sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-10-28 03:33:13 +03:00
Code Activity

r4682: A LDB-based secrets implementation in Samba4.

Browse Source 
This uses LDB (a local secrets.ldb and the global samdb) to fill out
the secrets from an LSA perspective.

Some small changes to come, but the bulk of the work is now done.

A re-provision is required after this change.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett
2005-01-11 14:04:58 +00:00
committed by Gerald (Jerry) Carter
parent a3f3553cbe
commit ded3303352
10 changed files with 643 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
source/libcli/auth/session.c
View File

@@ -113,18 +113,18 @@ char *sess_decrypt_string(DATA_BLOB *blob, const DATA_BLOB *session_key)
sess_crypt_blob(&out, blob, session_key, False);
slen = IVAL(out.data, 0);
if (slen > blob->length - 8) {
DEBUG(0,("Invalid crypt length %d\n", slen));
return NULL;
}
if (IVAL(out.data, 4) != 1) {
DEBUG(0,("Unexpected revision number %d in session crypted string\n",
IVAL(out.data, 4)));
return NULL;
}
slen = IVAL(out.data, 0);
if (slen > blob->length - 8) {
DEBUG(0,("Invalid crypt length %d\n", slen));
return NULL;
}
ret = strndup((const char *)(out.data+8), slen);
data_blob_free(&out);
@@ -169,42 +169,43 @@ DATA_BLOB sess_encrypt_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob_in, const DATA_
}
/*
a convenient wrapper around sess_crypt_blob() for strings, using the LSA convention
caller should free the returned string
Decrypt a DATA_BLOB using the LSA convention
*/
DATA_BLOB sess_decrypt_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const DATA_BLOB *session_key)
NTSTATUS sess_decrypt_blob(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const DATA_BLOB *session_key,
DATA_BLOB *ret)
{
DATA_BLOB out;
int slen;
DATA_BLOB ret;
if (blob->length < 8) {
return data_blob(NULL, 0);
return NT_STATUS_INVALID_PARAMETER;
}
out = data_blob_talloc(mem_ctx, NULL, blob->length);
if (!out.data) {
return data_blob(NULL, 0);
return NT_STATUS_NO_MEMORY;
}
sess_crypt_blob(&out, blob, session_key, False);
slen = IVAL(out.data, 0);
if (slen > blob->length - 8) {
DEBUG(0,("Invalid crypt length %d\n", slen));
return data_blob(NULL, 0);
}
if (IVAL(out.data, 4) != 1) {
DEBUG(0,("Unexpected revision number %d in session crypted string\n",
IVAL(out.data, 4)));
return data_blob(NULL, 0);
return NT_STATUS_UNKNOWN_REVISION;
}
ret = data_blob_talloc(mem_ctx, out.data+8, slen);
slen = IVAL(out.data, 0);
if (slen > blob->length - 8) {
DEBUG(0,("Invalid crypt length %d\n", slen));
return NT_STATUS_WRONG_PASSWORD;
}
*ret = data_blob_talloc(mem_ctx, out.data+8, slen);
if (!ret->data) {
return NT_STATUS_NO_MEMORY;
}
data_blob_free(&out);
return ret;
return NT_STATUS_OK;
}