|
|
b6b438 |
From 20bd9ca871f318ba8360525b51f56010f8607fbb Mon Sep 17 00:00:00 2001
|
|
|
b6b438 |
From: Isaac Boukris <iboukris@gmail.com>
|
|
|
b6b438 |
Date: Fri, 8 Nov 2019 17:49:48 +0100
|
|
|
b6b438 |
Subject: [PATCH 181/187] smbdes: convert des_crypt128() to use gnutls
|
|
|
b6b438 |
|
|
|
b6b438 |
Signed-off-by: Isaac Boukris <iboukris@samba.org>
|
|
|
b6b438 |
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
b6b438 |
(cherry picked from commit c57f429574243adbcd43dca4f35d125df8d69ba0)
|
|
|
b6b438 |
---
|
|
|
b6b438 |
libcli/auth/credentials.c | 6 +++++-
|
|
|
b6b438 |
libcli/auth/proto.h | 2 +-
|
|
|
b6b438 |
libcli/auth/smbdes.c | 12 +++++++++---
|
|
|
b6b438 |
libcli/auth/tests/test_gnutls.c | 4 +++-
|
|
|
b6b438 |
4 files changed, 18 insertions(+), 6 deletions(-)
|
|
|
b6b438 |
|
|
|
b6b438 |
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
|
|
|
b6b438 |
index d9237f3875b..1b94a06ebfb 100644
|
|
|
b6b438 |
--- a/libcli/auth/credentials.c
|
|
|
b6b438 |
+++ b/libcli/auth/credentials.c
|
|
|
b6b438 |
@@ -66,6 +66,7 @@ static NTSTATUS netlogon_creds_init_64bit(struct netlogon_creds_CredentialState
|
|
|
b6b438 |
{
|
|
|
b6b438 |
uint32_t sum[2];
|
|
|
b6b438 |
uint8_t sum2[8];
|
|
|
b6b438 |
+ int rc;
|
|
|
b6b438 |
|
|
|
b6b438 |
sum[0] = IVAL(client_challenge->data, 0) + IVAL(server_challenge->data, 0);
|
|
|
b6b438 |
sum[1] = IVAL(client_challenge->data, 4) + IVAL(server_challenge->data, 4);
|
|
|
b6b438 |
@@ -75,7 +76,10 @@ static NTSTATUS netlogon_creds_init_64bit(struct netlogon_creds_CredentialState
|
|
|
b6b438 |
|
|
|
b6b438 |
ZERO_ARRAY(creds->session_key);
|
|
|
b6b438 |
|
|
|
b6b438 |
- des_crypt128(creds->session_key, sum2, machine_password->hash);
|
|
|
b6b438 |
+ rc = des_crypt128(creds->session_key, sum2, machine_password->hash);
|
|
|
b6b438 |
+ if (rc != 0) {
|
|
|
b6b438 |
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
|
|
|
b6b438 |
+ }
|
|
|
b6b438 |
|
|
|
b6b438 |
return NT_STATUS_OK;
|
|
|
b6b438 |
}
|
|
|
b6b438 |
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
|
|
|
b6b438 |
index 5209d6766e4..2ea4eca822a 100644
|
|
|
b6b438 |
--- a/libcli/auth/proto.h
|
|
|
b6b438 |
+++ b/libcli/auth/proto.h
|
|
|
b6b438 |
@@ -226,7 +226,7 @@ int des_crypt56_gnutls(uint8_t out[8], const uint8_t in[8], const uint8_t key[7]
|
|
|
b6b438 |
int E_P16(const uint8_t *p14,uint8_t *p16);
|
|
|
b6b438 |
int E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24);
|
|
|
b6b438 |
void E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out);
|
|
|
b6b438 |
-void des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16]);
|
|
|
b6b438 |
+int des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16]);
|
|
|
b6b438 |
void des_crypt112(uint8_t out[8], const uint8_t in[8], const uint8_t key[14], int forw);
|
|
|
b6b438 |
void des_crypt112_16(uint8_t out[16], const uint8_t in[16], const uint8_t key[14], int forw);
|
|
|
b6b438 |
int sam_rid_crypt(unsigned int rid, const uint8_t *in, uint8_t *out,
|
|
|
b6b438 |
diff --git a/libcli/auth/smbdes.c b/libcli/auth/smbdes.c
|
|
|
b6b438 |
index 4e3499f9d26..6a4f4d1d42a 100644
|
|
|
b6b438 |
--- a/libcli/auth/smbdes.c
|
|
|
b6b438 |
+++ b/libcli/auth/smbdes.c
|
|
|
b6b438 |
@@ -398,11 +398,17 @@ void E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out)
|
|
|
b6b438 |
}
|
|
|
b6b438 |
|
|
|
b6b438 |
/* des encryption with a 128 bit key */
|
|
|
b6b438 |
-void des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16])
|
|
|
b6b438 |
+int des_crypt128(uint8_t out[8], const uint8_t in[8], const uint8_t key[16])
|
|
|
b6b438 |
{
|
|
|
b6b438 |
uint8_t buf[8];
|
|
|
b6b438 |
- des_crypt56(buf, in, key, 1);
|
|
|
b6b438 |
- des_crypt56(out, buf, key+9, 1);
|
|
|
b6b438 |
+ int ret;
|
|
|
b6b438 |
+
|
|
|
b6b438 |
+ ret = des_crypt56_gnutls(buf, in, key, SAMBA_GNUTLS_ENCRYPT);
|
|
|
b6b438 |
+ if (ret != 0) {
|
|
|
b6b438 |
+ return ret;
|
|
|
b6b438 |
+ }
|
|
|
b6b438 |
+
|
|
|
b6b438 |
+ return des_crypt56_gnutls(out, buf, key+9, SAMBA_GNUTLS_ENCRYPT);
|
|
|
b6b438 |
}
|
|
|
b6b438 |
|
|
|
b6b438 |
/* des encryption with a 112 bit (14 byte) key */
|
|
|
b6b438 |
diff --git a/libcli/auth/tests/test_gnutls.c b/libcli/auth/tests/test_gnutls.c
|
|
|
b6b438 |
index 9fafe2a767b..d9acfb67075 100644
|
|
|
b6b438 |
--- a/libcli/auth/tests/test_gnutls.c
|
|
|
b6b438 |
+++ b/libcli/auth/tests/test_gnutls.c
|
|
|
b6b438 |
@@ -362,8 +362,10 @@ static void torture_gnutls_des_crypt128(void **state)
|
|
|
b6b438 |
};
|
|
|
b6b438 |
|
|
|
b6b438 |
uint8_t crypt[8];
|
|
|
b6b438 |
+ int rc;
|
|
|
b6b438 |
|
|
|
b6b438 |
- des_crypt128(crypt, clear, key);
|
|
|
b6b438 |
+ rc = des_crypt128(crypt, clear, key);
|
|
|
b6b438 |
+ assert_int_equal(rc, 0);
|
|
|
b6b438 |
assert_memory_equal(crypt, crypt_expected, 8);
|
|
|
b6b438 |
}
|
|
|
b6b438 |
|
|
|
b6b438 |
--
|
|
|
b6b438 |
2.23.0
|
|
|
b6b438 |
|