diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2019-08-16 13:55:49 +1200 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2019-08-21 09:57:30 +0000 |
| commit | d515b255aa67186ff375af0b465c49722eb56427 (patch) | |
| tree | 86b6b2a67ec8a7cb1eb13e1220bc987c9d681c9b /libcli/auth/credentials.c | |
| parent | 5ae119e7e9ddcfb3473e14585ba6079147a307bd (diff) | |
| download | samba-d515b255aa67186ff375af0b465c49722eb56427.tar.gz | |
libcli:auth Check NTSTATUS from netlogon_creds_aes_{en,de}crypt()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'libcli/auth/credentials.c')
| -rw-r--r-- | libcli/auth/credentials.c | 76 |
1 files changed, 53 insertions, 23 deletions
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index 955e08b7385..baa436df71b 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -712,27 +712,36 @@ static NTSTATUS netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_C /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */ if (!all_zero(base->key.key, sizeof(base->key.key))) { if (do_encrypt) { - netlogon_creds_aes_encrypt(creds, - base->key.key, - sizeof(base->key.key)); + status = netlogon_creds_aes_encrypt( + creds, + base->key.key, + sizeof(base->key.key)); } else { - netlogon_creds_aes_decrypt(creds, - base->key.key, - sizeof(base->key.key)); + status = netlogon_creds_aes_decrypt( + creds, + base->key.key, + sizeof(base->key.key)); + } + if (!NT_STATUS_IS_OK(status)) { + return status; } } if (!all_zero(base->LMSessKey.key, sizeof(base->LMSessKey.key))) { if (do_encrypt) { - netlogon_creds_aes_encrypt(creds, - base->LMSessKey.key, - sizeof(base->LMSessKey.key)); - + status = netlogon_creds_aes_encrypt( + creds, + base->LMSessKey.key, + sizeof(base->LMSessKey.key)); } else { - netlogon_creds_aes_decrypt(creds, - base->LMSessKey.key, - sizeof(base->LMSessKey.key)); + status = netlogon_creds_aes_decrypt( + creds, + base->LMSessKey.key, + sizeof(base->LMSessKey.key)); + } + if (!NT_STATUS_IS_OK(status)) { + return status; } } } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { @@ -818,18 +827,34 @@ static NTSTATUS netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_Creden h = logon->password->lmpassword.hash; if (!all_zero(h, 16)) { if (do_encrypt) { - netlogon_creds_aes_encrypt(creds, h, 16); + status = netlogon_creds_aes_encrypt( + creds, + h, + 16); } else { - netlogon_creds_aes_decrypt(creds, h, 16); + status = netlogon_creds_aes_decrypt( + creds, + h, + 16); + } + if (!NT_STATUS_IS_OK(status)) { + return status; } } h = logon->password->ntpassword.hash; if (!all_zero(h, 16)) { if (do_encrypt) { - netlogon_creds_aes_encrypt(creds, h, 16); + status = netlogon_creds_aes_encrypt(creds, + h, + 16); } else { - netlogon_creds_aes_decrypt(creds, h, 16); + status = netlogon_creds_aes_decrypt(creds, + h, + 16); + } + if (!NT_STATUS_IS_OK(status)) { + return status; } } } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { @@ -887,13 +912,18 @@ static NTSTATUS netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_Creden if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { if (do_encrypt) { - netlogon_creds_aes_encrypt(creds, - logon->generic->data, - logon->generic->length); + status = netlogon_creds_aes_encrypt( + creds, + logon->generic->data, + logon->generic->length); } else { - netlogon_creds_aes_decrypt(creds, - logon->generic->data, - logon->generic->length); + status = netlogon_creds_aes_decrypt( + creds, + logon->generic->data, + logon->generic->length); + } + if (!NT_STATUS_IS_OK(status)) { + return status; } } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { status = netlogon_creds_arcfour_crypt(creds, |