diff options
| author | Isaac Boukris <iboukris@gmail.com> | 2019-11-08 15:40:01 +0100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2019-12-10 00:30:30 +0000 |
| commit | a5548af018643f2e78c482e33ef0e6073db149e4 (patch) | |
| tree | 324edb9765f2874367e3c9a706504ebaa7653546 /auth | |
| parent | 2eef12904f2c08257394a2ee869960f7c2e09112 (diff) | |
| download | samba-a5548af018643f2e78c482e33ef0e6073db149e4.tar.gz | |
smbdes: convert E_P24() and SMBOWFencrypt to use gnutls
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth')
| -rw-r--r-- | auth/credentials/credentials_ntlm.c | 31 |
1 files changed, 22 insertions, 9 deletions
diff --git a/auth/credentials/credentials_ntlm.c b/auth/credentials/credentials_ntlm.c index bf55ab97b04..f1b22a6c9e2 100644 --- a/auth/credentials/credentials_ntlm.c +++ b/auth/credentials/credentials_ntlm.c @@ -51,6 +51,7 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred DATA_BLOB lm_session_key = data_blob_null; DATA_BLOB session_key = data_blob_null; const struct samr_Password *nt_hash = NULL; + int rc; if (cred->use_kerberos == CRED_MUST_USE_KERBEROS) { TALLOC_FREE(frame); @@ -159,7 +160,6 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred uint8_t session_nonce[16]; uint8_t session_nonce_hash[16]; uint8_t user_session_key[16]; - int rc; lm_response = data_blob_talloc_zero(frame, 24); if (lm_response.data == NULL) { @@ -188,9 +188,13 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; } - SMBOWFencrypt(nt_hash->hash, - session_nonce_hash, - nt_response.data); + rc = SMBOWFencrypt(nt_hash->hash, + session_nonce_hash, + nt_response.data); + if (rc != 0) { + TALLOC_FREE(frame); + return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER); + } ZERO_ARRAY(session_nonce_hash); @@ -228,8 +232,12 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; } - SMBOWFencrypt(nt_hash->hash, challenge.data, - nt_response.data); + rc = SMBOWFencrypt(nt_hash->hash, challenge.data, + nt_response.data); + if (rc != 0) { + TALLOC_FREE(frame); + return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER); + } session_key = data_blob_talloc_zero(frame, 16); if (session_key.data == NULL) { @@ -254,9 +262,14 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred return NT_STATUS_NO_MEMORY; } - SMBencrypt_hash(lm_hash, - challenge.data, - lm_response.data); + rc = SMBencrypt_hash(lm_hash, + challenge.data, + lm_response.data); + if (rc != 0) { + ZERO_STRUCT(lm_hash); + TALLOC_FREE(frame); + return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER); + } } else { /* just copy the nt_response */ lm_response = data_blob_dup_talloc(frame, nt_response); |