Blob Blame History Raw
From 15ca4ae322f88f797c571ad7801a9e44a6262d73 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 5 Jul 2019 10:09:32 +0200
Subject: [PATCH 014/187] libcli:auth: Use
 samba_gnutls_arcfour_confounded_md5() for rc4 passwd buffer

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit dea160820a393be51985a4e761a3f73da83972e7)
---
 libcli/auth/smbencrypt.c | 39 +++++++++------------------------------
 1 file changed, 9 insertions(+), 30 deletions(-)

diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index ae97f3cc93e..17c1e1f69ff 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -846,41 +846,20 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,
 NTSTATUS encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532],
 					     const DATA_BLOB *psession_key)
 {
-	gnutls_hash_hd_t hash_hnd = NULL;
-	unsigned char key_out[16];
-	NTSTATUS status;
-	int rc;
-
 	/* Confounder is last 16 bytes. */
+	DATA_BLOB confounder = data_blob_const(&pw_buf[516], 16);
+	DATA_BLOB pw_data = data_blob_const(pw_buf, 516);
+	int rc;
 
-	rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
+	rc = samba_gnutls_arcfour_confounded_md5(&confounder,
+						 psession_key,
+						 &pw_data,
+						 SAMBA_GNUTLS_DECRYPT);
 	if (rc < 0) {
-		status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
-		goto out;
+		return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
 	}
 
-	rc = gnutls_hash(hash_hnd, &pw_buf[516], 16);
-	if (rc < 0) {
-		gnutls_hash_deinit(hash_hnd, NULL);
-		status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
-		goto out;
-	}
-	rc = gnutls_hash(hash_hnd, psession_key->data, psession_key->length);
-	if (rc < 0) {
-		gnutls_hash_deinit(hash_hnd, NULL);
-		status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
-		goto out;
-	}
-	gnutls_hash_deinit(hash_hnd, key_out);
-
-	/* arc4 with key_out. */
-	arcfour_crypt(pw_buf, key_out, 516);
-
-	ZERO_ARRAY(key_out);
-
-	status = NT_STATUS_OK;
-out:
-	return status;
+	return NT_STATUS_OK;
 }
 
 /***********************************************************
-- 
2.23.0