[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Tue May 21 01:19:04 UTC 2019
The branch, master has been updated
via 03cbef2beff lib:crypto: Remove obsolete MD5 and HMAC MD5
via 5b73c68cd2b s4:torture: Use GnuTLS MD5 for samba3rpc
via eb8be250c7e s4:torture: Use GnuTLS MD5 for samr password
via 4e6a277242a s4:torture: Use GnuTLS MD5 in samr password tests
via a4abcf3ded1 s4:torture: Use GnuTLS MD5 in ntp_signd test
via e633187e218 s4:torture: Use GnuTLS MD5 and HMAC MD5 in samlogon test
via efa27ec69b7 s3:torture: Use GnuTLS MD5
via 42affa8bd22 s4:messaging: Use GnuTLS MD5 in messaging test
via f02713c98b3 s4:rpc_server: Use GnuTLS MD5 for samr password
via 5e6887932ba s4:ntp_signd: Use GnuTLS MD5 in signd
via 4b7b2ed99c8 s4:libnet: Use GnuTLS MD5 for samr passwords
via 23296ec23f7 s3:libcli: Use GnuTLS MD5 for smb singing
via e6506ddec44 s4:dsdb: Use GnuTLS MD5 in password_hash module
via 1834b822168 s3:rpc_client: Use GnuTLS MD5 for samr
via 94b2f00039c s3:profile: Use GnuTLS MD5
via 29151256613 s3:vfs: Use GnuTLS MD5 in vfs_fruit
via bb273a00538 s3:vfs: Use GnuTLS MD5 in vfs_streams_xattr
via 2772c92efa2 s3:smbd: Return NTSTATUS for srv_calculate_sign_mac()
via 63170950239 auth:gensec: Return NTSTATUS for netsec_do_seq_num()
via 6aa30669a18 auth:gensec: Use GnuTLS HMAC MD5 and MD5 in netsec_do_sign()
via 71926c6e4fe auth:gensec: Use GnuTLS HMAC MD5 in netsec_do_seal()
via 6b413dab0b4 auth:gensec: Use GnuTLS HMAC MD5 in netsec_do_seq_num()
via d3ea318ba0e auth:creds: Use GnuTLS MD5 in ntlm creds
via fe2a9695445 auth:ntlmssp: Use GnuTLS MD5 and HMAC MD5 in ntlmssp sign
via 898fe5a142f auth:ntlmssp: Use GnuTLS MD5 and HMAC MD5 in ntlmssp server
via 44fcb599087 auth:ntlmssp: Use GnuTLS HMAC MD5 in ntlmssp client
via 5a0516bee9e libcli:smb: Return NTSTATUS for smb_key_derivation()
via 39a665464fe libcli:smb: Check return code of smb_signing_md5()
via 754e1551833 libcli:smb: Return NTSTATUS for smb_signing_sign_pdu()
via 7368a20043a libcli:smb: Return NTSTATUS for smb_signing_md5()
via 940e0c106c4 libcli:smb: Use GnuTLS HMAC MD5 in smb_key_derivation()
via f7d952398bd libcli:smb: Use GnuTLS MD5 and HMAC MD5 in smb_signing_md5()
via a6eeb49b391 libcli:drsuapi: Use GnuTLS MD5 in drsuapi_encrypt_attribute_value()
via 54440f1b30a libcli:drsuapi: Use GnuTLS MD5 in drsuapi_decrypt_attribute_value()
via 75ee0c83c15 libcli:auth: Add return codes for netlogon_creds_init_128bit()
via 1810daaf9cc libcli:auth: Use GnuTLS MD5 and HMAC MD5 in netlogon_creds_init_128bit
via d22aa6fcc23 libcli:auth: Use 'bool ok' in ntv2_owf_gen()
via 6f4c027094a libcli:auth: Use GnuTLS MD5 HMAC in SMBsesskeygen_ntv2()
via e1c04866a89 libcli:auth: Use GnuTLS MD5 HMAC in SMBOWFencrypt_ntv2()
via a2f88720d2c libcli:auth: Use GnuTLS MD5 HMAC in ntv2_owf_gen()
via 023e6b4f04c libcli:auth: Use GnuTLS MD5 in decode_wkssvc_join_password_buffer()
via 10a1caa46d0 libcli:auth: Use GnuTLS MD5 in encode_or_decode_arc4_passwd_buffer()
via 2463d1111f2 libcli:auth: Use GnuTLS MD5 in encode_wkssvc_join_password_buffer()
via 152cd8b4261 libcli:auth: Use GnuTLS MD5 in encode_or_decode_arc4_passwd_buffer()
via 45a4a9078c3 libcli:auth: Use GnuTLS MD5 for E_md5hash() in smbcrypt
