77 lines
2.6 KiB
Diff
77 lines
2.6 KiB
Diff
From e81c7a540896c9a3fed8d6a8b080f76c83d70369 Mon Sep 17 00:00:00 2001
|
|
From: Andrew Bartlett <abartlet@samba.org>
|
|
Date: Thu, 25 Jul 2019 12:50:57 +1200
|
|
Subject: [PATCH 036/187] s4:rpc_server: Use
|
|
samba_gnutls_arcfour_confounded_md5() in samr_set_password_ex()
|
|
|
|
This allows the use of GnuTLS for the underlying RC4 crypto operations.
|
|
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
(cherry picked from commit 9363abfb5fcfeff30295ce0cf94c18941a6c4e9f)
|
|
---
|
|
source4/rpc_server/samr/samr_password.c | 34 ++++++-------------------
|
|
1 file changed, 8 insertions(+), 26 deletions(-)
|
|
|
|
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
|
|
index 7c441f38ce2..fde0de2c3cc 100644
|
|
--- a/source4/rpc_server/samr/samr_password.c
|
|
+++ b/source4/rpc_server/samr/samr_password.c
|
|
@@ -586,9 +586,11 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
|
|
{
|
|
NTSTATUS nt_status;
|
|
DATA_BLOB new_password;
|
|
- DATA_BLOB co_session_key;
|
|
+
|
|
+ /* The confounder is in the last 16 bytes of the buffer */
|
|
+ DATA_BLOB confounder = data_blob_const(&pwbuf->data[516], 16);
|
|
+ DATA_BLOB pw_data = data_blob_const(pwbuf->data, 516);
|
|
DATA_BLOB session_key = data_blob(NULL, 0);
|
|
- gnutls_hash_hd_t hash_hnd = NULL;
|
|
int rc;
|
|
|
|
nt_status = dcesrv_transport_session_key(dce_call, &session_key);
|
|
@@ -599,35 +601,15 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
|
|
return NT_STATUS_WRONG_PASSWORD;
|
|
}
|
|
|
|
- co_session_key = data_blob_talloc(mem_ctx, NULL, 16);
|
|
- if (!co_session_key.data) {
|
|
- return NT_STATUS_NO_MEMORY;
|
|
- }
|
|
-
|
|
- rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
|
|
+ rc = samba_gnutls_arcfour_confounded_md5(&confounder,
|
|
+ &session_key,
|
|
+ &pw_data,
|
|
+ SAMBA_GNUTLS_DECRYPT);
|
|
if (rc < 0) {
|
|
nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
|
goto out;
|
|
}
|
|
|
|
- rc = gnutls_hash(hash_hnd, &pwbuf->data[516], 16);
|
|
- if (rc < 0) {
|
|
- gnutls_hash_deinit(hash_hnd, NULL);
|
|
- nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
|
- goto out;
|
|
- }
|
|
- rc = gnutls_hash(hash_hnd, session_key.data, session_key.length);
|
|
- if (rc < 0) {
|
|
- gnutls_hash_deinit(hash_hnd, NULL);
|
|
- nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
|
- goto out;
|
|
- }
|
|
- gnutls_hash_deinit(hash_hnd, co_session_key.data);
|
|
-
|
|
- arcfour_crypt_blob(pwbuf->data, 516, &co_session_key);
|
|
- ZERO_ARRAY_LEN(co_session_key.data,
|
|
- co_session_key.length);
|
|
-
|
|
if (!extract_pw_from_buffer(mem_ctx, pwbuf->data, &new_password)) {
|
|
DEBUG(3,("samr: failed to decode password buffer\n"));
|
|
nt_status = NT_STATUS_WRONG_PASSWORD;
|
|
--
|
|
2.23.0
|
|
|