2025-01-08 21:18:16 +03:00 · 2019-11-07 13:39:20 +01:00 · 2019-11-07 13:39:20 +01:00 · bbcf568f31
commit bbcf568f31
parent 38189f76d8
5 changed files with 41 additions and 15 deletions
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@ -673,12 +673,20 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
 	    && ntlmssp_state->allow_lm_key && lm_session_key.length == 16) {
 		DATA_BLOB new_session_key = data_blob_talloc(mem_ctx, NULL, 16);
 		if (lm_response.length == 24) {
-			SMBsesskeygen_lm_sess_key(lm_session_key.data, lm_response.data,
-						  new_session_key.data);
+			nt_status = SMBsesskeygen_lm_sess_key(lm_session_key.data,
+							      lm_response.data,
+							      new_session_key.data);
+			if (!NT_STATUS_IS_OK(nt_status)) {
+				return nt_status;
+			}
 		} else {
 			static const uint8_t zeros[24];
-			SMBsesskeygen_lm_sess_key(lm_session_key.data, zeros,
-						  new_session_key.data);
+			nt_status = SMBsesskeygen_lm_sess_key(lm_session_key.data,
+                                                              zeros,
+                                                              new_session_key.data);
+			if (!NT_STATUS_IS_OK(nt_status)) {
+				return nt_status;
+			}
 		}
 		session_key = new_session_key;
 		dump_data_pw("LM session key\n", session_key.data, session_key.length);
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@ -970,8 +970,12 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
 				if (session_key.data == NULL) {
 					return NT_STATUS_NO_MEMORY;
 				}
-				SMBsesskeygen_lm_sess_key(lm_session_key.data, ntlmssp_state->lm_resp.data,
-							  session_key.data);
+				nt_status = SMBsesskeygen_lm_sess_key(lm_session_key.data,
+								      ntlmssp_state->lm_resp.data,
+								      session_key.data);
+				if (!NT_STATUS_IS_OK(nt_status)) {
+					return nt_status;
+				}
 				DEBUG(10,("ntlmssp_server_auth: Created NTLM session key.\n"));
 			} else {
 				static const uint8_t zeros[24] = {0, };
@ -980,8 +984,11 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
 				if (session_key.data == NULL) {
 					return NT_STATUS_NO_MEMORY;
 				}
-				SMBsesskeygen_lm_sess_key(zeros, zeros,
-							  session_key.data);
+				nt_status = SMBsesskeygen_lm_sess_key(zeros, zeros,
+								      session_key.data);
+				if (!NT_STATUS_IS_OK(nt_status)) {
+					return nt_status;
+				}
 				DEBUG(10,("ntlmssp_server_auth: Created NTLM session key.\n"));
 			}
 			dump_data_pw("LM session key:\n", session_key.data,
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@ -140,9 +140,9 @@ NTSTATUS SMBsesskeygen_ntv2(const uint8_t kr[16],
 			    const uint8_t *nt_resp,
 			    uint8_t sess_key[16]);
 void SMBsesskeygen_ntv1(const uint8_t kr[16], uint8_t sess_key[16]);
-void SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16],
-			       const uint8_t lm_resp[24], /* only uses 8 */ 
-			       uint8_t sess_key[16]);
+NTSTATUS SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16],
+				   const uint8_t lm_resp[24], /* only uses 8 */
+				   uint8_t sess_key[16]);
 DATA_BLOB NTLMv2_generate_names_blob(TALLOC_CTX *mem_ctx, 
 				     const char *hostname, 
 				     const char *domain);
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@ -380,7 +380,7 @@ void SMBsesskeygen_ntv1(const uint8_t kr[16], uint8_t sess_key[16])
 #endif
 }

-void SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16],
+NTSTATUS SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16],
 			       const uint8_t lm_resp[24], /* only uses 8 */
 			       uint8_t sess_key[16])
 {
@ -388,12 +388,19 @@ void SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16],
 	   but changes with each session) */
 	uint8_t p24[24];
 	uint8_t partial_lm_hash[14];
+	int rc;

 	memcpy(partial_lm_hash, lm_hash, 8);
 	memset(partial_lm_hash + 8, 0xbd, 6);

-	des_crypt56(p24,   lm_resp, partial_lm_hash,     1);
-	des_crypt56(p24+8, lm_resp, partial_lm_hash + 7, 1);
+	rc = des_crypt56_gnutls(p24, lm_resp, partial_lm_hash, SAMBA_GNUTLS_ENCRYPT);
+	if (rc < 0) {
+		return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+	}
+	rc = des_crypt56_gnutls(p24+8, lm_resp, partial_lm_hash + 7, SAMBA_GNUTLS_ENCRYPT);
+	if (rc < 0) {
+		return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+	}

 	memcpy(sess_key, p24, 16);

@ -401,6 +408,8 @@ void SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16],
 	DEBUG(100, ("SMBsesskeygen_lm_sess_key: \n"));
 	dump_data(100, sess_key, 16);
 #endif
+
+	return NT_STATUS_OK;
 }

 DATA_BLOB NTLMv2_generate_names_blob(TALLOC_CTX *mem_ctx,
--- a/libcli/auth/tests/test_gnutls.c
+++ b/libcli/auth/tests/test_gnutls.c
@ -447,8 +447,10 @@ static void torture_gnutls_SMBsesskeygen_lm_sess_key(void **state)
 	};

 	uint8_t crypt_sess_key[16];
+	NTSTATUS status;

-	SMBsesskeygen_lm_sess_key(lm_hash, lm_resp, crypt_sess_key);
+	status = SMBsesskeygen_lm_sess_key(lm_hash, lm_resp, crypt_sess_key);
+	assert_true(NT_STATUS_IS_OK(status));
 	assert_memory_equal(crypt_sess_key, crypt_expected, 16);
 }