[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Tue May 7 05:04:03 UTC 2019
The branch, master has been updated
via 3d42e257a61 s4 dns_server Bind9: Log opertion durations
via 20099588089 lib:crypto: Remove unused SHA512
via 812f5d60edc s3:smbd: Use GnuTLS SHA512 in smb2 session setup
via b99c04fcaf5 s3:smbd: Use GnuTLS SHA512 in smb2 server
via d2a4088cc3c libcli:smb: Use GnuTLS SHA512 in smbXcli_base
from 1d8c4c64b12 gitlab-ci: Enable building on CentOS7
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3d42e257a617e4c20d814e87a6920bfb4bb69134
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Fri Apr 5 11:13:15 2019 +1300
s4 dns_server Bind9: Log opertion durations
Add duration debug logging to the samba bind9 dlz driver and the
dnsserver_common routines. This should aid future diagnosis of
performance issues, and could be used to monitor DNS performance.
The logs are currently Human readable text only, i.e. no JSON formatted
output.
Log lines are of the form:
<function>: DNS timing: result: [<result>] \
duration: (<duration>) zone: [<zone>] name: [<name>] \
data: [<data>]
e.g.
dns_common_wildcard_lookup: DNS timing: result: [WERR_OK] \
duration: (111) zone: [] \
name: [DC=_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones,\
DC=chgdcpassword.samba.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,\
DC=chgdcpassword,DC=samba,DC=example,DC=com] data: []
Enabled by setting log level to "dns:10"
durations are in microseconds.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue May 7 05:03:26 UTC 2019 on sn-devel-184
commit 200995880893b379de2fe2f9269baab6678cd6f6
Author: Andreas Schneider <asn at samba.org>
Date: Mon Oct 22 18:20:04 2018 +0200
lib:crypto: Remove unused SHA512
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 812f5d60edce7ec8b328c8ada7dbc6db39f6adbd
Author: Andreas Schneider <asn at samba.org>
Date: Mon Oct 22 17:48:43 2018 +0200
s3:smbd: Use GnuTLS SHA512 in smb2 session setup
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b99c04fcaf583ca35bb789b980593a4405ee01b7
Author: Andreas Schneider <asn at samba.org>
Date: Mon Oct 22 17:44:33 2018 +0200
s3:smbd: Use GnuTLS SHA512 in smb2 server
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d2a4088cc3c905027df2d189f790fc82c583c63c
Author: Andreas Schneider <asn at samba.org>
Date: Wed Oct 17 18:09:06 2018 +0200
libcli:smb: Use GnuTLS SHA512 in smbXcli_base
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/crypto/sha512.c | 273 ------------------------------
lib/crypto/sha512.h | 64 -------
lib/crypto/wscript_build | 2 +-
lib/crypto/wscript_configure | 2 -
libcli/smb/smbXcli_base.c | 106 ++++++++++--
source3/smbd/smb2_server.c | 62 +++++--
source3/smbd/smb2_sesssetup.c | 63 +++++--
source4/dns_server/dlz_bind9.c | 306 ++++++++++++++++++++++++++--------
source4/dns_server/dnsserver_common.c | 139 +++++++++++----
source4/dns_server/dnsserver_common.h | 29 ++++
10 files changed, 546 insertions(+), 500 deletions(-)
delete mode 100644 lib/crypto/sha512.c
delete mode 100644 lib/crypto/sha512.h
Changeset truncated at 500 lines:
diff --git a/lib/crypto/sha512.c b/lib/crypto/sha512.c
deleted file mode 100644
index 41be1ec0e96..00000000000
--- a/lib/crypto/sha512.c
+++ /dev/null
@@ -1,273 +0,0 @@
-/*
- * Copyright (c) 2006, 2010 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "replace.h"
-#include "sha512.h"
-
-#ifndef min
-#define min(a,b) (((a)>(b))?(b):(a))
-#endif
-
-static inline uint64_t
-cshift64 (uint64_t x, unsigned int n)
-{
- return ((uint64_t)x << (uint64_t)n) | ((uint64_t)x >> ((uint64_t)64 - (uint64_t)n));
-}
-
-
-#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
-#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
-
-#define ROTR(x,n) (((x)>>(n)) | ((x) << (64 - (n))))
-
-#define Sigma0(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
-#define Sigma1(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
-#define sigma0(x) (ROTR(x,1) ^ ROTR(x,8) ^ ((x)>>7))
