summaryrefslogtreecommitdiff
path: root/auth
diff options
context:
space:
mode:
authorAndreas Schneider <asn@samba.org>2018-10-30 16:56:54 +0100
committerAndrew Bartlett <abartlet@samba.org>2019-05-21 00:03:21 +0000
commitd3ea318ba0e54d8391626e827d7c34c686accdba (patch)
treee33fefa53cd2c1c96cf7265c4d269a46c2aaaba3 /auth
parentfe2a96954457ce724fbb7ac48f51d80b91aa5be9 (diff)
downloadsamba-d3ea318ba0e54d8391626e827d7c34c686accdba.tar.gz
auth:creds: Use GnuTLS MD5 in ntlm creds
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth')
-rw-r--r--auth/credentials/credentials_ntlm.c39
1 files changed, 32 insertions, 7 deletions
diff --git a/auth/credentials/credentials_ntlm.c b/auth/credentials/credentials_ntlm.c
index eed8924567a..fa632fdeda3 100644
--- a/auth/credentials/credentials_ntlm.c
+++ b/auth/credentials/credentials_ntlm.c
@@ -28,6 +28,9 @@
#include "auth/credentials/credentials.h"
#include "auth/credentials/credentials_internal.h"
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
@@ -152,10 +155,10 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
memset(lm_response.data, 0, lm_response.length);
}
} else if (*flags & CLI_CRED_NTLM2) {
- MD5_CTX md5_session_nonce_ctx;
uint8_t session_nonce[16];
uint8_t session_nonce_hash[16];
uint8_t user_session_key[16];
+ int rc;
lm_response = data_blob_talloc_zero(frame, 24);
if (lm_response.data == NULL) {
@@ -167,10 +170,16 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
memcpy(session_nonce, challenge.data, 8);
memcpy(&session_nonce[8], lm_response.data, 8);
- MD5Init(&md5_session_nonce_ctx);
- MD5Update(&md5_session_nonce_ctx, session_nonce,
- sizeof(session_nonce));
- MD5Final(session_nonce_hash, &md5_session_nonce_ctx);
+ rc = gnutls_hash_fast(GNUTLS_DIG_MD5,
+ session_nonce,
+ sizeof(session_nonce),
+ session_nonce_hash);
+ if (rc < 0) {
+ if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
+ return NT_STATUS_NTLM_BLOCKED;
+ }
+ return NT_STATUS_INTERNAL_ERROR;
+ }
DEBUG(5, ("NTLMSSP challenge set by NTLM2\n"));
DEBUG(5, ("challenge is: \n"));
@@ -185,6 +194,8 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
session_nonce_hash,
nt_response.data);
+ ZERO_ARRAY(session_nonce_hash);
+
session_key = data_blob_talloc_zero(frame, 16);
if (session_key.data == NULL) {
TALLOC_FREE(frame);
@@ -192,8 +203,22 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
}
SMBsesskeygen_ntv1(nt_hash->hash, user_session_key);
- hmac_md5(user_session_key, session_nonce, sizeof(session_nonce), session_key.data);
- ZERO_STRUCT(user_session_key);
+
+ rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+ user_session_key,
+ sizeof(user_session_key),
+ session_nonce,
+ sizeof(session_nonce),
+ session_key.data);
+ if (rc < 0) {
+ if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
+ return NT_STATUS_NTLM_BLOCKED;
+ }
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ ZERO_ARRAY(user_session_key);
+
dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length);
/* LM Key is incompatible... */