls | 6 ++++++
|
||||||
|
1 file changed, 6 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/wscript_configure_system_gnutls b/wscript_configure_system_gnutls
|
||||||
|
index cc9a2b035a2..85824aad4ed 100644
|
||||||
|
--- a/wscript_configure_system_gnutls
|
||||||
|
+++ b/wscript_configure_system_gnutls
|
||||||
|
@@ -36,3 +36,9 @@ if conf.CHECK_FUNCS_IN('gnutls_aead_cipher_init',
|
||||||
|
conf.DEFINE('HAVE_GNUTLS_AEAD', '1')
|
||||||
|
else:
|
||||||
|
Logs.warn('No gnutls support for AEAD encryption')
|
||||||
|
+
|
||||||
|
+if conf.CHECK_VALUEOF('GNUTLS_CIPHER_AES_128_CFB8', headers='gnutls/gnutls.h'):
|
||||||
|
+ conf.DEFINE('HAVE_GNUTLS_AES_CFB8', 1)
|
||||||
|
+ conf.DEFINE('HAVE_GNUTLS_3_4_7', 1)
|
||||||
|
+else:
|
||||||
|
+ Logs.warn('No gnutls support for AES CFB8')
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,35 @@
|
|||||||
|
From 563e6a454706f29171b4bf06473cc40c557b0eed Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Fri, 1 Mar 2019 17:33:01 +0100
|
||||||
|
Subject: [PATCH 088/187] libcli:auth: Use netlogon_creds_aes_encrypt() in
|
||||||
|
netlogon_creds_step_crypt()
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit cd97c47873007bfc502926070a758b520d95abf1)
|
||||||
|
---
|
||||||
|
libcli/auth/credentials.c | 7 ++-----
|
||||||
|
1 file changed, 2 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
|
||||||
|
index 319dacdac0b..3b31d1e0300 100644
|
||||||
|
--- a/libcli/auth/credentials.c
|
||||||
|
+++ b/libcli/auth/credentials.c
|
||||||
|
@@ -35,12 +35,9 @@ static void netlogon_creds_step_crypt(struct netlogon_creds_CredentialState *cre
|
||||||
|
struct netr_Credential *out)
|
||||||
|
{
|
||||||
|
if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
|
||||||
|
- AES_KEY key;
|
||||||
|
- uint8_t iv[AES_BLOCK_SIZE] = {0};
|
||||||
|
+ memcpy(out->data, in->data, sizeof(out->data));
|
||||||
|
|
||||||
|
- AES_set_encrypt_key(creds->session_key, 128, &key);
|
||||||
|
-
|
||||||
|
- aes_cfb8_encrypt(in->data, out->data, 8, &key, iv, AES_ENCRYPT);
|
||||||
|
+ netlogon_creds_aes_encrypt(creds, out->data, sizeof(out->data));
|
||||||
|
} else {
|
||||||
|
des_crypt112(out->data, in->data, creds->session_key, 1);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,69 @@
|
|||||||
|
From efe2ed9aa8d1a1be574149f591015cc063c24fb7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Fri, 1 Mar 2019 17:41:11 +0100
|
||||||
|
Subject: [PATCH 089/187] libcli:auth: Use GnuTLS AES128 CFB for
|
||||||
|
netlogon_creds_aes_encrypt()
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 054efd118d7500e28f118722312aaae0df2749b0)
|
||||||
|
---
|
||||||
|
libcli/auth/credentials.c | 36 ++++++++++++++++++++++++++++++++++++
|
||||||
|
1 file changed, 36 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
|
||||||
|
index 3b31d1e0300..5a1692ef436 100644
|
||||||
|
--- a/libcli/auth/credentials.c
|
||||||
|
+++ b/libcli/auth/credentials.c
|
||||||
|
@@ -295,12 +295,48 @@ NTSTATUS netlogon_creds_arcfour_crypt(struct netlogon_creds_CredentialState *cre
|
||||||
|
*/
|
||||||
|
void netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len)
|
||||||
|
{
|
||||||
|
+#ifdef HAVE_GNUTLS_AES_CFB8
|
||||||
|
+ gnutls_cipher_hd_t cipher_hnd = NULL;
|
||||||
|
+ gnutls_datum_t key = {
|
||||||
|
+ .data = creds->session_key,
|
||||||
|
+ .size = sizeof(creds->session_key),
|
||||||
|
+ };
|
||||||
|
+ uint32_t iv_size =
|
||||||
|
+ gnutls_cipher_get_iv_size(GNUTLS_CIPHER_AES_128_CFB8);
|
||||||
|
+ uint8_t _iv[iv_size];
|
||||||
|
+ gnutls_datum_t iv = {
|
||||||
|
+ .data = _iv,
|
||||||
|
+ .size = iv_size,
|
||||||
|
+ };
|
||||||
|
+ int rc;
|
||||||
|
+
|
||||||
|
+ ZERO_ARRAY(_iv);
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_AES_128_CFB8,
|
||||||
|
+ &key,
|
||||||
|
+ &iv);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ DBG_ERR("ERROR: gnutls_cipher_init: %s\n",
|
||||||
|
+ gnutls_strerror(rc));
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_encrypt(cipher_hnd, data, len);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ DBG_ERR("ERROR: gnutls_cipher_encrypt: %s\n",
