rpms/samba
7
0
Fork 0
Code Issues Pull Requests Releases Activity
6975dbb9a1
samba/SOURCES/0014-libcli-auth-Use-samba_gnutls_arcfour_confounded_md5-.patch
CentOS Sources 6975dbb9a1 import samba-4.11.2-7.el8
2021-10-08 16:37:00 +00:00

74 lines
2.2 KiB
Diff
Raw Blame History

From 15ca4ae322f88f797c571ad7801a9e44a6262d73 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 5 Jul 2019 10:09:32 +0200
Subject: [PATCH 014/187] libcli:auth: Use
samba_gnutls_arcfour_confounded_md5() for rc4 passwd buffer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit dea160820a393be51985a4e761a3f73da83972e7)
---
libcli/auth/smbencrypt.c | 39 +++++++++------------------------------
1 file changed, 9 insertions(+), 30 deletions(-)
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index ae97f3cc93e..17c1e1f69ff 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -846,41 +846,20 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,
NTSTATUS encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532],
const DATA_BLOB *psession_key)
{
- gnutls_hash_hd_t hash_hnd = NULL;
- unsigned char key_out[16];
- NTSTATUS status;
- int rc;
-
/* Confounder is last 16 bytes. */
+ DATA_BLOB confounder = data_blob_const(&pw_buf[516], 16);
+ DATA_BLOB pw_data = data_blob_const(pw_buf, 516);
+ int rc;
- rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
+ rc = samba_gnutls_arcfour_confounded_md5(&confounder,
+ psession_key,
+ &pw_data,
+ SAMBA_GNUTLS_DECRYPT);
if (rc < 0) {
- status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
- goto out;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
}
- rc = gnutls_hash(hash_hnd, &pw_buf[516], 16);
- if (rc < 0) {
- gnutls_hash_deinit(hash_hnd, NULL);
- status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
- goto out;
- }
- rc = gnutls_hash(hash_hnd, psession_key->data, psession_key->length);
- if (rc < 0) {
- gnutls_hash_deinit(hash_hnd, NULL);
- status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
- goto out;
- }
- gnutls_hash_deinit(hash_hnd, key_out);
-
- /* arc4 with key_out. */
- arcfour_crypt(pw_buf, key_out, 516);
-
- ZERO_ARRAY(key_out);
-
- status = NT_STATUS_OK;
-out:
- return status;
+ return NT_STATUS_OK;
}
/***********************************************************
--
2.23.0
Reference in New Issue View Git Blame Copy Permalink