|
|
b6b438 |
From 00351ef5dd8fb5ab1d036850a99d7dee07dadca1 Mon Sep 17 00:00:00 2001
|
|
|
b6b438 |
From: Andreas Schneider <asn@samba.org>
|
|
|
b6b438 |
Date: Fri, 15 Nov 2019 13:49:40 +0100
|
|
|
b6b438 |
Subject: [PATCH 200/208] s4:rpc_server: Allow to use RC4 for setting passwords
|
|
|
b6b438 |
|
|
|
b6b438 |
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
|
b6b438 |
---
|
|
|
b6b438 |
source4/rpc_server/samr/samr_password.c | 7 +++++++
|
|
|
b6b438 |
1 file changed, 7 insertions(+)
|
|
|
b6b438 |
|
|
|
b6b438 |
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
|
|
|
b6b438 |
index fba236ebdd7..e5e339842b1 100644
|
|
|
b6b438 |
--- a/source4/rpc_server/samr/samr_password.c
|
|
|
b6b438 |
+++ b/source4/rpc_server/samr/samr_password.c
|
|
|
b6b438 |
@@ -618,6 +618,11 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
|
|
|
b6b438 |
.size = session_key.length,
|
|
|
b6b438 |
};
|
|
|
b6b438 |
|
|
|
b6b438 |
+ /*
|
|
|
b6b438 |
+ * This is safe to support as we only have a session key
|
|
|
b6b438 |
+ * over a SMB connection which we force to be encrypted.
|
|
|
b6b438 |
+ */
|
|
|
b6b438 |
+ GNUTLS_FIPS140_SET_LAX_MODE();
|
|
|
b6b438 |
rc = gnutls_cipher_init(&cipher_hnd,
|
|
|
b6b438 |
GNUTLS_CIPHER_ARCFOUR_128,
|
|
|
b6b438 |
&_session_key,
|
|
|
b6b438 |
@@ -635,6 +640,7 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
|
|
|
b6b438 |
nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
|
|
|
b6b438 |
goto out;
|
|
|
b6b438 |
}
|
|
|
b6b438 |
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
|
|
b6b438 |
|
|
|
b6b438 |
if (!extract_pw_from_buffer(mem_ctx, pwbuf->data, &new_password)) {
|
|
|
b6b438 |
DEBUG(3,("samr: failed to decode password buffer\n"));
|
|
|
b6b438 |
@@ -655,6 +661,7 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
|
|
|
b6b438 |
NULL,
|
|
|
b6b438 |
NULL);
|
|
|
b6b438 |
out:
|
|
|
b6b438 |
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
|
|
b6b438 |
return nt_status;
|
|
|
b6b438 |
}
|
|
|
b6b438 |
|
|
|
b6b438 |
--
|
|
|
b6b438 |
2.23.0
|
|
|
b6b438 |
|