rpms / samba

Clone
Source Code
GIT

Blame SOURCES/0012-s3-rpc_client-Use-samba_gnutls_arcfour_confounded_md.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c7-sig-storage-samba-411 c8 c8-beta c8-sig-storage-samba-411 c8-sig-storage-samba-412 c8-sig-storage-samba-413 c8-sig-storage-samba-414 c8-sig-storage-samba-415 c8s c8s-sig-storage-samba-413 c8s-sig-storage-samba-414 c8s-sig-storage-samba-415 c8s-sig-storage-samba-416 c8s-sig-storage-samba-417 c8s-sig-storage-samba-418 c8s-sig-storage-samba-419 c8s-sig-storage-samba-420 c9 c9-beta c9s-sig-storage-samba-414 c9s-sig-storage-samba-415 c9s-sig-storage-samba-416 c9s-sig-storage-samba-417 c9s-sig-storage-samba-418 c9s-sig-storage-samba-419 c9s-sig-storage-samba-420 c9s-sig-storage-samba-421
  1.   b6b438351cef67652d9aed43112618d18092527e
  2.   SOURCES
  3.   0012-s3-rpc_client-Use-samba_gnutls_arcfour_confounded_md.patch
Blob History Raw
b6b438 
From 6546e97d27e45db9cbfd2f7d8c4838b2fd8d6a6a Mon Sep 17 00:00:00 2001
b6b438 
From: Andreas Schneider <asn@samba.org>
b6b438 
Date: Thu, 4 Jul 2019 16:22:48 +0200
b6b438 
Subject: [PATCH 012/187] s3:rpc_client: Use
b6b438 
 samba_gnutls_arcfour_confounded_md5 in init_samr_CryptPasswordEx
b6b438
b6b438 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
b6b438
b6b438 
Signed-off-by: Andreas Schneider <asn@samba.org>
b6b438 
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
b6b438 
(cherry picked from commit 2075019ca90d7d474003c87b2f0202239891eba5)
b6b438 
---
b6b438 
 source3/rpc_client/init_samr.c | 50 ++++++++++------------------------
b6b438 
 1 file changed, 15 insertions(+), 35 deletions(-)
b6b438
b6b438 
diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c
b6b438 
index 5f6cbc5d3c7..3968dfea99f 100644
b6b438 
--- a/source3/rpc_client/init_samr.c
b6b438 
+++ b/source3/rpc_client/init_samr.c
b6b438 
@@ -36,56 +36,36 @@ NTSTATUS init_samr_CryptPasswordEx(const char *pwd,
b6b438 
 {
b6b438 
 	/* samr_CryptPasswordEx */
b6b438
b6b438 
-	uint8_t pwbuf[532];
b6b438 
-	gnutls_hash_hd_t hash_hnd = NULL;
b6b438 
-	uint8_t confounder[16];
b6b438 
-	DATA_BLOB confounded_session_key = data_blob(NULL, 16);
b6b438 
-	NTSTATUS status;
b6b438 
+	uint8_t _confounder[16] = {0};
b6b438 
+	DATA_BLOB confounder = data_blob_const(_confounder, 16);
b6b438 
+	uint8_t pwbuf[532] = {0};
b6b438 
+	DATA_BLOB encrypt_pwbuf = data_blob_const(pwbuf, 516);
b6b438 
 	bool ok;
b6b438 
 	int rc;
b6b438
b6b438 
 	ok = encode_pw_buffer(pwbuf, pwd, STR_UNICODE);
b6b438 
 	if (!ok) {
b6b438 
-		status = NT_STATUS_INTERNAL_ERROR;
b6b438 
-		goto out;
b6b438 
+		return NT_STATUS_INTERNAL_ERROR;
b6b438 
 	}
b6b438
b6b438 
-	generate_random_buffer((uint8_t *)confounder, 16);
b6b438 
+	generate_random_buffer(_confounder, sizeof(_confounder));
b6b438
b6b438 
-	rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
b6b438 
+	rc = samba_gnutls_arcfour_confounded_md5(&confounder,
b6b438 
+						 session_key,
b6b438 
+						 &encrypt_pwbuf,
b6b438 
+						 SAMBA_GNUTLS_ENCRYPT);
b6b438 
 	if (rc < 0) {
b6b438 
-		status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
b6b438 
-		goto out;
b6b438 
+		ZERO_ARRAY(_confounder);
b6b438 
+		return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
b6b438 
 	}
b6b438
b6b438 
-	rc = gnutls_hash(hash_hnd, confounder, 16);
b6b438 
-	if (rc < 0) {
b6b438 
-		gnutls_hash_deinit(hash_hnd, NULL);
b6b438 
-		status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
b6b438 
-		goto out;
b6b438 
-	}
b6b438 
-	rc = gnutls_hash(hash_hnd, session_key->data, session_key->length);
b6b438 
-	if (rc < 0) {
b6b438 
-		gnutls_hash_deinit(hash_hnd, NULL);
b6b438 
-		status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
b6b438 
-		goto out;
b6b438 
-	}
b6b438 
-
b6b438 
-	gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
b6b438 
-
b6b438 
-	arcfour_crypt_blob(pwbuf, 516, &confounded_session_key);
b6b438 
-	data_blob_clear_free(&confounded_session_key);
b6b438 
-
b6b438 
-	memcpy(&pwbuf[516], confounder, 16);
b6b438 
-	ZERO_ARRAY(confounder);
b6b438 
+	memcpy(&pwbuf[516], confounder.data, confounder.length);
b6b438 
+	ZERO_ARRAY(_confounder);
b6b438
b6b438 
 	memcpy(pwd_buf->data, pwbuf, sizeof(pwbuf));
b6b438 
 	ZERO_ARRAY(pwbuf);
b6b438
b6b438 
-	status = NT_STATUS_OK;
b6b438 
-out:
b6b438 
-	data_blob_clear_free(&confounded_session_key);
b6b438 
-	return status;
b6b438 
+	return NT_STATUS_OK;
b6b438 
 }
b6b438
b6b438 
 /*************************************************************************
b6b438 
--
b6b438 
2.23.0
b6b438

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation