From 6546e97d27e45db9cbfd2f7d8c4838b2fd8d6a6a Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Thu, 4 Jul 2019 16:22:48 +0200 Subject: [PATCH 012/187] s3:rpc_client: Use samba_gnutls_arcfour_confounded_md5 in init_samr_CryptPasswordEx BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031 Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit 2075019ca90d7d474003c87b2f0202239891eba5) --- source3/rpc_client/init_samr.c | 50 ++++++++++------------------------ 1 file changed, 15 insertions(+), 35 deletions(-) diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c index 5f6cbc5d3c7..3968dfea99f 100644 --- a/source3/rpc_client/init_samr.c +++ b/source3/rpc_client/init_samr.c @@ -36,56 +36,36 @@ NTSTATUS init_samr_CryptPasswordEx(const char *pwd, { /* samr_CryptPasswordEx */ - uint8_t pwbuf[532]; - gnutls_hash_hd_t hash_hnd = NULL; - uint8_t confounder[16]; - DATA_BLOB confounded_session_key = data_blob(NULL, 16); - NTSTATUS status; + uint8_t _confounder[16] = {0}; + DATA_BLOB confounder = data_blob_const(_confounder, 16); + uint8_t pwbuf[532] = {0}; + DATA_BLOB encrypt_pwbuf = data_blob_const(pwbuf, 516); bool ok; int rc; ok = encode_pw_buffer(pwbuf, pwd, STR_UNICODE); if (!ok) { - status = NT_STATUS_INTERNAL_ERROR; - goto out; + return NT_STATUS_INTERNAL_ERROR; } - generate_random_buffer((uint8_t *)confounder, 16); + generate_random_buffer(_confounder, sizeof(_confounder)); - rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5); + rc = samba_gnutls_arcfour_confounded_md5(&confounder, + session_key, + &encrypt_pwbuf, + SAMBA_GNUTLS_ENCRYPT); if (rc < 0) { - status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED); - goto out; + ZERO_ARRAY(_confounder); + return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER); } - rc = gnutls_hash(hash_hnd, confounder, 16); - if (rc < 0) { - gnutls_hash_deinit(hash_hnd, NULL); - status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED); - goto out; - } - rc = gnutls_hash(hash_hnd, session_key->data, session_key->length); - if (rc < 0) { - gnutls_hash_deinit(hash_hnd, NULL); - status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED); - goto out; - } - - gnutls_hash_deinit(hash_hnd, confounded_session_key.data); - - arcfour_crypt_blob(pwbuf, 516, &confounded_session_key); - data_blob_clear_free(&confounded_session_key); - - memcpy(&pwbuf[516], confounder, 16); - ZERO_ARRAY(confounder); + memcpy(&pwbuf[516], confounder.data, confounder.length); + ZERO_ARRAY(_confounder); memcpy(pwd_buf->data, pwbuf, sizeof(pwbuf)); ZERO_ARRAY(pwbuf); - status = NT_STATUS_OK; -out: - data_blob_clear_free(&confounded_session_key); - return status; + return NT_STATUS_OK; } /************************************************************************* -- 2.23.0