search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Describe implication of upstream ICU-22610
[samba.git] / source3 / rpc_client / init_samr.c
blob52fa2f90d6e5da5e1bf0bd69dcfbe3ba5eb714dc
1 /*
2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Guenther Deschner 2008.
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "../libcli/auth/libcli_auth.h"
22 #include "rpc_client/init_samr.h"
23 #include "librpc/rpc/dcerpc_samr.h"
24
25 #include "lib/crypto/gnutls_helpers.h"
26 #include <gnutls/gnutls.h>
27 #include <gnutls/crypto.h>
28
29 /*************************************************************************
30 inits a samr_CryptPasswordEx structure
31 *************************************************************************/
32
33 NTSTATUS init_samr_CryptPasswordEx(const char *pwd,
34 DATA_BLOB *session_key,
35 struct samr_CryptPasswordEx *pwd_buf)
36 {
37 return encode_rc4_passwd_buffer(pwd, session_key, pwd_buf);
38 }
39
40 /*************************************************************************
41 inits a samr_CryptPassword structure
42 *************************************************************************/
43
44 NTSTATUS init_samr_CryptPassword(const char *pwd,
45 DATA_BLOB *session_key,
46 struct samr_CryptPassword *pwd_buf)
47 {
48 /* samr_CryptPassword */
49 gnutls_cipher_hd_t cipher_hnd = NULL;
50 gnutls_datum_t sess_key = {
51 .data = session_key->data,
52 .size = session_key->length,
53 };
54 bool ok;
55 int rc;
56
57 ok = encode_pw_buffer(pwd_buf->data, pwd, STR_UNICODE);
58 if (!ok) {
59 return NT_STATUS_INTERNAL_ERROR;
60 }
61
62 rc = gnutls_cipher_init(&cipher_hnd,
63 GNUTLS_CIPHER_ARCFOUR_128,
64 &sess_key,
65 NULL);
66 if (rc != 0) {
67 return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
68 }
69 rc = gnutls_cipher_encrypt(cipher_hnd,
70 pwd_buf->data,
71 516);
72 gnutls_cipher_deinit(cipher_hnd);
73 if (rc != 0) {
74 return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
75 }
76
77 return NT_STATUS_OK;
78 }
79
80 NTSTATUS init_samr_CryptPasswordAES(TALLOC_CTX *mem_ctx,
81 const char *password,
82 DATA_BLOB *salt,
83 DATA_BLOB *session_key,
84 struct samr_EncryptedPasswordAES *ppwd_buf)
85 {
86 uint8_t pw_data[514] = {0};
87 DATA_BLOB plaintext = {
88 .data = pw_data,
89 .length = sizeof(pw_data),
90 };
91 DATA_BLOB ciphertext = data_blob_null;
92 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
93 bool ok;
94
95 if (ppwd_buf == NULL) {
96 return NT_STATUS_INVALID_PARAMETER;
97 }
98
99 ok = encode_pwd_buffer514_from_str(pw_data, password, STR_UNICODE);
100 if (!ok) {
101 return NT_STATUS_INTERNAL_ERROR;
102 }
103
104 status = samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt(
105 mem_ctx,
106 &plaintext,
107 session_key,
108 &samr_aes256_enc_key_salt,
109 &samr_aes256_mac_key_salt,
110 salt,
111 &ciphertext,
112 ppwd_buf->auth_data);
113 BURN_DATA(pw_data);
114 if (!NT_STATUS_IS_OK(status)) {
115 return status;
116 }
117
118 ppwd_buf->cipher_len = ciphertext.length;
119 ppwd_buf->cipher = ciphertext.data;
120 ppwd_buf->PBKDF2Iterations = 0;
121
122 SMB_ASSERT(salt->length == sizeof(ppwd_buf->salt));
123 memcpy(ppwd_buf->salt, salt->data, salt->length);
124
125 return NT_STATUS_OK;
126 }
Samba git mirror