|
|
b6b438 |
From ba125c495c950570017d84b1cb2a223679250961 Mon Sep 17 00:00:00 2001
|
|
|
b6b438 |
From: Andreas Schneider <asn@samba.org>
|
|
|
b6b438 |
Date: Fri, 9 Nov 2018 12:29:55 +0100
|
|
|
b6b438 |
Subject: [PATCH 029/187] auth:ntlmssp: Use GnuTLS RC4 in ntlmssp client
|
|
|
b6b438 |
|
|
|
b6b438 |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
|
|
b6b438 |
|
|
|
b6b438 |
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
|
b6b438 |
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
b6b438 |
(cherry picked from commit cb4025a50232f24139f21d87e50b6e6ea69238ba)
|
|
|
b6b438 |
---
|
|
|
b6b438 |
auth/ntlmssp/ntlmssp_client.c | 28 +++++++++++++++++++++++++++-
|
|
|
b6b438 |
1 file changed, 27 insertions(+), 1 deletion(-)
|
|
|
b6b438 |
|
|
|
b6b438 |
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
|
|
|
b6b438 |
index df891f8d933..b8d1190466b 100644
|
|
|
b6b438 |
--- a/auth/ntlmssp/ntlmssp_client.c
|
|
|
b6b438 |
+++ b/auth/ntlmssp/ntlmssp_client.c
|
|
|
b6b438 |
@@ -690,17 +690,43 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
|
|
|
b6b438 |
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
|
|
|
b6b438 |
/* Make up a new session key */
|
|
|
b6b438 |
uint8_t client_session_key[16];
|
|
|
b6b438 |
+ gnutls_cipher_hd_t cipher_hnd;
|
|
|
b6b438 |
+ gnutls_datum_t enc_session_key = {
|
|
|
b6b438 |
+ .data = session_key.data,
|
|
|
b6b438 |
+ .size = session_key.length,
|
|
|
b6b438 |
+ };
|
|
|
b6b438 |
+
|
|
|
b6b438 |
generate_secret_buffer(client_session_key, sizeof(client_session_key));
|
|
|
b6b438 |
|
|
|
b6b438 |
/* Encrypt the new session key with the old one */
|
|
|
b6b438 |
encrypted_session_key = data_blob_talloc(ntlmssp_state,
|
|
|
b6b438 |
client_session_key, sizeof(client_session_key));
|
|
|
b6b438 |
dump_data_pw("KEY_EXCH session key:\n", encrypted_session_key.data, encrypted_session_key.length);
|
|
|
b6b438 |
- arcfour_crypt(encrypted_session_key.data, session_key.data, encrypted_session_key.length);
|
|
|
b6b438 |
+
|
|
|
b6b438 |
+ rc = gnutls_cipher_init(&cipher_hnd,
|
|
|
b6b438 |
+ GNUTLS_CIPHER_ARCFOUR_128,
|
|
|
b6b438 |
+ &enc_session_key,
|
|
|
b6b438 |
+ NULL);
|
|
|
b6b438 |
+ if (rc < 0) {
|
|
|
b6b438 |
+ nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
|
|
|
b6b438 |
+ ZERO_ARRAY(client_session_key);
|
|
|
b6b438 |
+ goto done;
|
|
|
b6b438 |
+ }
|
|
|
b6b438 |
+ rc = gnutls_cipher_encrypt(cipher_hnd,
|
|
|
b6b438 |
+ encrypted_session_key.data,
|
|
|
b6b438 |
+ encrypted_session_key.length);
|
|
|
b6b438 |
+ gnutls_cipher_deinit(cipher_hnd);
|
|
|
b6b438 |
+ if (rc < 0) {
|
|
|
b6b438 |
+ nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
|
|
|
b6b438 |
+ ZERO_ARRAY(client_session_key);
|
|
|
b6b438 |
+ goto done;
|
|
|
b6b438 |
+ }
|
|
|
b6b438 |
+
|
|
|
b6b438 |
dump_data_pw("KEY_EXCH session key (enc):\n", encrypted_session_key.data, encrypted_session_key.length);
|
|
|
b6b438 |
|
|
|
b6b438 |
/* Mark the new session key as the 'real' session key */
|
|
|
b6b438 |
session_key = data_blob_talloc(mem_ctx, client_session_key, sizeof(client_session_key));
|
|
|
b6b438 |
+ ZERO_ARRAY(client_session_key);
|
|
|
b6b438 |
}
|
|
|
b6b438 |
|
|
|
b6b438 |
/* this generates the actual auth packet */
|
|
|
b6b438 |
--
|
|
|
b6b438 |
2.23.0
|
|
|
b6b438 |
|