|
 |
b6b438 |
From 404e810a0e3ea7a86c3efad7711f55abec6d2d0c Mon Sep 17 00:00:00 2001
|
|
|
b6b438 |
From: Isaac Boukris <iboukris@gmail.com>
|
|
|
b6b438 |
Date: Thu, 7 Nov 2019 13:39:20 +0100
|
|
|
b6b438 |
Subject: [PATCH 176/187] SMBsesskeygen_lm_sess_key: use gnutls and return
|
|
|
b6b438 |
NTSTATUS
|
|
|
b6b438 |
|
|
|
b6b438 |
Signed-off-by: Isaac Boukris <iboukris@samba.org>
|
|
|
b6b438 |
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
b6b438 |
(cherry picked from commit bbcf568f317960229caa7486322858093f5d0d04)
|
|
|
b6b438 |
---
|
|
|
b6b438 |
auth/ntlmssp/ntlmssp_client.c | 16 ++++++++++++----
|
|
|
b6b438 |
auth/ntlmssp/ntlmssp_server.c | 15 +++++++++++----
|
|
|
b6b438 |
libcli/auth/proto.h | 6 +++---
|
|
|
b6b438 |
libcli/auth/smbencrypt.c | 15 ++++++++++++---
|
|
|
b6b438 |
libcli/auth/tests/test_gnutls.c | 4 +++-
|
|
|
b6b438 |
5 files changed, 41 insertions(+), 15 deletions(-)
|
|
|
b6b438 |
|
|
|
b6b438 |
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
|
|
|
b6b438 |
index 2a80feb4fed..58e4e3d6f42 100644
|
|
|
b6b438 |
--- a/auth/ntlmssp/ntlmssp_client.c
|
|
|
b6b438 |
+++ b/auth/ntlmssp/ntlmssp_client.c
|
|
|
b6b438 |
@@ -673,12 +673,20 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
|
|
|
b6b438 |
&& ntlmssp_state->allow_lm_key && lm_session_key.length == 16) {
|
|
|
b6b438 |
DATA_BLOB new_session_key = data_blob_talloc(mem_ctx, NULL, 16);
|
|
|
b6b438 |
if (lm_response.length == 24) {
|
|
|
b6b438 |
- SMBsesskeygen_lm_sess_key(lm_session_key.data, lm_response.data,
|
|
|
b6b438 |
- new_session_key.data);
|
|
|
b6b438 |
+ nt_status = SMBsesskeygen_lm_sess_key(lm_session_key.data,
|
|
|
b6b438 |
+ lm_response.data,
|
|
|
b6b438 |
+ new_session_key.data);
|
|
|
b6b438 |
+ if (!NT_STATUS_IS_OK(nt_status)) {
|
|
|
b6b438 |
+ return nt_status;
|
|
|
b6b438 |
+ }
|
|
|
b6b438 |
} else {
|
|
|
b6b438 |
static const uint8_t zeros[24];
|
|
|
b6b438 |
- SMBsesskeygen_lm_sess_key(lm_session_key.data, zeros,
|
|
|
b6b438 |
- new_session_key.data);
|
|
|
b6b438 |
+ nt_status = SMBsesskeygen_lm_sess_key(lm_session_key.data,
|
|
|
b6b438 |
+ zeros,
|
|
|
b6b438 |
+ new_session_key.data);
|
|
|
b6b438 |
+ if (!NT_STATUS_IS_OK(nt_status)) {
|
|
|
b6b438 |
+ return nt_status;
|
|
|
b6b438 |
+ }
|
|
|
b6b438 |
}
|
|
|
b6b438 |
session_key = new_session_key;
|
|
|
b6b438 |
dump_data_pw("LM session key\n", session_key.data, session_key.length);
|
|
|
b6b438 |
diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
|
|
|
b6b438 |
index 5a56a4db99f..29559b3fe02 100644
|
|
|
b6b438 |
--- a/auth/ntlmssp/ntlmssp_server.c
|
|
|
b6b438 |
+++ b/auth/ntlmssp/ntlmssp_server.c
|
|
|
b6b438 |