|
||||||
|
+ gnutls_strerror(rc));
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+#else /* NOT HAVE_GNUTLS_AES_CFB8 */
|
||||||
|
AES_KEY key;
|
||||||
|
uint8_t iv[AES_BLOCK_SIZE] = {0};
|
||||||
|
|
||||||
|
AES_set_encrypt_key(creds->session_key, 128, &key);
|
||||||
|
|
||||||
|
aes_cfb8_encrypt(data, data, len, &key, iv, AES_ENCRYPT);
|
||||||
|
+#endif /* HAVE_GNUTLS_AES_CFB8 */
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,82 @@
|
|||||||
|
From cd45ceb7c38ef77ad9d6cc42ad8184ebc6829cf7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 29 May 2019 16:38:09 +0200
|
||||||
|
Subject: [PATCH 090/187] libcli:auth: Return NTSTATUS for
|
||||||
|
netlogon_creds_aes_encrypt()
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
|
||||||
|
Adapted by Andrew Bartlett to use gnutls_error_to_ntstatus()
|
||||||
|
|
||||||
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit ded5aad21b54b8783f7390fb2eca483d3861eeff)
|
||||||
|
---
|
||||||
|
libcli/auth/credentials.c | 15 ++++++++-------
|
||||||
|
libcli/auth/proto.h | 4 +++-
|
||||||
|
2 files changed, 11 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
|
||||||
|
index 5a1692ef436..87f8820238e 100644
|
||||||
|
--- a/libcli/auth/credentials.c
|
||||||
|
+++ b/libcli/auth/credentials.c
|
||||||
|
@@ -293,7 +293,9 @@ NTSTATUS netlogon_creds_arcfour_crypt(struct netlogon_creds_CredentialState *cre
|
||||||
|
/*
|
||||||
|
AES encrypt a password buffer using the session key
|
||||||
|
*/
|
||||||
|
-void netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len)
|
||||||
|
+NTSTATUS netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds,
|
||||||
|
+ uint8_t *data,
|
||||||
|
+ size_t len)
|
||||||
|
{
|
||||||
|
#ifdef HAVE_GNUTLS_AES_CFB8
|
||||||
|
gnutls_cipher_hd_t cipher_hnd = NULL;
|
||||||
|
@@ -317,18 +319,15 @@ void netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds, ui
|
||||||
|
&key,
|
||||||
|
&iv);
|
||||||
|
if (rc < 0) {
|
||||||
|
- DBG_ERR("ERROR: gnutls_cipher_init: %s\n",
|
||||||
|
- gnutls_strerror(rc));
|
||||||
|
- return;
|
||||||
|
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = gnutls_cipher_encrypt(cipher_hnd, data, len);
|
||||||
|
gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
if (rc < 0) {
|
||||||
|
- DBG_ERR("ERROR: gnutls_cipher_encrypt: %s\n",
|
||||||
|
- gnutls_strerror(rc));
|
||||||
|
- return;
|
||||||
|
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
#else /* NOT HAVE_GNUTLS_AES_CFB8 */
|
||||||
|
AES_KEY key;
|
||||||
|
uint8_t iv[AES_BLOCK_SIZE] = {0};
|
||||||
|
@@ -337,6 +336,8 @@ void netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds, ui
|
||||||
|
|
||||||
|
aes_cfb8_encrypt(data, data, len, &key, iv, AES_ENCRYPT);
|
||||||
|
#endif /* HAVE_GNUTLS_AES_CFB8 */
|
||||||
|
+
|
||||||
|
+ return NT_STATUS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
|
||||||
|
index 65ee06215dc..639a50425e5 100644
|
||||||
|
--- a/libcli/auth/proto.h
|
||||||
|
+++ b/libcli/auth/proto.h
|
||||||
|
@@ -18,7 +18,9 @@ void netlogon_creds_des_decrypt(struct netlogon_creds_CredentialState *creds, st
|
||||||
|
NTSTATUS netlogon_creds_arcfour_crypt(struct netlogon_creds_CredentialState *creds,
|
||||||
|
uint8_t *data,
|
||||||
|
size_t len);
|
||||||
|
-void netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len);
|
||||||
|
+NTSTATUS netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds,
|
||||||
|
+ uint8_t *data,
|
||||||
|
+ size_t len);
|
||||||
|
void netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len);
|
||||||
|
|
||||||
|
/*****************************************************************
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,84 @@
|
|||||||
|
From 9b5fa6c165e98ddec38bc976bac0cfee62fd0d72 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Mon, 18 Mar 2019 15:13:08 +0100
|
||||||
|
Subject: [PATCH 091/187] libcli:auth: Use GnuTLS AES128 CFB for
|
||||||
|
netlogon_creds_aes_decrypt()
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit a96728586150768957b88a0714b15f13ee9f81af)
|
||||||
|
---
|
||||||
|
