s4:libnet: Use GnuTLS RC4 in libnet_SetPassword_samr_handle_23()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c
index 064ef98879a33a14211162ef508d07a8d62ea507..dce3813de389a8895e331c287f8a4828040339ac 100644 (file)
--- a/source4/libnet/libnet_passwd.c
+++ b/source4/libnet/libnet_passwd.c
@@ -457,6 +457,9 @@ static NTSTATUS libnet_SetPassword_samr_handle_23(struct libnet_context *ctx, TA
        struct samr_SetUserInfo2 sui;
        union samr_UserInfo u_info;
        DATA_BLOB session_key;
+       gnutls_cipher_hd_t cipher_hnd = NULL;
+       gnutls_datum_t _session_key;
+       int rc;
 
        if (!r->samr_handle.in.info21) {
                return NT_STATUS_INVALID_PARAMETER_MIX;
@@ -477,7 +480,29 @@ static NTSTATUS libnet_SetPassword_samr_handle_23(struct libnet_context *ctx, TA
                return status;
        }
 
-       arcfour_crypt_blob(u_info.info23.password.data, 516, &session_key);
+       _session_key = (gnutls_datum_t) {
+               .data = session_key.data,
+               .size = session_key.length,
+       };
+
+       rc = gnutls_cipher_init(&cipher_hnd,
+                               GNUTLS_CIPHER_ARCFOUR_128,
+                               &_session_key,
+                               NULL);
+       if (rc < 0) {
+               status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+               goto out;
+       }
+
+       rc = gnutls_cipher_encrypt(cipher_hnd,
+                                  u_info.info23.password.data,
+                                  516);
+       data_blob_clear_free(&session_key);
+       gnutls_cipher_deinit(cipher_hnd);
+       if (rc < 0) {
+               status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+               goto out;
+       }
 
        sui.in.user_handle = r->samr_handle.in.user_handle;
        sui.in.info = &u_info;
@@ -494,6 +519,8 @@ static NTSTATUS libnet_SetPassword_samr_handle_23(struct libnet_context *ctx, TA
                                          "SetUserInfo2 level 23 for [%s] failed: %s",
                                          r->samr_handle.in.account_name, nt_errstr(status));
        }
+
+out:
        return status;
 }