[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Mon Jun 24 07:28:03 UTC 2019
The branch, master has been updated
via 5ae1767970d s4:ntp_signd: Use gnutls_error_to_ntstatus() in ntp_signd
via 4bcf72aa3d4 s4:rpc_server: Use gnutls_error_to_ntstatus() in samr_password
via 5823dc54147 s3:libnet: Use gnutls_error_to_ntstatus() in libnet_passwd
via b21af2f173b auth:creds: Use gnutls_error_to_ntstatus() in credentials_ntlm
via aaf41bf96fd auth:ntlmssp: Use gnutls_error_to_ntstatus() in ntlmssp_sign
via d9a6cbd9e14 auth:ntlmssp: Use gnutls_error_to_ntstatus() in ntlmssp_server
via 35573821b63 auth:ntlmssp: Use gnutls_error_to_ntstatus() in ntlmssp_client
via 226895baa91 libcli:smb: Use gnutls_error_to_ntstatus() in smb_signing
via 702ae158531 libcli:auth: Use gnutls_error_to_ntstatus() in credentials
via c7cea1d49c2 s3:smbd: Use gnutls_error_to_ntstatus() in smb2_sesssetup
via 929e10b5fb7 s3:smbd: Use gnutls_error_to_ntstatus() in smb2_server
via 68d495cadb5 libcli:smb: Use gnutls_error_to_ntstatus() in smbXcli_base.c
via 232c3b6f800 auth:gensec: Use gnutls_error_to_ntstatus() in schannel
via e24a238ab9a libcli:smb: Use gnutls_error_to_ntstatus() in smb2_signing_check_pdu()
via bbdae277647 libcli:smb: Use gnutls_error_to_ntstatus() in smb2_signing_sign_pdu()
via d61601d44f6 libcli:smb: Return NSTATUS for smb2_signing_check_pdu()
via 1f4bd1c3659 s4:libcli: Use gnutls_error_to_ntstatus() or singing
via f54dfd97aac libcli:util: Add gnutls_error
from aa2a3d95098 dnsp.idl: fix payload for DSPROPERTY_ZONE_DELETED_FROM_HOSTNAME
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 5ae1767970de2a765b2a35e137c21b9e24629e17
Author: Andreas Schneider <asn at samba.org>
Date: Thu Jun 13 11:30:55 2019 +0200
s4:ntp_signd: Use gnutls_error_to_ntstatus() in ntp_signd
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Jun 24 07:27:21 UTC 2019 on sn-devel-184
commit 4bcf72aa3d4e5f47a6886726aceefbd944585cad
Author: Andreas Schneider <asn at samba.org>
Date: Thu Jun 13 11:32:28 2019 +0200
s4:rpc_server: Use gnutls_error_to_ntstatus() in samr_password
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5823dc5414742b023b1bfee4c9183c9f474e8205
Author: Andreas Schneider <asn at samba.org>
Date: Thu Jun 13 11:28:43 2019 +0200
s3:libnet: Use gnutls_error_to_ntstatus() in libnet_passwd
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b21af2f173b9b653f81e6a45a18b9505f1c4086c
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 11 15:22:06 2019 +0200
auth:creds: Use gnutls_error_to_ntstatus() in credentials_ntlm
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit aaf41bf96fdba39239c4aa6c8c9ed7386b27f507
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 11 15:21:03 2019 +0200
auth:ntlmssp: Use gnutls_error_to_ntstatus() in ntlmssp_sign
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d9a6cbd9e14e7564877ad262b81c1e4f1eb21b4c
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 11 15:18:26 2019 +0200
auth:ntlmssp: Use gnutls_error_to_ntstatus() in ntlmssp_server
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 35573821b633e421fc02d6620abfdb13f25e7622
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 11 15:16:31 2019 +0200
auth:ntlmssp: Use gnutls_error_to_ntstatus() in ntlmssp_client
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 226895baa914e77d110bef594d640a546392837d
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 11 15:14:42 2019 +0200
libcli:smb: Use gnutls_error_to_ntstatus() in smb_signing
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 702ae158531a4ba0b1342ba7db1c50aae8ea29b6
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 11 15:11:30 2019 +0200
libcli:auth: Use gnutls_error_to_ntstatus() in credentials
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c7cea1d49c2fafd9883ce546a6be4c8ccc30ef80
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 11 14:44:10 2019 +0200
s3:smbd: Use gnutls_error_to_ntstatus() in smb2_sesssetup
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 929e10b5fb7533973cbe2d79b14c86098510ac86
