46 lines
1.5 KiB
Diff
46 lines
1.5 KiB
Diff
From 00351ef5dd8fb5ab1d036850a99d7dee07dadca1 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Fri, 15 Nov 2019 13:49:40 +0100
|
|
Subject: [PATCH 200/208] s4:rpc_server: Allow to use RC4 for setting passwords
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
---
|
|
source4/rpc_server/samr/samr_password.c | 7 +++++++
|
|
1 file changed, 7 insertions(+)
|
|
|
|
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
|
|
index fba236ebdd7..e5e339842b1 100644
|
|
--- a/source4/rpc_server/samr/samr_password.c
|
|
+++ b/source4/rpc_server/samr/samr_password.c
|
|
@@ -618,6 +618,11 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
|
|
.size = session_key.length,
|
|
};
|
|
|
|
+ /*
|
|
+ * This is safe to support as we only have a session key
|
|
+ * over a SMB connection which we force to be encrypted.
|
|
+ */
|
|
+ GNUTLS_FIPS140_SET_LAX_MODE();
|
|
rc = gnutls_cipher_init(&cipher_hnd,
|
|
GNUTLS_CIPHER_ARCFOUR_128,
|
|
&_session_key,
|
|
@@ -635,6 +640,7 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
|
|
nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
|
goto out;
|
|
}
|
|
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
|
|
|
if (!extract_pw_from_buffer(mem_ctx, pwbuf->data, &new_password)) {
|
|
DEBUG(3,("samr: failed to decode password buffer\n"));
|
|
@@ -655,6 +661,7 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
|
|
NULL,
|
|
NULL);
|
|
out:
|
|
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
|
return nt_status;
|
|
}
|
|
|
|
--
|
|
2.23.0
|
|
|