from 3b509129f5e torture: Address flapping samba4.rpc.altercontext test
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 03cbef2beff02d54063648725a71be6479886d09
Author: Andreas Schneider <asn at samba.org>
Date: Tue Nov 6 17:22:53 2018 +0100
lib:crypto: Remove obsolete MD5 and HMAC MD5
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue May 21 01:18:08 UTC 2019 on sn-devel-184
commit 5b73c68cd2b90e244d9ccd449c89ad8be2845ce0
Author: Andreas Schneider <asn at samba.org>
Date: Tue Nov 6 17:13:23 2018 +0100
s4:torture: Use GnuTLS MD5 for samba3rpc
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit eb8be250c7ea7ee39673f558d1d1fa17f0b885e4
Author: Andreas Schneider <asn at samba.org>
Date: Tue Nov 6 16:30:39 2018 +0100
s4:torture: Use GnuTLS MD5 for samr password
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 4e6a277242a0acf2936d62f2d7d024d6c5ac08ef
Author: Andreas Schneider <asn at samba.org>
Date: Tue Nov 6 17:07:24 2018 +0100
s4:torture: Use GnuTLS MD5 in samr password tests
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a4abcf3ded1670c05d0310f84989338023512dee
Author: Andreas Schneider <asn at samba.org>
Date: Tue Nov 6 17:00:59 2018 +0100
s4:torture: Use GnuTLS MD5 in ntp_signd test
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e633187e218e745ccf48881300f57a47d0a229fe
Author: Andreas Schneider <asn at samba.org>
Date: Tue Oct 30 16:52:26 2018 +0100
s4:torture: Use GnuTLS MD5 and HMAC MD5 in samlogon test
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit efa27ec69b73c5a7c5dc83ab98f11d4fe9b0d89d
Author: Andreas Schneider <asn at samba.org>
Date: Mon Nov 5 18:26:02 2018 +0100
s3:torture: Use GnuTLS MD5
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 42affa8bd229e37ca0ad3931a110bf41735f4fee
Author: Andreas Schneider <asn at samba.org>
Date: Tue Nov 6 12:49:35 2018 +0100
s4:messaging: Use GnuTLS MD5 in messaging test
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f02713c98b3cee837efbf3dba413a77d27320fc3
Author: Andreas Schneider <asn at samba.org>
Date: Tue Nov 6 16:30:39 2018 +0100
s4:rpc_server: Use GnuTLS MD5 for samr password
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5e6887932ba6de1711216c93b2de46d3d2200dcd
Author: Andreas Schneider <asn at samba.org>
Date: Tue Nov 6 16:25:00 2018 +0100
s4:ntp_signd: Use GnuTLS MD5 in signd
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 4b7b2ed99c8244c1eab6413797e806a7c19bf91f
Author: Andreas Schneider <asn at samba.org>
Date: Tue Nov 6 15:13:40 2018 +0100
s4:libnet: Use GnuTLS MD5 for samr passwords
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 23296ec23f778e93cebb064f443e44b563cc95df
Author: Andreas Schneider <asn at samba.org>
Date: Tue Nov 6 14:42:17 2018 +0100
s3:libcli: Use GnuTLS MD5 for smb singing
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e6506ddec44ab0ff098d8274df6cecf50f23a86f
Author: Andreas Schneider <asn at samba.org>
Date: Mon Nov 5 18:31:35 2018 +0100
s4:dsdb: Use GnuTLS MD5 in password_hash module
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1834b822168b477c3ed1f828453e7f41a31153ff
Author: Andreas Schneider <asn at samba.org>
