|
 |
1524bc |
From a5149014cc8a0da7b8c664a465f6108c390d127d Mon Sep 17 00:00:00 2001
|
|
|
1524bc |
From: Andrew Bartlett <abartlet@samba.org>
|
|
|
1524bc |
Date: Fri, 16 Aug 2019 12:34:28 +1200
|
|
|
1524bc |
Subject: [PATCH 092/187] libcli:auth Return NTSTATUS from
|
|
|
1524bc |
netlogon_creds_aes_decrypt()
|
|
|
1524bc |
|
|
|
1524bc |
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
1524bc |
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
|
1524bc |
(cherry picked from commit 8ec796f1a1daa444bba06f34a50d2b62ee4a2ef9)
|
|
|
1524bc |
---
|
|
|
1524bc |
libcli/auth/credentials.c | 15 ++++++++-------
|
|
|
1524bc |
libcli/auth/proto.h | 4 +++-
|
|
|
1524bc |
2 files changed, 11 insertions(+), 8 deletions(-)
|
|
|
1524bc |
|
|
|
1524bc |
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
|
|
|
1524bc |
index cfeab6efdcd..955e08b7385 100644
|
|
|
1524bc |
--- a/libcli/auth/credentials.c
|
|
|
1524bc |
+++ b/libcli/auth/credentials.c
|
|
|
1524bc |
@@ -346,7 +346,7 @@ NTSTATUS netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds
|
|
|
1524bc |
/*
|
|
|
1524bc |
AES decrypt a password buffer using the session key
|
|
|
1524bc |
*/
|
|
|
1524bc |
-void netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len)
|
|
|
1524bc |
+NTSTATUS netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len)
|
|
|
1524bc |
{
|
|
|
1524bc |
#ifdef HAVE_GNUTLS_AES_CFB8
|
|
|
1524bc |
gnutls_cipher_hd_t cipher_hnd = NULL;
|
|
|
1524bc |
@@ -370,18 +370,17 @@ void netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, ui
|
|
|
1524bc |
&key,
|
|
|
1524bc |
&iv;;
|
|
|
1524bc |
if (rc < 0) {
|
|
|
1524bc |
- DBG_ERR("ERROR: gnutls_cipher_init: %s\n",
|
|
|
1524bc |
- gnutls_strerror(rc));
|
|
|
1524bc |
- return;
|
|
|
1524bc |
+ return gnutls_error_to_ntstatus(rc,
|
|
|
1524bc |
+ NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
|
|
1524bc |
}
|
|
|
1524bc |
|
|
|
1524bc |
rc = gnutls_cipher_decrypt(cipher_hnd, data, len);
|
|
|
1524bc |
gnutls_cipher_deinit(cipher_hnd);
|
|
|
1524bc |
if (rc < 0) {
|
|
|
1524bc |
- DBG_ERR("ERROR: gnutls_cipher_decrypt: %s\n",
|
|
|
1524bc |
- gnutls_strerror(rc));
|
|
|
1524bc |
- return;
|
|
|
1524bc |
+ return gnutls_error_to_ntstatus(rc,
|
|
|
1524bc |
+ NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
|
|
1524bc |
}
|
|
|
1524bc |
+
|
|
|
1524bc |
#else /* NOT HAVE_GNUTLS_AES_CFB8 */
|
|
|
1524bc |
AES_KEY key;
|
|
|
1524bc |
uint8_t iv[AES_BLOCK_SIZE] = {0};
|
|
|
1524bc |
@@ -390,6 +389,8 @@ void netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, ui
|
|
|
1524bc |
|
|
|
1524bc |
aes_cfb8_encrypt(data, data, len, &key, iv, AES_DECRYPT);
|
|
|
1524bc |
#endif /* HAVE_GNUTLS_AES_CFB8 */
|
|
|
1524bc |
+
|
|
|
1524bc |
+ return NT_STATUS_OK;
|
|
|
1524bc |
}
|
|
|
1524bc |
|
|
|
1524bc |
/*****************************************************************
|
|
|
1524bc |
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
|
|
|
1524bc |
index 639a50425e5..714652bdb76 100644
|
|
|
1524bc |
--- a/libcli/auth/proto.h
|
|
|
1524bc |
+++ b/libcli/auth/proto.h
|
|
|
1524bc |
@@ -21,7 +21,9 @@ NTSTATUS netlogon_creds_arcfour_crypt(struct netlogon_creds_CredentialState *cre
|
|
|
1524bc |
NTSTATUS netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds,
|
|
|
1524bc |
uint8_t *data,
|
|
|
1524bc |
size_t len);
|
|
|
1524bc |
-void netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len);
|
|
|
1524bc |
+NTSTATUS netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds,
|
|
|
1524bc |
+ uint8_t *data,
|
|
|
1524bc |
+ size_t len);
|
|
|
1524bc |
|
|
|
1524bc |
/*****************************************************************
|
|
|
1524bc |
The above functions are common to the client and server interface
|
|
|
1524bc |
--
|
|
|
1524bc |
2.23.0
|
|
|
1524bc |
|