sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code

libcli:auth: Check return codes of SMBsesskeygen_ntv2()

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andreas Schneider 2019-11-13 12:45:04 +01:00 committed by Andreas Schneider
parent 045b9eb3f0
commit 0914824684
2 changed files with 28 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
libcli/auth/ntlm_check.c
View File

@ -142,8 +142,15 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx,
data_blob_clear_free(&client_key_data);
if (memcmp(value_from_encryption, ntv2_response->data, 16) == 0) {
if (user_sess_key != NULL) {
NTSTATUS status;
*user_sess_key = data_blob_talloc(mem_ctx, NULL, 16);
SMBsesskeygen_ntv2(kr, value_from_encryption, user_sess_key->data);
status = SMBsesskeygen_ntv2(kr,
value_from_encryption,
user_sess_key->data);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
}
return true;
}
@ -166,6 +173,7 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx,
uint8_t kr[16];
uint8_t value_from_encryption[16];
DATA_BLOB client_key_data;
NTSTATUS status;
if (part_passwd == NULL) {
DEBUG(10,("No password set - DISALLOWING access\n"));
@ -196,7 +204,12 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx,
SMBOWFencrypt_ntv2(kr, sec_blob, &client_key_data, value_from_encryption);
*user_sess_key = data_blob_talloc(mem_ctx, NULL, 16);
SMBsesskeygen_ntv2(kr, value_from_encryption, user_sess_key->data);
status = SMBsesskeygen_ntv2(kr,
value_from_encryption,
user_sess_key->data);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
return true;
}

15
libcli/auth/smbencrypt.c
View File

@ -551,6 +551,7 @@ bool SMBNTLMv2encrypt_hash(TALLOC_CTX *mem_ctx,
DATA_BLOB *lm_session_key, DATA_BLOB *user_session_key)
{
uint8_t ntlm_v2_hash[16];
NTSTATUS status;
/* We don't use the NT# directly. Instead we use it mashed up with
the username and domain.
@ -580,7 +581,12 @@ bool SMBNTLMv2encrypt_hash(TALLOC_CTX *mem_ctx,
/* The NTLMv2 calculations also provide a session key, for signing etc later */
/* use only the first 16 bytes of nt_response for session key */
SMBsesskeygen_ntv2(ntlm_v2_hash, nt_response->data, user_session_key->data);
status = SMBsesskeygen_ntv2(ntlm_v2_hash,
nt_response->data,
user_session_key->data);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
}
}
@ -599,7 +605,12 @@ bool SMBNTLMv2encrypt_hash(TALLOC_CTX *mem_ctx,
/* The NTLMv2 calculations also provide a session key, for signing etc later */
/* use only the first 16 bytes of lm_response for session key */
SMBsesskeygen_ntv2(ntlm_v2_hash, lm_response->data, lm_session_key->data);
status = SMBsesskeygen_ntv2(ntlm_v2_hash,
lm_response->data,
lm_session_key->data);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
}
}