-#define sigma1(x) (ROTR(x,19) ^ ROTR(x,61) ^ ((x)>>6))
-
-#define A m->counter[0]
-#define B m->counter[1]
-#define C m->counter[2]
-#define D m->counter[3]
-#define E m->counter[4]
-#define F m->counter[5]
-#define G m->counter[6]
-#define H m->counter[7]
-
-static const uint64_t constant_512[80] = {
- 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
- 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
- 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
- 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
- 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
- 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
- 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
- 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
- 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
- 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
- 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
- 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
- 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
- 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
- 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
- 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
- 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
- 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
- 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
- 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
- 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
- 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
- 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
- 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
- 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
- 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
- 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
- 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
- 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
- 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
- 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
- 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
- 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
- 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
- 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
- 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
- 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
- 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
- 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
- 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
-};
-
-void
-samba_SHA512_Init (SHA512_CTX *m)
-{
- m->sz[0] = 0;
- m->sz[1] = 0;
- A = 0x6a09e667f3bcc908ULL;
- B = 0xbb67ae8584caa73bULL;
- C = 0x3c6ef372fe94f82bULL;
- D = 0xa54ff53a5f1d36f1ULL;
- E = 0x510e527fade682d1ULL;
- F = 0x9b05688c2b3e6c1fULL;
- G = 0x1f83d9abfb41bd6bULL;
- H = 0x5be0cd19137e2179ULL;
-}
-
-static void
-calc (SHA512_CTX *m, uint64_t *in)
-{
- uint64_t AA, BB, CC, DD, EE, FF, GG, HH;
- uint64_t data[80];
- int i;
-
- AA = A;
- BB = B;
- CC = C;
- DD = D;
- EE = E;
- FF = F;
- GG = G;
- HH = H;
-
- for (i = 0; i < 16; ++i)
- data[i] = in[i];
- for (i = 16; i < 80; ++i)
- data[i] = sigma1(data[i-2]) + data[i-7] +
- sigma0(data[i-15]) + data[i - 16];
-
- for (i = 0; i < 80; i++) {
- uint64_t T1, T2;
-
- T1 = HH + Sigma1(EE) + Ch(EE, FF, GG) + constant_512[i] + data[i];
- T2 = Sigma0(AA) + Maj(AA,BB,CC);
-
- HH = GG;
- GG = FF;
- FF = EE;
- EE = DD + T1;
- DD = CC;
- CC = BB;
- BB = AA;
- AA = T1 + T2;
- }
-
- A += AA;
- B += BB;
- C += CC;
- D += DD;
- E += EE;
- F += FF;
- G += GG;
- H += HH;
-}
-
-/*
- * From `Performance analysis of MD5' by Joseph D. Touch <touch at isi.edu>
- */
-
-#if !defined(WORDS_BIGENDIAN) || defined(_CRAY)
-static inline uint64_t
-swap_uint64_t (uint64_t t)
-{
- uint64_t temp;
-
- temp = cshift64(t, 32);
- temp = ((temp & 0xff00ff00ff00ff00ULL) >> 8) |
- ((temp & 0x00ff00ff00ff00ffULL) << 8);
- return ((temp & 0xffff0000ffff0000ULL) >> 16) |
