From e81c7a540896c9a3fed8d6a8b080f76c83d70369 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 25 Jul 2019 12:50:57 +1200
Subject: [PATCH 036/187] s4:rpc_server: Use
samba_gnutls_arcfour_confounded_md5() in samr_set_password_ex()
This allows the use of GnuTLS for the underlying RC4 crypto operations.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 9363abfb5fcfeff30295ce0cf94c18941a6c4e9f)
---
source4/rpc_server/samr/samr_password.c | 34 ++++++-------------------
1 file changed, 8 insertions(+), 26 deletions(-)
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index 7c441f38ce2..fde0de2c3cc 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -586,9 +586,11 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
{
NTSTATUS nt_status;
DATA_BLOB new_password;
- DATA_BLOB co_session_key;
+
+ /* The confounder is in the last 16 bytes of the buffer */
+ DATA_BLOB confounder = data_blob_const(&pwbuf->data[516], 16);
+ DATA_BLOB pw_data = data_blob_const(pwbuf->data, 516);
DATA_BLOB session_key = data_blob(NULL, 0);
- gnutls_hash_hd_t hash_hnd = NULL;
int rc;
nt_status = dcesrv_transport_session_key(dce_call, &session_key);
@@ -599,35 +601,15 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
return NT_STATUS_WRONG_PASSWORD;
}
- co_session_key = data_blob_talloc(mem_ctx, NULL, 16);
- if (!co_session_key.data) {
- return NT_STATUS_NO_MEMORY;
- }
-
- rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
+ rc = samba_gnutls_arcfour_confounded_md5(&confounder,
+ &session_key,
+ &pw_data,
+ SAMBA_GNUTLS_DECRYPT);
if (rc < 0) {
nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
goto out;
}
- rc = gnutls_hash(hash_hnd, &pwbuf->data[516], 16);
- if (rc < 0) {
- gnutls_hash_deinit(hash_hnd, NULL);
- nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
- goto out;
- }
- rc = gnutls_hash(hash_hnd, session_key.data, session_key.length);
- if (rc < 0) {
- gnutls_hash_deinit(hash_hnd, NULL);
- nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
- goto out;
- }
- gnutls_hash_deinit(hash_hnd, co_session_key.data);
-
- arcfour_crypt_blob(pwbuf->data, 516, &co_session_key);
- ZERO_ARRAY_LEN(co_session_key.data,
- co_session_key.length);
-
if (!extract_pw_from_buffer(mem_ctx, pwbuf->data, &new_password)) {
DEBUG(3,("samr: failed to decode password buffer\n"));
nt_status = NT_STATUS_WRONG_PASSWORD;
--
2.23.0