Date: Mon Nov 5 18:10:55 2018 +0100
s3:rpc_client: Use GnuTLS MD5 for samr
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 94b2f00039cd1d6411cd209b01d3ee98df72633f
Author: Andreas Schneider <asn at samba.org>
Date: Mon Nov 5 18:03:51 2018 +0100
s3:profile: Use GnuTLS MD5
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2915125661352b31a4c7b0143d9d93baafa400db
Author: Andreas Schneider <asn at samba.org>
Date: Mon Nov 5 17:58:37 2018 +0100
s3:vfs: Use GnuTLS MD5 in vfs_fruit
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit bb273a0053870224862559463c5bf8d76d386e84
Author: Andreas Schneider <asn at samba.org>
Date: Mon Nov 5 17:41:42 2018 +0100
s3:vfs: Use GnuTLS MD5 in vfs_streams_xattr
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2772c92efa2a7bc906e2fcdc24dfc56dbd81be07
Author: Andreas Schneider <asn at samba.org>
Date: Thu Apr 11 10:22:26 2019 +0200
s3:smbd: Return NTSTATUS for srv_calculate_sign_mac()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 631709502390e76efe68b553b1eda5fca39008e2
Author: Andreas Schneider <asn at samba.org>
Date: Thu Apr 11 10:43:13 2019 +0200
auth:gensec: Return NTSTATUS for netsec_do_seq_num()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6aa30669a1825333a4ad985ce331fd9e2b7fe9da
Author: Andreas Schneider <asn at samba.org>
Date: Wed May 15 08:33:18 2019 +0200
auth:gensec: Use GnuTLS HMAC MD5 and MD5 in netsec_do_sign()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 71926c6e4fea2123265e44e29d1e9d446299c80b
Author: Andreas Schneider <asn at samba.org>
Date: Wed May 15 08:32:58 2019 +0200
auth:gensec: Use GnuTLS HMAC MD5 in netsec_do_seal()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6b413dab0b407610c43e6294a0bea66243bd6c78
Author: Andreas Schneider <asn at samba.org>
Date: Wed May 15 08:32:24 2019 +0200
auth:gensec: Use GnuTLS HMAC MD5 in netsec_do_seq_num()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d3ea318ba0e54d8391626e827d7c34c686accdba
Author: Andreas Schneider <asn at samba.org>
Date: Tue Oct 30 16:56:54 2018 +0100
auth:creds: Use GnuTLS MD5 in ntlm creds
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit fe2a96954457ce724fbb7ac48f51d80b91aa5be9
Author: Andreas Schneider <asn at samba.org>
Date: Tue Oct 30 16:43:03 2018 +0100
auth:ntlmssp: Use GnuTLS MD5 and HMAC MD5 in ntlmssp sign
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 898fe5a142fd195f5db72c0372ecc452e0f3dc74
Author: Andreas Schneider <asn at samba.org>
Date: Tue Oct 30 10:31:11 2018 +0100
auth:ntlmssp: Use GnuTLS MD5 and HMAC MD5 in ntlmssp server
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 44fcb599087b914cf0d9553a16a7fdb89c6589e1
Author: Andreas Schneider <asn at samba.org>
Date: Tue Oct 30 09:31:19 2018 +0100
auth:ntlmssp: Use GnuTLS HMAC MD5 in ntlmssp client
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5a0516bee9eede1398e03af9ffdd556f4612875d
Author: Andreas Schneider <asn at samba.org>
Date: Thu Apr 11 10:29:04 2019 +0200
libcli:smb: Return NTSTATUS for smb_key_derivation()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 39a665464fe2fafd6b567ffd5b60aea00efd0076
Author: Andreas Schneider <asn at samba.org>
Date: Thu Apr 11 10:24:49 2019 +0200