libcli/auth/credentials.c | 41 ++++++++++++++++++++++++++++++++++++++-
|
||||||
|
1 file changed, 40 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
|
||||||
|
index 87f8820238e..cfeab6efdcd 100644
|
||||||
|
--- a/libcli/auth/credentials.c
|
||||||
|
+++ b/libcli/auth/credentials.c
|
||||||
|
@@ -22,10 +22,13 @@
|
||||||
|
|
||||||
|
#include "includes.h"
|
||||||
|
#include "system/time.h"
|
||||||
|
-#include "../lib/crypto/crypto.h"
|
||||||
|
#include "libcli/auth/libcli_auth.h"
|
||||||
|
#include "../libcli/security/dom_sid.h"
|
||||||
|
|
||||||
|
+#ifndef HAVE_GNUTLS_AES_CFB8
|
||||||
|
+#include "lib/crypto/aes.h"
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
#include "lib/crypto/gnutls_helpers.h"
|
||||||
|
#include <gnutls/gnutls.h>
|
||||||
|
#include <gnutls/crypto.h>
|
||||||
|
@@ -345,12 +348,48 @@ NTSTATUS netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds
|
||||||
|
*/
|
||||||
|
void netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len)
|
||||||
|
{
|
||||||
|
+#ifdef HAVE_GNUTLS_AES_CFB8
|
||||||
|
+ gnutls_cipher_hd_t cipher_hnd = NULL;
|
||||||
|
+ gnutls_datum_t key = {
|
||||||
|
+ .data = creds->session_key,
|
||||||
|
+ .size = sizeof(creds->session_key),
|
||||||
|
+ };
|
||||||
|
+ uint32_t iv_size =
|
||||||
|
+ gnutls_cipher_get_iv_size(GNUTLS_CIPHER_AES_128_CFB8);
|
||||||
|
+ uint8_t _iv[iv_size];
|
||||||
|
+ gnutls_datum_t iv = {
|
||||||
|
+ .data = _iv,
|
||||||
|
+ .size = iv_size,
|
||||||
|
+ };
|
||||||
|
+ int rc;
|
||||||
|
+
|
||||||
|
+ ZERO_ARRAY(_iv);
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_init(&cipher_hnd,
|
||||||
|
+ GNUTLS_CIPHER_AES_128_CFB8,
|
||||||
|
+ &key,
|
||||||
|
+ &iv);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ DBG_ERR("ERROR: gnutls_cipher_init: %s\n",
|
||||||
|
+ gnutls_strerror(rc));
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ rc = gnutls_cipher_decrypt(cipher_hnd, data, len);
|
||||||
|
+ gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ DBG_ERR("ERROR: gnutls_cipher_decrypt: %s\n",
|
||||||
|
+ gnutls_strerror(rc));
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+#else /* NOT HAVE_GNUTLS_AES_CFB8 */
|
||||||
|
AES_KEY key;
|
||||||
|
uint8_t iv[AES_BLOCK_SIZE] = {0};
|
||||||
|
|
||||||
|
AES_set_encrypt_key(creds->session_key, 128, &key);
|
||||||
|
|
||||||
|
aes_cfb8_encrypt(data, data, len, &key, iv, AES_DECRYPT);
|
||||||
|
+#endif /* HAVE_GNUTLS_AES_CFB8 */
|
||||||
|
}
|
||||||
|
|
||||||
|
/*****************************************************************
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,78 @@
|
|||||||
|
From a5149014cc8a0da7b8c664a465f6108c390d127d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Date: Fri, 16 Aug 2019 12:34:28 +1200
|
||||||
|
Subject: [PATCH 092/187] libcli:auth Return NTSTATUS from
|
||||||
|
netlogon_creds_aes_decrypt()
|
||||||
|
|
||||||
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||||
|
(cherry picked from commit 8ec796f1a1daa444bba06f34a50d2b62ee4a2ef9)
|
||||||
|
---
|
||||||
|
libcli/auth/credentials.c | 15 ++++++++-------
|
||||||
|
libcli/auth/proto.h | 4 +++-
|
||||||
|
2 files changed, 11 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
|
||||||
|
index cfeab6efdcd..955e08b7385 100644
|
||||||
|
--- a/libcli/auth/credentials.c
|
||||||
|
+++ b/libcli/auth/credentials.c
|
||||||
|
@@ -346,7 +346,7 @@ NTSTATUS netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds
|
||||||
|
/*
|
||||||
|
AES decrypt a password buffer using the session key
|
||||||
|
*/
|
||||||
|
-void netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len)
|
||||||
|
+NTSTATUS netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len)
|
||||||
|
{
|
||||||
|
#ifdef HAVE_GNUTLS_AES_CFB8
|
||||||
|
gnutls_cipher_hd_t cipher_hnd = NULL;
|
||||||
|
@@ -370,18 +370,17 @@ void netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, ui
|
||||||
|
&key,
|
||||||
|
&iv);
|
||||||
|
if (rc < 0) {
|
||||||
|
- DBG_ERR("ERROR: gnutls_cipher_init: %s\n",
|
||||||
|
- gnutls_strerror(rc));
|
||||||
|
- return;
|
||||||
|
+ return gnutls_error_to_ntstatus(rc,
