77 lines
2.3 KiB
Diff
77 lines
2.3 KiB
Diff
From c7e79b33a10a8e393df78fd7adf60a5a3dbebcc6 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Tue, 15 Jan 2019 18:14:17 +0100
|
|
Subject: [PATCH 031/187] s3:libsmb: Use GnuTLS RC4 in clirap
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit 0947d8388def40b01b322d0deee4dba386983410)
|
|
---
|
|
source3/libsmb/clirap.c | 27 +++++++++++++++++++++++++--
|
|
1 file changed, 25 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c
|
|
index b4b40ebdab4..c0b9dcdff39 100644
|
|
--- a/source3/libsmb/clirap.c
|
|
+++ b/source3/libsmb/clirap.c
|
|
@@ -22,7 +22,6 @@
|
|
#include "includes.h"
|
|
#include "../libcli/auth/libcli_auth.h"
|
|
#include "../librpc/gen_ndr/rap.h"
|
|
-#include "../lib/crypto/arcfour.h"
|
|
#include "../lib/util/tevent_ntstatus.h"
|
|
#include "async_smb.h"
|
|
#include "libsmb/libsmb.h"
|
|
@@ -31,6 +30,9 @@
|
|
#include "../libcli/smb/smbXcli_base.h"
|
|
#include "cli_smb2_fnum.h"
|
|
|
|
+#include <gnutls/gnutls.h>
|
|
+#include <gnutls/crypto.h>
|
|
+
|
|
#define PIPE_LANMAN "\\PIPE\\LANMAN"
|
|
|
|
/****************************************************************************
|
|
@@ -508,6 +510,12 @@ bool cli_oem_change_password(struct cli_state *cli, const char *user, const char
|
|
char *rparam = NULL;
|
|
char *rdata = NULL;
|
|
unsigned int rprcnt, rdrcnt;
|
|
+ gnutls_cipher_hd_t cipher_hnd = NULL;
|
|
+ gnutls_datum_t old_pw_key = {
|
|
+ .data = old_pw_hash,
|
|
+ .size = sizeof(old_pw_hash),
|
|
+ };
|
|
+ int rc;
|
|
|
|
if (strlen(user) >= sizeof(fstring)-1) {
|
|
DEBUG(0,("cli_oem_change_password: user name %s is too long.\n", user));
|
|
@@ -539,7 +547,22 @@ bool cli_oem_change_password(struct cli_state *cli, const char *user, const char
|
|
DEBUG(100,("make_oem_passwd_hash\n"));
|
|
dump_data(100, data, 516);
|
|
#endif
|
|
- arcfour_crypt( (unsigned char *)data, (unsigned char *)old_pw_hash, 516);
|
|
+ rc = gnutls_cipher_init(&cipher_hnd,
|
|
+ GNUTLS_CIPHER_ARCFOUR_128,
|
|
+ &old_pw_key,
|
|
+ NULL);
|
|
+ if (rc < 0) {
|
|
+ DBG_ERR("gnutls_cipher_init failed: %s\n",
|
|
+ gnutls_strerror(rc));
|
|
+ return false;
|
|
+ }
|
|
+ rc = gnutls_cipher_encrypt(cipher_hnd,
|
|
+ data,
|
|
+ 516);
|
|
+ gnutls_cipher_deinit(cipher_hnd);
|
|
+ if (rc < 0) {
|
|
+ return false;
|
|
+ }
|
|
|
|
/*
|
|
* Now place the old password hash in the data.
|
|
--
|
|
2.23.0
|
|
|