sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

s3:rpc_server: Allow to use RC4 for creating trusts

Browse Source 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Andreas Schneider 2020-08-20 13:40:21 +02:00 committed by Andreas Schneider
parent c93ccebdfe
commit 4425f2c113
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
source3/rpc_server/lsa/srv_lsa_nt.c
View File

@ -51,6 +51,8 @@
#include "../libcli/lsarpc/util_lsarpc.h"
#include "lsa.h"
#include "librpc/rpc/dcesrv_core.h"
#include "librpc/rpc/dcerpc_helper.h"
#include "lib/param/loadparm.h"
#include "lib/crypto/gnutls_helpers.h"
#include <gnutls/gnutls.h>
@ -1706,6 +1708,14 @@ static NTSTATUS get_trustdom_auth_blob(struct pipes_struct *p,
gnutls_datum_t my_session_key;
NTSTATUS status;
int rc;
bool encrypted;
encrypted =
dcerpc_is_transport_encrypted(p->session_info);
if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED &&
!encrypted) {
return NT_STATUS_ACCESS_DENIED;
}
status = session_extract_session_key(p->session_info, &lsession_key, KEY_USE_16BYTES);
if (!NT_STATUS_IS_OK(status)) {
@ -1717,11 +1727,13 @@ static NTSTATUS get_trustdom_auth_blob(struct pipes_struct *p,
.size = lsession_key.length,
};
GNUTLS_FIPS140_SET_LAX_MODE();
rc = gnutls_cipher_init(&cipher_hnd,
GNUTLS_CIPHER_ARCFOUR_128,
&my_session_key,
NULL);
if (rc < 0) {
GNUTLS_FIPS140_SET_STRICT_MODE();
status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
goto out;
}
@ -1730,6 +1742,7 @@ static NTSTATUS get_trustdom_auth_blob(struct pipes_struct *p,
auth_blob->data,
auth_blob->length);
gnutls_cipher_deinit(cipher_hnd);
GNUTLS_FIPS140_SET_STRICT_MODE();
if (rc < 0) {
status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
goto out;