mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
r3805: Fix the LSA portions of the RPC-SAMSYNC test - I was not using the LSA
secrets interface correctly. (New interface added).
Andrew Bartlett
(This used to be commit 994ac7f031
)
This commit is contained in:
parent
9aec081fd9
commit
91e94014be
@ -131,3 +131,80 @@ char *sess_decrypt_string(DATA_BLOB *blob, const DATA_BLOB *session_key)
|
|||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
a convenient wrapper around sess_crypt_blob() for DATA_BLOBs, using the LSA convention
|
||||||
|
|
||||||
|
note that we round the length to a multiple of 8. This seems to be needed for
|
||||||
|
compatibility with windows
|
||||||
|
|
||||||
|
caller should free using data_blob_free()
|
||||||
|
*/
|
||||||
|
DATA_BLOB sess_encrypt_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob_in, const DATA_BLOB *session_key)
|
||||||
|
{
|
||||||
|
DATA_BLOB ret, src;
|
||||||
|
int dlen = (blob_in->length+7) & ~7;
|
||||||
|
|
||||||
|
src = data_blob_talloc(mem_ctx, NULL, 8+dlen);
|
||||||
|
if (!src.data) {
|
||||||
|
return data_blob(NULL, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = data_blob(NULL, 8+dlen);
|
||||||
|
if (!ret.data) {
|
||||||
|
data_blob_free(&src);
|
||||||
|
return data_blob(NULL, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
SIVAL(src.data, 0, blob_in->length);
|
||||||
|
SIVAL(src.data, 4, 1);
|
||||||
|
memset(src.data+8, 0, dlen);
|
||||||
|
memcpy(src.data+8, blob_in->data, blob_in->length);
|
||||||
|
|
||||||
|
sess_crypt_blob(&ret, &src, session_key, True);
|
||||||
|
|
||||||
|
data_blob_free(&src);
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
a convenient wrapper around sess_crypt_blob() for strings, using the LSA convention
|
||||||
|
|
||||||
|
caller should free the returned string
|
||||||
|
*/
|
||||||
|
DATA_BLOB sess_decrypt_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const DATA_BLOB *session_key)
|
||||||
|
{
|
||||||
|
DATA_BLOB out;
|
||||||
|
int slen;
|
||||||
|
DATA_BLOB ret;
|
||||||
|
|
||||||
|
if (blob->length < 8) {
|
||||||
|
return data_blob(NULL, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
out = data_blob_talloc(mem_ctx, NULL, blob->length);
|
||||||
|
if (!out.data) {
|
||||||
|
return data_blob(NULL, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
sess_crypt_blob(&out, blob, session_key, False);
|
||||||
|
|
||||||
|
slen = IVAL(out.data, 0);
|
||||||
|
if (slen > blob->length - 8) {
|
||||||
|
DEBUG(0,("Invalid crypt length %d\n", slen));
|
||||||
|
return data_blob(NULL, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (IVAL(out.data, 4) != 1) {
|
||||||
|
DEBUG(0,("Unexpected revision number %d in session crypted string\n",
|
||||||
|
IVAL(out.data, 4)));
|
||||||
|
return data_blob(NULL, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = data_blob_talloc(mem_ctx, out.data+8, slen);
|
||||||
|
|
||||||
|
data_blob_free(&out);
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
@ -583,9 +583,7 @@ static BOOL samsync_handle_secret(TALLOC_CTX *mem_ctx, struct samsync_state *sam
|
|||||||
lsa_blob1.data = q.out.new_val->buf->data;
|
lsa_blob1.data = q.out.new_val->buf->data;
|
||||||
lsa_blob1.length = q.out.new_val->buf->length;
|
lsa_blob1.length = q.out.new_val->buf->length;
|
||||||
|
|
||||||
lsa_blob_out = data_blob(NULL, lsa_blob1.length);
|
lsa_blob_out = sess_decrypt_blob(mem_ctx, &lsa_blob1, &session_key);
|
||||||
|
|
||||||
sess_crypt_blob(&lsa_blob_out, &lsa_blob1, &session_key, 0);
|
|
||||||
|
|
||||||
if (new->secret.length != lsa_blob_out.length) {
|
if (new->secret.length != lsa_blob_out.length) {
|
||||||
printf("Returned secret %s doesn't match: %d != %d\n",
|
printf("Returned secret %s doesn't match: %d != %d\n",
|
||||||
|
Loading…
Reference in New Issue
Block a user