diff options
author | Andreas Schneider <asn@samba.org> | 2019-01-17 14:10:52 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-06-27 12:54:24 +0000 |
commit | cd1f41847311ff5aba3e21099a4531078f369850 (patch) | |
tree | 66f3ef6e0cf18e678f19f29c3d896bd58e811913 /source3/utils | |
parent | acf605f5959b5d50abbbd2d150f8a1a490ba4e43 (diff) | |
download | samba-cd1f41847311ff5aba3e21099a4531078f369850.tar.gz |
s3:utils: Use GnuTLS RC4 in npc_rpc_trust
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source3/utils')
-rw-r--r-- | source3/utils/net_rpc_trust.c | 54 |
1 files changed, 47 insertions, 7 deletions
diff --git a/source3/utils/net_rpc_trust.c b/source3/utils/net_rpc_trust.c index efeb7a609ec..81f6e3a180d 100644 --- a/source3/utils/net_rpc_trust.c +++ b/source3/utils/net_rpc_trust.c @@ -23,10 +23,12 @@ #include "rpc_client/cli_lsarpc.h" #include "librpc/gen_ndr/ndr_drsblobs.h" #include "../librpc/gen_ndr/ndr_lsa_c.h" -#include "../lib/crypto/crypto.h" #include "../libcli/security/dom_sid.h" #include "libsmb/libsmb.h" +#include "lib/crypto/gnutls_helpers.h" +#include <gnutls/gnutls.h> +#include <gnutls/crypto.h> #define ARG_OTHERSERVER "otherserver=" #define ARG_OTHERUSER "otheruser=" @@ -512,6 +514,13 @@ static int rpc_trust_common(struct net_context *net_ctx, int argc, } if (op == TRUST_CREATE) { + gnutls_cipher_hd_t cipher_hnd = NULL; + gnutls_datum_t enc_session_key = { + .data = session_key[0].data, + .size = session_key[0].length, + }; + int rc; + if (trust_pw == NULL) { if (other_net_ctx == NULL) { DEBUG(0, ("Missing either trustpw or otherhost.\n")); @@ -545,9 +554,22 @@ static int rpc_trust_common(struct net_context *net_ctx, int argc, } authinfo.auth_blob.size = auth_blob.length; - arcfour_crypt_blob(authinfo.auth_blob.data, - authinfo.auth_blob.size, - &session_key[0]); + rc = gnutls_cipher_init(&cipher_hnd, + GNUTLS_CIPHER_ARCFOUR_128, + &enc_session_key, + NULL); + if (rc < 0) { + status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID); + goto done; + } + rc = gnutls_cipher_encrypt(cipher_hnd, + authinfo.auth_blob.data, + authinfo.auth_blob.size); + gnutls_cipher_deinit(cipher_hnd); + if (rc < 0) { + status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID); + goto done; + } status = create_trust(mem_ctx, pipe_hnd[0]->binding_handle, &pol_hnd[0], @@ -572,9 +594,27 @@ static int rpc_trust_common(struct net_context *net_ctx, int argc, } authinfo.auth_blob.size = auth_blob.length; - arcfour_crypt_blob(authinfo.auth_blob.data, - authinfo.auth_blob.size, - &session_key[1]); + enc_session_key = (gnutls_datum_t) { + .data = session_key[1].data, + .size = session_key[1].length, + }; + + rc = gnutls_cipher_init(&cipher_hnd, + GNUTLS_CIPHER_ARCFOUR_128, + &enc_session_key, + NULL); + if (rc < 0) { + status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID); + goto done; + } + rc = gnutls_cipher_encrypt(cipher_hnd, + authinfo.auth_blob.data, + authinfo.auth_blob.size); + gnutls_cipher_deinit(cipher_hnd); + if (rc < 0) { + status = gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID); + goto done; + } status = create_trust(mem_ctx, pipe_hnd[1]->binding_handle, |