]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
netlogon_creds_des_encrypt/decrypt_LMKey: use gnutls and return NTSTATUS
authorIsaac Boukris <iboukris@gmail.com>
Thu, 7 Nov 2019 11:53:52 +0000 (12:53 +0100)
committerAndrew Bartlett <abartlet@samba.org>
Tue, 10 Dec 2019 00:30:30 +0000 (00:30 +0000)
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
libcli/auth/credentials.c
libcli/auth/proto.h

index f1088a1d8e001b5ad42b22f1753ded0893fb014b..d9237f3875ba20889c09ffb912a7aacc2a8685be 100644 (file)
@@ -253,25 +253,40 @@ static NTSTATUS netlogon_creds_step(struct netlogon_creds_CredentialState *creds
        return NT_STATUS_OK;
 }
 
-
 /*
   DES encrypt a 8 byte LMSessionKey buffer using the Netlogon session key
 */
-void netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key)
+NTSTATUS netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds,
+                                         struct netr_LMSessionKey *key)
 {
+       int rc;
        struct netr_LMSessionKey tmp;
-       des_crypt56(tmp.key, key->key, creds->session_key, 1);
+
+       rc = des_crypt56_gnutls(tmp.key, key->key, creds->session_key, SAMBA_GNUTLS_ENCRYPT);
+       if (rc < 0) {
+               return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+       }
        *key = tmp;
+
+       return NT_STATUS_OK;
 }
 
 /*
   DES decrypt a 8 byte LMSessionKey buffer using the Netlogon session key
 */
-void netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key)
+NTSTATUS netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds,
+                                         struct netr_LMSessionKey *key)
 {
+       int rc;
        struct netr_LMSessionKey tmp;
-       des_crypt56(tmp.key, key->key, creds->session_key, 0);
+
+       rc = des_crypt56_gnutls(tmp.key, key->key, creds->session_key, SAMBA_GNUTLS_DECRYPT);
+       if (rc < 0) {
+               return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+       }
        *key = tmp;
+
+       return NT_STATUS_OK;
 }
 
 /*
@@ -849,11 +864,14 @@ static NTSTATUS netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_C
                if (!all_zero(base->LMSessKey.key,
                              sizeof(base->LMSessKey.key))) {
                        if (do_encrypt) {
-                               netlogon_creds_des_encrypt_LMKey(creds,
-                                               &base->LMSessKey);
+                               status = netlogon_creds_des_encrypt_LMKey(creds,
+                                                                         &base->LMSessKey);
                        } else {
-                               netlogon_creds_des_decrypt_LMKey(creds,
-                                               &base->LMSessKey);
+                               status = netlogon_creds_des_decrypt_LMKey(creds,
+                                                                         &base->LMSessKey);
+                       }
+                       if (!NT_STATUS_IS_OK(status)) {
+                               return status;
                        }
                }
        }
index e7c9923abf33402bf6dad648fd222cdcbca7a2d4..4a817e210b2e6c0a400b4d417f89dab186cf6640 100644 (file)
 
 /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/credentials.c  */
 
-void netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key);
-void netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key);
+NTSTATUS netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds,
+                                         struct netr_LMSessionKey *key);
+NTSTATUS netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds,
+                                         struct netr_LMSessionKey *key);
 void netlogon_creds_des_encrypt(struct netlogon_creds_CredentialState *creds, struct samr_Password *pass);
 void netlogon_creds_des_decrypt(struct netlogon_creds_CredentialState *creds, struct samr_Password *pass);
 NTSTATUS netlogon_creds_arcfour_crypt(struct netlogon_creds_CredentialState *creds,