diff options
author | Andreas Schneider <asn@samba.org> | 2019-07-08 18:03:00 +0200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2019-07-26 01:48:24 +0000 |
commit | 85e2a3c96ad9acc1a85db189f6418c9d880b4718 (patch) | |
tree | 6afbaa7c0a0c26e2649c4671e043e37b87f54545 /libcli | |
parent | f4a16bfba8d87de883d3d2e54cdc825fc5e01c2b (diff) | |
download | samba-85e2a3c96ad9acc1a85db189f6418c9d880b4718.tar.gz |
libcli:auth: Use samba_gnutls_arcfour_confounded_md5() in encode_wkssvc_join_password_buffer()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'libcli')
-rw-r--r-- | libcli/auth/smbencrypt.c | 69 |
1 files changed, 23 insertions, 46 deletions
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c index 745f47999cd..823e16a3387 100644 --- a/libcli/auth/smbencrypt.c +++ b/libcli/auth/smbencrypt.c @@ -968,65 +968,42 @@ bool extract_pw_from_buffer(TALLOC_CTX *mem_ctx, WERROR encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, const char *pwd, DATA_BLOB *session_key, - struct wkssvc_PasswordBuffer **pwd_buf) + struct wkssvc_PasswordBuffer **out_pwd_buf) { - uint8_t buffer[516]; - gnutls_hash_hd_t hash_hnd = NULL; - struct wkssvc_PasswordBuffer *my_pwd_buf = NULL; - DATA_BLOB confounded_session_key; - int confounder_len = 8; - uint8_t confounder[8]; - WERROR werr; + struct wkssvc_PasswordBuffer *pwd_buf = NULL; + uint8_t _confounder[8] = {0}; + DATA_BLOB confounder = data_blob_const(_confounder, 8); + uint8_t pwbuf[516] = {0}; + DATA_BLOB encrypt_pwbuf = data_blob_const(pwbuf, 516); int rc; - my_pwd_buf = talloc_zero(mem_ctx, struct wkssvc_PasswordBuffer); - if (!my_pwd_buf) { + pwd_buf = talloc_zero(mem_ctx, struct wkssvc_PasswordBuffer); + if (pwd_buf == NULL) { return WERR_NOT_ENOUGH_MEMORY; } - confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16); - - encode_pw_buffer(buffer, pwd, STR_UNICODE); + encode_pw_buffer(pwbuf, pwd, STR_UNICODE); - generate_random_buffer((uint8_t *)confounder, confounder_len); - - rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5); - if (rc < 0) { - werr = gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR); - - goto out; - } - - rc = gnutls_hash(hash_hnd, session_key->data, session_key->length); - if (rc < 0) { - gnutls_hash_deinit(hash_hnd, NULL); - werr = gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR); + generate_random_buffer(_confounder, sizeof(_confounder)); - goto out; - } - rc = gnutls_hash(hash_hnd, confounder, confounder_len); + rc = samba_gnutls_arcfour_confounded_md5(session_key, + &confounder, + &encrypt_pwbuf, + SAMBA_GNUTLS_ENCRYPT); if (rc < 0) { - gnutls_hash_deinit(hash_hnd, NULL); - werr = gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR); - - goto out; + ZERO_ARRAY(_confounder); + TALLOC_FREE(pwd_buf); + return gnutls_error_to_werror(rc, WERR_CONTENT_BLOCKED); } - gnutls_hash_deinit(hash_hnd, confounded_session_key.data); - arcfour_crypt_blob(buffer, 516, &confounded_session_key); - - memcpy(&my_pwd_buf->data[0], confounder, confounder_len); - ZERO_ARRAY(confounder); - memcpy(&my_pwd_buf->data[8], buffer, 516); - ZERO_ARRAY(buffer); - - data_blob_clear_free(&confounded_session_key); + memcpy(&pwd_buf->data[0], confounder.data, confounder.length); + ZERO_ARRAY(_confounder); + memcpy(&pwd_buf->data[8], encrypt_pwbuf.data, encrypt_pwbuf.length); + ZERO_ARRAY(pwbuf); - *pwd_buf = my_pwd_buf; + *out_pwd_buf = pwd_buf; - werr = WERR_OK; -out: - return werr; + return WERR_OK; } WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, |