/* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/session.c */
-void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *session_key,
- bool forward);
+int sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *session_key,
+ enum samba_gnutls_direction encrypt);
DATA_BLOB sess_encrypt_string(const char *str, const DATA_BLOB *session_key);
char *sess_decrypt_string(TALLOC_CTX *mem_ctx,
DATA_BLOB *blob, const DATA_BLOB *session_key);
before calling, the out blob must be initialised to be the same size
as the in blob
*/
-void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *session_key,
- bool forward)
+int sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *session_key,
+ enum samba_gnutls_direction encrypt)
{
- int i, k;
+ int i, k, rc;
for (i=0,k=0;
i<in->length;
}
memcpy(key, &session_key->data[k], 7);
- des_crypt56(bout, bin, key, forward?1:0);
+ rc = des_crypt56_gnutls(bout, bin, key, encrypt);
+ if (rc != 0) {
+ return rc;
+ }
memcpy(&out->data[i], bout, MIN(8, in->length-i));
}
+ return 0;
}
DATA_BLOB ret, src;
int slen = strlen(str);
int dlen = (slen+7) & ~7;
+ int rc;
src = data_blob(NULL, 8+dlen);
if (!src.data) {
memset(src.data+8, 0, dlen);
memcpy(src.data+8, str, slen);
- sess_crypt_blob(&ret, &src, session_key, true);
+ rc = sess_crypt_blob(&ret, &src, session_key, SAMBA_GNUTLS_ENCRYPT);
data_blob_free(&src);
+ if (rc != 0) {
+ data_blob_free(&ret);
+ return data_blob(NULL, 0);
+ }
return ret;
}
DATA_BLOB *blob, const DATA_BLOB *session_key)
{
DATA_BLOB out;
- int slen;
+ int rc, slen;
char *ret;
if (blob->length < 8) {
return NULL;
}
- sess_crypt_blob(&out, blob, session_key, false);
+ rc = sess_crypt_blob(&out, blob, session_key, SAMBA_GNUTLS_DECRYPT);
+ if (rc != 0) {
+ data_blob_free(&out);
+ return NULL;
+ }
if (IVAL(out.data, 4) != 1) {
DEBUG(0,("Unexpected revision number %d in session crypted string\n",
{
DATA_BLOB ret, src;
int dlen = (blob_in->length+7) & ~7;
+ int rc;
src = data_blob_talloc(mem_ctx, NULL, 8+dlen);
if (!src.data) {
memset(src.data+8, 0, dlen);
memcpy(src.data+8, blob_in->data, blob_in->length);
- sess_crypt_blob(&ret, &src, session_key, true);
+ rc = sess_crypt_blob(&ret, &src, session_key, SAMBA_GNUTLS_ENCRYPT);
data_blob_free(&src);
+ if (rc != 0) {
+ data_blob_free(&ret);
+ return data_blob(NULL, 0);
+ }
return ret;
}
DATA_BLOB *ret)
{
DATA_BLOB out;
- int slen;
+ int rc, slen;
if (blob->length < 8) {
DEBUG(0, ("Unexpected length %d in session crypted secret (BLOB)\n",
return NT_STATUS_NO_MEMORY;
}
- sess_crypt_blob(&out, blob, session_key, false);
+ rc = sess_crypt_blob(&out, blob, session_key, SAMBA_GNUTLS_DECRYPT);
+ if (rc != 0) {
+ data_blob_free(&out);
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+ }
if (IVAL(out.data, 4) != 1) {
DEBUG(2,("Unexpected revision number %d in session crypted secret (BLOB)\n",
};
DATA_BLOB crypt = data_blob(NULL, 24);
DATA_BLOB decrypt = data_blob(NULL, 24);
+ int rc;
- sess_crypt_blob(&crypt, &clear, &key, true);
+ rc = sess_crypt_blob(&crypt, &clear, &key, SAMBA_GNUTLS_ENCRYPT);
+ assert_int_equal(rc, 0);
assert_memory_equal(crypt.data, crypt_expected, 24);
- sess_crypt_blob(&decrypt, &crypt, &key, false);
+ rc = sess_crypt_blob(&decrypt, &crypt, &key, SAMBA_GNUTLS_DECRYPT);
+ assert_int_equal(rc, 0);
assert_memory_equal(decrypt.data, clear.data, 24);
}
status = NT_STATUS_NO_MEMORY;
goto out;
}
- sess_crypt_blob(&out, &in, &session_key, true);
+ rc = sess_crypt_blob(&out, &in, &session_key, SAMBA_GNUTLS_ENCRYPT);
+ if (rc != 0) {
+ status = gnutls_error_to_ntstatus(rc,
+ NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+ goto out;
+ }
memcpy(info18.nt_pwd.hash, out.data, out.length);
info18.nt_pwd_active = true;
DATA_BLOB *session_key,
struct samu *pwd)
{
+ int rc;
+
if (id18 == NULL) {
DEBUG(2, ("set_user_info_18: id18 is NULL\n"));
return NT_STATUS_INVALID_PARAMETER;
in = data_blob_const(id18->nt_pwd.hash, 16);
out = data_blob_talloc_zero(mem_ctx, 16);
- sess_crypt_blob(&out, &in, session_key, false);
+ rc = sess_crypt_blob(&out, &in, session_key, SAMBA_GNUTLS_DECRYPT);
+ if (rc != 0) {
+ return gnutls_error_to_ntstatus(rc,
+ NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+ }
if (!pdb_set_nt_passwd(pwd, out.data, PDB_CHANGED)) {
return NT_STATUS_ACCESS_DENIED;
in = data_blob_const(id18->lm_pwd.hash, 16);
out = data_blob_talloc_zero(mem_ctx, 16);
- sess_crypt_blob(&out, &in, session_key, false);
+ rc = sess_crypt_blob(&out, &in, session_key, SAMBA_GNUTLS_DECRYPT);
+ if (rc != 0) {
+ return gnutls_error_to_ntstatus(rc,
+ NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+ }
if (!pdb_set_lanman_passwd(pwd, out.data, PDB_CHANGED)) {
return NT_STATUS_ACCESS_DENIED;
struct samu *pwd)
{
NTSTATUS status;
+ int rc;
if (id21 == NULL) {
DEBUG(5, ("set_user_info_21: NULL id21\n"));
in = data_blob_const(id21->nt_owf_password.array, 16);
out = data_blob_talloc_zero(mem_ctx, 16);
- sess_crypt_blob(&out, &in, session_key, false);
+ rc = sess_crypt_blob(&out, &in, session_key, SAMBA_GNUTLS_DECRYPT);
+ if (rc != 0) {
+ return gnutls_error_to_ntstatus(rc,
+ NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+ }
pdb_set_nt_passwd(pwd, out.data, PDB_CHANGED);
pdb_set_pass_last_set_time(pwd, time(NULL), PDB_CHANGED);
in = data_blob_const(id21->lm_owf_password.array, 16);
out = data_blob_talloc_zero(mem_ctx, 16);
- sess_crypt_blob(&out, &in, session_key, false);
+ rc = sess_crypt_blob(&out, &in, session_key, SAMBA_GNUTLS_DECRYPT);
+ if (rc != 0) {
+ return gnutls_error_to_ntstatus(rc,
+ NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+ }
pdb_set_lanman_passwd(pwd, out.data, PDB_CHANGED);
pdb_set_pass_last_set_time(pwd, time(NULL), PDB_CHANGED);
uint8_t password_expired = 0;
struct dcerpc_binding_handle *b = cli->binding_handle;
TALLOC_CTX *frame = NULL;
+ int rc;
if (argc < 4) {
printf("Usage: %s username level password [password_expired]\n",
status = NT_STATUS_NO_MEMORY;
goto done;
}
- sess_crypt_blob(&out, &in, &session_key, true);
+ rc = sess_crypt_blob(&out, &in, &session_key, SAMBA_GNUTLS_ENCRYPT);
+ if (rc != 0) {
+ status = gnutls_error_to_ntstatus(rc,
+ NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+ }
memcpy(nt_hash, out.data, out.length);
}
{
status = NT_STATUS_NO_MEMORY;
goto done;
}
- sess_crypt_blob(&out, &in, &session_key, true);
+ rc = sess_crypt_blob(&out, &in, &session_key, SAMBA_GNUTLS_ENCRYPT);
+ if (rc != 0) {
+ status = gnutls_error_to_ntstatus(rc,
+ NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+ }
memcpy(lm_hash, out.data, out.length);
}
status = NT_STATUS_NO_MEMORY;
goto done;
}
- sess_crypt_blob(&out, &in, &session_key, true);
+ rc = sess_crypt_blob(&out, &in, &session_key, SAMBA_GNUTLS_ENCRYPT);
+ if (rc != 0) {
+ status = gnutls_error_to_ntstatus(rc,
+ NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+ }
info.info21.nt_owf_password.array =
(uint16_t *)talloc_memdup(frame, out.data, 16);
}
DATA_BLOB in,out;
in = data_blob_const(lm_hash, 16);
out = data_blob_talloc_zero(frame, 16);
- sess_crypt_blob(&out, &in, &session_key, true);
+ rc = sess_crypt_blob(&out, &in, &session_key, SAMBA_GNUTLS_ENCRYPT);
+ if (rc != 0) {
+ status = gnutls_error_to_ntstatus(rc,
+ NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+ }
info.info21.lm_owf_password.array =
(uint16_t *)talloc_memdup(frame, out.data, 16);
if (out.data == NULL) {
DATA_BLOB session_key = data_blob(NULL, 0);
DATA_BLOB in, out;
NTSTATUS nt_status = NT_STATUS_OK;
+ int rc;
nt_status = dcesrv_transport_session_key(dce_call, &session_key);
if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_USER_SESSION_KEY)) {
in = data_blob_const(lm_pwd_hash, 16);
out = data_blob_talloc_zero(mem_ctx, 16);
- sess_crypt_blob(&out, &in, &session_key, false);
+ rc = sess_crypt_blob(&out, &in, &session_key, SAMBA_GNUTLS_DECRYPT);
+ if (rc != 0) {
+ return gnutls_error_to_ntstatus(rc,
+ NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+ }
d_lm_pwd_hash = (struct samr_Password *) out.data;
}
in = data_blob_const(nt_pwd_hash, 16);
out = data_blob_talloc_zero(mem_ctx, 16);
- sess_crypt_blob(&out, &in, &session_key, false);
+ rc = sess_crypt_blob(&out, &in, &session_key, SAMBA_GNUTLS_DECRYPT);
+ if (rc != 0) {
+ return gnutls_error_to_ntstatus(rc,
+ NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+ }
d_nt_pwd_hash = (struct samr_Password *) out.data;
}
DATA_BLOB in,out;
in = data_blob_const(nt_hash, 16);
out = data_blob_talloc_zero(tctx, 16);
- sess_crypt_blob(&out, &in, &session_key, true);
+ sess_crypt_blob(&out, &in, &session_key, SAMBA_GNUTLS_ENCRYPT);
memcpy(u.info18.nt_pwd.hash, out.data, out.length);
}
{
DATA_BLOB in,out;
in = data_blob_const(lm_hash, 16);
out = data_blob_talloc_zero(tctx, 16);
- sess_crypt_blob(&out, &in, &session_key, true);
+ sess_crypt_blob(&out, &in, &session_key, SAMBA_GNUTLS_ENCRYPT);
memcpy(u.info18.lm_pwd.hash, out.data, out.length);
}
in = data_blob_const(u.info21.lm_owf_password.array,
u.info21.lm_owf_password.length);
out = data_blob_talloc_zero(tctx, 16);
- sess_crypt_blob(&out, &in, &session_key, true);
+ sess_crypt_blob(&out, &in, &session_key, SAMBA_GNUTLS_ENCRYPT);
u.info21.lm_owf_password.array = (uint16_t *)out.data;
}
in = data_blob_const(u.info21.nt_owf_password.array,
u.info21.nt_owf_password.length);
out = data_blob_talloc_zero(tctx, 16);
- sess_crypt_blob(&out, &in, &session_key, true);
+ sess_crypt_blob(&out, &in, &session_key, SAMBA_GNUTLS_ENCRYPT);
u.info21.nt_owf_password.array = (uint16_t *)out.data;
}
DATA_BLOB in,out;
in = data_blob_const(u.info18.nt_pwd.hash, 16);
out = data_blob_talloc_zero(tctx, 16);
- sess_crypt_blob(&out, &in, &session_key, true);
+ sess_crypt_blob(&out, &in, &session_key, SAMBA_GNUTLS_ENCRYPT);
memcpy(u.info18.nt_pwd.hash, out.data, out.length);
}
{
DATA_BLOB in,out;
in = data_blob_const(u.info18.lm_pwd.hash, 16);
out = data_blob_talloc_zero(tctx, 16);
- sess_crypt_blob(&out, &in, &session_key, true);
+ sess_crypt_blob(&out, &in, &session_key, SAMBA_GNUTLS_ENCRYPT);
memcpy(u.info18.lm_pwd.hash, out.data, out.length);
}
in = data_blob_const(u.info21.lm_owf_password.array,
u.info21.lm_owf_password.length);
out = data_blob_talloc_zero(tctx, 16);
- sess_crypt_blob(&out, &in, &session_key, true);
+ sess_crypt_blob(&out, &in, &session_key, SAMBA_GNUTLS_ENCRYPT);
u.info21.lm_owf_password.array = (uint16_t *)out.data;
}
if (fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT) {
in = data_blob_const(u.info21.nt_owf_password.array,
u.info21.nt_owf_password.length);
out = data_blob_talloc_zero(tctx, 16);
- sess_crypt_blob(&out, &in, &session_key, true);
+ sess_crypt_blob(&out, &in, &session_key, SAMBA_GNUTLS_ENCRYPT);
u.info21.nt_owf_password.array = (uint16_t *)out.data;
}
break;