#undef _PRINTF_ATTRIBUTE
#define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2)
+#include "lib/crypto/gnutls_helpers.h"
+
/* this file contains prototypes for functions that are private
* to this subsystem or library. These functions should not be
* used outside this particular subsystem! */
/* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/smbdes.c */
void des_crypt56(uint8_t out[8], const uint8_t in[8], const uint8_t key[7], int forw);
+int des_crypt56_gnutls(uint8_t out[8], const uint8_t in[8], const uint8_t key[7],
+ enum samba_gnutls_direction encrypt);
void E_P16(const uint8_t *p14,uint8_t *p16);
void E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24);
void D_P16(const uint8_t *p14, const uint8_t *in, uint8_t *out);
#include "includes.h"
#include "libcli/auth/libcli_auth.h"
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
/* NOTES:
This code makes no attempt to be fast! In fact, it is a very
}
}
+int des_crypt56_gnutls(uint8_t out[8], const uint8_t in[8],
+ const uint8_t key_in[7],
+ enum samba_gnutls_direction encrypt)
+{
+ /*
+ * A single block DES-CBC op, with an all-zero IV is the same as DES
+ * because the IV is combined with the data using XOR.
+ * This allows us to use GNUTLS_CIPHER_DES_CBC from GnuTLS and not
+ * implement single-DES in Samba.
+ *
+ * In turn this is used to build DES-ECB, which is used
+ * for example in the NTLM challenge/response calculation.
+ */
+ static const uint8_t iv8[8];
+ gnutls_datum_t iv = { discard_const(iv8), 8 };
+ gnutls_datum_t key;
+ gnutls_cipher_hd_t ctx;
+ uint8_t key2[8];
+ uint8_t outb[8];
+ int ret;
+
+ memset(out, 0, 8);
+
+ str_to_key(key_in, key2);
+
+ key.data = key2;
+ key.size = 8;
+
+ ret = gnutls_global_init();
+ if (ret != 0) {
+ return ret;
+ }
+
+ ret = gnutls_cipher_init(&ctx, GNUTLS_CIPHER_DES_CBC, &key, &iv);
+ if (ret != 0) {
+ return ret;
+ }
+
+ memcpy(outb, in, 8);
+ if (encrypt == SAMBA_GNUTLS_ENCRYPT) {
+ ret = gnutls_cipher_encrypt(ctx, outb, 8);
+ } else {
+ ret = gnutls_cipher_decrypt(ctx, outb, 8);
+ }
+
+ if (ret == 0) {
+ memcpy(out, outb, 8);
+ }
+
+ gnutls_cipher_deinit(ctx);
+
+ return ret;
+}
+
/*
basic des crypt using a 56 bit (7 byte) key
*/
uint8_t crypt[8];
uint8_t decrypt[8];
+ int rc;
des_crypt56(crypt, clear, key, 1);
assert_memory_equal(crypt, crypt_expected, 8);
des_crypt56(decrypt, crypt, key, 0);
assert_memory_equal(decrypt, clear, 8);
+
+ rc = des_crypt56_gnutls(crypt, clear, key, SAMBA_GNUTLS_ENCRYPT);
+ assert_int_equal(rc, 0);
+ assert_memory_equal(crypt, crypt_expected, 8);
+
+ rc = des_crypt56_gnutls(decrypt, crypt, key, SAMBA_GNUTLS_DECRYPT);
+ assert_int_equal(rc, 0);
+ assert_memory_equal(decrypt, clear, 8);
}
static void torture_gnutls_E_P16(void **state)
bld.SAMBA_SUBSYSTEM('NTLM_CHECK',
source='ntlm_check.c',
- deps = 'talloc'
+ deps = 'talloc LIBCLI_AUTH'
)
bld.SAMBA_SUBSYSTEM('LIBCLI_AUTH',
bld.SAMBA3_MODULE('pdb_ldapsam',
subsystem='pdb',
- deps='smbldap smbldaphelper',
+ deps='smbldap smbldaphelper LIBCLI_AUTH',
source='pdb_ldap.c pdb_nds.c',
init_function='',
internal_module=bld.SAMBA3_IS_STATIC_MODULE('pdb_ldapsam'),
bld.SAMBA3_SUBSYSTEM('RPC_NETLOGON',
source='''netlogon/srv_netlog_nt.c
- ../../librpc/gen_ndr/srv_netlogon.c''')
+ ../../librpc/gen_ndr/srv_netlogon.c''',
+ deps='LIBCLI_AUTH')
bld.SAMBA3_SUBSYSTEM('RPC_NTSVCS',
source='''ntsvcs/srv_ntsvcs_nt.c