|
||||||
|
+ NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = gnutls_cipher_decrypt(cipher_hnd, data, len);
|
||||||
|
gnutls_cipher_deinit(cipher_hnd);
|
||||||
|
if (rc < 0) {
|
||||||
|
- DBG_ERR("ERROR: gnutls_cipher_decrypt: %s\n",
|
||||||
|
- gnutls_strerror(rc));
|
||||||
|
- return;
|
||||||
|
+ return gnutls_error_to_ntstatus(rc,
|
||||||
|
+ NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
#else /* NOT HAVE_GNUTLS_AES_CFB8 */
|
||||||
|
AES_KEY key;
|
||||||
|
uint8_t iv[AES_BLOCK_SIZE] = {0};
|
||||||
|
@@ -390,6 +389,8 @@ void netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, ui
|
||||||
|
|
||||||
|
aes_cfb8_encrypt(data, data, len, &key, iv, AES_DECRYPT);
|
||||||
|
#endif /* HAVE_GNUTLS_AES_CFB8 */
|
||||||
|
+
|
||||||
|
+ return NT_STATUS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*****************************************************************
|
||||||
|
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
|
||||||
|
index 639a50425e5..714652bdb76 100644
|
||||||
|
--- a/libcli/auth/proto.h
|
||||||
|
+++ b/libcli/auth/proto.h
|
||||||
|
@@ -21,7 +21,9 @@ NTSTATUS netlogon_creds_arcfour_crypt(struct netlogon_creds_CredentialState *cre
|
||||||
|
NTSTATUS netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds,
|
||||||
|
uint8_t *data,
|
||||||
|
size_t len);
|
||||||
|
-void netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len);
|
||||||
|
+NTSTATUS netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds,
|
||||||
|
+ uint8_t *data,
|
||||||
|
+ size_t len);
|
||||||
|
|
||||||
|
/*****************************************************************
|
||||||
|
The above functions are common to the client and server interface
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,30 @@
|
|||||||
|
From fb7713126043eaa2bffcf4b73d63fe371781cc1c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Date: Fri, 16 Aug 2019 13:52:36 +1200
|
||||||
|
Subject: [PATCH 093/187] crypto: Update REQUIREMENTS file with new minimum
|
||||||
|
version
|
||||||
|
|
||||||
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||||
|
(cherry picked from commit 5ae119e7e9ddcfb3473e14585ba6079147a307bd)
|
||||||
|
---
|
||||||
|
lib/crypto/REQUIREMENTS | 3 +--
|
||||||
|
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/crypto/REQUIREMENTS b/lib/crypto/REQUIREMENTS
|
||||||
|
index ff91a2f9174..5ebf3ba0e05 100644
|
||||||
|
--- a/lib/crypto/REQUIREMENTS
|
||||||
|
+++ b/lib/crypto/REQUIREMENTS
|
||||||
|
@@ -4,8 +4,7 @@ This list is to allow research into using external crypto libraries.
|
||||||
|
Those possibly supported in the git version of GnuTLS are indicated as '# GNUTLS'
|
||||||
|
Those possibly supported in the git version of nettle are indicated as '# NETTLE'
|
||||||
|
|
||||||
|
-For Samba AD with Heimdal gnutls >= 3.0.0 is required
|
||||||
|
-For Samba AD with MIT kerberos gnutls >= 3.4.7 is required
|
||||||
|
+Samba in general gnutls >= 3.4.7 is required
|
||||||
|
Samba FS with MS Catalog support will require gnutls >= 3.5.6
|
||||||
|
|
||||||
|
GnuTLS Milestone for Samba support:
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,134 @@
|
|||||||
|
From d054df5519b1a25d031f95e098c1f40d59083c3d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Date: Fri, 16 Aug 2019 13:55:49 +1200
|
||||||
|
Subject: [PATCH 094/187] libcli:auth Check NTSTATUS from
|
||||||
|
netlogon_creds_aes_{en,de}crypt()
|
||||||
|
|
||||||
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||||
|
(cherry picked from commit d515b255aa67186ff375af0b465c49722eb56427)
|
||||||
|
---
|
||||||
|
libcli/auth/credentials.c | 76 +++++++++++++++++++++++++++------------
|
||||||
|
1 file changed, 53 insertions(+), 23 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
|
||||||
|
index 955e08b7385..baa436df71b 100644
|
||||||
|
--- a/libcli/auth/credentials.c
|
||||||
|
+++ b/libcli/auth/credentials.c
|
||||||
|
@@ -712,27 +712,36 @@ static NTSTATUS netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_C
|
||||||
|
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
|
