98 lines
3.2 KiB
Diff
98 lines
3.2 KiB
Diff
From ca20c23eb8c468d96f7e302ab32362d61adb4d8f Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Wed, 13 Nov 2019 12:48:18 +0100
|
|
Subject: [PATCH 141/187] libcli:auth: Return NTSTATUS for SMBOWFencrypt_ntv2()
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit dc75a5f27eb32caf2f2adc289bc82fb0f8042cb3)
|
|
---
|
|
libcli/auth/proto.h | 8 ++++----
|
|
libcli/auth/smbencrypt.c | 25 +++++++++++++++----------
|
|
2 files changed, 19 insertions(+), 14 deletions(-)
|
|
|
|
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
|
|
index 4c20783124b..52a33d8d457 100644
|
|
--- a/libcli/auth/proto.h
|
|
+++ b/libcli/auth/proto.h
|
|
@@ -135,10 +135,10 @@ bool ntv2_owf_gen(const uint8_t owf[16],
|
|
void SMBOWFencrypt(const uint8_t passwd[16], const uint8_t *c8, uint8_t p24[24]);
|
|
void SMBNTencrypt_hash(const uint8_t nt_hash[16], const uint8_t *c8, uint8_t *p24);
|
|
void SMBNTencrypt(const char *passwd, const uint8_t *c8, uint8_t *p24);
|
|
-void SMBOWFencrypt_ntv2(const uint8_t kr[16],
|
|
- const DATA_BLOB *srv_chal,
|
|
- const DATA_BLOB *smbcli_chal,
|
|
- uint8_t resp_buf[16]);
|
|
+NTSTATUS SMBOWFencrypt_ntv2(const uint8_t kr[16],
|
|
+ const DATA_BLOB *srv_chal,
|
|
+ const DATA_BLOB *smbcli_chal,
|
|
+ uint8_t resp_buf[16]);
|
|
NTSTATUS SMBsesskeygen_ntv2(const uint8_t kr[16],
|
|
const uint8_t *nt_resp,
|
|
uint8_t sess_key[16]);
|
|
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
|
|
index 1412274dd21..e7ed0630cdc 100644
|
|
--- a/libcli/auth/smbencrypt.c
|
|
+++ b/libcli/auth/smbencrypt.c
|
|
@@ -334,12 +334,13 @@ void SMBNTencrypt(const char *passwd, const uint8_t *c8, uint8_t *p24)
|
|
|
|
|
|
/* Does the md5 encryption from the Key Response for NTLMv2. */
|
|
-void SMBOWFencrypt_ntv2(const uint8_t kr[16],
|
|
- const DATA_BLOB *srv_chal,
|
|
- const DATA_BLOB *smbcli_chal,
|
|
- uint8_t resp_buf[16])
|
|
+NTSTATUS SMBOWFencrypt_ntv2(const uint8_t kr[16],
|
|
+ const DATA_BLOB *srv_chal,
|
|
+ const DATA_BLOB *smbcli_chal,
|
|
+ uint8_t resp_buf[16])
|
|
{
|
|
gnutls_hmac_hd_t hmac_hnd = NULL;
|
|
+ NTSTATUS status;
|
|
int rc;
|
|
|
|
rc = gnutls_hmac_init(&hmac_hnd,
|
|
@@ -347,27 +348,31 @@ void SMBOWFencrypt_ntv2(const uint8_t kr[16],
|
|
kr,
|
|
16);
|
|
if (rc < 0) {
|
|
- return;
|
|
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
|
|
}
|
|
|
|
rc = gnutls_hmac(hmac_hnd, srv_chal->data, srv_chal->length);
|
|
if (rc < 0) {
|
|
- return;
|
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
|
|
+ goto out;
|
|
}
|
|
rc = gnutls_hmac(hmac_hnd, smbcli_chal->data, smbcli_chal->length);
|
|
if (rc < 0) {
|
|
- gnutls_hmac_deinit(hmac_hnd, NULL);
|
|
- return;
|
|
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
|
|
+ goto out;
|
|
}
|
|
|
|
- gnutls_hmac_deinit(hmac_hnd, resp_buf);
|
|
-
|
|
#ifdef DEBUG_PASSWORD
|
|
DEBUG(100, ("SMBOWFencrypt_ntv2: srv_chal, smbcli_chal, resp_buf\n"));
|
|
dump_data(100, srv_chal->data, srv_chal->length);
|
|
dump_data(100, smbcli_chal->data, smbcli_chal->length);
|
|
dump_data(100, resp_buf, 16);
|
|
#endif
|
|
+
|
|
+ status = NT_STATUS_OK;
|
|
+out:
|
|
+ gnutls_hmac_deinit(hmac_hnd, resp_buf);
|
|
+ return status;
|
|
}
|
|
|
|
NTSTATUS SMBsesskeygen_ntv2(const uint8_t kr[16],
|
|
--
|
|
2.23.0
|
|
|