libcli:smb: Check return code of smb_signing_md5()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 754e15518330038611f38c26ae3ce6e8a97f2006
Author: Andreas Schneider <asn at samba.org>
Date: Thu Apr 11 10:19:16 2019 +0200
libcli:smb: Return NTSTATUS for smb_signing_sign_pdu()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7368a20043af0a51cb95330a57849927cc9e3e5e
Author: Andreas Schneider <asn at samba.org>
Date: Thu Apr 11 10:14:43 2019 +0200
libcli:smb: Return NTSTATUS for smb_signing_md5()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 940e0c106c4b636db2910f9de6869763bb346ab1
Author: Andreas Schneider <asn at samba.org>
Date: Wed May 15 08:09:35 2019 +0200
libcli:smb: Use GnuTLS HMAC MD5 in smb_key_derivation()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f7d952398bdf536362b56548929ee45e4bb759e8
Author: Andreas Schneider <asn at samba.org>
Date: Mon Oct 29 18:16:09 2018 +0100
libcli:smb: Use GnuTLS MD5 and HMAC MD5 in smb_signing_md5()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a6eeb49b391b1318a5167ec9e5011654ff377632
Author: Andreas Schneider <asn at samba.org>
Date: Wed May 15 08:08:15 2019 +0200
libcli:drsuapi: Use GnuTLS MD5 in drsuapi_encrypt_attribute_value()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 54440f1b30a28b699d09876e73051dde28e5c459
Author: Andreas Schneider <asn at samba.org>
Date: Wed May 15 08:07:32 2019 +0200
libcli:drsuapi: Use GnuTLS MD5 in drsuapi_decrypt_attribute_value()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 75ee0c83c15e3ebd4c8157331b363d1fe8373930
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 6 14:49:40 2018 +0100
libcli:auth: Add return codes for netlogon_creds_init_128bit()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1810daaf9cc1230656e9f56e042ba8167f196795
Author: Andreas Schneider <asn at samba.org>
Date: Fri Oct 26 14:59:58 2018 +0200
libcli:auth: Use GnuTLS MD5 and HMAC MD5 in netlogon_creds_init_128bit
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d22aa6fcc23f83e86e134a4af1bb0cbc7fc93bba
Author: Andreas Schneider <asn at samba.org>
Date: Tue Dec 4 09:49:17 2018 +0100
libcli:auth: Use 'bool ok' in ntv2_owf_gen()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6f4c027094aeb527d9b509549b16e54454d01a8b
Author: Andreas Schneider <asn at samba.org>
Date: Wed May 15 08:25:36 2019 +0200
libcli:auth: Use GnuTLS MD5 HMAC in SMBsesskeygen_ntv2()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e1c04866a89aa550db6aad235da2bdfa7912a06c
Author: Andreas Schneider <asn at samba.org>
Date: Wed May 15 08:05:38 2019 +0200
libcli:auth: Use GnuTLS MD5 HMAC in SMBOWFencrypt_ntv2()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a2f88720d2c9fad4f51a99d2dde6f0373174cbbe
Author: Andreas Schneider <asn at samba.org>
Date: Wed May 15 08:05:11 2019 +0200
libcli:auth: Use GnuTLS MD5 HMAC in ntv2_owf_gen()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 023e6b4f04cd1395b77ad1d4a88b6cb166633965
Author: Andreas Schneider <asn at samba.org>
Date: Wed May 15 08:04:08 2019 +0200
libcli:auth: Use GnuTLS MD5 in decode_wkssvc_join_password_buffer()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 10a1caa46d01677cc40cd1193866187d4b1acd18
