libcli/auth: make sure low level crypto function are not used directly

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index ec5552e60c07ccabbf4d3b7a2b0d55b9edabdbd1..d9ba349ef70860eccc140a47dfd621b22bcc7001 100644 (file)
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -30,6 +30,12 @@
 #include <gnutls/gnutls.h>
 #include <gnutls/crypto.h>
 
+#undef netlogon_creds_des_encrypt
+#undef netlogon_creds_des_decrypt
+#undef netlogon_creds_arcfour_crypt
+#undef netlogon_creds_aes_encrypt
+#undef netlogon_creds_aes_decrypt
+
 bool netlogon_creds_is_random_challenge(const struct netr_Credential *challenge)
 {
        /*

diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index 53a7d2062dbd4b9ae6f1c4540a9e9ecd14e66743..f14568df0a5037764e1501e819840788e0f132f8 100644 (file)
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -30,6 +30,13 @@ NTSTATUS netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds
                                    uint8_t *data,
                                    size_t len);
 
+/* These should not be used directly! */
+#define netlogon_creds_des_encrypt __DO_NOT_USE_netlogon_creds_des_encrypt
+#define netlogon_creds_des_decrypt __DO_NOT_USE_netlogon_creds_des_decrypt
+#define netlogon_creds_arcfour_crypt __DO_NOT_USE_netlogon_creds_arcfour_crypt
+#define netlogon_creds_aes_encrypt __DO_NOT_USE_netlogon_creds_aes_encrypt
+#define netlogon_creds_aes_decrypt __DO_NOT_USE_netlogon_creds_aes_decrypt
+
 /*****************************************************************
 The above functions are common to the client and server interface
 next comes the client specific functions

diff --git a/libcli/samsync/decrypt.c b/libcli/samsync/decrypt.c
index 77ef93251bc96c2b343b853a9d49eadd9ad916bc..25b390596ac4f765caa9a2f3c1b37499ca5d8546 100644 (file)
--- a/libcli/samsync/decrypt.c
+++ b/libcli/samsync/decrypt.c
@@ -27,6 +27,8 @@
 #include "librpc/gen_ndr/ndr_netlogon.h"
 #include "lib/crypto/gnutls_helpers.h"
 
+#undef netlogon_creds_arcfour_crypt
+
 /**
  * Decrypt and extract the user's passwords.
  *

diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c
index 2141b6a78b06afc1d59f9ab74f2f3fe0a91e7925..811a0ceb986af9f37c1e3a3d315985415015b1b7 100644 (file)
--- a/source4/torture/rpc/samba3rpc.c
+++ b/source4/torture/rpc/samba3rpc.c
@@ -1278,7 +1278,9 @@ static bool schan(struct torture_context *tctx,
                 *
                 * in order to detect bugs
                 */
+#undef netlogon_creds_aes_encrypt
                netlogon_creds_aes_encrypt(creds_state, pinfo.ntpassword.hash, 16);
+#define netlogon_creds_aes_encrypt __DO_NOT_USE_netlogon_creds_aes_encrypt
 
                r.in.logon_level = NetlogonInteractiveInformation;
                r.in.logon = &logon;