||||||
|
if (!all_zero(base->key.key, sizeof(base->key.key))) {
|
||||||
|
if (do_encrypt) {
|
||||||
|
- netlogon_creds_aes_encrypt(creds,
|
||||||
|
- base->key.key,
|
||||||
|
- sizeof(base->key.key));
|
||||||
|
+ status = netlogon_creds_aes_encrypt(
|
||||||
|
+ creds,
|
||||||
|
+ base->key.key,
|
||||||
|
+ sizeof(base->key.key));
|
||||||
|
} else {
|
||||||
|
- netlogon_creds_aes_decrypt(creds,
|
||||||
|
- base->key.key,
|
||||||
|
- sizeof(base->key.key));
|
||||||
|
+ status = netlogon_creds_aes_decrypt(
|
||||||
|
+ creds,
|
||||||
|
+ base->key.key,
|
||||||
|
+ sizeof(base->key.key));
|
||||||
|
+ }
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ return status;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!all_zero(base->LMSessKey.key,
|
||||||
|
sizeof(base->LMSessKey.key))) {
|
||||||
|
if (do_encrypt) {
|
||||||
|
- netlogon_creds_aes_encrypt(creds,
|
||||||
|
- base->LMSessKey.key,
|
||||||
|
- sizeof(base->LMSessKey.key));
|
||||||
|
-
|
||||||
|
+ status = netlogon_creds_aes_encrypt(
|
||||||
|
+ creds,
|
||||||
|
+ base->LMSessKey.key,
|
||||||
|
+ sizeof(base->LMSessKey.key));
|
||||||
|
} else {
|
||||||
|
- netlogon_creds_aes_decrypt(creds,
|
||||||
|
- base->LMSessKey.key,
|
||||||
|
- sizeof(base->LMSessKey.key));
|
||||||
|
+ status = netlogon_creds_aes_decrypt(
|
||||||
|
+ creds,
|
||||||
|
+ base->LMSessKey.key,
|
||||||
|
+ sizeof(base->LMSessKey.key));
|
||||||
|
+ }
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ return status;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
|
||||||
|
@@ -818,18 +827,34 @@ static NTSTATUS netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_Creden
|
||||||
|
h = logon->password->lmpassword.hash;
|
||||||
|
if (!all_zero(h, 16)) {
|
||||||
|
if (do_encrypt) {
|
||||||
|
- netlogon_creds_aes_encrypt(creds, h, 16);
|
||||||
|
+ status = netlogon_creds_aes_encrypt(
|
||||||
|
+ creds,
|
||||||
|
+ h,
|
||||||
|
+ 16);
|
||||||
|
} else {
|
||||||
|
- netlogon_creds_aes_decrypt(creds, h, 16);
|
||||||
|
+ status = netlogon_creds_aes_decrypt(
|
||||||
|
+ creds,
|
||||||
|
+ h,
|
||||||
|
+ 16);
|
||||||
|
+ }
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ return status;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
h = logon->password->ntpassword.hash;
|
||||||
|
if (!all_zero(h, 16)) {
|
||||||
|
if (do_encrypt) {
|
||||||
|
- netlogon_creds_aes_encrypt(creds, h, 16);
|
||||||
|
+ status = netlogon_creds_aes_encrypt(creds,
|
||||||
|
+ h,
|
||||||
|
+ 16);
|
||||||
|
} else {
|
||||||
|
- netlogon_creds_aes_decrypt(creds, h, 16);
|
||||||
|
+ status = netlogon_creds_aes_decrypt(creds,
|
||||||
|
+ h,
|
||||||
|
+ 16);
|
||||||
|
+ }
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ return status;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
|
||||||
|
@@ -887,13 +912,18 @@ static NTSTATUS netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_Creden
|
||||||
|
|
||||||
|
if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
|
||||||
|
if (do_encrypt) {
|
||||||
|
- netlogon_creds_aes_encrypt(creds,
|
||||||
|
- logon->generic->data,
|
||||||
|
- logon->generic->length);
|
||||||
|
+ status = netlogon_creds_aes_encrypt(
|
||||||
|
+ creds,
|
||||||
|
+ logon->generic->data,
|
||||||
|
+ logon->generic->length);
|
||||||
|
} else {
|
||||||
|
- netlogon_creds_aes_decrypt(creds,
|
||||||
|
- logon->generic->data,
|
||||||
|
- logon->generic->length);
|
||||||
|
+ status = netlogon_creds_aes_decrypt(
|
||||||
|
+ creds,
|
||||||
|
+ logon->generic->data,
|
||||||
|
+ logon->generic->length);
|
||||||
|
+ }
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ return status;
|
||||||
|
}
|
||||||
|
} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
|
||||||
|
status = netlogon_creds_arcfour_crypt(creds,
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,41 @@
|
|||||||
|
From ca38586a27089b6bf8769b3701e8fc7ccd5f9215 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Date: Fri, 16 Aug 2019 14:05:38 +1200
|
||||||
|
Subject: [PATCH 095/187] s3-rpc_server: Check NTSTATUS return value from
|