Author: Andreas Schneider <asn at samba.org>
Date: Wed May 15 08:02:59 2019 +0200
libcli:auth: Use GnuTLS MD5 in encode_or_decode_arc4_passwd_buffer()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2463d1111f2162d0c411b8c5cf6027f2499d5a48
Author: Andreas Schneider <asn at samba.org>
Date: Wed May 15 08:03:31 2019 +0200
libcli:auth: Use GnuTLS MD5 in encode_wkssvc_join_password_buffer()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 152cd8b42617690d9f589a1736ee15fa59ee8787
Author: Andreas Schneider <asn at samba.org>
Date: Wed May 15 08:02:59 2019 +0200
libcli:auth: Use GnuTLS MD5 in encode_or_decode_arc4_passwd_buffer()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 45a4a9078c3c8b967f3c39520cbbfce86ba3848d
Author: Andreas Schneider <asn at samba.org>
Date: Wed May 15 08:02:18 2019 +0200
libcli:auth: Use GnuTLS MD5 for E_md5hash() in smbcrypt
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/credentials_ntlm.c | 39 +++-
auth/gensec/schannel.c | 143 +++++++++++---
auth/ntlmssp/ntlmssp_client.c | 57 ++++--
auth/ntlmssp/ntlmssp_server.c | 118 +++++++++---
auth/ntlmssp/ntlmssp_sign.c | 117 +++++++++---
lib/crypto/crypto.h | 2 -
lib/crypto/hmacmd5.c | 117 ------------
lib/crypto/hmacmd5.h | 41 ----
lib/crypto/hmacmd5test.c | 103 ----------
lib/crypto/md5.c | 251 -------------------------
lib/crypto/md5.h | 42 -----
lib/crypto/md5test.c | 96 ----------
lib/crypto/wscript_build | 15 +-
lib/crypto/wscript_configure | 9 -
libcli/auth/credentials.c | 69 +++++--
libcli/auth/smbencrypt.c | 219 ++++++++++++++++-----
libcli/drsuapi/repl_decrypt.c | 79 ++++++--
libcli/smb/smbXcli_base.c | 22 ++-
libcli/smb/smb_signing.c | 134 +++++++++----
libcli/smb/smb_signing.h | 11 +-
source3/modules/vfs_fruit.c | 47 +++--
source3/modules/vfs_streams_xattr.c | 50 +++--
source3/profile/profile.c | 32 +++-
source3/rpc_client/init_samr.c | 40 +++-
source3/smbd/process.c | 9 +-
source3/smbd/proto.h | 4 +-
source3/smbd/reply.c | 13 +-
source3/smbd/signing.c | 11 +-
source3/torture/torture.c | 19 +-
source4/dsdb/samdb/ldb_modules/password_hash.c | 81 ++++++--
source4/lib/messaging/tests/messaging.c | 20 +-
source4/libcli/raw/smb_signing.c | 93 ++++++---
source4/libnet/libnet_passwd.c | 77 ++++++--
source4/ntp_signd/ntp_signd.c | 35 +++-
source4/rpc_server/samr/samr_password.c | 56 ++++--
source4/torture/local/local.c | 4 -
source4/torture/ntp/ntp_signd.c | 17 +-
source4/torture/rpc/samba3rpc.c | 13 +-
source4/torture/rpc/samlogon.c | 27 +--
source4/torture/rpc/samr.c | 43 +++--
40 files changed, 1289 insertions(+), 1086 deletions(-)
delete mode 100644 lib/crypto/hmacmd5.c
delete mode 100644 lib/crypto/hmacmd5.h
delete mode 100644 lib/crypto/hmacmd5test.c
delete mode 100644 lib/crypto/md5.c
delete mode 100644 lib/crypto/md5.h
delete mode 100644 lib/crypto/md5test.c
Changeset truncated at 500 lines:
diff --git a/auth/credentials/credentials_ntlm.c b/auth/credentials/credentials_ntlm.c
index eed8924567a..fa632fdeda3 100644
--- a/auth/credentials/credentials_ntlm.c
+++ b/auth/credentials/credentials_ntlm.c
@@ -28,6 +28,9 @@
#include "auth/credentials/credentials.h"
#include "auth/credentials/credentials_internal.h"
