From ca20c23eb8c468d96f7e302ab32362d61adb4d8f Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 13 Nov 2019 12:48:18 +0100
Subject: [PATCH 141/187] libcli:auth: Return NTSTATUS for SMBOWFencrypt_ntv2()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit dc75a5f27eb32caf2f2adc289bc82fb0f8042cb3)
---
libcli/auth/proto.h | 8 ++++----
libcli/auth/smbencrypt.c | 25 +++++++++++++++----------
2 files changed, 19 insertions(+), 14 deletions(-)
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index 4c20783124b..52a33d8d457 100644
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -135,10 +135,10 @@ bool ntv2_owf_gen(const uint8_t owf[16],
void SMBOWFencrypt(const uint8_t passwd[16], const uint8_t *c8, uint8_t p24[24]);
void SMBNTencrypt_hash(const uint8_t nt_hash[16], const uint8_t *c8, uint8_t *p24);
void SMBNTencrypt(const char *passwd, const uint8_t *c8, uint8_t *p24);
-void SMBOWFencrypt_ntv2(const uint8_t kr[16],
- const DATA_BLOB *srv_chal,
- const DATA_BLOB *smbcli_chal,
- uint8_t resp_buf[16]);
+NTSTATUS SMBOWFencrypt_ntv2(const uint8_t kr[16],
+ const DATA_BLOB *srv_chal,
+ const DATA_BLOB *smbcli_chal,
+ uint8_t resp_buf[16]);
NTSTATUS SMBsesskeygen_ntv2(const uint8_t kr[16],
const uint8_t *nt_resp,
uint8_t sess_key[16]);
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index 1412274dd21..e7ed0630cdc 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -334,12 +334,13 @@ void SMBNTencrypt(const char *passwd, const uint8_t *c8, uint8_t *p24)
/* Does the md5 encryption from the Key Response for NTLMv2. */
-void SMBOWFencrypt_ntv2(const uint8_t kr[16],
- const DATA_BLOB *srv_chal,
- const DATA_BLOB *smbcli_chal,
- uint8_t resp_buf[16])
+NTSTATUS SMBOWFencrypt_ntv2(const uint8_t kr[16],
+ const DATA_BLOB *srv_chal,
+ const DATA_BLOB *smbcli_chal,
+ uint8_t resp_buf[16])
{
gnutls_hmac_hd_t hmac_hnd = NULL;
+ NTSTATUS status;
int rc;
rc = gnutls_hmac_init(&hmac_hnd,
@@ -347,27 +348,31 @@ void SMBOWFencrypt_ntv2(const uint8_t kr[16],
kr,
16);
if (rc < 0) {
- return;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
rc = gnutls_hmac(hmac_hnd, srv_chal->data, srv_chal->length);
if (rc < 0) {
- return;
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
+ goto out;
}
rc = gnutls_hmac(hmac_hnd, smbcli_chal->data, smbcli_chal->length);
if (rc < 0) {
- gnutls_hmac_deinit(hmac_hnd, NULL);
- return;
+ status = gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
+ goto out;
}
- gnutls_hmac_deinit(hmac_hnd, resp_buf);
-
#ifdef DEBUG_PASSWORD
DEBUG(100, ("SMBOWFencrypt_ntv2: srv_chal, smbcli_chal, resp_buf\n"));
dump_data(100, srv_chal->data, srv_chal->length);
dump_data(100, smbcli_chal->data, smbcli_chal->length);
dump_data(100, resp_buf, 16);
#endif
+
+ status = NT_STATUS_OK;
+out:
+ gnutls_hmac_deinit(hmac_hnd, resp_buf);
+ return status;
}
NTSTATUS SMBsesskeygen_ntv2(const uint8_t kr[16],
--
2.23.0