95 lines
3.2 KiB
Diff
95 lines
3.2 KiB
Diff
From 760fc5d0b41a6c12c79f19ec2834925cbd651b80 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Wed, 13 Nov 2019 10:13:53 +0100
|
|
Subject: [PATCH 154/187] libcli:auth: Check return code of
|
|
netlogon_creds_step_crypt()
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit 32e75bb4cca994af80bb8440009446e4a0ff5d40)
|
|
---
|
|
libcli/auth/credentials.c | 36 +++++++++++++++++++++++++++++-------
|
|
1 file changed, 29 insertions(+), 7 deletions(-)
|
|
|
|
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
|
|
index 3dd50a11bce..c78f2012bf2 100644
|
|
--- a/libcli/auth/credentials.c
|
|
+++ b/libcli/auth/credentials.c
|
|
@@ -33,9 +33,9 @@
|
|
#include <gnutls/gnutls.h>
|
|
#include <gnutls/crypto.h>
|
|
|
|
-static void netlogon_creds_step_crypt(struct netlogon_creds_CredentialState *creds,
|
|
- const struct netr_Credential *in,
|
|
- struct netr_Credential *out)
|
|
+static NTSTATUS netlogon_creds_step_crypt(struct netlogon_creds_CredentialState *creds,
|
|
+ const struct netr_Credential *in,
|
|
+ struct netr_Credential *out)
|
|
{
|
|
if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
|
|
memcpy(out->data, in->data, sizeof(out->data));
|
|
@@ -44,6 +44,8 @@ static void netlogon_creds_step_crypt(struct netlogon_creds_CredentialState *cre
|
|
} else {
|
|
des_crypt112(out->data, in->data, creds->session_key, 1);
|
|
}
|
|
+
|
|
+ return NT_STATUS_OK;
|
|
}
|
|
|
|
/*
|
|
@@ -178,9 +180,21 @@ static NTSTATUS netlogon_creds_first_step(struct netlogon_creds_CredentialState
|
|
const struct netr_Credential *client_challenge,
|
|
const struct netr_Credential *server_challenge)
|
|
{
|
|
- netlogon_creds_step_crypt(creds, client_challenge, &creds->client);
|
|
+ NTSTATUS status;
|
|
|
|
- netlogon_creds_step_crypt(creds, server_challenge, &creds->server);
|
|
+ status = netlogon_creds_step_crypt(creds,
|
|
+ client_challenge,
|
|
+ &creds->client);
|
|
+ if (!NT_STATUS_IS_OK(status)) {
|
|
+ return status;
|
|
+ }
|
|
+
|
|
+ status = netlogon_creds_step_crypt(creds,
|
|
+ server_challenge,
|
|
+ &creds->server);
|
|
+ if (!NT_STATUS_IS_OK(status)) {
|
|
+ return status;
|
|
+ }
|
|
|
|
creds->seed = creds->client;
|
|
|
|
@@ -204,7 +218,12 @@ static NTSTATUS netlogon_creds_step(struct netlogon_creds_CredentialState *creds
|
|
|
|
DEBUG(5,("\tseed+time %08x:%08x\n", IVAL(time_cred.data, 0), IVAL(time_cred.data, 4)));
|
|
|
|
- netlogon_creds_step_crypt(creds, &time_cred, &creds->client);
|
|
+ status = netlogon_creds_step_crypt(creds,
|
|
+ &time_cred,
|
|
+ &creds->client);
|
|
+ if (!NT_STATUS_IS_OK(status)) {
|
|
+ return status;
|
|
+ }
|
|
|
|
DEBUG(5,("\tCLIENT %08x:%08x\n",
|
|
IVAL(creds->client.data, 0), IVAL(creds->client.data, 4)));
|
|
@@ -215,7 +234,10 @@ static NTSTATUS netlogon_creds_step(struct netlogon_creds_CredentialState *creds
|
|
DEBUG(5,("\tseed+time+1 %08x:%08x\n",
|
|
IVAL(time_cred.data, 0), IVAL(time_cred.data, 4)));
|
|
|
|
- netlogon_creds_step_crypt(creds, &time_cred, &creds->server);
|
|
+ status = netlogon_creds_step_crypt(creds, &time_cred, &creds->server);
|
|
+ if (!NT_STATUS_IS_OK(status)) {
|
|
+ return status;
|
|
+ }
|
|
|
|
DEBUG(5,("\tSERVER %08x:%08x\n",
|
|
IVAL(creds->server.data, 0), IVAL(creds->server.data, 4)));
|
|
--
|
|
2.23.0
|
|
|