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
@@ -152,10 +155,10 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
memset(lm_response.data, 0, lm_response.length);
}
} else if (*flags & CLI_CRED_NTLM2) {
- MD5_CTX md5_session_nonce_ctx;
uint8_t session_nonce[16];
uint8_t session_nonce_hash[16];
uint8_t user_session_key[16];
+ int rc;
lm_response = data_blob_talloc_zero(frame, 24);
if (lm_response.data == NULL) {
@@ -167,10 +170,16 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
memcpy(session_nonce, challenge.data, 8);
memcpy(&session_nonce[8], lm_response.data, 8);
- MD5Init(&md5_session_nonce_ctx);
- MD5Update(&md5_session_nonce_ctx, session_nonce,
- sizeof(session_nonce));
- MD5Final(session_nonce_hash, &md5_session_nonce_ctx);
+ rc = gnutls_hash_fast(GNUTLS_DIG_MD5,
+ session_nonce,
+ sizeof(session_nonce),
+ session_nonce_hash);
+ if (rc < 0) {
+ if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
+ return NT_STATUS_NTLM_BLOCKED;
+ }
+ return NT_STATUS_INTERNAL_ERROR;
+ }
DEBUG(5, ("NTLMSSP challenge set by NTLM2\n"));
DEBUG(5, ("challenge is: \n"));
@@ -185,6 +194,8 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
session_nonce_hash,
nt_response.data);
+ ZERO_ARRAY(session_nonce_hash);
+
session_key = data_blob_talloc_zero(frame, 16);
if (session_key.data == NULL) {
TALLOC_FREE(frame);
@@ -192,8 +203,22 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
}
SMBsesskeygen_ntv1(nt_hash->hash, user_session_key);
- hmac_md5(user_session_key, session_nonce, sizeof(session_nonce), session_key.data);
- ZERO_STRUCT(user_session_key);
+
+ rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+ user_session_key,
+ sizeof(user_session_key),
+ session_nonce,
+ sizeof(session_nonce),
+ session_key.data);
+ if (rc < 0) {
+ if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
+ return NT_STATUS_NTLM_BLOCKED;
+ }
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ ZERO_ARRAY(user_session_key);
+
dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length);
/* LM Key is incompatible... */
diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index 7fb18566dd7..c6085dd0ade 100644
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -140,10 +140,10 @@ static void netsec_offset_and_sizes(struct schannel_state *state,
/*******************************************************************
Encode or Decode the sequence number (which is symmetric)
********************************************************************/
-static void netsec_do_seq_num(struct schannel_state *state,
- const uint8_t *checksum,
- uint32_t checksum_length,
- uint8_t seq_num[8])
+static NTSTATUS netsec_do_seq_num(struct schannel_state *state,
+ const uint8_t *checksum,
+ uint32_t checksum_length,
+ uint8_t seq_num[8])
{
if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
AES_KEY key;
@@ -159,13 +159,44 @@ static void netsec_do_seq_num(struct schannel_state *state,
static const uint8_t zeros[4];
uint8_t sequence_key[16];
uint8_t digest1[16];
+ int rc;
+
+ rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+ state->creds->session_key,
+ sizeof(state->creds->session_key),
+ zeros,
+ sizeof(zeros),