||||||
|
netlogon_creds_aes_decrypt()
|
||||||
|
|
||||||
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||||
|
(cherry picked from commit 2f827bec8ca831fb486c8ebedc6b89b7f1cb99e2)
|
||||||
|
---
|
||||||
|
source3/rpc_server/netlogon/srv_netlog_nt.c | 10 ++++++----
|
||||||
|
1 file changed, 6 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
|
||||||
|
index 08bce367bf0..671300676ff 100644
|
||||||
|
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
|
||||||
|
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
|
||||||
|
@@ -1369,14 +1369,16 @@ NTSTATUS _netr_ServerPasswordSet2(struct pipes_struct *p,
|
||||||
|
SIVAL(password_buf.data, 512, r->in.new_password->length);
|
||||||
|
|
||||||
|
if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
|
||||||
|
- netlogon_creds_aes_decrypt(creds, password_buf.data, 516);
|
||||||
|
+ status = netlogon_creds_aes_decrypt(creds,
|
||||||
|
+ password_buf.data,
|
||||||
|
+ 516);
|
||||||
|
} else {
|
||||||
|
status = netlogon_creds_arcfour_crypt(creds,
|
||||||
|
password_buf.data,
|
||||||
|
516);
|
||||||
|
- if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
- return status;
|
||||||
|
- }
|
||||||
|
+ }
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!decode_pw_buffer(p->mem_ctx,
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,63 @@
|
|||||||
|
From 2558252a6fc918cfe5e9bdfc0d7b98a1324ab61b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Date: Fri, 16 Aug 2019 14:15:45 +1200
|
||||||
|
Subject: [PATCH 096/187] s4-rpc_server: Check NTSTATUS return value from
|
||||||
|
netlogon_creds_aes_decrypt()
|
||||||
|
|
||||||
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||||
|
(cherry picked from commit 1e427f55d71350b25a8a26e94a5cb7895d8efdf6)
|
||||||
|
---
|
||||||
|
source4/rpc_server/netlogon/dcerpc_netlogon.c | 21 ++++++++++++-------
|
||||||
|
1 file changed, 13 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
|
||||||
|
index ac745e32b02..49a075137ff 100644
|
||||||
|
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
|
||||||
|
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
|
||||||
|
@@ -747,14 +747,17 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal
|
||||||
|
SIVAL(password_buf.data, 512, r->in.new_password->length);
|
||||||
|
|
||||||
|
if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
|
||||||
|
- netlogon_creds_aes_decrypt(creds, password_buf.data, 516);
|
||||||
|
+ nt_status = netlogon_creds_aes_decrypt(creds,
|
||||||
|
+ password_buf.data,
|
||||||
|
+ 516);
|
||||||
|
} else {
|
||||||
|
nt_status = netlogon_creds_arcfour_crypt(creds,
|
||||||
|
password_buf.data,
|
||||||
|
516);
|
||||||
|
- if (!NT_STATUS_IS_OK(nt_status)) {
|
||||||
|
- return nt_status;
|
||||||
|
- }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (!NT_STATUS_IS_OK(nt_status)) {
|
||||||
|
+ return nt_status;
|
||||||
|
}
|
||||||
|
|
||||||
|
switch (creds->secure_channel_type) {
|
||||||
|
@@ -2803,14 +2806,16 @@ static NTSTATUS dcesrv_netr_NetrLogonSendToSam(struct dcesrv_call_state *dce_cal
|
||||||
|
|
||||||
|
/* Buffer is meant to be 16-bit aligned */
|
||||||
|
if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
|
||||||
|
- netlogon_creds_aes_decrypt(creds, r->in.opaque_buffer, r->in.buffer_len);
|
||||||
|
+ nt_status = netlogon_creds_aes_decrypt(creds,
|
||||||
|
+ r->in.opaque_buffer,
|
||||||
|
+ r->in.buffer_len);
|
||||||
|
} else {
|
||||||
|
nt_status = netlogon_creds_arcfour_crypt(creds,
|
||||||
|
r->in.opaque_buffer,
|
||||||
|
r->in.buffer_len);
|
||||||
|
- if (!NT_STATUS_IS_OK(nt_status)) {
|
||||||
|
- return nt_status;
|
||||||
|
- }
|
||||||
|
+ }
|
||||||
|
+ if (!NT_STATUS_IS_OK(nt_status)) {
|
||||||
|
+ return nt_status;
|
||||||
|
}
|
||||||
|
|
||||||
|
decrypted_blob.data = r->in.opaque_buffer;
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,148 @@
|
|||||||
|
From 5913cd056fae4d3a147326a30182a2d30bfe7857 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Date: Fri, 16 Aug 2019 14:22:42 +1200
|
||||||
|
Subject: [PATCH 097/187] s3-librpc: Remove unused init_netr_CryptPassword()