@@ -970,8 +970,12 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
|
|
|
b6b438 |
if (session_key.data == NULL) {
|
|
|
b6b438 |
return NT_STATUS_NO_MEMORY;
|
|
|
b6b438 |
}
|
|
|
b6b438 |
- SMBsesskeygen_lm_sess_key(lm_session_key.data, ntlmssp_state->lm_resp.data,
|
|
|
b6b438 |
- session_key.data);
|
|
|
b6b438 |
+ nt_status = SMBsesskeygen_lm_sess_key(lm_session_key.data,
|
|
|
b6b438 |
+ ntlmssp_state->lm_resp.data,
|
|
|
b6b438 |
+ session_key.data);
|
|
|
b6b438 |
+ if (!NT_STATUS_IS_OK(nt_status)) {
|
|
|
b6b438 |
+ return nt_status;
|
|
|
b6b438 |
+ }
|
|
|
b6b438 |
DEBUG(10,("ntlmssp_server_auth: Created NTLM session key.\n"));
|
|
|
b6b438 |
} else {
|
|
|
b6b438 |
static const uint8_t zeros[24] = {0, };
|
|
|
b6b438 |
@@ -980,8 +984,11 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
|
|
|
b6b438 |
if (session_key.data == NULL) {
|
|
|
b6b438 |
return NT_STATUS_NO_MEMORY;
|
|
|
b6b438 |
}
|
|
|
b6b438 |
- SMBsesskeygen_lm_sess_key(zeros, zeros,
|
|
|
b6b438 |
- session_key.data);
|
|
|
b6b438 |
+ nt_status = SMBsesskeygen_lm_sess_key(zeros, zeros,
|
|
|
b6b438 |
+ session_key.data);
|
|
|
b6b438 |
+ if (!NT_STATUS_IS_OK(nt_status)) {
|
|
|
b6b438 |
+ return nt_status;
|
|
|
b6b438 |
+ }
|
|
|
b6b438 |
DEBUG(10,("ntlmssp_server_auth: Created NTLM session key.\n"));
|
|
|
b6b438 |
}
|
|
|
b6b438 |
dump_data_pw("LM session key:\n", session_key.data,
|
|
|
b6b438 |
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
|
|
|
b6b438 |
index 4a817e210b2..b7a976c048b 100644
|
|
|
b6b438 |
--- a/libcli/auth/proto.h
|
|
|
b6b438 |
+++ b/libcli/auth/proto.h
|
|
|
b6b438 |
@@ -140,9 +140,9 @@ NTSTATUS SMBsesskeygen_ntv2(const uint8_t kr[16],
|
|
|
b6b438 |
const uint8_t *nt_resp,
|
|
|
b6b438 |
uint8_t sess_key[16]);
|
|
|
b6b438 |
void SMBsesskeygen_ntv1(const uint8_t kr[16], uint8_t sess_key[16]);
|
|
|
b6b438 |
-void SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16],
|
|
|
b6b438 |
- const uint8_t lm_resp[24], /* only uses 8 */
|
|
|
b6b438 |
- uint8_t sess_key[16]);
|
|
|
b6b438 |
+NTSTATUS SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16],
|
|
|
b6b438 |
+ const uint8_t lm_resp[24], /* only uses 8 */
|
|
|
b6b438 |
+ uint8_t sess_key[16]);
|
|
|
b6b438 |
DATA_BLOB NTLMv2_generate_names_blob(TALLOC_CTX *mem_ctx,
|
|
|
b6b438 |
const char *hostname,
|
|
|
b6b438 |
const char *domain);
|
|
|
b6b438 |
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
|
|
|
b6b438 |
index ab2c47ad9bb..b1d4f985ecf 100644
|
|
|
b6b438 |
--- a/libcli/auth/smbencrypt.c
|
|
|
b6b438 |
+++ b/libcli/auth/smbencrypt.c
|
|
|
b6b438 |
@@ -380,7 +380,7 @@ void SMBsesskeygen_ntv1(const uint8_t kr[16], uint8_t sess_key[16])
