auth:ntlmssp: Use GnuTLS RC4 in ntlmssp server

author Andreas Schneider <asn@samba.org>

Fri, 9 Nov 2018 11:33:10 +0000 (12:33 +0100)

committer Andreas Schneider <asn@cryptomilk.org>

Thu, 27 Jun 2019 12:54:24 +0000 (12:54 +0000)
author Andreas Schneider <asn@samba.org>
Fri, 9 Nov 2018 11:33:10 +0000 (12:33 +0100)
committer Andreas Schneider <asn@cryptomilk.org>
Thu, 27 Jun 2019 12:54:24 +0000 (12:54 +0000)
diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c

index 8fa7baa04d721d3fe5d745d53e7bd3ee16852eaa..5a56a4db99f43bdf294224a87ed3c097ca8b32ae 100644 (file)
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -1033,12 +1033,32 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
                         ntlmssp_state->session_key = session_key;
                         talloc_steal(ntlmssp_state, session_key.data);
                 } else {
+                       gnutls_cipher_hd_t cipher_hnd;
+                       gnutls_datum_t enc_session_key = {
+                               .data = session_key.data,
+                               .size = session_key.length,
+                       };
+                       int rc;
+
                         dump_data_pw("KEY_EXCH session key (enc):\n",
                                      state->encrypted_session_key.data,
                                      state->encrypted_session_key.length);
-                       arcfour_crypt(state->encrypted_session_key.data,
-                                     session_key.data,
-                                     state->encrypted_session_key.length);
+
+                       rc = gnutls_cipher_init(&cipher_hnd,
+                                               GNUTLS_CIPHER_ARCFOUR_128,
+                                               &enc_session_key,
+                                               NULL);
+                       if (rc < 0) {
+                               return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
+                       }
+                       rc = gnutls_cipher_encrypt(cipher_hnd,
+                                                  state->encrypted_session_key.data,
+                                                  state->encrypted_session_key.length);
+                       gnutls_cipher_deinit(cipher_hnd);
+                       if (rc < 0) {
+                               return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
+                       }
+
                         ntlmssp_state->session_key = data_blob_talloc(ntlmssp_state,
                                                                       state->encrypted_session_key.data,
                                                                       state->encrypted_session_key.length);
author	Andreas Schneider <asn@samba.org>
	Fri, 9 Nov 2018 11:33:10 +0000 (12:33 +0100)
committer	Andreas Schneider <asn@cryptomilk.org>
	Thu, 27 Jun 2019 12:54:24 +0000 (12:54 +0000)