From a3d360ba0c46c077643559b4eee9df632080ef1a Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Thu, 7 Nov 2019 12:53:52 +0100 Subject: [PATCH 175/187] netlogon_creds_des_encrypt/decrypt_LMKey: use gnutls and return NTSTATUS Signed-off-by: Isaac Boukris Reviewed-by: Andrew Bartlett (cherry picked from commit 38189f76d8b958fff8a6351f3fb21f6ed04b76da) --- libcli/auth/credentials.c | 36 +++++++++++++++++++++++++++--------- libcli/auth/proto.h | 6 ++++-- 2 files changed, 31 insertions(+), 11 deletions(-) diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index f1088a1d8e0..d9237f3875b 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -253,25 +253,40 @@ static NTSTATUS netlogon_creds_step(struct netlogon_creds_CredentialState *creds return NT_STATUS_OK; } - /* DES encrypt a 8 byte LMSessionKey buffer using the Netlogon session key */ -void netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key) +NTSTATUS netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds, + struct netr_LMSessionKey *key) { + int rc; struct netr_LMSessionKey tmp; - des_crypt56(tmp.key, key->key, creds->session_key, 1); + + rc = des_crypt56_gnutls(tmp.key, key->key, creds->session_key, SAMBA_GNUTLS_ENCRYPT); + if (rc < 0) { + return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER); + } *key = tmp; + + return NT_STATUS_OK; } /* DES decrypt a 8 byte LMSessionKey buffer using the Netlogon session key */ -void netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key) +NTSTATUS netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds, + struct netr_LMSessionKey *key) { + int rc; struct netr_LMSessionKey tmp; - des_crypt56(tmp.key, key->key, creds->session_key, 0); + + rc = des_crypt56_gnutls(tmp.key, key->key, creds->session_key, SAMBA_GNUTLS_DECRYPT); + if (rc < 0) { + return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER); + } *key = tmp; + + return NT_STATUS_OK; } /* @@ -849,11 +864,14 @@ static NTSTATUS netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_C if (!all_zero(base->LMSessKey.key, sizeof(base->LMSessKey.key))) { if (do_encrypt) { - netlogon_creds_des_encrypt_LMKey(creds, - &base->LMSessKey); + status = netlogon_creds_des_encrypt_LMKey(creds, + &base->LMSessKey); } else { - netlogon_creds_des_decrypt_LMKey(creds, - &base->LMSessKey); + status = netlogon_creds_des_decrypt_LMKey(creds, + &base->LMSessKey); + } + if (!NT_STATUS_IS_OK(status)) { + return status; } } } diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h index e7c9923abf3..4a817e210b2 100644 --- a/libcli/auth/proto.h +++ b/libcli/auth/proto.h @@ -13,8 +13,10 @@ /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/credentials.c */ -void netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key); -void netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key); +NTSTATUS netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds, + struct netr_LMSessionKey *key); +NTSTATUS netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds, + struct netr_LMSessionKey *key); void netlogon_creds_des_encrypt(struct netlogon_creds_CredentialState *creds, struct samr_Password *pass); void netlogon_creds_des_decrypt(struct netlogon_creds_CredentialState *creds, struct samr_Password *pass); NTSTATUS netlogon_creds_arcfour_crypt(struct netlogon_creds_CredentialState *creds, -- 2.23.0