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 11 14:35:25 2019 +0200
s3:smbd: Use gnutls_error_to_ntstatus() in smb2_server
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 68d495cadb5b0fd66e04dbfe0ac39a70248957bf
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 11 12:18:01 2019 +0200
libcli:smb: Use gnutls_error_to_ntstatus() in smbXcli_base.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 232c3b6f800f41e759d9e67718097c84f80cd967
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 11 12:13:50 2019 +0200
auth:gensec: Use gnutls_error_to_ntstatus() in schannel
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e24a238ab9a5db049f11777c1063d1172b72bc85
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 11 12:10:38 2019 +0200
libcli:smb: Use gnutls_error_to_ntstatus() in smb2_signing_check_pdu()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit bbdae2776474348ffb242674056757a2b0a50ba1
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 11 12:09:31 2019 +0200
libcli:smb: Use gnutls_error_to_ntstatus() in smb2_signing_sign_pdu()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d61601d44f67da9cf671dbef6f2f8d9afa0700b7
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 11 12:03:33 2019 +0200
libcli:smb: Return NSTATUS for smb2_signing_check_pdu()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1f4bd1c36591ebe337952e56265f5c829b5f96a3
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 11 10:26:23 2019 +0200
s4:libcli: Use gnutls_error_to_ntstatus() or singing
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f54dfd97aaccd94241340f84936082dd3ea20c5d
Author: Andreas Schneider <asn at samba.org>
Date: Wed May 22 17:09:50 2019 +0200
libcli:util: Add gnutls_error
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/credentials_ntlm.c | 11 +---
auth/gensec/schannel.c | 39 ++++--------
auth/ntlmssp/ntlmssp_client.c | 12 ++--
auth/ntlmssp/ntlmssp_server.c | 26 +++-----
auth/ntlmssp/ntlmssp_sign.c | 24 +++----
libcli/auth/credentials.c | 20 +++---
libcli/smb/smb2_signing.c | 44 +++++++------
libcli/smb/smb2_signing.h | 8 +--
libcli/smb/smbXcli_base.c | 74 +++++++++++++---------
libcli/smb/smb_signing.c | 19 ++----
libcli/util/gnutls_error.c | 69 ++++++++++++++++++++
.../mscat_private.h => libcli/util/gnutls_error.h | 20 +++---
libcli/util/wscript_build | 5 +-
source3/smbd/smb2_server.c | 13 ++--
source3/smbd/smb2_sesssetup.c | 64 ++++++++++++-------
source4/libcli/smb2/signing.c | 5 +-
source4/libnet/libnet_passwd.c | 13 ++--
source4/ntp_signd/ntp_signd.c | 10 ++-
source4/rpc_server/samr/samr_password.c | 7 +-
19 files changed, 279 insertions(+), 204 deletions(-)
create mode 100644 libcli/util/gnutls_error.c
copy lib/mscat/mscat_private.h => libcli/util/gnutls_error.h (59%)
Changeset truncated at 500 lines:
diff --git a/auth/credentials/credentials_ntlm.c b/auth/credentials/credentials_ntlm.c
index fa632fdeda3..f437ee50879 100644
--- a/auth/credentials/credentials_ntlm.c
+++ b/auth/credentials/credentials_ntlm.c
@@ -28,6 +28,7 @@
#include "auth/credentials/credentials.h"
#include "auth/credentials/credentials_internal.h"
+#include "libcli/util/gnutls_error.h"
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
@@ -175,10 +176,7 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
sizeof(session_nonce),
session_nonce_hash);
if (rc < 0) {
- if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
- return NT_STATUS_NTLM_BLOCKED;
- }
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
}
DEBUG(5, ("NTLMSSP challenge set by NTLM2\n"));
@@ -211,10 +209,7 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
sizeof(session_nonce),
session_key.data);
if (rc < 0) {
- if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
- return NT_STATUS_NTLM_BLOCKED;
- }
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
}
ZERO_ARRAY(user_session_key);
diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index c6085dd0ade..d0febc7dc9c 100644
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -36,6 +36,7 @@
#include "lib/crypto/crypto.h"