- ((temp & 0x0000ffff0000ffffULL) << 16);
-}
-
-struct x64{
- uint64_t a;
- uint64_t b;
-};
-#endif
-
-void
-samba_SHA512_Update (SHA512_CTX *m, const void *v, size_t len)
-{
- const unsigned char *p = v;
- size_t old_sz = m->sz[0];
- size_t offset;
-
- m->sz[0] += len * 8;
- if (m->sz[0] < old_sz)
- ++m->sz[1];
- offset = (old_sz / 8) % 128;
- while(len > 0){
- size_t l = min(len, 128 - offset);
- memcpy(m->save + offset, p, l);
- offset += l;
- p += l;
- len -= l;
- if(offset == 128){
-#if !defined(WORDS_BIGENDIAN) || defined(_CRAY)
- int i;
- uint64_t current[16];
- struct x64 *us = (struct x64*)m->save;
- for(i = 0; i < 8; i++){
- current[2*i+0] = swap_uint64_t(us[i].a);
- current[2*i+1] = swap_uint64_t(us[i].b);
- }
- calc(m, current);
-#else
- calc(m, (uint64_t*)m->save);
-#endif
- offset = 0;
- }
- }
-}
-
-void
-samba_SHA512_Final (void *res, SHA512_CTX *m)
-{
- unsigned char zeros[128 + 16];
- unsigned offset = (m->sz[0] / 8) % 128;
- unsigned int dstart = (240 - offset - 1) % 128 + 1;
-
- *zeros = 0x80;
- memset (zeros + 1, 0, sizeof(zeros) - 1);
- zeros[dstart+15] = (m->sz[0] >> 0) & 0xff;
- zeros[dstart+14] = (m->sz[0] >> 8) & 0xff;
- zeros[dstart+13] = (m->sz[0] >> 16) & 0xff;
- zeros[dstart+12] = (m->sz[0] >> 24) & 0xff;
- zeros[dstart+11] = (m->sz[0] >> 32) & 0xff;
- zeros[dstart+10] = (m->sz[0] >> 40) & 0xff;
- zeros[dstart+9] = (m->sz[0] >> 48) & 0xff;
- zeros[dstart+8] = (m->sz[0] >> 56) & 0xff;
-
- zeros[dstart+7] = (m->sz[1] >> 0) & 0xff;
- zeros[dstart+6] = (m->sz[1] >> 8) & 0xff;
- zeros[dstart+5] = (m->sz[1] >> 16) & 0xff;
- zeros[dstart+4] = (m->sz[1] >> 24) & 0xff;
- zeros[dstart+3] = (m->sz[1] >> 32) & 0xff;
- zeros[dstart+2] = (m->sz[1] >> 40) & 0xff;
- zeros[dstart+1] = (m->sz[1] >> 48) & 0xff;
- zeros[dstart+0] = (m->sz[1] >> 56) & 0xff;
- samba_SHA512_Update (m, zeros, dstart + 16);
- {
- int i;
- unsigned char *r = (unsigned char*)res;
-
- for (i = 0; i < 8; ++i) {
- r[8*i+7] = m->counter[i] & 0xFF;
- r[8*i+6] = (m->counter[i] >> 8) & 0xFF;
- r[8*i+5] = (m->counter[i] >> 16) & 0xFF;
- r[8*i+4] = (m->counter[i] >> 24) & 0xFF;
- r[8*i+3] = (m->counter[i] >> 32) & 0XFF;
- r[8*i+2] = (m->counter[i] >> 40) & 0xFF;
- r[8*i+1] = (m->counter[i] >> 48) & 0xFF;
- r[8*i] = (m->counter[i] >> 56) & 0xFF;
- }
- }
-}
diff --git a/lib/crypto/sha512.h b/lib/crypto/sha512.h
deleted file mode 100644
index 509fd955e0a..00000000000
--- a/lib/crypto/sha512.h
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id$ */
-
-#ifndef HEIM_SHA_H
-#define HEIM_SHA_H 1
-
-#if SHA512_RENAME_NEEDED
-/* symbol renaming */
-#define SHA512_Init hc_SHA512_Init
-#define SHA512_Update hc_SHA512_Update
-#define SHA512_Final hc_SHA512_Final
-#endif
-
-/*
- * SHA-2 512
- */
-
-#define SHA512_DIGEST_LENGTH 64
-
-struct hc_sha512state {
- uint64_t sz[2];
- uint64_t counter[8];
- unsigned char save[128];
-};
-
-typedef struct hc_sha512state SHA512_CTX;
-
-void samba_SHA512_Init (SHA512_CTX *);
-void samba_SHA512_Update (SHA512_CTX *, const void *, size_t);
-void samba_SHA512_Final (void *, SHA512_CTX *);
-
-#endif /* HEIM_SHA_H */
diff --git a/lib/crypto/wscript_build b/lib/crypto/wscript_build
index 0e2244c83da..cddd79d66af 100644
--- a/lib/crypto/wscript_build
+++ b/lib/crypto/wscript_build
@@ -15,7 +15,7 @@ if bld.CONFIG_SET("HAVE_AESNI_INTEL"):
extra_deps += ' aesni-intel'
bld.SAMBA_SUBSYSTEM('LIBCRYPTO',
- source='''hmacmd5.c md4.c arcfour.c sha512.c
+ source='''hmacmd5.c md4.c arcfour.c
aes.c rijndael-alg-fst.c aes_cmac_128.c aes_ccm_128.c aes_gcm_128.c
''' + extra_source,
deps='talloc' + extra_deps
diff --git a/lib/crypto/wscript_configure b/lib/crypto/wscript_configure
index 00eba0930e7..312fd3fdad9 100644
--- a/lib/crypto/wscript_configure
+++ b/lib/crypto/wscript_configure
@@ -13,8 +13,6 @@ conf.CHECK_FUNCS_IN('CC_MD5_Init', '', headers='CommonCrypto/CommonDigest.h',
if conf.CHECK_FUNCS('SHA1_Update'):
conf.DEFINE('SHA1_RENAME_NEEDED', 1)
-if conf.CHECK_FUNCS('SHA512_Update'):
- conf.DEFINE('SHA512_RENAME_NEEDED', 1)
