summaryrefslogtreecommitdiff
path: root/libcli
diff options
context:
space:
mode:
authorAndreas Schneider <asn@samba.org>2019-07-08 18:03:00 +0200
committerAndrew Bartlett <abartlet@samba.org>2019-07-26 01:48:24 +0000
commit85e2a3c96ad9acc1a85db189f6418c9d880b4718 (patch)
tree6afbaa7c0a0c26e2649c4671e043e37b87f54545 /libcli
parentf4a16bfba8d87de883d3d2e54cdc825fc5e01c2b (diff)
downloadsamba-85e2a3c96ad9acc1a85db189f6418c9d880b4718.tar.gz
libcli:auth: Use samba_gnutls_arcfour_confounded_md5() in encode_wkssvc_join_password_buffer()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'libcli')
-rw-r--r--libcli/auth/smbencrypt.c69
1 files changed, 23 insertions, 46 deletions
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index 745f47999cd..823e16a3387 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -968,65 +968,42 @@ bool extract_pw_from_buffer(TALLOC_CTX *mem_ctx,
WERROR encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
const char *pwd,
DATA_BLOB *session_key,
- struct wkssvc_PasswordBuffer **pwd_buf)
+ struct wkssvc_PasswordBuffer **out_pwd_buf)
{
- uint8_t buffer[516];
- gnutls_hash_hd_t hash_hnd = NULL;
- struct wkssvc_PasswordBuffer *my_pwd_buf = NULL;
- DATA_BLOB confounded_session_key;
- int confounder_len = 8;
- uint8_t confounder[8];
- WERROR werr;
+ struct wkssvc_PasswordBuffer *pwd_buf = NULL;
+ uint8_t _confounder[8] = {0};
+ DATA_BLOB confounder = data_blob_const(_confounder, 8);
+ uint8_t pwbuf[516] = {0};
+ DATA_BLOB encrypt_pwbuf = data_blob_const(pwbuf, 516);
int rc;
- my_pwd_buf = talloc_zero(mem_ctx, struct wkssvc_PasswordBuffer);
- if (!my_pwd_buf) {
+ pwd_buf = talloc_zero(mem_ctx, struct wkssvc_PasswordBuffer);
+ if (pwd_buf == NULL) {
return WERR_NOT_ENOUGH_MEMORY;
}
- confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
-
- encode_pw_buffer(buffer, pwd, STR_UNICODE);
+ encode_pw_buffer(pwbuf, pwd, STR_UNICODE);
- generate_random_buffer((uint8_t *)confounder, confounder_len);
-
- rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
- if (rc < 0) {
- werr = gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
-
- goto out;
- }
-
- rc = gnutls_hash(hash_hnd, session_key->data, session_key->length);
- if (rc < 0) {
- gnutls_hash_deinit(hash_hnd, NULL);
- werr = gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
+ generate_random_buffer(_confounder, sizeof(_confounder));
- goto out;
- }
- rc = gnutls_hash(hash_hnd, confounder, confounder_len);
+ rc = samba_gnutls_arcfour_confounded_md5(session_key,
+ &confounder,
+ &encrypt_pwbuf,
+ SAMBA_GNUTLS_ENCRYPT);
if (rc < 0) {
- gnutls_hash_deinit(hash_hnd, NULL);
- werr = gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
-
- goto out;
+ ZERO_ARRAY(_confounder);
+ TALLOC_FREE(pwd_buf);
+ return gnutls_error_to_werror(rc, WERR_CONTENT_BLOCKED);
}
- gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
- arcfour_crypt_blob(buffer, 516, &confounded_session_key);
-
- memcpy(&my_pwd_buf->data[0], confounder, confounder_len);
- ZERO_ARRAY(confounder);
- memcpy(&my_pwd_buf->data[8], buffer, 516);
- ZERO_ARRAY(buffer);
-
- data_blob_clear_free(&confounded_session_key);
+ memcpy(&pwd_buf->data[0], confounder.data, confounder.length);
+ ZERO_ARRAY(_confounder);
+ memcpy(&pwd_buf->data[8], encrypt_pwbuf.data, encrypt_pwbuf.length);
+ ZERO_ARRAY(pwbuf);
- *pwd_buf = my_pwd_buf;
+ *out_pwd_buf = pwd_buf;
- werr = WERR_OK;
-out:
- return werr;
+ return WERR_OK;
}
WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
View Lorry Controller Status