#include "libds/common/roles.h"
+#include "libcli/util/gnutls_error.h"
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
@@ -168,10 +169,7 @@ static NTSTATUS netsec_do_seq_num(struct schannel_state *state,
sizeof(zeros),
digest1);
if (rc < 0) {
- if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
- return NT_STATUS_HMAC_NOT_SUPPORTED;
- }
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
@@ -181,10 +179,7 @@ static NTSTATUS netsec_do_seq_num(struct schannel_state *state,
checksum_length,
sequence_key);
if (rc < 0) {
- if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
- return NT_STATUS_HMAC_NOT_SUPPORTED;
- }
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
ZERO_ARRAY(digest1);
@@ -299,12 +294,12 @@ static NTSTATUS netsec_do_sign(struct schannel_state *state,
rc = gnutls_hmac(hmac_hnd, header, 8);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
rc = gnutls_hmac(hmac_hnd, confounder, 8);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
} else {
SSVAL(header, 0, NL_SIGN_HMAC_SHA256);
@@ -315,14 +310,14 @@ static NTSTATUS netsec_do_sign(struct schannel_state *state,
rc = gnutls_hmac(hmac_hnd, header, 8);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
}
rc = gnutls_hmac(hmac_hnd, data, length);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
gnutls_hmac_deinit(hmac_hnd, checksum);
@@ -334,16 +329,13 @@ static NTSTATUS netsec_do_sign(struct schannel_state *state,
rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
if (rc < 0) {
- if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
- return NT_STATUS_HASH_NOT_SUPPORTED;
- }
- return NT_STATUS_NO_MEMORY;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
rc = gnutls_hash(hash_hnd, zeros, sizeof(zeros));
if (rc < 0) {
gnutls_hash_deinit(hash_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
if (confounder) {
SSVAL(header, 0, NL_SIGN_HMAC_MD5);
@@ -354,12 +346,12 @@ static NTSTATUS netsec_do_sign(struct schannel_state *state,
rc = gnutls_hash(hash_hnd, header, 8);
if (rc < 0) {
gnutls_hash_deinit(hash_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
rc = gnutls_hash(hash_hnd, confounder, 8);
if (rc < 0) {
gnutls_hash_deinit(hash_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
} else {
SSVAL(header, 0, NL_SIGN_HMAC_MD5);
@@ -370,13 +362,13 @@ static NTSTATUS netsec_do_sign(struct schannel_state *state,
rc = gnutls_hash(hash_hnd, header, 8);
if (rc < 0) {
gnutls_hash_deinit(hash_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
}
rc = gnutls_hash(hash_hnd, data, length);
if (rc < 0) {
gnutls_hash_deinit(hash_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
gnutls_hash_deinit(hash_hnd, packet_digest);
@@ -388,10 +380,7 @@ static NTSTATUS netsec_do_sign(struct schannel_state *state,
checksum);
ZERO_ARRAY(packet_digest);
if (rc < 0) {
- if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
- return NT_STATUS_HASH_NOT_SUPPORTED;
- }
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
}
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index 792afcf6d20..8940522d39c 100644
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -35,6 +35,7 @@ struct auth_session_info;
#include "../auth/ntlmssp/ntlmssp_ndr.h"
#include "../nsswitch/libwbclient/wbclient.h"
+#include "libcli/util/gnutls_error.h"
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
@@ -749,10 +750,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
session_key.data,
MIN(session_key.length, 64));
if (rc < 0) {
- nt_status = NT_STATUS_NO_MEMORY;
- if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
- nt_status = NT_STATUS_NTLM_BLOCKED;
- }
+ nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
goto done;
}
@@ -761,19 +759,19 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
ntlmssp_state->negotiate_blob.length);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
- nt_status = NT_STATUS_INTERNAL_ERROR;
+ nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
goto done;
}
rc = gnutls_hmac(hmac_hnd, in.data, in.length);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
