sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-27 22:50:26 +03:00
Code

libcli:auth: Return WERROR for encode_wkssvc_join_password_buffer()

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andreas Schneider 2019-05-29 15:50:45 +02:00 committed by Andrew Bartlett
parent 9ea736590d
commit 576bcf6155
4 changed files with 62 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libcli/auth/proto.h
View File

@ -207,10 +207,10 @@ bool set_pw_in_buffer(uint8_t buffer[516], const DATA_BLOB *password);
bool extract_pw_from_buffer(TALLOC_CTX *mem_ctx,
uint8_t in_buffer[516], DATA_BLOB *new_pass);
struct wkssvc_PasswordBuffer;
void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
const char *pwd,
DATA_BLOB *session_key,
struct wkssvc_PasswordBuffer **pwd_buf);
WERROR encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
const char *pwd,
DATA_BLOB *session_key,
struct wkssvc_PasswordBuffer **pwd_buf);
WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
struct wkssvc_PasswordBuffer *pwd_buf,
DATA_BLOB *session_key,

20
libcli/auth/smbencrypt.c
View File

@ -965,10 +965,10 @@ bool extract_pw_from_buffer(TALLOC_CTX *mem_ctx,
* buffer), calling MD5Update() first with session_key and then with confounder
* (vice versa in samr) - Guenther */
void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
const char *pwd,
DATA_BLOB *session_key,
struct wkssvc_PasswordBuffer **pwd_buf)
WERROR encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
const char *pwd,
DATA_BLOB *session_key,
struct wkssvc_PasswordBuffer **pwd_buf)
{
uint8_t buffer[516];
gnutls_hash_hd_t hash_hnd = NULL;
@ -976,11 +976,12 @@ void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
DATA_BLOB confounded_session_key;
int confounder_len = 8;
uint8_t confounder[8];
WERROR werr;
int rc;
my_pwd_buf = talloc_zero(mem_ctx, struct wkssvc_PasswordBuffer);
if (!my_pwd_buf) {
return;
return WERR_NOT_ENOUGH_MEMORY;
}
confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
@ -991,17 +992,23 @@ void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
if (rc < 0) {
werr = gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
goto out;
}
rc = gnutls_hash(hash_hnd, session_key->data, session_key->length);
if (rc < 0) {
gnutls_hash_deinit(hash_hnd, NULL);
werr = gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
goto out;
}
rc = gnutls_hash(hash_hnd, confounder, confounder_len);
if (rc < 0) {
gnutls_hash_deinit(hash_hnd, NULL);
werr = gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
goto out;
}
gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
@ -1017,8 +1024,9 @@ void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
*pwd_buf = my_pwd_buf;
werr = WERR_OK;
out:
return;
return werr;
}
WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,

44
source3/lib/netapi/joindomain.c
View File

@ -137,10 +137,13 @@ WERROR NetJoinDomain_r(struct libnetapi_ctx *ctx,
goto done;
}
encode_wkssvc_join_password_buffer(ctx,
r->in.password,
&session_key,
&encrypted_password);
werr = encode_wkssvc_join_password_buffer(ctx,
r->in.password,
&session_key,
&encrypted_password);
if (!W_ERROR_IS_OK(werr)) {
goto done;
}
}
old_timeout = rpccli_set_timeout(pipe_cli, 600000);
@ -279,10 +282,13 @@ WERROR NetUnjoinDomain_r(struct libnetapi_ctx *ctx,
goto done;
}
encode_wkssvc_join_password_buffer(ctx,
r->in.password,
&session_key,
&encrypted_password);
werr = encode_wkssvc_join_password_buffer(ctx,
r->in.password,
&session_key,
&encrypted_password);
if (!W_ERROR_IS_OK(werr)) {
goto done;
}
}
old_timeout = rpccli_set_timeout(pipe_cli, 60000);
@ -481,10 +487,13 @@ WERROR NetGetJoinableOUs_r(struct libnetapi_ctx *ctx,
goto done;
}
encode_wkssvc_join_password_buffer(ctx,
r->in.password,
&session_key,
&encrypted_password);
werr = encode_wkssvc_join_password_buffer(ctx,
r->in.password,
&session_key,
&encrypted_password);
if (!W_ERROR_IS_OK(werr)) {
goto done;
}
}
status = dcerpc_wkssvc_NetrGetJoinableOus2(b, talloc_tos(),
@ -534,10 +543,13 @@ WERROR NetRenameMachineInDomain_r(struct libnetapi_ctx *ctx,
goto done;
}
encode_wkssvc_join_password_buffer(ctx,
r->in.password,
&session_key,
&encrypted_password);
werr = encode_wkssvc_join_password_buffer(ctx,
r->in.password,
&session_key,
&encrypted_password);
if (!W_ERROR_IS_OK(werr)) {
goto done;
}
}
status = dcerpc_wkssvc_NetrRenameMachineInDomain2(b, talloc_tos(),

20
source4/torture/rpc/wkssvc.c
View File

@ -1199,6 +1199,7 @@ static bool test_NetrJoinDomain2(struct torture_context *tctx,
enum wkssvc_NetJoinStatus join_status;
const char *join_name = NULL;
WERROR expected_err;
WERROR werr;
DATA_BLOB session_key;
struct dcerpc_binding_handle *b = p->binding_handle;
@ -1240,8 +1241,13 @@ static bool test_NetrJoinDomain2(struct torture_context *tctx,
return false;
}
encode_wkssvc_join_password_buffer(tctx, domain_admin_password,
&session_key, &pwd_buf);
werr = encode_wkssvc_join_password_buffer(tctx,
domain_admin_password,
&session_key,
&pwd_buf);
if (!W_ERROR_IS_OK(werr)) {
return false;
}
r.in.server_name = dcerpc_server_name(p);
r.in.domain_name = domain_name;
@ -1284,6 +1290,7 @@ static bool test_NetrUnjoinDomain2(struct torture_context *tctx,
enum wkssvc_NetJoinStatus join_status;
const char *join_name = NULL;
WERROR expected_err;
WERROR werr;
DATA_BLOB session_key;
struct dcerpc_binding_handle *b = p->binding_handle;
@ -1322,8 +1329,13 @@ static bool test_NetrUnjoinDomain2(struct torture_context *tctx,
return false;
}
encode_wkssvc_join_password_buffer(tctx, domain_admin_password,
&session_key, &pwd_buf);
werr = encode_wkssvc_join_password_buffer(tctx,
domain_admin_password,
&session_key,
&pwd_buf);
if (!W_ERROR_IS_OK(werr)) {
return false;
}
r.in.server_name = dcerpc_server_name(p);
r.in.account = domain_admin_account;