Tree - rpms/samba - CentOS Git server

rpms / samba

Blame SOURCES/0016-libcli-auth-Pass-samr_CryptPasswordEx-to-decode_rc4_.patch

Blob History Raw

		b6b438	`From 3eb3f3bdabd103c3858323e08a9180913c223e16 Mon Sep 17 00:00:00 2001`
		b6b438	`From: Andreas Schneider <asn@samba.org>`
		b6b438	`Date: Tue, 9 Jul 2019 12:53:31 +0200`
		b6b438	`Subject: [PATCH 016/187] libcli:auth: Pass samr_CryptPasswordEx to`
		b6b438	`decode_rc4_passwd_buffer()`
		b6b438
		b6b438	`BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031`
		b6b438
		b6b438	`Signed-off-by: Andreas Schneider <asn@samba.org>`
		b6b438	`Reviewed-by: Andrew Bartlett <abartlet@samba.org>`
		b6b438	`(cherry picked from commit 79ca72ec3d13fea5d2ad608415757ca9870035a3)`
		b6b438	`---`
		b6b438	`libcli/auth/proto.h \| 4 ++--`
		b6b438	`libcli/auth/smbencrypt.c \| 8 ++++----`
		b6b438	`libcli/auth/tests/test_rc4_passwd_buffer.c \| 5 +++--`
		b6b438	`source3/rpc_server/samr/srv_samr_nt.c \| 10 ++++------`
		b6b438	`4 files changed, 13 insertions(+), 14 deletions(-)`
		b6b438
		b6b438	`diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h`
		b6b438	`index 1bcbeddb228..a67c89d8552 100644`
		b6b438	`--- a/libcli/auth/proto.h`
		b6b438	`+++ b/libcli/auth/proto.h`
		b6b438	`@@ -184,8 +184,8 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,`
		b6b438	`/***********************************************************`
		b6b438	`Decode an arc4 encrypted password change buffer.`
		b6b438	`************************************************************/`
		b6b438	`-NTSTATUS decode_rc4_passwd_buffer(unsigned char pw_buf[532],`
		b6b438	`- const DATA_BLOB *psession_key);`
		b6b438	`+NTSTATUS decode_rc4_passwd_buffer(const DATA_BLOB *psession_key,`
		b6b438	`+ struct samr_CryptPasswordEx *inout_crypt_pwd);`
		b6b438
		b6b438	`/***********************************************************`
		b6b438	`encode a password buffer with an already unicode password. The`
		b6b438	`diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c`
		b6b438	`index 7e343f71577..b7b17130f07 100644`
		b6b438	`--- a/libcli/auth/smbencrypt.c`
		b6b438	`+++ b/libcli/auth/smbencrypt.c`
		b6b438	`@@ -843,12 +843,12 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,`
		b6b438	`Decode an arc4 encrypted password change buffer.`
		b6b438	`************************************************************/`
		b6b438
		b6b438	`-NTSTATUS decode_rc4_passwd_buffer(unsigned char pw_buf[532],`
		b6b438	`- const DATA_BLOB *psession_key)`
		b6b438	`+NTSTATUS decode_rc4_passwd_buffer(const DATA_BLOB *psession_key,`
		b6b438	`+ struct samr_CryptPasswordEx *inout_crypt_pwd)`
		b6b438	`{`
		b6b438	`/* Confounder is last 16 bytes. */`
		b6b438	`- DATA_BLOB confounder = data_blob_const(&pw_buf[516], 16);`
		b6b438	`- DATA_BLOB pw_data = data_blob_const(pw_buf, 516);`
		b6b438	`+ DATA_BLOB confounder = data_blob_const(&inout_crypt_pwd->data[516], 16);`
