1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

netlogon_creds_des_encrypt/decrypt_LMKey: use gnutls and return NTSTATUS

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Isaac Boukris 2019-11-07 12:53:52 +01:00 committed by Andrew Bartlett
parent 0f855f1ab9
commit 38189f76d8
2 changed files with 31 additions and 11 deletions

View File

@ -253,25 +253,40 @@ static NTSTATUS netlogon_creds_step(struct netlogon_creds_CredentialState *creds
return NT_STATUS_OK;
}
/*
DES encrypt a 8 byte LMSessionKey buffer using the Netlogon session key
*/
void netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key)
NTSTATUS netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds,
struct netr_LMSessionKey *key)
{
int rc;
struct netr_LMSessionKey tmp;
des_crypt56(tmp.key, key->key, creds->session_key, 1);
rc = des_crypt56_gnutls(tmp.key, key->key, creds->session_key, SAMBA_GNUTLS_ENCRYPT);
if (rc < 0) {
return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
}
*key = tmp;
return NT_STATUS_OK;
}
/*
DES decrypt a 8 byte LMSessionKey buffer using the Netlogon session key
*/
void netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key)
NTSTATUS netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds,
struct netr_LMSessionKey *key)
{
int rc;
struct netr_LMSessionKey tmp;
des_crypt56(tmp.key, key->key, creds->session_key, 0);
rc = des_crypt56_gnutls(tmp.key, key->key, creds->session_key, SAMBA_GNUTLS_DECRYPT);
if (rc < 0) {
return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
}
*key = tmp;
return NT_STATUS_OK;
}
/*
@ -849,11 +864,14 @@ static NTSTATUS netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_C
if (!all_zero(base->LMSessKey.key,
sizeof(base->LMSessKey.key))) {
if (do_encrypt) {
netlogon_creds_des_encrypt_LMKey(creds,
&base->LMSessKey);
status = netlogon_creds_des_encrypt_LMKey(creds,
&base->LMSessKey);
} else {
netlogon_creds_des_decrypt_LMKey(creds,
&base->LMSessKey);
status = netlogon_creds_des_decrypt_LMKey(creds,
&base->LMSessKey);
}
if (!NT_STATUS_IS_OK(status)) {
return status;
}
}
}

View File

@ -13,8 +13,10 @@
/* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/credentials.c */
void netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key);
void netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key);
NTSTATUS netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds,
struct netr_LMSessionKey *key);
NTSTATUS netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds,
struct netr_LMSessionKey *key);
void netlogon_creds_des_encrypt(struct netlogon_creds_CredentialState *creds, struct samr_Password *pass);
void netlogon_creds_des_decrypt(struct netlogon_creds_CredentialState *creds, struct samr_Password *pass);
NTSTATUS netlogon_creds_arcfour_crypt(struct netlogon_creds_CredentialState *creds,