|
||||||
|
|
||||||
|
Unused since 38d4dba37406515181e4d6f1a1faffc18e652e27 in 2013
|
||||||
|
|
||||||
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||||
|
(cherry picked from commit 1aa249e7f4a1c4222b4cc79bac64c8b95c89d868)
|
||||||
|
---
|
||||||
|
source3/rpc_client/cli_netlogon.c | 1 -
|
||||||
|
source3/rpc_client/init_netlogon.c | 50 ------------------------------
|
||||||
|
source3/rpc_client/init_netlogon.h | 29 -----------------
|
||||||
|
source3/wscript_build | 5 ---
|
||||||
|
4 files changed, 85 deletions(-)
|
||||||
|
delete mode 100644 source3/rpc_client/init_netlogon.c
|
||||||
|
delete mode 100644 source3/rpc_client/init_netlogon.h
|
||||||
|
|
||||||
|
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
|
||||||
|
index 505a1d015bc..ea9cb757048 100644
|
||||||
|
--- a/source3/rpc_client/cli_netlogon.c
|
||||||
|
+++ b/source3/rpc_client/cli_netlogon.c
|
||||||
|
@@ -30,7 +30,6 @@
|
||||||
|
#include "../librpc/gen_ndr/ndr_netlogon_c.h"
|
||||||
|
#include "../librpc/gen_ndr/schannel.h"
|
||||||
|
#include "rpc_client/cli_netlogon.h"
|
||||||
|
-#include "rpc_client/init_netlogon.h"
|
||||||
|
#include "rpc_client/util_netlogon.h"
|
||||||
|
#include "../libcli/security/security.h"
|
||||||
|
#include "lib/param/param.h"
|
||||||
|
diff --git a/source3/rpc_client/init_netlogon.c b/source3/rpc_client/init_netlogon.c
|
||||||
|
deleted file mode 100644
|
||||||
|
index 26deaba8065..00000000000
|
||||||
|
--- a/source3/rpc_client/init_netlogon.c
|
||||||
|
+++ /dev/null
|
||||||
|
@@ -1,50 +0,0 @@
|
||||||
|
-/*
|
||||||
|
- * Unix SMB/CIFS implementation.
|
||||||
|
- * RPC Pipe client / server routines
|
||||||
|
- * Copyright (C) Guenther Deschner 2008,2012
|
||||||
|
- *
|
||||||
|
- * This program is free software; you can redistribute it and/or modify
|
||||||
|
- * it under the terms of the GNU General Public License as published by
|
||||||
|
- * the Free Software Foundation; either version 3 of the License, or
|
||||||
|
- * (at your option) any later version.
|
||||||
|
- *
|
||||||
|
- * This program is distributed in the hope that it will be useful,
|
||||||
|
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
- * GNU General Public License for more details.
|
||||||
|
- *
|
||||||
|
- * You should have received a copy of the GNU General Public License
|
||||||
|
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||||
|
- */
|
||||||
|
-
|
||||||
|
-#include "includes.h"
|
||||||
|
-#include "../libcli/auth/libcli_auth.h"
|
||||||
|
-#include "../lib/crypto/crypto.h"
|
||||||
|
-#include "rpc_client/init_netlogon.h"
|
||||||
|
-
|
||||||
|
-/*************************************************************************
|
||||||
|
- inits a netr_CryptPassword structure
|
||||||
|
- *************************************************************************/
|
||||||
|
-
|
||||||
|
-void init_netr_CryptPassword(const char *pwd,
|
||||||
|
- struct netlogon_creds_CredentialState *creds,
|
||||||
|
- struct netr_CryptPassword *pwd_buf)
|
||||||
|
-{
|
||||||
|
- struct samr_CryptPassword password_buf;
|
||||||
|
- NTSTATUS status;
|
||||||
|
-
|
||||||
|
- encode_pw_buffer(password_buf.data, pwd, STR_UNICODE);
|
||||||
|
-
|
||||||
|
- if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
|
||||||
|
- netlogon_creds_aes_encrypt(creds, password_buf.data, 516);
|
||||||
|
- } else {
|
||||||
|
- status = netlogon_creds_arcfour_crypt(creds,
|
||||||
|
- password_buf.data,
|
||||||
|
- 516);
|
||||||
|
- if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
- return;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- memcpy(pwd_buf->data, password_buf.data, 512);
|
||||||
|
- pwd_buf->length = IVAL(password_buf.data, 512);
|
||||||
|
-}
|
||||||
|
diff --git a/source3/rpc_client/init_netlogon.h b/source3/rpc_client/init_netlogon.h
|
||||||
|
deleted file mode 100644
|
||||||
|
index bb4496b4cd9..00000000000
|
||||||
|
--- a/source3/rpc_client/init_netlogon.h
|
||||||
|
+++ /dev/null
|
||||||
|
@@ -1,29 +0,0 @@
|
||||||
|
-/*
|
||||||
|
- * Unix SMB/CIFS implementation.