- nt_status = NT_STATUS_INTERNAL_ERROR;
+ nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
goto done;
}
rc = gnutls_hmac(hmac_hnd, out->data, out->length);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
- nt_status = NT_STATUS_INTERNAL_ERROR;
+ nt_status = gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
goto done;
}
diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
index 48bd743ef74..6d090b023f8 100644
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -36,6 +36,7 @@
#include "param/loadparm.h"
#include "libcli/security/session.h"
+#include "libcli/util/gnutls_error.h"
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
@@ -772,10 +773,7 @@ static NTSTATUS ntlmssp_server_preauth(struct gensec_security *gensec_security,
16,
session_nonce_hash);
if (rc < 0) {
- if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
- return NT_STATUS_NTLM_BLOCKED;
- }
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
}
@@ -951,10 +949,7 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
sizeof(state->session_nonce),
session_key.data);
if (rc < 0) {
- if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
- return NT_STATUS_NTLM_BLOCKED;
- }
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
}
DEBUG(10,("ntlmssp_server_auth: Created NTLM2 session key.\n"));
@@ -1067,24 +1062,21 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
ntlmssp_state->session_key.data,
MIN(ntlmssp_state->session_key.length, 64));
if (rc < 0) {
- if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
- return NT_STATUS_NTLM_BLOCKED;
- }
- return NT_STATUS_NO_MEMORY;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
}
rc = gnutls_hmac(hmac_hnd,
ntlmssp_state->negotiate_blob.data,
ntlmssp_state->negotiate_blob.length);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
}
rc = gnutls_hmac(hmac_hnd,
ntlmssp_state->challenge_blob.data,
ntlmssp_state->challenge_blob.length);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
}
/* checked were we set ntlmssp_state->new_spnego */
@@ -1094,19 +1086,19 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
rc = gnutls_hmac(hmac_hnd, request.data, NTLMSSP_MIC_OFFSET);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
}
rc = gnutls_hmac(hmac_hnd, mic_buffer, NTLMSSP_MIC_SIZE);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
}
rc = gnutls_hmac(hmac_hnd,
request.data + (NTLMSSP_MIC_OFFSET + NTLMSSP_MIC_SIZE),
request.length - (NTLMSSP_MIC_OFFSET + NTLMSSP_MIC_SIZE));
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
}
gnutls_hmac_deinit(hmac_hnd, mic_buffer);
diff --git a/auth/ntlmssp/ntlmssp_sign.c b/auth/ntlmssp/ntlmssp_sign.c
index 40f9027d7cf..1c4b11174cb 100644
--- a/auth/ntlmssp/ntlmssp_sign.c
+++ b/auth/ntlmssp/ntlmssp_sign.c
@@ -24,6 +24,7 @@
#include "zlib.h"
#include "../auth/ntlmssp/ntlmssp_private.h"
+#include "libcli/util/gnutls_error.h"
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
@@ -60,20 +61,17 @@ static NTSTATUS calc_ntlmv2_key(uint8_t subkey[16],
rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
if (rc < 0) {
- if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
- return NT_STATUS_NTLM_BLOCKED;
- }
- return NT_STATUS_NO_MEMORY;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
}
rc = gnutls_hash(hash_hnd, session_key.data, session_key.length);
if (rc < 0) {
gnutls_hash_deinit(hash_hnd, NULL);
- return NT_STATUS_NO_MEMORY;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
}
rc = gnutls_hash(hash_hnd, constant, strlen(constant) + 1);
if (rc < 0) {
gnutls_hash_deinit(hash_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
}
gnutls_hash_deinit(hash_hnd, subkey);
@@ -120,10 +118,7 @@ static NTSTATUS ntlmssp_make_packet_signature(struct ntlmssp_state *ntlmssp_stat
ntlmssp_state->crypt->ntlm2.sending.sign_key,
16);
if (rc < 0) {
- if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
- return NT_STATUS_NTLM_BLOCKED;
- }
- return NT_STATUS_NO_MEMORY;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
}
break;
case NTLMSSP_RECEIVE:
@@ -141,10 +136,7 @@ static NTSTATUS ntlmssp_make_packet_signature(struct ntlmssp_state *ntlmssp_stat
ntlmssp_state->crypt->ntlm2.receiving.sign_key,
16);
if (rc < 0) {
- if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
- return NT_STATUS_NTLM_BLOCKED;
- }
- return NT_STATUS_NO_MEMORY;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
}
break;
}
@@ -154,12 +146,12 @@ static NTSTATUS ntlmssp_make_packet_signature(struct ntlmssp_state *ntlmssp_stat
rc = gnutls_hmac(hmac_hnd, seq_num, sizeof(seq_num));
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
}
rc = gnutls_hmac(hmac_hnd, whole_pdu, pdu_length);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_NTLM_BLOCKED);
}
gnutls_hmac_deinit(hmac_hnd, digest);
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index 92a09899d07..1252d0539cd 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -26,6 +26,7 @@
#include "libcli/auth/libcli_auth.h"
#include "../libcli/security/dom_sid.h"
+#include "libcli/util/gnutls_error.h"
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
@@ -88,26 +89,23 @@ static NTSTATUS netlogon_creds_init_128bit(struct netlogon_creds_CredentialState
rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
if (rc < 0) {
- if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
- return NT_STATUS_HASH_NOT_SUPPORTED;
- }
- return NT_STATUS_NO_MEMORY;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
}
rc = gnutls_hash(hash_hnd, zero, sizeof(zero));
if (rc < 0) {
gnutls_hash_deinit(hash_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
}
rc = gnutls_hash(hash_hnd, client_challenge->data, 8);
if (rc < 0) {
gnutls_hash_deinit(hash_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
}
rc = gnutls_hash(hash_hnd, server_challenge->data, 8);
if (rc < 0) {
gnutls_hash_deinit(hash_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
}
gnutls_hash_deinit(hash_hnd, tmp);
@@ -122,7 +120,7 @@ static NTSTATUS netlogon_creds_init_128bit(struct netlogon_creds_CredentialState
ZERO_ARRAY(tmp);
if (rc < 0) {
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
}
return NT_STATUS_OK;
@@ -149,21 +147,21 @@ static NTSTATUS netlogon_creds_init_hmac_sha256(struct netlogon_creds_Credential
machine_password->hash,
sizeof(machine_password->hash));
if (rc < 0) {
- return NT_STATUS_NO_MEMORY;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
rc = gnutls_hmac(hmac_hnd,
client_challenge->data,
8);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
rc = gnutls_hmac(hmac_hnd,
server_challenge->data,
8);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
gnutls_hmac_deinit(hmac_hnd, digest);
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index 62b53ccbe48..cfe89b6ef79 100644
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -24,6 +24,7 @@
#include "../lib/crypto/crypto.h"
#include "lib/util/iov_buf.h"
+#include "libcli/util/gnutls_error.h"
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
@@ -116,7 +117,7 @@ NTSTATUS smb2_signing_sign_pdu(struct smb2_signing_key *signing_key,
signing_key->blob.data,
MIN(signing_key->blob.length, 16));
if (rc < 0) {
- return NT_STATUS_NO_MEMORY;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
}
@@ -125,7 +126,7 @@ NTSTATUS smb2_signing_sign_pdu(struct smb2_signing_key *signing_key,
vector[i].iov_base,
vector[i].iov_len);
if (rc < 0) {
- return NT_STATUS_NO_MEMORY;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
}
gnutls_hmac_output(signing_key->hmac_hnd, digest);
@@ -205,17 +206,17 @@ NTSTATUS smb2_signing_check_pdu(struct smb2_signing_key *signing_key,
signing_key->blob.data,
MIN(signing_key->blob.length, 16));
if (rc < 0) {
- return NT_STATUS_NO_MEMORY;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
}
rc = gnutls_hmac(signing_key->hmac_hnd, hdr, SMB2_HDR_SIGNATURE);
if (rc < 0) {
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
rc = gnutls_hmac(signing_key->hmac_hnd, zero_sig, 16);
if (rc < 0) {
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
--
Samba Shared Repository
More information about the samba-cvs
mailing list