From: Andreas Schneider <asn@samba.org>
Date: Thu, 17 Jan 2019 13:10:52 +0000 (+0100)
Subject: s3:utils: Use GnuTLS RC4 in npc_rpc_trust
X-Git-Tag: ldb-2.0.5~159
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cd1f41847311ff5aba3e21099a4531078f369850;p=thirdparty%2Fsamba.git

s3:utils: Use GnuTLS RC4 in npc_rpc_trust

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source3/utils/net_rpc_trust.c b/source3/utils/net_rpc_trust.c
index efeb7a609ec..81f6e3a180d 100644
--- a/source3/utils/net_rpc_trust.c
+++ b/source3/utils/net_rpc_trust.c
@@ -23,10 +23,12 @@
 #include "rpc_client/cli_lsarpc.h"
 #include "librpc/gen_ndr/ndr_drsblobs.h"
 #include "../librpc/gen_ndr/ndr_lsa_c.h"
-#include "../lib/crypto/crypto.h"
 #include "../libcli/security/dom_sid.h"
 #include "libsmb/libsmb.h"
 
+#include "lib/crypto/gnutls_helpers.h"
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
 
 #define ARG_OTHERSERVER "otherserver="
 #define ARG_OTHERUSER "otheruser="
@@ -512,6 +514,13 @@ static int rpc_trust_common(struct net_context *net_ctx, int argc,
 	}
 
 	if (op == TRUST_CREATE) {
+		gnutls_cipher_hd_t cipher_hnd = NULL;
+		gnutls_datum_t enc_session_key = {
+			.data = session_key[0].data,
+			.size = session_key[0].length,
+		};
+		int rc;
+
 		if (trust_pw == NULL) {
 			if (other_net_ctx == NULL) {
 				DEBUG(0, ("Missing either trustpw or otherhost.\n"));
@@ -545,9 +554,22 @@ static int rpc_trust_common(struct net_context *net_ctx, int argc,
 		}
 		authinfo.auth_blob.size = auth_blob.length;
 
-		arcfour_crypt_blob(authinfo.auth_blob.data,
-				   authinfo.auth_blob.size,
-				   &session_key[0]);
+		rc = gnutls_cipher_init(&cipher_hnd,
+					GNUTLS_CIPHER_ARCFOUR_128,
+					&enc_session_key,
+					NULL);
+		if (rc < 0) {
+			status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+			goto done;
+		}
+		rc = gnutls_cipher_encrypt(cipher_hnd,
+					   authinfo.auth_blob.data,
+					   authinfo.auth_blob.size);
+		gnutls_cipher_deinit(cipher_hnd);
+		if (rc < 0) {
+			status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+			goto done;
+		}
 
 		status = create_trust(mem_ctx, pipe_hnd[0]->binding_handle,
 				      &pol_hnd[0],
@@ -572,9 +594,27 @@ static int rpc_trust_common(struct net_context *net_ctx, int argc,
 			}
 			authinfo.auth_blob.size = auth_blob.length;
 
-			arcfour_crypt_blob(authinfo.auth_blob.data,
-					   authinfo.auth_blob.size,
-					   &session_key[1]);
+			enc_session_key = (gnutls_datum_t) {
+				.data = session_key[1].data,
+				.size = session_key[1].length,
+			};
+
+			rc = gnutls_cipher_init(&cipher_hnd,
+						GNUTLS_CIPHER_ARCFOUR_128,
+						&enc_session_key,
+						NULL);
+			if (rc < 0) {
+				status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+				goto done;
+			}
+			rc = gnutls_cipher_encrypt(cipher_hnd,
+						   authinfo.auth_blob.data,
+						   authinfo.auth_blob.size);
+			gnutls_cipher_deinit(cipher_hnd);
+			if (rc < 0) {
+				status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+				goto done;
+			}
 
 			status = create_trust(mem_ctx,
 					      pipe_hnd[1]->binding_handle,