mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
libcli:drsuapi: Use GnuTLS MD5 in drsuapi_decrypt_attribute_value()
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
75ee0c83c1
commit
54440f1b30
@ -32,6 +32,9 @@
|
|||||||
#include "libcli/auth/libcli_auth.h"
|
#include "libcli/auth/libcli_auth.h"
|
||||||
#include "dsdb/samdb/samdb.h"
|
#include "dsdb/samdb/samdb.h"
|
||||||
|
|
||||||
|
#include <gnutls/gnutls.h>
|
||||||
|
#include <gnutls/crypto.h>
|
||||||
|
|
||||||
WERROR drsuapi_decrypt_attribute_value(TALLOC_CTX *mem_ctx,
|
WERROR drsuapi_decrypt_attribute_value(TALLOC_CTX *mem_ctx,
|
||||||
const DATA_BLOB *gensec_skey,
|
const DATA_BLOB *gensec_skey,
|
||||||
bool rid_crypt,
|
bool rid_crypt,
|
||||||
@ -42,7 +45,7 @@ WERROR drsuapi_decrypt_attribute_value(TALLOC_CTX *mem_ctx,
|
|||||||
DATA_BLOB confounder;
|
DATA_BLOB confounder;
|
||||||
DATA_BLOB enc_buffer;
|
DATA_BLOB enc_buffer;
|
||||||
|
|
||||||
MD5_CTX md5;
|
gnutls_hash_hd_t hash_hnd = NULL;
|
||||||
uint8_t _enc_key[16];
|
uint8_t _enc_key[16];
|
||||||
DATA_BLOB enc_key;
|
DATA_BLOB enc_key;
|
||||||
|
|
||||||
@ -53,6 +56,8 @@ WERROR drsuapi_decrypt_attribute_value(TALLOC_CTX *mem_ctx,
|
|||||||
DATA_BLOB checked_buffer;
|
DATA_BLOB checked_buffer;
|
||||||
|
|
||||||
DATA_BLOB plain_buffer;
|
DATA_BLOB plain_buffer;
|
||||||
|
WERROR result;
|
||||||
|
int rc;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* users with rid == 0 should not exist
|
* users with rid == 0 should not exist
|
||||||
@ -79,10 +84,26 @@ WERROR drsuapi_decrypt_attribute_value(TALLOC_CTX *mem_ctx,
|
|||||||
* not the dcerpc ncacn_ip_tcp "SystemLibraryDTC" key!
|
* not the dcerpc ncacn_ip_tcp "SystemLibraryDTC" key!
|
||||||
*/
|
*/
|
||||||
enc_key = data_blob_const(_enc_key, sizeof(_enc_key));
|
enc_key = data_blob_const(_enc_key, sizeof(_enc_key));
|
||||||
MD5Init(&md5);
|
|
||||||
MD5Update(&md5, gensec_skey->data, gensec_skey->length);
|
rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
|
||||||
MD5Update(&md5, confounder.data, confounder.length);
|
if (rc < 0) {
|
||||||
MD5Final(enc_key.data, &md5);
|
result = WERR_NOT_ENOUGH_MEMORY;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
rc = gnutls_hash(hash_hnd, gensec_skey->data, gensec_skey->length);
|
||||||
|
if (rc < 0) {
|
||||||
|
gnutls_hash_deinit(hash_hnd, NULL);
|
||||||
|
result = WERR_INTERNAL_ERROR;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
rc = gnutls_hash(hash_hnd, confounder.data, confounder.length);
|
||||||
|
if (rc < 0) {
|
||||||
|
gnutls_hash_deinit(hash_hnd, NULL);
|
||||||
|
result = WERR_INTERNAL_ERROR;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
gnutls_hash_deinit(hash_hnd, enc_key.data);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* copy the encrypted buffer part and
|
* copy the encrypted buffer part and
|
||||||
@ -91,6 +112,8 @@ WERROR drsuapi_decrypt_attribute_value(TALLOC_CTX *mem_ctx,
|
|||||||
dec_buffer = data_blob_const(enc_buffer.data, enc_buffer.length);
|
dec_buffer = data_blob_const(enc_buffer.data, enc_buffer.length);
|
||||||
arcfour_crypt_blob(dec_buffer.data, dec_buffer.length, &enc_key);
|
arcfour_crypt_blob(dec_buffer.data, dec_buffer.length, &enc_key);
|
||||||
|
|
||||||
|
ZERO_ARRAY_LEN(enc_key.data, enc_key.length);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* the first 4 byte are the crc32 checksum
|
* the first 4 byte are the crc32 checksum
|
||||||
* of the remaining bytes
|
* of the remaining bytes
|
||||||
@ -106,7 +129,8 @@ WERROR drsuapi_decrypt_attribute_value(TALLOC_CTX *mem_ctx,
|
|||||||
W_ERROR_HAVE_NO_MEMORY(plain_buffer.data);
|
W_ERROR_HAVE_NO_MEMORY(plain_buffer.data);
|
||||||
|
|
||||||
if (crc32_given != crc32_calc) {
|
if (crc32_given != crc32_calc) {
|
||||||
return W_ERROR(HRES_ERROR_V(HRES_SEC_E_DECRYPT_FAILURE));
|
result = W_ERROR(HRES_ERROR_V(HRES_SEC_E_DECRYPT_FAILURE));
|
||||||
|
goto out;
|
||||||
}
|
}
|
||||||
/*
|
/*
|
||||||
* The following rid_crypt obfuscation isn't session specific
|
* The following rid_crypt obfuscation isn't session specific
|
||||||
@ -123,7 +147,8 @@ WERROR drsuapi_decrypt_attribute_value(TALLOC_CTX *mem_ctx,
|
|||||||
uint32_t i, num_hashes;
|
uint32_t i, num_hashes;
|
||||||
|
|
||||||
if ((checked_buffer.length % 16) != 0) {
|
if ((checked_buffer.length % 16) != 0) {
|
||||||
return WERR_DS_DRA_INVALID_PARAMETER;
|
result = WERR_DS_DRA_INVALID_PARAMETER;
|
||||||
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
num_hashes = plain_buffer.length / 16;
|
num_hashes = plain_buffer.length / 16;
|
||||||
@ -134,7 +159,9 @@ WERROR drsuapi_decrypt_attribute_value(TALLOC_CTX *mem_ctx,
|
|||||||
}
|
}
|
||||||
|
|
||||||
*out = plain_buffer;
|
*out = plain_buffer;
|
||||||
return WERR_OK;
|
result = WERR_OK;
|
||||||
|
out:
|
||||||
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
WERROR drsuapi_decrypt_attribute(TALLOC_CTX *mem_ctx,
|
WERROR drsuapi_decrypt_attribute(TALLOC_CTX *mem_ctx,
|
||||||
|
Loading…
Reference in New Issue
Block a user