		b6b438	`+ DATA_BLOB pw_data = data_blob_const(&inout_crypt_pwd->data, 516);`
		b6b438	`int rc;`
		b6b438
		b6b438	`rc = samba_gnutls_arcfour_confounded_md5(&confounder,`
		b6b438	`diff --git a/libcli/auth/tests/test_rc4_passwd_buffer.c b/libcli/auth/tests/test_rc4_passwd_buffer.c`
		b6b438	`index eb737703230..3bf371c5dd5 100644`
		b6b438	`--- a/libcli/auth/tests/test_rc4_passwd_buffer.c`
		b6b438	`+++ b/libcli/auth/tests/test_rc4_passwd_buffer.c`
		b6b438	`@@ -114,7 +114,7 @@ static void torture_decode_rc4_passwd_buffer(void **state)`
		b6b438	`encrypted_test_blob,`
		b6b438	`sizeof(out_pwd_buf.data));`
		b6b438
		b6b438	`- status = decode_rc4_passwd_buffer(out_pwd_buf.data, &session_key);`
		b6b438	`+ status = decode_rc4_passwd_buffer(&session_key, &out_pwd_buf);`
		b6b438	`assert_true(NT_STATUS_IS_OK(status));`
		b6b438
		b6b438	`ok = decode_pw_buffer(NULL,`
		b6b438	`@@ -143,7 +143,7 @@ static void torture_rc4_passwd_buffer(void **state)`
		b6b438	`&out_pwd_buf);`
		b6b438	`assert_true(NT_STATUS_IS_OK(status));`
		b6b438
		b6b438	`- status = decode_rc4_passwd_buffer(out_pwd_buf.data, &session_key);`
		b6b438	`+ status = decode_rc4_passwd_buffer(&session_key, &out_pwd_buf);`
		b6b438	`assert_true(NT_STATUS_IS_OK(status));`
		b6b438
		b6b438	`ok = decode_pw_buffer(NULL,`
		b6b438	`@@ -154,6 +154,7 @@ static void torture_rc4_passwd_buffer(void **state)`
		b6b438	`assert_true(ok);`
		b6b438	`assert_int_equal(password_decoded_len, strlen(PASSWORD));`
		b6b438	`assert_string_equal(password_decoded, PASSWORD);`
		b6b438	`+ talloc_free(password_decoded);`
		b6b438	`}`
		b6b438
		b6b438	`int main(int argc, char *argv[])`
		b6b438	`diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c`
		b6b438	`index 4dc9132511f..fd5c453e0eb 100644`
		b6b438	`--- a/source3/rpc_server/samr/srv_samr_nt.c`
		b6b438	`+++ b/source3/rpc_server/samr/srv_samr_nt.c`
		b6b438	`@@ -5185,9 +5185,8 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,`
		b6b438	`if(!NT_STATUS_IS_OK(status)) {`
		b6b438	`break;`
		b6b438	`}`
		b6b438	`- status = decode_rc4_passwd_buffer(`
		b6b438	`- info->info25.password.data,`
		b6b438	`- &session_key);`
		b6b438	`+ status = decode_rc4_passwd_buffer(&session_key,`
		b6b438	`+ &info->info25.password);`
		b6b438	`if (!NT_STATUS_IS_OK(status)) {`
		b6b438	`break;`
		b6b438	`}`
		b6b438	`@@ -5204,9 +5203,8 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,`
		b6b438	`if(!NT_STATUS_IS_OK(status)) {`
		b6b438	`break;`
		b6b438	`}`
		b6b438	`- status = decode_rc4_passwd_buffer(`
		b6b438	`- info->info26.password.data,`
		b6b438	`- &session_key);`
		b6b438	`+ status = decode_rc4_passwd_buffer(&session_key,`
		b6b438	`+ &info->info26.password);`
		b6b438	`if (!NT_STATUS_IS_OK(status)) {`
		b6b438	`break;`
		b6b438	`}`
		b6b438	`--`
		b6b438	`2.23.0`
		b6b438

rpms / samba

Source Code

Blame SOURCES/0016-libcli-auth-Pass-samr_CryptPasswordEx-to-decode_rc4_.patch