|
|
|
b6b438 |
#endif
|
|
|
b6b438 |
}
|
|
|
b6b438 |
|
|
|
b6b438 |
-void SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16],
|
|
|
b6b438 |
+NTSTATUS SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16],
|
|
|
b6b438 |
const uint8_t lm_resp[24], /* only uses 8 */
|
|
|
b6b438 |
uint8_t sess_key[16])
|
|
|
b6b438 |
{
|
|
|
b6b438 |
@@ -388,12 +388,19 @@ void SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16],
|
|
|
b6b438 |
but changes with each session) */
|
|
|
b6b438 |
uint8_t p24[24];
|
|
|
b6b438 |
uint8_t partial_lm_hash[14];
|
|
|
b6b438 |
+ int rc;
|
|
|
b6b438 |
|
|
|
b6b438 |
memcpy(partial_lm_hash, lm_hash, 8);
|
|
|
b6b438 |
memset(partial_lm_hash + 8, 0xbd, 6);
|
|
|
b6b438 |
|
|
|
b6b438 |
- des_crypt56(p24, lm_resp, partial_lm_hash, 1);
|
|
|
b6b438 |
- des_crypt56(p24+8, lm_resp, partial_lm_hash + 7, 1);
|
|
|
b6b438 |
+ rc = des_crypt56_gnutls(p24, lm_resp, partial_lm_hash, SAMBA_GNUTLS_ENCRYPT);
|
|
|
b6b438 |
+ if (rc < 0) {
|
|
|
b6b438 |
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
|
|
|
b6b438 |
+ }
|
|
|
b6b438 |
+ rc = des_crypt56_gnutls(p24+8, lm_resp, partial_lm_hash + 7, SAMBA_GNUTLS_ENCRYPT);
|
|
|
b6b438 |
+ if (rc < 0) {
|
|
|
b6b438 |
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
|
|
|
b6b438 |
+ }
|
|
|
b6b438 |
|
|
|
b6b438 |
memcpy(sess_key, p24, 16);
|
|
|
b6b438 |
|
|
|
b6b438 |
@@ -401,6 +408,8 @@ void SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16],
|
|
|
b6b438 |
DEBUG(100, ("SMBsesskeygen_lm_sess_key: \n"));
|
|
|
b6b438 |
dump_data(100, sess_key, 16);
|
|
|
b6b438 |
#endif
|
|
|
b6b438 |
+
|
|
|
b6b438 |
+ return NT_STATUS_OK;
|
|
|
b6b438 |
}
|
|
|
b6b438 |
|
|
|
b6b438 |
DATA_BLOB NTLMv2_generate_names_blob(TALLOC_CTX *mem_ctx,
|
|
|
b6b438 |
diff --git a/libcli/auth/tests/test_gnutls.c b/libcli/auth/tests/test_gnutls.c
|
|
|
b6b438 |
index 121848341e6..5bb75c2bab2 100644
|
|
|
b6b438 |
--- a/libcli/auth/tests/test_gnutls.c
|
|
|
b6b438 |
+++ b/libcli/auth/tests/test_gnutls.c
|
|
|
b6b438 |
@@ -447,8 +447,10 @@ static void torture_gnutls_SMBsesskeygen_lm_sess_key(void **state)
|
|
|
b6b438 |
};
|
|
|
b6b438 |
|
|
|
b6b438 |
uint8_t crypt_sess_key[16];
|
|
|
b6b438 |
+ NTSTATUS status;
|
|
|
b6b438 |
|
|
|
b6b438 |
- SMBsesskeygen_lm_sess_key(lm_hash, lm_resp, crypt_sess_key);
|
|
|
b6b438 |
+ status = SMBsesskeygen_lm_sess_key(lm_hash, lm_resp, crypt_sess_key);
|
|
|
b6b438 |
+ assert_true(NT_STATUS_IS_OK(status));
|
|
|
b6b438 |
assert_memory_equal(crypt_sess_key, crypt_expected, 16);
|
|
|
b6b438 |
}
|
|
|
b6b438 |
|
|
|
b6b438 |
--
|
|
|
b6b438 |
2.23.0
|
|
|
b6b438 |
|