sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-03 13:47:25 +03:00
Code

s3:rpc_client: Use samba_gnutls_arcfour_confounded_md5 in init_samr_CryptPasswordEx

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andreas Schneider 2019-07-04 16:22:48 +02:00 committed by Andrew Bartlett
parent 7ccc76f951
commit 2075019ca9
1 changed files with 15 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
source3/rpc_client/init_samr.c
View File

@ -36,56 +36,36 @@ NTSTATUS init_samr_CryptPasswordEx(const char *pwd,
{
/* samr_CryptPasswordEx */
uint8_t pwbuf[532];
gnutls_hash_hd_t hash_hnd = NULL;
uint8_t confounder[16];
DATA_BLOB confounded_session_key = data_blob(NULL, 16);
NTSTATUS status;
uint8_t _confounder[16] = {0};
DATA_BLOB confounder = data_blob_const(_confounder, 16);
uint8_t pwbuf[532] = {0};
DATA_BLOB encrypt_pwbuf = data_blob_const(pwbuf, 516);
bool ok;
int rc;
ok = encode_pw_buffer(pwbuf, pwd, STR_UNICODE);
if (!ok) {
status = NT_STATUS_INTERNAL_ERROR;
goto out;
return NT_STATUS_INTERNAL_ERROR;
}
generate_random_buffer((uint8_t *)confounder, 16);
generate_random_buffer(_confounder, sizeof(_confounder));
rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
rc = samba_gnutls_arcfour_confounded_md5(&confounder,
session_key,
&encrypt_pwbuf,
SAMBA_GNUTLS_ENCRYPT);
if (rc < 0) {
status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
goto out;
ZERO_ARRAY(_confounder);
return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
}
rc = gnutls_hash(hash_hnd, confounder, 16);
if (rc < 0) {
gnutls_hash_deinit(hash_hnd, NULL);
status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
goto out;
}
rc = gnutls_hash(hash_hnd, session_key->data, session_key->length);
if (rc < 0) {
gnutls_hash_deinit(hash_hnd, NULL);
status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
goto out;
}
gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
arcfour_crypt_blob(pwbuf, 516, &confounded_session_key);
data_blob_clear_free(&confounded_session_key);
memcpy(&pwbuf[516], confounder, 16);
ZERO_ARRAY(confounder);
memcpy(&pwbuf[516], confounder.data, confounder.length);
ZERO_ARRAY(_confounder);
memcpy(pwd_buf->data, pwbuf, sizeof(pwbuf));
ZERO_ARRAY(pwbuf);
status = NT_STATUS_OK;
out:
data_blob_clear_free(&confounded_session_key);
return status;
return NT_STATUS_OK;
}
/*************************************************************************