1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s4:libnet: Allow libnet_SetPassword() for encrypted SMB connections

This is needed for smbtorture to join a domain in FIPS mode.

FYI: The correct way would be to join using LDAP as the s3 code is doing it. But
this requires a bigger rewrite.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andreas Schneider 2021-07-26 10:13:52 +02:00 committed by Andreas Schneider
parent 1326e7d65d
commit 17cc20ebe6

View File

@ -23,6 +23,8 @@
#include "libcli/auth/libcli_auth.h"
#include "librpc/gen_ndr/ndr_samr_c.h"
#include "source4/librpc/rpc/dcerpc.h"
#include "auth/credentials/credentials.h"
#include "libcli/smb/smb_constants.h"
#include "lib/crypto/gnutls_helpers.h"
#include <gnutls/gnutls.h>
@ -870,28 +872,55 @@ static NTSTATUS libnet_SetPassword_generic(struct libnet_context *ctx, TALLOC_CT
NTSTATUS libnet_SetPassword(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_SetPassword *r)
{
enum smb_encryption_setting encryption_state =
cli_credentials_get_smb_encryption(ctx->cred);
NTSTATUS status = NT_STATUS_INVALID_LEVEL;
switch (r->generic.level) {
case LIBNET_SET_PASSWORD_GENERIC:
return libnet_SetPassword_generic(ctx, mem_ctx, r);
status = libnet_SetPassword_generic(ctx, mem_ctx, r);
break;
case LIBNET_SET_PASSWORD_SAMR:
return libnet_SetPassword_samr(ctx, mem_ctx, r);
status = libnet_SetPassword_samr(ctx, mem_ctx, r);
break;
case LIBNET_SET_PASSWORD_SAMR_HANDLE:
return libnet_SetPassword_samr_handle(ctx, mem_ctx, r);
status = libnet_SetPassword_samr_handle(ctx, mem_ctx, r);
break;
case LIBNET_SET_PASSWORD_SAMR_HANDLE_26:
return libnet_SetPassword_samr_handle_26(ctx, mem_ctx, r);
if (encryption_state == SMB_ENCRYPTION_REQUIRED) {
GNUTLS_FIPS140_SET_LAX_MODE();
}
status = libnet_SetPassword_samr_handle_26(ctx, mem_ctx, r);
break;
case LIBNET_SET_PASSWORD_SAMR_HANDLE_25:
return libnet_SetPassword_samr_handle_25(ctx, mem_ctx, r);
if (encryption_state == SMB_ENCRYPTION_REQUIRED) {
GNUTLS_FIPS140_SET_LAX_MODE();
}
status = libnet_SetPassword_samr_handle_25(ctx, mem_ctx, r);
break;
case LIBNET_SET_PASSWORD_SAMR_HANDLE_24:
return libnet_SetPassword_samr_handle_24(ctx, mem_ctx, r);
if (encryption_state == SMB_ENCRYPTION_REQUIRED) {
GNUTLS_FIPS140_SET_LAX_MODE();
}
status = libnet_SetPassword_samr_handle_24(ctx, mem_ctx, r);
break;
case LIBNET_SET_PASSWORD_SAMR_HANDLE_23:
return libnet_SetPassword_samr_handle_23(ctx, mem_ctx, r);
if (encryption_state == SMB_ENCRYPTION_REQUIRED) {
GNUTLS_FIPS140_SET_LAX_MODE();
}
status = libnet_SetPassword_samr_handle_23(ctx, mem_ctx, r);
break;
case LIBNET_SET_PASSWORD_KRB5:
return NT_STATUS_NOT_IMPLEMENTED;
status = NT_STATUS_NOT_IMPLEMENTED;
break;
case LIBNET_SET_PASSWORD_LDAP:
return NT_STATUS_NOT_IMPLEMENTED;
status = NT_STATUS_NOT_IMPLEMENTED;
break;
case LIBNET_SET_PASSWORD_RAP:
return NT_STATUS_NOT_IMPLEMENTED;
status = NT_STATUS_NOT_IMPLEMENTED;
break;
}
return NT_STATUS_INVALID_LEVEL;
GNUTLS_FIPS140_SET_STRICT_MODE();
return status;
}