summaryrefslogtreecommitdiff
path: root/libcli
diff options
context:
space:
mode:
Diffstat (limited to 'libcli')
-rw-r--r--libcli/auth/proto.h4
-rw-r--r--libcli/auth/session.c42
-rw-r--r--libcli/auth/tests/test_gnutls.c7
3 files changed, 39 insertions, 14 deletions
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index 4c6d7af6763..09ff3687fb7 100644
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -90,8 +90,8 @@ union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx,
/* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/session.c */
-void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *session_key,
- bool forward);
+int sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *session_key,
+ enum samba_gnutls_direction encrypt);
DATA_BLOB sess_encrypt_string(const char *str, const DATA_BLOB *session_key);
char *sess_decrypt_string(TALLOC_CTX *mem_ctx,
DATA_BLOB *blob, const DATA_BLOB *session_key);
diff --git a/libcli/auth/session.c b/libcli/auth/session.c
index 10c728662db..4af70d361af 100644
--- a/libcli/auth/session.c
+++ b/libcli/auth/session.c
@@ -29,10 +29,10 @@
before calling, the out blob must be initialised to be the same size
as the in blob
*/
-void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *session_key,
- bool forward)
+int sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *session_key,
+ enum samba_gnutls_direction encrypt)
{
- int i, k;
+ int i, k, rc;
for (i=0,k=0;
i<in->length;
@@ -47,10 +47,14 @@ void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *sessi
}
memcpy(key, &session_key->data[k], 7);
- des_crypt56(bout, bin, key, forward?1:0);
+ rc = des_crypt56_gnutls(bout, bin, key, encrypt);
+ if (rc != 0) {
+ return rc;
+ }
memcpy(&out->data[i], bout, MIN(8, in->length-i));
}
+ return 0;
}
@@ -67,6 +71,7 @@ DATA_BLOB sess_encrypt_string(const char *str, const DATA_BLOB *session_key)
DATA_BLOB ret, src;
int slen = strlen(str);
int dlen = (slen+7) & ~7;
+ int rc;
src = data_blob(NULL, 8+dlen);
if (!src.data) {
@@ -84,9 +89,13 @@ DATA_BLOB sess_encrypt_string(const char *str, const DATA_BLOB *session_key)
memset(src.data+8, 0, dlen);
memcpy(src.data+8, str, slen);
- sess_crypt_blob(&ret, &src, session_key, true);
+ rc = sess_crypt_blob(&ret, &src, session_key, SAMBA_GNUTLS_ENCRYPT);
data_blob_free(&src);
+ if (rc != 0) {
+ data_blob_free(&ret);
+ return data_blob(NULL, 0);
+ }
return ret;
}
@@ -100,7 +109,7 @@ char *sess_decrypt_string(TALLOC_CTX *mem_ctx,
DATA_BLOB *blob, const DATA_BLOB *session_key)
{
DATA_BLOB out;
- int slen;
+ int rc, slen;
char *ret;
if (blob->length < 8) {
@@ -112,7 +121,11 @@ char *sess_decrypt_string(TALLOC_CTX *mem_ctx,
return NULL;
}
- sess_crypt_blob(&out, blob, session_key, false);
+ rc = sess_crypt_blob(&out, blob, session_key, SAMBA_GNUTLS_DECRYPT);
+ if (rc != 0) {
+ data_blob_free(&out);
+ return NULL;
+ }
if (IVAL(out.data, 4) != 1) {
DEBUG(0,("Unexpected revision number %d in session crypted string\n",
@@ -149,6 +162,7 @@ DATA_BLOB sess_encrypt_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob_in, const DATA_
{
DATA_BLOB ret, src;
int dlen = (blob_in->length+7) & ~7;
+ int rc;
src = data_blob_talloc(mem_ctx, NULL, 8+dlen);
if (!src.data) {
@@ -166,9 +180,13 @@ DATA_BLOB sess_encrypt_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob_in, const DATA_
memset(src.data+8, 0, dlen);
memcpy(src.data+8, blob_in->data, blob_in->length);
- sess_crypt_blob(&ret, &src, session_key, true);
+ rc = sess_crypt_blob(&ret, &src, session_key, SAMBA_GNUTLS_ENCRYPT);
data_blob_free(&src);
+ if (rc != 0) {
+ data_blob_free(&ret);
+ return data_blob(NULL, 0);
+ }
return ret;
}
@@ -180,7 +198,7 @@ NTSTATUS sess_decrypt_blob(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const DAT
DATA_BLOB *ret)
{
DATA_BLOB out;
- int slen;
+ int rc, slen;
if (blob->length < 8) {
DEBUG(0, ("Unexpected length %d in session crypted secret (BLOB)\n",
@@ -193,7 +211,11 @@ NTSTATUS sess_decrypt_blob(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const DAT
return NT_STATUS_NO_MEMORY;
}
- sess_crypt_blob(&out, blob, session_key, false);
+ rc = sess_crypt_blob(&out, blob, session_key, SAMBA_GNUTLS_DECRYPT);
+ if (rc != 0) {
+ data_blob_free(&out);
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+ }
if (IVAL(out.data, 4) != 1) {
DEBUG(2,("Unexpected revision number %d in session crypted secret (BLOB)\n",
diff --git a/libcli/auth/tests/test_gnutls.c b/libcli/auth/tests/test_gnutls.c
index a6692b9a913..707a1bcecc3 100644
--- a/libcli/auth/tests/test_gnutls.c
+++ b/libcli/auth/tests/test_gnutls.c
@@ -494,11 +494,14 @@ static void torture_gnutls_sess_crypt_blob(void **state)
};
DATA_BLOB crypt = data_blob(NULL, 24);
DATA_BLOB decrypt = data_blob(NULL, 24);
+ int rc;
- sess_crypt_blob(&crypt, &clear, &key, true);
+ rc = sess_crypt_blob(&crypt, &clear, &key, SAMBA_GNUTLS_ENCRYPT);
+ assert_int_equal(rc, 0);
assert_memory_equal(crypt.data, crypt_expected, 24);
- sess_crypt_blob(&decrypt, &crypt, &key, false);
+ rc = sess_crypt_blob(&decrypt, &crypt, &key, SAMBA_GNUTLS_DECRYPT);
+ assert_int_equal(rc, 0);
assert_memory_equal(decrypt.data, clear.data, 24);
}
View Lorry Controller Status