#
# --aes-accel=XXX selects accelerated AES crypto library to use, if any.
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 2d74e2490bc..bde0db7e33c 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -34,11 +34,13 @@
#include "librpc/ndr/libndr.h"
#include "libcli/smb/smb2_negotiate_context.h"
#include "libcli/smb/smb2_signing.h"
-#include "lib/crypto/sha512.h"
#include "lib/crypto/aes.h"
#include "lib/crypto/aes_ccm_128.h"
#include "lib/crypto/aes_gcm_128.h"
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
struct smbXcli_conn;
struct smbXcli_req;
struct smbXcli_session;
@@ -4853,7 +4855,7 @@ static void smbXcli_negprot_smb2_done(struct tevent_req *subreq)
uint16_t hash_count;
uint16_t salt_length;
uint16_t hash_selected;
- struct hc_sha512state sctx;
+ gnutls_hash_hd_t hash_hnd = NULL;
struct smb2_negotiate_context *cipher = NULL;
struct iovec sent_iov[3];
static const struct smb2cli_req_expected_response expected[] = {
@@ -4862,6 +4864,7 @@ static void smbXcli_negprot_smb2_done(struct tevent_req *subreq)
.body_size = 0x41
}
};
+ int rc;
status = smb2cli_req_recv(subreq, state, &iov,
expected, ARRAY_SIZE(expected));
@@ -5086,23 +5089,73 @@ static void smbXcli_negprot_smb2_done(struct tevent_req *subreq)
/* First we hash the request */
smb2cli_req_get_sent_iov(subreq, sent_iov);
- samba_SHA512_Init(&sctx);
- samba_SHA512_Update(&sctx, conn->smb2.preauth_sha512,
- sizeof(conn->smb2.preauth_sha512));
+
+ rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_SHA512);
+ if (rc < 0) {
+ tevent_req_nterror(req,
+ NT_STATUS_NO_MEMORY);
+ return;
+ }
+
+ rc = gnutls_hash(hash_hnd,
+ conn->smb2.preauth_sha512,
+ sizeof(conn->smb2.preauth_sha512));
+ if (rc < 0) {
+ gnutls_hash_deinit(hash_hnd, NULL);
+ tevent_req_nterror(req,
+ NT_STATUS_ACCESS_DENIED);
+ return;
+ }
for (i = 0; i < 3; i++) {
- samba_SHA512_Update(&sctx, sent_iov[i].iov_base, sent_iov[i].iov_len);
+ rc = gnutls_hash(hash_hnd,
+ sent_iov[i].iov_base,
+ sent_iov[i].iov_len);
+ if (rc < 0) {
+ gnutls_hash_deinit(hash_hnd, NULL);
+ tevent_req_nterror(req,
+ NT_STATUS_ACCESS_DENIED);
+ return;
+ }
}
- samba_SHA512_Final(conn->smb2.preauth_sha512, &sctx);
+
+ if (rc < 0) {
+ gnutls_hash_deinit(hash_hnd, NULL);
+ tevent_req_nterror(req,
+ NT_STATUS_ACCESS_DENIED);
+ return;
+ }
+
+ /* This resets the hash state */
+ gnutls_hash_output(hash_hnd, conn->smb2.preauth_sha512);
TALLOC_FREE(subreq);
/* And now we hash the response */
- samba_SHA512_Init(&sctx);
- samba_SHA512_Update(&sctx, conn->smb2.preauth_sha512,
- sizeof(conn->smb2.preauth_sha512));
+ rc = gnutls_hash(hash_hnd,
+ conn->smb2.preauth_sha512,
+ sizeof(conn->smb2.preauth_sha512));
+ if (rc < 0) {
+ gnutls_hash_deinit(hash_hnd, NULL);
+ tevent_req_nterror(req,
+ NT_STATUS_ACCESS_DENIED);
+ return;
+ }
for (i = 0; i < 3; i++) {
- samba_SHA512_Update(&sctx, iov[i].iov_base, iov[i].iov_len);
+ rc = gnutls_hash(hash_hnd,
+ iov[i].iov_base,
+ iov[i].iov_len);
+ if (rc < 0) {
+ gnutls_hash_deinit(hash_hnd, NULL);
+ tevent_req_nterror(req,
+ NT_STATUS_ACCESS_DENIED);
+ return;
+ }
+ }
+ gnutls_hash_deinit(hash_hnd, conn->smb2.preauth_sha512);
+ if (rc < 0) {
+ tevent_req_nterror(req,
+ NT_STATUS_UNSUCCESSFUL);
+ return;
}
- samba_SHA512_Final(conn->smb2.preauth_sha512, &sctx);
tevent_req_done(req);
}
@@ -5831,8 +5884,9 @@ void smb2cli_session_require_signed_response(struct smbXcli_session *session,
NTSTATUS smb2cli_session_update_preauth(struct smbXcli_session *session,
const struct iovec *iov)
{
- struct hc_sha512state sctx;
--
Samba Shared Repository
More information about the samba-cvs
mailing list