From 404e810a0e3ea7a86c3efad7711f55abec6d2d0c Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Thu, 7 Nov 2019 13:39:20 +0100
Subject: [PATCH 176/187] SMBsesskeygen_lm_sess_key: use gnutls and return
NTSTATUS
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit bbcf568f317960229caa7486322858093f5d0d04)
---
auth/ntlmssp/ntlmssp_client.c | 16 ++++++++++++----
auth/ntlmssp/ntlmssp_server.c | 15 +++++++++++----
libcli/auth/proto.h | 6 +++---
libcli/auth/smbencrypt.c | 15 ++++++++++++---
libcli/auth/tests/test_gnutls.c | 4 +++-
5 files changed, 41 insertions(+), 15 deletions(-)
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index 2a80feb4fed..58e4e3d6f42 100644
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -673,12 +673,20 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
&& ntlmssp_state->allow_lm_key && lm_session_key.length == 16) {
DATA_BLOB new_session_key = data_blob_talloc(mem_ctx, NULL, 16);
if (lm_response.length == 24) {
- SMBsesskeygen_lm_sess_key(lm_session_key.data, lm_response.data,
- new_session_key.data);
+ nt_status = SMBsesskeygen_lm_sess_key(lm_session_key.data,
+ lm_response.data,
+ new_session_key.data);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
} else {
static const uint8_t zeros[24];
- SMBsesskeygen_lm_sess_key(lm_session_key.data, zeros,
- new_session_key.data);
+ nt_status = SMBsesskeygen_lm_sess_key(lm_session_key.data,
+ zeros,
+ new_session_key.data);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
}
session_key = new_session_key;
dump_data_pw("LM session key\n", session_key.data, session_key.length);
diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
index 5a56a4db99f..29559b3fe02 100644
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -970,8 +970,12 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
if (session_key.data == NULL) {
return NT_STATUS_NO_MEMORY;
}
- SMBsesskeygen_lm_sess_key(lm_session_key.data, ntlmssp_state->lm_resp.data,
- session_key.data);
+ nt_status = SMBsesskeygen_lm_sess_key(lm_session_key.data,
+ ntlmssp_state->lm_resp.data,
+ session_key.data);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
DEBUG(10,("ntlmssp_server_auth: Created NTLM session key.\n"));
} else {
static const uint8_t zeros[24] = {0, };
@@ -980,8 +984,11 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
if (session_key.data == NULL) {
return NT_STATUS_NO_MEMORY;
}
- SMBsesskeygen_lm_sess_key(zeros, zeros,
- session_key.data);
+ nt_status = SMBsesskeygen_lm_sess_key(zeros, zeros,
+ session_key.data);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
DEBUG(10,("ntlmssp_server_auth: Created NTLM session key.\n"));
}
dump_data_pw("LM session key:\n", session_key.data,
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index 4a817e210b2..b7a976c048b 100644
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -140,9 +140,9 @@ NTSTATUS SMBsesskeygen_ntv2(const uint8_t kr[16],
const uint8_t *nt_resp,
uint8_t sess_key[16]);
void SMBsesskeygen_ntv1(const uint8_t kr[16], uint8_t sess_key[16]);
-void SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16],
- const uint8_t lm_resp[24], /* only uses 8 */
- uint8_t sess_key[16]);
+NTSTATUS SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16],
+ const uint8_t lm_resp[24], /* only uses 8 */
+ uint8_t sess_key[16]);
DATA_BLOB NTLMv2_generate_names_blob(TALLOC_CTX *mem_ctx,
const char *hostname,
const char *domain);
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index ab2c47ad9bb..b1d4f985ecf 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -380,7 +380,7 @@ void SMBsesskeygen_ntv1(const uint8_t kr[16], uint8_t sess_key[16])
#endif
}
-void SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16],
+NTSTATUS SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16],
const uint8_t lm_resp[24], /* only uses 8 */
uint8_t sess_key[16])
{
@@ -388,12 +388,19 @@ void SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16],
but changes with each session) */
uint8_t p24[24];
uint8_t partial_lm_hash[14];
+ int rc;
memcpy(partial_lm_hash, lm_hash, 8);
memset(partial_lm_hash + 8, 0xbd, 6);
- des_crypt56(p24, lm_resp, partial_lm_hash, 1);
- des_crypt56(p24+8, lm_resp, partial_lm_hash + 7, 1);
+ rc = des_crypt56_gnutls(p24, lm_resp, partial_lm_hash, SAMBA_GNUTLS_ENCRYPT);
+ if (rc < 0) {
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+ }
+ rc = des_crypt56_gnutls(p24+8, lm_resp, partial_lm_hash + 7, SAMBA_GNUTLS_ENCRYPT);
+ if (rc < 0) {
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+ }
memcpy(sess_key, p24, 16);
@@ -401,6 +408,8 @@ void SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16],
DEBUG(100, ("SMBsesskeygen_lm_sess_key: \n"));
dump_data(100, sess_key, 16);
#endif
+
+ return NT_STATUS_OK;
}
DATA_BLOB NTLMv2_generate_names_blob(TALLOC_CTX *mem_ctx,
diff --git a/libcli/auth/tests/test_gnutls.c b/libcli/auth/tests/test_gnutls.c
index 121848341e6..5bb75c2bab2 100644
--- a/libcli/auth/tests/test_gnutls.c
+++ b/libcli/auth/tests/test_gnutls.c
@@ -447,8 +447,10 @@ static void torture_gnutls_SMBsesskeygen_lm_sess_key(void **state)
};
uint8_t crypt_sess_key[16];
+ NTSTATUS status;
- SMBsesskeygen_lm_sess_key(lm_hash, lm_resp, crypt_sess_key);
+ status = SMBsesskeygen_lm_sess_key(lm_hash, lm_resp, crypt_sess_key);
+ assert_true(NT_STATUS_IS_OK(status));
assert_memory_equal(crypt_sess_key, crypt_expected, 16);
}
--
2.23.0