sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-09 08:58:35 +03:00
Code

s3:rpcclient: Encrypt the password buffers only if really needed

Browse Source 
If we are in FIPS mode certain ciphers like RC4 are not available, so
we should make sure we do not call them. We will add AES support in the
next patch.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Andreas Schneider 2022-07-18 15:48:36 +02:00 committed by Andreas Schneider
parent 2454b86c88
commit 6f60c98c08
1 changed files with 21 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
source3/rpcclient/cmd_samr.c
View File

@ -3157,15 +3157,28 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
goto done;
}
status = init_samr_CryptPassword(param, &session_key, &pwd_buf);
if (!NT_STATUS_IS_OK(status)) {
goto done;
switch(level) {
case 18:
case 21:
nt_lm_owf_gen(param, nt_hash, lm_hash);
break;
case 23:
case 24:
status = init_samr_CryptPassword(param, &session_key, &pwd_buf);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
break;
case 25:
case 26:
status = init_samr_CryptPasswordEx(param, &session_key, &pwd_buf_ex);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
break;
default:
break;
}
status = init_samr_CryptPasswordEx(param, &session_key, &pwd_buf_ex);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
nt_lm_owf_gen(param, nt_hash, lm_hash);
switch (level) {
case 18: