From 404e810a0e3ea7a86c3efad7711f55abec6d2d0c Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Thu, 7 Nov 2019 13:39:20 +0100 Subject: [PATCH 176/187] SMBsesskeygen_lm_sess_key: use gnutls and return NTSTATUS Signed-off-by: Isaac Boukris Reviewed-by: Andrew Bartlett (cherry picked from commit bbcf568f317960229caa7486322858093f5d0d04) --- auth/ntlmssp/ntlmssp_client.c | 16 ++++++++++++---- auth/ntlmssp/ntlmssp_server.c | 15 +++++++++++---- libcli/auth/proto.h | 6 +++--- libcli/auth/smbencrypt.c | 15 ++++++++++++--- libcli/auth/tests/test_gnutls.c | 4 +++- 5 files changed, 41 insertions(+), 15 deletions(-) diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c index 2a80feb4fed..58e4e3d6f42 100644 --- a/auth/ntlmssp/ntlmssp_client.c +++ b/auth/ntlmssp/ntlmssp_client.c @@ -673,12 +673,20 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security, && ntlmssp_state->allow_lm_key && lm_session_key.length == 16) { DATA_BLOB new_session_key = data_blob_talloc(mem_ctx, NULL, 16); if (lm_response.length == 24) { - SMBsesskeygen_lm_sess_key(lm_session_key.data, lm_response.data, - new_session_key.data); + nt_status = SMBsesskeygen_lm_sess_key(lm_session_key.data, + lm_response.data, + new_session_key.data); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } } else { static const uint8_t zeros[24]; - SMBsesskeygen_lm_sess_key(lm_session_key.data, zeros, - new_session_key.data); + nt_status = SMBsesskeygen_lm_sess_key(lm_session_key.data, + zeros, + new_session_key.data); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } } session_key = new_session_key; dump_data_pw("LM session key\n", session_key.data, session_key.length); diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c index 5a56a4db99f..29559b3fe02 100644 --- a/auth/ntlmssp/ntlmssp_server.c +++ b/auth/ntlmssp/ntlmssp_server.c @@ -970,8 +970,12 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security, if (session_key.data == NULL) { return NT_STATUS_NO_MEMORY; } - SMBsesskeygen_lm_sess_key(lm_session_key.data, ntlmssp_state->lm_resp.data, - session_key.data); + nt_status = SMBsesskeygen_lm_sess_key(lm_session_key.data, + ntlmssp_state->lm_resp.data, + session_key.data); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } DEBUG(10,("ntlmssp_server_auth: Created NTLM session key.\n")); } else { static const uint8_t zeros[24] = {0, }; @@ -980,8 +984,11 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security, if (session_key.data == NULL) { return NT_STATUS_NO_MEMORY; } - SMBsesskeygen_lm_sess_key(zeros, zeros, - session_key.data); + nt_status = SMBsesskeygen_lm_sess_key(zeros, zeros, + session_key.data); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } DEBUG(10,("ntlmssp_server_auth: Created NTLM session key.\n")); } dump_data_pw("LM session key:\n", session_key.data, diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h index 4a817e210b2..b7a976c048b 100644 --- a/libcli/auth/proto.h +++ b/libcli/auth/proto.h @@ -140,9 +140,9 @@ NTSTATUS SMBsesskeygen_ntv2(const uint8_t kr[16], const uint8_t *nt_resp, uint8_t sess_key[16]); void SMBsesskeygen_ntv1(const uint8_t kr[16], uint8_t sess_key[16]); -void SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16], - const uint8_t lm_resp[24], /* only uses 8 */ - uint8_t sess_key[16]); +NTSTATUS SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16], + const uint8_t lm_resp[24], /* only uses 8 */ + uint8_t sess_key[16]); DATA_BLOB NTLMv2_generate_names_blob(TALLOC_CTX *mem_ctx, const char *hostname, const char *domain); diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c index ab2c47ad9bb..b1d4f985ecf 100644 --- a/libcli/auth/smbencrypt.c +++ b/libcli/auth/smbencrypt.c @@ -380,7 +380,7 @@ void SMBsesskeygen_ntv1(const uint8_t kr[16], uint8_t sess_key[16]) #endif } -void SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16], +NTSTATUS SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16], const uint8_t lm_resp[24], /* only uses 8 */ uint8_t sess_key[16]) { @@ -388,12 +388,19 @@ void SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16], but changes with each session) */ uint8_t p24[24]; uint8_t partial_lm_hash[14]; + int rc; memcpy(partial_lm_hash, lm_hash, 8); memset(partial_lm_hash + 8, 0xbd, 6); - des_crypt56(p24, lm_resp, partial_lm_hash, 1); - des_crypt56(p24+8, lm_resp, partial_lm_hash + 7, 1); + rc = des_crypt56_gnutls(p24, lm_resp, partial_lm_hash, SAMBA_GNUTLS_ENCRYPT); + if (rc < 0) { + return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER); + } + rc = des_crypt56_gnutls(p24+8, lm_resp, partial_lm_hash + 7, SAMBA_GNUTLS_ENCRYPT); + if (rc < 0) { + return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER); + } memcpy(sess_key, p24, 16); @@ -401,6 +408,8 @@ void SMBsesskeygen_lm_sess_key(const uint8_t lm_hash[16], DEBUG(100, ("SMBsesskeygen_lm_sess_key: \n")); dump_data(100, sess_key, 16); #endif + + return NT_STATUS_OK; } DATA_BLOB NTLMv2_generate_names_blob(TALLOC_CTX *mem_ctx, diff --git a/libcli/auth/tests/test_gnutls.c b/libcli/auth/tests/test_gnutls.c index 121848341e6..5bb75c2bab2 100644 --- a/libcli/auth/tests/test_gnutls.c +++ b/libcli/auth/tests/test_gnutls.c @@ -447,8 +447,10 @@ static void torture_gnutls_SMBsesskeygen_lm_sess_key(void **state) }; uint8_t crypt_sess_key[16]; + NTSTATUS status; - SMBsesskeygen_lm_sess_key(lm_hash, lm_resp, crypt_sess_key); + status = SMBsesskeygen_lm_sess_key(lm_hash, lm_resp, crypt_sess_key); + assert_true(NT_STATUS_IS_OK(status)); assert_memory_equal(crypt_sess_key, crypt_expected, 16); } -- 2.23.0