+ digest1);
+ if (rc < 0) {
+ if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
+ return NT_STATUS_HMAC_NOT_SUPPORTED;
+ }
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+ digest1,
+ sizeof(digest1),
+ checksum,
+ checksum_length,
+ sequence_key);
+ if (rc < 0) {
+ if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
+ return NT_STATUS_HMAC_NOT_SUPPORTED;
+ }
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ ZERO_ARRAY(digest1);
- hmac_md5(state->creds->session_key, zeros, sizeof(zeros), digest1);
- hmac_md5(digest1, checksum, checksum_length, sequence_key);
arcfour_crypt(seq_num, sequence_key, 8);
+
+ ZERO_ARRAY(sequence_key);
}
state->seq_num++;
+
+ return NT_STATUS_OK;
}
static void netsec_do_seal(struct schannel_state *state,
@@ -201,17 +232,39 @@ static void netsec_do_seal(struct schannel_state *state,
static const uint8_t zeros[4];
uint8_t digest2[16];
uint8_t sess_kf0[16];
+ int rc;
int i;
for (i = 0; i < 16; i++) {
sess_kf0[i] = state->creds->session_key[i] ^ 0xf0;
}
- hmac_md5(sess_kf0, zeros, 4, digest2);
- hmac_md5(digest2, seq_num, 8, sealing_key);
+ rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+ sess_kf0,
+ sizeof(sess_kf0),
+ zeros,
+ 4,
+ digest2);
+ if (rc < 0) {
+ ZERO_ARRAY(digest2);
+ return;
+ }
+
+ rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+ digest2,
+ sizeof(digest2),
+ seq_num,
+ 8,
+ sealing_key);
+ ZERO_ARRAY(digest2);
+ if (rc < 0) {
+ return;
+ }
arcfour_crypt(confounder, sealing_key, 8);
arcfour_crypt(data, sealing_key, length);
+
+ ZERO_ARRAY(sealing_key);
}
}
@@ -276,32 +329,70 @@ static NTSTATUS netsec_do_sign(struct schannel_state *state,
} else {
uint8_t packet_digest[16];
static const uint8_t zeros[4];
- MD5_CTX ctx;
+ gnutls_hash_hd_t hash_hnd = NULL;
+ int rc;
- MD5Init(&ctx);
- MD5Update(&ctx, zeros, 4);
+ rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
+ if (rc < 0) {
+ if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
+ return NT_STATUS_HASH_NOT_SUPPORTED;
+ }
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ rc = gnutls_hash(hash_hnd, zeros, sizeof(zeros));
+ if (rc < 0) {
+ gnutls_hash_deinit(hash_hnd, NULL);
+ return NT_STATUS_INTERNAL_ERROR;
+ }
if (confounder) {
SSVAL(header, 0, NL_SIGN_HMAC_MD5);
SSVAL(header, 2, NL_SEAL_RC4);
SSVAL(header, 4, 0xFFFF);
SSVAL(header, 6, 0x0000);
- MD5Update(&ctx, header, 8);
- MD5Update(&ctx, confounder, 8);
+ rc = gnutls_hash(hash_hnd, header, 8);
+ if (rc < 0) {
+ gnutls_hash_deinit(hash_hnd, NULL);
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ rc = gnutls_hash(hash_hnd, confounder, 8);
+ if (rc < 0) {
+ gnutls_hash_deinit(hash_hnd, NULL);
+ return NT_STATUS_INTERNAL_ERROR;
+ }
} else {
SSVAL(header, 0, NL_SIGN_HMAC_MD5);
SSVAL(header, 2, NL_SEAL_NONE);
SSVAL(header, 4, 0xFFFF);
SSVAL(header, 6, 0x0000);
- MD5Update(&ctx, header, 8);
+ rc = gnutls_hash(hash_hnd, header, 8);
+ if (rc < 0) {
+ gnutls_hash_deinit(hash_hnd, NULL);
+ return NT_STATUS_INTERNAL_ERROR;
+ }
}
- MD5Update(&ctx, data, length);
- MD5Final(packet_digest, &ctx);
+ rc = gnutls_hash(hash_hnd, data, length);
+ if (rc < 0) {
+ gnutls_hash_deinit(hash_hnd, NULL);
