libcli:smb: Return NTSTATUS for smb_key_derivation()

author Andreas Schneider <asn@samba.org>

Thu, 11 Apr 2019 08:29:04 +0000 (10:29 +0200)

committer Andrew Bartlett <abartlet@samba.org>

Tue, 21 May 2019 00:03:21 +0000 (00:03 +0000)
author Andreas Schneider <asn@samba.org>
Thu, 11 Apr 2019 08:29:04 +0000 (10:29 +0200)
committer Andrew Bartlett <abartlet@samba.org>
Tue, 21 May 2019 00:03:21 +0000 (00:03 +0000)
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c

index 65381a1b9ceba94dee3765b729e7d1f77a77b915..a82146a60f4f839778fff9a91d4a80f75f5999a8 100644 (file)
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -5793,6 +5793,8 @@ NTSTATUS smb1cli_session_set_session_key(struct smbXcli_session *session,
  
  NTSTATUS smb1cli_session_protect_session_key(struct smbXcli_session *session)
  {
+       NTSTATUS status;
+
         if (session->smb1.protected_key) {
                 /* already protected */
                 return NT_STATUS_OK;
@@ -5802,9 +5804,12 @@ NTSTATUS smb1cli_session_protect_session_key(struct smbXcli_session *session)
                 return NT_STATUS_INVALID_PARAMETER_MIX;
         }
  
-       smb_key_derivation(session->smb1.application_key.data,
-                          session->smb1.application_key.length,
-                          session->smb1.application_key.data);
+       status = smb_key_derivation(session->smb1.application_key.data,
+                                   session->smb1.application_key.length,
+                                   session->smb1.application_key.data);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
  
         session->smb1.protected_key = true;
  
diff --git a/libcli/smb/smb_signing.c b/libcli/smb/smb_signing.c

index 89b57b58f40f829c0c5cc8e8c114795177de9770..5783c9da7155c1a870ba73a6c15d8a93bb92f18d 100644 (file)
--- a/libcli/smb/smb_signing.c
+++ b/libcli/smb/smb_signing.c
@@ -506,9 +506,11 @@ bool smb_signing_is_negotiated(struct smb_signing_state *si)
         return si->negotiated;
  }
  
-void smb_key_derivation(const uint8_t *KI, size_t KI_len,
-                       uint8_t KO[16])
+NTSTATUS smb_key_derivation(const uint8_t *KI,
+                           size_t KI_len,
+                           uint8_t KO[16])
  {
+       int rc;
         static const uint8_t SSKeyHash[256] = {
                 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79,
                 0x20, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75,
@@ -545,10 +547,18 @@ void smb_key_derivation(const uint8_t *KI, size_t KI_len,
         };
  
         /* The callers passing down KI_len of 16 so no need to limit to 64 */
-       gnutls_hmac_fast(GNUTLS_MAC_MD5,
-                        KI,
-                        KI_len,
-                        SSKeyHash,
-                        sizeof(SSKeyHash),
-                        KO);
+       rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+                             KI,
+                             KI_len,
+                             SSKeyHash,
+                             sizeof(SSKeyHash),
+                             KO);
+       if (rc < 0) {
+               if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
+                       return NT_STATUS_HASH_NOT_SUPPORTED;
+               }
+               return NT_STATUS_INTERNAL_ERROR;
+       }
+
+       return NT_STATUS_OK;
  }
diff --git a/libcli/smb/smb_signing.h b/libcli/smb/smb_signing.h

index 094b860a44edc3426c3023c2ebb87de02ddd5374..66cf40e40653992087617f8f6c28d425a37cfefc 100644 (file)
--- a/libcli/smb/smb_signing.h
+++ b/libcli/smb/smb_signing.h
@@ -52,7 +52,8 @@ bool smb_signing_is_mandatory(struct smb_signing_state *si);
  bool smb_signing_set_negotiated(struct smb_signing_state *si,
                                 bool allowed, bool mandatory);
  bool smb_signing_is_negotiated(struct smb_signing_state *si);
-void smb_key_derivation(const uint8_t *KI, size_t KI_len,
-                       uint8_t KO[16]);
+NTSTATUS smb_key_derivation(const uint8_t *KI,
+                           size_t KI_len,
+                           uint8_t KO[16]);
  
  #endif /* _SMB_SIGNING_H_ */
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c

index 56b82616ac0b992b45df8ca75a91b8bfb7ce5226..6dc69f7405cd12f8ac2d39c60baaff2c3f60823b 100644 (file)
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -1038,9 +1038,16 @@ void reply_tcon_and_X(struct smb_request *req)
                 }
  
                 if (tcon_flags & TCONX_FLAG_EXTENDED_SIGNATURES) {
-                       smb_key_derivation(x->global->application_key.data,
-                                          x->global->application_key.length,
-                                          x->global->application_key.data);
+                       NTSTATUS status;
+
+                       status = smb_key_derivation(x->global->application_key.data,
+                                                   x->global->application_key.length,
+                                                   x->global->application_key.data);
+                       if (!NT_STATUS_IS_OK(status)) {
+                               DBG_ERR("smb_key_derivation failed: %s\n",
+                                       nt_errstr(status));
+                               return;
+                       }
                         optional_support |= SMB_EXTENDED_SIGNATURES;
                 }
author	Andreas Schneider <asn@samba.org>
	Thu, 11 Apr 2019 08:29:04 +0000 (10:29 +0200)
committer	Andrew Bartlett <abartlet@samba.org>
	Tue, 21 May 2019 00:03:21 +0000 (00:03 +0000)
libcli/smb/smbXcli_base.c		patch \| blob \| history
libcli/smb/smb_signing.c		patch \| blob \| history
libcli/smb/smb_signing.h		patch \| blob \| history
source3/smbd/reply.c		patch \| blob \| history