diff options
| author | Andreas Schneider <asn@samba.org> | 2019-04-11 10:43:13 +0200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2019-05-21 00:03:22 +0000 |
| commit | 631709502390e76efe68b553b1eda5fca39008e2 (patch) | |
| tree | c5c47c9cb72ca63761d10ce99b54fd04a8f8c787 /auth | |
| parent | 6aa30669a1825333a4ad985ce331fd9e2b7fe9da (diff) | |
| download | samba-631709502390e76efe68b553b1eda5fca39008e2.tar.gz | |
auth:gensec: Return NTSTATUS for netsec_do_seq_num()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth')
| -rw-r--r-- | auth/gensec/schannel.c | 34 |
1 files changed, 26 insertions, 8 deletions
diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c index 7a15e17a9c6..c6085dd0ade 100644 --- a/auth/gensec/schannel.c +++ b/auth/gensec/schannel.c @@ -140,10 +140,10 @@ static void netsec_offset_and_sizes(struct schannel_state *state, /******************************************************************* Encode or Decode the sequence number (which is symmetric) ********************************************************************/ -static void netsec_do_seq_num(struct schannel_state *state, - const uint8_t *checksum, - uint32_t checksum_length, - uint8_t seq_num[8]) +static NTSTATUS netsec_do_seq_num(struct schannel_state *state, + const uint8_t *checksum, + uint32_t checksum_length, + uint8_t seq_num[8]) { if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { AES_KEY key; @@ -168,7 +168,10 @@ static void netsec_do_seq_num(struct schannel_state *state, sizeof(zeros), digest1); if (rc < 0) { - return; + if (rc == GNUTLS_E_UNWANTED_ALGORITHM) { + return NT_STATUS_HMAC_NOT_SUPPORTED; + } + return NT_STATUS_INTERNAL_ERROR; } rc = gnutls_hmac_fast(GNUTLS_MAC_MD5, @@ -178,7 +181,10 @@ static void netsec_do_seq_num(struct schannel_state *state, checksum_length, sequence_key); if (rc < 0) { - return; + if (rc == GNUTLS_E_UNWANTED_ALGORITHM) { + return NT_STATUS_HMAC_NOT_SUPPORTED; + } + return NT_STATUS_INTERNAL_ERROR; } ZERO_ARRAY(digest1); @@ -189,6 +195,8 @@ static void netsec_do_seq_num(struct schannel_state *state, } state->seq_num++; + + return NT_STATUS_OK; } static void netsec_do_seal(struct schannel_state *state, @@ -462,7 +470,12 @@ static NTSTATUS netsec_incoming_packet(struct schannel_state *state, return NT_STATUS_ACCESS_DENIED; } - netsec_do_seq_num(state, checksum, checksum_length, seq_num); + status = netsec_do_seq_num(state, checksum, checksum_length, seq_num); + if (!NT_STATUS_IS_OK(status)) { + DBG_WARNING("netsec_do_seq_num failed: %s\n", + nt_errstr(status)); + return status; + } ZERO_ARRAY(checksum); @@ -552,7 +565,12 @@ static NTSTATUS netsec_outgoing_packet(struct schannel_state *state, true); } - netsec_do_seq_num(state, checksum, checksum_length, seq_num); + status = netsec_do_seq_num(state, checksum, checksum_length, seq_num); + if (!NT_STATUS_IS_OK(status)) { + DBG_WARNING("netsec_do_seq_num failed: %s\n", + nt_errstr(status)); + return status; + } (*sig) = data_blob_talloc_zero(mem_ctx, used_sig_size); |