From e81c7a540896c9a3fed8d6a8b080f76c83d70369 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 25 Jul 2019 12:50:57 +1200
Subject: [PATCH 036/187] s4:rpc_server: Use
 samba_gnutls_arcfour_confounded_md5() in samr_set_password_ex()

This allows the use of GnuTLS for the underlying RC4 crypto operations.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 9363abfb5fcfeff30295ce0cf94c18941a6c4e9f)
---
 source4/rpc_server/samr/samr_password.c | 34 ++++++-------------------
 1 file changed, 8 insertions(+), 26 deletions(-)

diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index 7c441f38ce2..fde0de2c3cc 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -586,9 +586,11 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
 {
 	NTSTATUS nt_status;
 	DATA_BLOB new_password;
-	DATA_BLOB co_session_key;
+
+	/* The confounder is in the last 16 bytes of the buffer */
+	DATA_BLOB confounder = data_blob_const(&pwbuf->data[516], 16);
+	DATA_BLOB pw_data = data_blob_const(pwbuf->data, 516);
 	DATA_BLOB session_key = data_blob(NULL, 0);
-	gnutls_hash_hd_t hash_hnd = NULL;
 	int rc;
 
 	nt_status = dcesrv_transport_session_key(dce_call, &session_key);
@@ -599,35 +601,15 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
 		return NT_STATUS_WRONG_PASSWORD;
 	}
 
-	co_session_key = data_blob_talloc(mem_ctx, NULL, 16);
-	if (!co_session_key.data) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
+	rc = samba_gnutls_arcfour_confounded_md5(&confounder,
+						 &session_key,
+						 &pw_data,
+						 SAMBA_GNUTLS_DECRYPT);
 	if (rc < 0) {
 		nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
 		goto out;
 	}
 
-	rc = gnutls_hash(hash_hnd, &pwbuf->data[516], 16);
-	if (rc < 0) {
-		gnutls_hash_deinit(hash_hnd, NULL);
-		nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
-		goto out;
-	}
-	rc = gnutls_hash(hash_hnd, session_key.data, session_key.length);
-	if (rc < 0) {
-		gnutls_hash_deinit(hash_hnd, NULL);
-		nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
-		goto out;
-	}
-	gnutls_hash_deinit(hash_hnd, co_session_key.data);
-
-	arcfour_crypt_blob(pwbuf->data, 516, &co_session_key);
-	ZERO_ARRAY_LEN(co_session_key.data,
-		       co_session_key.length);
-
 	if (!extract_pw_from_buffer(mem_ctx, pwbuf->data, &new_password)) {
 		DEBUG(3,("samr: failed to decode password buffer\n"));
 		nt_status = NT_STATUS_WRONG_PASSWORD;
-- 
2.23.0