rpms / samba

Clone
Source Code
GIT

Blame SOURCES/0029-auth-ntlmssp-Use-GnuTLS-RC4-in-ntlmssp-client.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c7-sig-storage-samba-411 c8 c8-beta c8-sig-storage-samba-411 c8-sig-storage-samba-412 c8-sig-storage-samba-413 c8-sig-storage-samba-414 c8-sig-storage-samba-415 c8s c8s-sig-storage-samba-413 c8s-sig-storage-samba-414 c8s-sig-storage-samba-415 c8s-sig-storage-samba-416 c8s-sig-storage-samba-417 c8s-sig-storage-samba-418 c8s-sig-storage-samba-419 c8s-sig-storage-samba-420 c9 c9-beta c9s-sig-storage-samba-414 c9s-sig-storage-samba-415 c9s-sig-storage-samba-416 c9s-sig-storage-samba-417 c9s-sig-storage-samba-418 c9s-sig-storage-samba-419 c9s-sig-storage-samba-420
  1.   b6b438351cef67652d9aed43112618d18092527e
  2.   SOURCES
  3.   0029-auth-ntlmssp-Use-GnuTLS-RC4-in-ntlmssp-client.patch
Blob History Raw
b6b438 
From ba125c495c950570017d84b1cb2a223679250961 Mon Sep 17 00:00:00 2001
b6b438 
From: Andreas Schneider <asn@samba.org>
b6b438 
Date: Fri, 9 Nov 2018 12:29:55 +0100
b6b438 
Subject: [PATCH 029/187] auth:ntlmssp: Use GnuTLS RC4 in ntlmssp client
b6b438
b6b438 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
b6b438
b6b438 
Signed-off-by: Andreas Schneider <asn@samba.org>
b6b438 
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
b6b438 
(cherry picked from commit cb4025a50232f24139f21d87e50b6e6ea69238ba)
b6b438 
---
b6b438 
 auth/ntlmssp/ntlmssp_client.c | 28 +++++++++++++++++++++++++++-
b6b438 
 1 file changed, 27 insertions(+), 1 deletion(-)
b6b438
b6b438 
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
b6b438 
index df891f8d933..b8d1190466b 100644
b6b438 
--- a/auth/ntlmssp/ntlmssp_client.c
b6b438 
+++ b/auth/ntlmssp/ntlmssp_client.c
b6b438 
@@ -690,17 +690,43 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
b6b438 
 	if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
b6b438 
 		/* Make up a new session key */
b6b438 
 		uint8_t client_session_key[16];
b6b438 
+		gnutls_cipher_hd_t cipher_hnd;
b6b438 
+		gnutls_datum_t enc_session_key = {
b6b438 
+			.data = session_key.data,
b6b438 
+			.size = session_key.length,
b6b438 
+		};
b6b438 
+
b6b438 
 		generate_secret_buffer(client_session_key, sizeof(client_session_key));
b6b438
b6b438 
 		/* Encrypt the new session key with the old one */
b6b438 
 		encrypted_session_key = data_blob_talloc(ntlmssp_state,
b6b438 
 							 client_session_key, sizeof(client_session_key));
b6b438 
 		dump_data_pw("KEY_EXCH session key:\n", encrypted_session_key.data, encrypted_session_key.length);
b6b438 
-		arcfour_crypt(encrypted_session_key.data, session_key.data, encrypted_session_key.length);
b6b438 
+
b6b438 
+		rc = gnutls_cipher_init(&cipher_hnd,
b6b438 
+					GNUTLS_CIPHER_ARCFOUR_128,
b6b438 
+					&enc_session_key,
b6b438 
+					NULL);
b6b438 
+		if (rc < 0) {
b6b438 
+			nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
b6b438 
+			ZERO_ARRAY(client_session_key);
b6b438 
+			goto done;
b6b438 
+		}
b6b438 
+		rc = gnutls_cipher_encrypt(cipher_hnd,
b6b438 
+					   encrypted_session_key.data,
b6b438 
+					   encrypted_session_key.length);
b6b438 
+		gnutls_cipher_deinit(cipher_hnd);
b6b438 
+		if (rc < 0) {
b6b438 
+			nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
b6b438 
+			ZERO_ARRAY(client_session_key);
b6b438 
+			goto done;
b6b438 
+		}
b6b438 
+
b6b438 
 		dump_data_pw("KEY_EXCH session key (enc):\n", encrypted_session_key.data, encrypted_session_key.length);
b6b438
b6b438 
 		/* Mark the new session key as the 'real' session key */
b6b438 
 		session_key = data_blob_talloc(mem_ctx, client_session_key, sizeof(client_session_key));
b6b438 
+		ZERO_ARRAY(client_session_key);
b6b438 
 	}
b6b438
b6b438 
 	/* this generates the actual auth packet */
b6b438 
--
b6b438 
2.23.0
b6b438

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation