1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

auth:gensec: Return NTSTATUS for netsec_do_seal()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andreas Schneider 2019-05-22 09:17:37 +02:00 committed by Andreas Schneider
parent 6148cd9c97
commit ba96534eb3

View File

@ -213,11 +213,11 @@ static NTSTATUS netsec_do_seq_num(struct schannel_state *state,
return NT_STATUS_OK;
}
static void netsec_do_seal(struct schannel_state *state,
const uint8_t seq_num[8],
uint8_t confounder[8],
uint8_t *data, uint32_t length,
bool forward)
static NTSTATUS netsec_do_seal(struct schannel_state *state,
const uint8_t seq_num[8],
uint8_t confounder[8],
uint8_t *data, uint32_t length,
bool forward)
{
if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
AES_KEY key;
@ -266,7 +266,7 @@ static void netsec_do_seal(struct schannel_state *state,
digest2);
if (rc < 0) {
ZERO_ARRAY(digest2);
return;
return NT_STATUS_INTERNAL_ERROR;
}
rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
@ -278,7 +278,7 @@ static void netsec_do_seal(struct schannel_state *state,
ZERO_ARRAY(digest2);
if (rc < 0) {
return;
return NT_STATUS_INTERNAL_ERROR;
}
rc = gnutls_cipher_init(&cipher_hnd,
@ -287,14 +287,14 @@ static void netsec_do_seal(struct schannel_state *state,
NULL);
if (rc < 0) {
ZERO_ARRAY(_sealing_key);
return;
return gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
}
rc = gnutls_cipher_encrypt(cipher_hnd,
confounder,
8);
if (rc < 0) {
ZERO_ARRAY(_sealing_key);
return;
return gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
}
rc = gnutls_cipher_encrypt(cipher_hnd,
data,
@ -302,9 +302,11 @@ static void netsec_do_seal(struct schannel_state *state,
gnutls_cipher_deinit(cipher_hnd);
ZERO_ARRAY(_sealing_key);
if (rc < 0) {
return;
return gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
}
}
return NT_STATUS_OK;
}
/*******************************************************************
@ -471,10 +473,16 @@ static NTSTATUS netsec_incoming_packet(struct schannel_state *state,
SETUP_SEQNUM(state, seq_num, !state->initiator);
if (do_unseal) {
netsec_do_seal(state, seq_num,
confounder,
data, length,
false);
status = netsec_do_seal(state,
seq_num,
confounder,
data,
length,
false);
if (!NT_STATUS_IS_OK(status)) {
DBG_WARNING("netsec_do_seal failed: %s\n", nt_errstr(status));
return NT_STATUS_ACCESS_DENIED;
}
}
if (state->gensec->want_features & GENSEC_FEATURE_SIGN_PKT_HEADER) {
@ -592,10 +600,17 @@ static NTSTATUS netsec_outgoing_packet(struct schannel_state *state,
}
if (do_seal) {
netsec_do_seal(state, seq_num,
confounder,
data, length,
true);
status = netsec_do_seal(state,
seq_num,
confounder,
data,
length,
true);
if (!NT_STATUS_IS_OK(status)) {
DBG_WARNING("netsec_do_seal failed: %s\n",
nt_errstr(status));
return status;
}
}
status = netsec_do_seq_num(state, checksum, checksum_length, seq_num);