|
|
1524bc |
From 007b56943bbec3c3b9b28be08c3088b0d28ba2d8 Mon Sep 17 00:00:00 2001
|
|
|
1524bc |
From: Andreas Schneider <asn@samba.org>
|
|
|
1524bc |
Date: Tue, 12 Nov 2019 16:56:45 +0100
|
|
|
1524bc |
Subject: [PATCH 199/208] s3:rpc_server: Allow RC4 encrypted buffers in
|
|
|
1524bc |
samr_SetUserInfo()
|
|
|
1524bc |
|
|
|
1524bc |
This is only allowed if we have a sealed connections!
|
|
|
1524bc |
|
|
|
1524bc |
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
|
1524bc |
---
|
|
|
1524bc |
source3/rpc_server/samr/srv_samr_nt.c | 24 ++++++++++++++++++++++++
|
|
|
1524bc |
1 file changed, 24 insertions(+)
|
|
|
1524bc |
|
|
|
1524bc |
diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
|
|
|
1524bc |
index 91771e34502..509bce57a3b 100644
|
|
|
1524bc |
--- a/source3/rpc_server/samr/srv_samr_nt.c
|
|
|
1524bc |
+++ b/source3/rpc_server/samr/srv_samr_nt.c
|
|
|
1524bc |
@@ -5210,9 +5210,15 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
|
|
|
1524bc |
if(!NT_STATUS_IS_OK(status)) {
|
|
|
1524bc |
break;
|
|
|
1524bc |
}
|
|
|
1524bc |
+ /*
|
|
|
1524bc |
+ * This can be allowed as it requires a session key
|
|
|
1524bc |
+ * which we only have if we have a SMB session.
|
|
|
1524bc |
+ */
|
|
|
1524bc |
+ GNUTLS_FIPS140_SET_LAX_MODE();
|
|
|
1524bc |
status = arc4_decrypt_data(session_key,
|
|
|
1524bc |
info->info23.password.data,
|
|
|
1524bc |
516);
|
|
|
1524bc |
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
|
|
1524bc |
if(!NT_STATUS_IS_OK(status)) {
|
|
|
1524bc |
break;
|
|
|
1524bc |
}
|
|
|
1524bc |
@@ -5233,9 +5239,15 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
|
|
|
1524bc |
if(!NT_STATUS_IS_OK(status)) {
|
|
|
1524bc |
break;
|
|
|
1524bc |
}
|
|
|
1524bc |
+ /*
|
|
|
1524bc |
+ * This can be allowed as it requires a session key
|
|
|
1524bc |
+ * which we only have if we have a SMB session.
|
|
|
1524bc |
+ */
|
|
|
1524bc |
+ GNUTLS_FIPS140_SET_LAX_MODE();
|
|
|
1524bc |
status = arc4_decrypt_data(session_key,
|
|
|
1524bc |
info->info24.password.data,
|
|
|
1524bc |
516);
|
|
|
1524bc |
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
|
|
1524bc |
if(!NT_STATUS_IS_OK(status)) {
|
|
|
1524bc |
break;
|
|
|
1524bc |
}
|
|
|
1524bc |
@@ -5254,8 +5266,14 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
|
|
|
1524bc |
if(!NT_STATUS_IS_OK(status)) {
|
|
|
1524bc |
break;
|
|
|
1524bc |
}
|
|
|
1524bc |
+ /*
|
|
|
1524bc |
+ * This can be allowed as it requires a session key
|
|
|
1524bc |
+ * which we only have if we have a SMB session.
|
|
|
1524bc |
+ */
|
|
|
1524bc |
+ GNUTLS_FIPS140_SET_LAX_MODE();
|
|
|
1524bc |
status = decode_rc4_passwd_buffer(&session_key,
|
|
|
1524bc |
&info->info25.password);
|
|
|
1524bc |
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
|
|
1524bc |
if (!NT_STATUS_IS_OK(status)) {
|
|
|
1524bc |
break;
|
|
|
1524bc |
}
|
|
|
1524bc |
@@ -5274,8 +5292,14 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
|
|
|
1524bc |
if(!NT_STATUS_IS_OK(status)) {
|
|
|
1524bc |
break;
|
|
|
1524bc |
}
|
|
|
1524bc |
+ /*
|
|
|
1524bc |
+ * This can be allowed as it requires a session key
|
|
|
1524bc |
+ * which we only have if we have a SMB session.
|
|
|
1524bc |
+ */
|
|
|
1524bc |
+ GNUTLS_FIPS140_SET_LAX_MODE();
|
|
|
1524bc |
status = decode_rc4_passwd_buffer(&session_key,
|
|
|
1524bc |
&info->info26.password);
|
|
|
1524bc |
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
|
|
1524bc |
if (!NT_STATUS_IS_OK(status)) {
|
|
|
1524bc |
break;
|
|
|
1524bc |
}
|
|
|
1524bc |
--
|
|
|
1524bc |
2.23.0
|
|
|
1524bc |
|