|
||||||
|
- * RPC Pipe client / server routines
|
||||||
|
- * Copyright (C) Guenther Deschner 2008.
|
||||||
|
- *
|
||||||
|
- * This program is free software; you can redistribute it and/or modify
|
||||||
|
- * it under the terms of the GNU General Public License as published by
|
||||||
|
- * the Free Software Foundation; either version 3 of the License, or
|
||||||
|
- * (at your option) any later version.
|
||||||
|
- *
|
||||||
|
- * This program is distributed in the hope that it will be useful,
|
||||||
|
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
- * GNU General Public License for more details.
|
||||||
|
- *
|
||||||
|
- * You should have received a copy of the GNU General Public License
|
||||||
|
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||||
|
- */
|
||||||
|
-
|
||||||
|
-#ifndef _RPC_CLIENT_INIT_NETLOGON_H_
|
||||||
|
-#define _RPC_CLIENT_INIT_NETLOGON_H_
|
||||||
|
-
|
||||||
|
-/* The following definitions come from rpc_client/init_netlogon.c */
|
||||||
|
-
|
||||||
|
-void init_netr_CryptPassword(const char *pwd,
|
||||||
|
- struct netlogon_creds_CredentialState *creds,
|
||||||
|
- struct netr_CryptPassword *pwd_buf);
|
||||||
|
-
|
||||||
|
-#endif /* _RPC_CLIENT_INIT_NETLOGON_H_ */
|
||||||
|
diff --git a/source3/wscript_build b/source3/wscript_build
|
||||||
|
index b73f6dc0664..ce3fa362bc2 100644
|
||||||
|
--- a/source3/wscript_build
|
||||||
|
+++ b/source3/wscript_build
|
||||||
|
@@ -1024,7 +1024,6 @@ bld.SAMBA3_LIBRARY('libcli_netlogon3',
|
||||||
|
deps='''
|
||||||
|
msrpc3
|
||||||
|
RPC_NDR_NETLOGON
|
||||||
|
- INIT_NETLOGON
|
||||||
|
cliauth
|
||||||
|
smbconf
|
||||||
|
NETLOGON_CREDS_CLI''',
|
||||||
|
@@ -1057,10 +1056,6 @@ bld.SAMBA3_SUBSYSTEM('INIT_LSA',
|
||||||
|
source='rpc_client/init_lsa.c',
|
||||||
|
deps='samba-util')
|
||||||
|
|
||||||
|
-bld.SAMBA3_SUBSYSTEM('INIT_NETLOGON',
|
||||||
|
- source='rpc_client/init_netlogon.c',
|
||||||
|
- deps='samba-util')
|
||||||
|
-
|
||||||
|
bld.SAMBA3_SUBSYSTEM('INIT_SAMR',
|
||||||
|
source='rpc_client/init_samr.c',
|
||||||
|
deps='samba-util GNUTLS_HELPERS')
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -0,0 +1,47 @@
|
|||||||
|
From cef95d8835a04065b9c7422a637f60efdb9a93fe Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Date: Fri, 16 Aug 2019 14:29:45 +1200
|
||||||
|
Subject: [PATCH 098/187] auth/credentials: Check NTSTATUS return from
|
||||||
|
netlogon_creds_aes_encrypt()
|
||||||
|
|
||||||
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||||
|
(cherry picked from commit fefd95091cc52f5e2655fa392312a8b1fa1d35fd)
|
||||||
|
---
|
||||||
|
auth/credentials/credentials.c | 14 +++++++-------
|
||||||
|
1 file changed, 7 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
|
||||||
|
index 5ebec483705..81f9dbb9eb3 100644
|
||||||
|
--- a/auth/credentials/credentials.c
|
||||||
|
+++ b/auth/credentials/credentials.c
|
||||||
|
@@ -1333,19 +1333,19 @@ _PUBLIC_ NTSTATUS netlogon_creds_session_encrypt(
|
||||||
|
return NT_STATUS_INVALID_PARAMETER;
|
||||||
|
}
|
||||||
|
if (state->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
|
||||||
|
- netlogon_creds_aes_encrypt(state,
|
||||||
|
- data.data,
|
||||||
|
- data.length);
|
||||||
|
+ status = netlogon_creds_aes_encrypt(state,
|
||||||
|
+ data.data,
|
||||||
|
+ data.length);
|
||||||
|
} else if (state->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
|
||||||
|
status = netlogon_creds_arcfour_crypt(state,
|
||||||
|
data.data,
|
||||||
|
data.length);
|
||||||
|
- if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
- return status;
|
||||||
|
- }
|
||||||
|
} else {
|
||||||
|
DBG_ERR("Unsupported encryption option negotiated");
|
||||||
|
- return NT_STATUS_NOT_SUPPORTED;
|
||||||
|
+ status = NT_STATUS_NOT_SUPPORTED;
|
||||||
|
+ }
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ return status;
|
||||||
|
}
|
||||||
|
return NT_STATUS_OK;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user