sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-27 22:50:26 +03:00
Code

auth:ntlmssp: Use gnutls_error_to_ntstatus() in ntlmssp_server

Browse Source 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andreas Schneider 2019-06-11 15:18:26 +02:00 committed by Andreas Schneider
parent 35573821b6
commit d9a6cbd9e1
1 changed files with 9 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
auth/ntlmssp/ntlmssp_server.c
View File

@ -36,6 +36,7 @@
#include "param/loadparm.h"
#include "libcli/security/session.h"
#include "libcli/util/gnutls_error.h"
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
@ -772,10 +773,7 @@ static NTSTATUS ntlmssp_server_preauth(struct gensec_security *gensec_security,
16,
session_nonce_hash);
if (rc < 0) {
if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
return NT_STATUS_NTLM_BLOCKED;
}
return NT_STATUS_INTERNAL_ERROR;
return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
}
@ -951,10 +949,7 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
sizeof(state->session_nonce),
session_key.data);
if (rc < 0) {
if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
return NT_STATUS_NTLM_BLOCKED;
}
return NT_STATUS_INTERNAL_ERROR;
return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
}
DEBUG(10,("ntlmssp_server_auth: Created NTLM2 session key.\n"));
@ -1067,24 +1062,21 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
ntlmssp_state->session_key.data,
MIN(ntlmssp_state->session_key.length, 64));
if (rc < 0) {
if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
return NT_STATUS_NTLM_BLOCKED;
}
return NT_STATUS_NO_MEMORY;
return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
}
rc = gnutls_hmac(hmac_hnd,
ntlmssp_state->negotiate_blob.data,
ntlmssp_state->negotiate_blob.length);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
return NT_STATUS_INTERNAL_ERROR;
return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
}
rc = gnutls_hmac(hmac_hnd,
ntlmssp_state->challenge_blob.data,
ntlmssp_state->challenge_blob.length);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
return NT_STATUS_INTERNAL_ERROR;
return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
}
/* checked were we set ntlmssp_state->new_spnego */
@ -1094,19 +1086,19 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
rc = gnutls_hmac(hmac_hnd, request.data, NTLMSSP_MIC_OFFSET);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
return NT_STATUS_INTERNAL_ERROR;
return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
}
rc = gnutls_hmac(hmac_hnd, mic_buffer, NTLMSSP_MIC_SIZE);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
return NT_STATUS_INTERNAL_ERROR;
return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
}
rc = gnutls_hmac(hmac_hnd,
request.data + (NTLMSSP_MIC_OFFSET + NTLMSSP_MIC_SIZE),
request.length - (NTLMSSP_MIC_OFFSET + NTLMSSP_MIC_SIZE));
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
return NT_STATUS_INTERNAL_ERROR;
return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
}
gnutls_hmac_deinit(hmac_hnd, mic_buffer);