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ gnutls_hash_deinit(hash_hnd, packet_digest);
- hmac_md5(state->creds->session_key,
- packet_digest, sizeof(packet_digest),
- checksum);
+ rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+ state->creds->session_key,
+ sizeof(state->creds->session_key),
+ packet_digest,
+ sizeof(packet_digest),
+ checksum);
+ ZERO_ARRAY(packet_digest);
+ if (rc < 0) {
+ if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
+ return NT_STATUS_HASH_NOT_SUPPORTED;
+ }
+ return NT_STATUS_INTERNAL_ERROR;
+ }
}
return NT_STATUS_OK;
@@ -379,7 +470,12 @@ static NTSTATUS netsec_incoming_packet(struct schannel_state *state,
return NT_STATUS_ACCESS_DENIED;
}
- netsec_do_seq_num(state, checksum, checksum_length, seq_num);
+ status = netsec_do_seq_num(state, checksum, checksum_length, seq_num);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_WARNING("netsec_do_seq_num failed: %s\n",
+ nt_errstr(status));
+ return status;
+ }
ZERO_ARRAY(checksum);
@@ -469,7 +565,12 @@ static NTSTATUS netsec_outgoing_packet(struct schannel_state *state,
true);
}
- netsec_do_seq_num(state, checksum, checksum_length, seq_num);
+ status = netsec_do_seq_num(state, checksum, checksum_length, seq_num);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_WARNING("netsec_do_seq_num failed: %s\n",
+ nt_errstr(status));
+ return status;
+ }
(*sig) = data_blob_talloc_zero(mem_ctx, used_sig_size);
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index 8e49dcee5ea..792afcf6d20 100644
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -25,7 +25,6 @@ struct auth_session_info;
#include "includes.h"
#include "auth/ntlmssp/ntlmssp.h"
-#include "../lib/crypto/crypto.h"
#include "../libcli/auth/libcli_auth.h"
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
@@ -36,6 +35,9 @@ struct auth_session_info;
#include "../auth/ntlmssp/ntlmssp_ndr.h"
#include "../nsswitch/libwbclient/wbclient.h"
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
@@ -248,7 +250,8 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
const NTTIME *server_timestamp = NULL;
uint8_t mic_buffer[NTLMSSP_MIC_SIZE] = { 0, };
DATA_BLOB mic_blob = data_blob_const(mic_buffer, sizeof(mic_buffer));
- HMACMD5Context ctx;
+ gnutls_hmac_hd_t hmac_hnd = NULL;
+ int rc;
TALLOC_CTX *mem_ctx = talloc_new(out_mem_ctx);
if (!mem_ctx) {
@@ -741,18 +744,48 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
*
* This matches a Windows client.
*/
- hmac_md5_init_limK_to_64(session_key.data,
- session_key.length,
- &ctx);
- hmac_md5_update(ntlmssp_state->negotiate_blob.data,
- ntlmssp_state->negotiate_blob.length,
- &ctx);
- hmac_md5_update(in.data, in.length, &ctx);
- hmac_md5_update(out->data, out->length, &ctx);
- hmac_md5_final(mic_buffer, &ctx);
+ rc = gnutls_hmac_init(&hmac_hnd,
+ GNUTLS_MAC_MD5,
+ session_key.data,
+ MIN(session_key.length, 64));
+ if (rc < 0) {
+ nt_status = NT_STATUS_NO_MEMORY;
+ if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
+ nt_status = NT_STATUS_NTLM_BLOCKED;
+ }
+ goto done;
+ }
+
+ rc = gnutls_hmac(hmac_hnd,
+ ntlmssp_state->negotiate_blob.data,
+ ntlmssp_state->negotiate_blob.length);
+ if (rc < 0) {
+ gnutls_hmac_deinit(hmac_hnd, NULL);
+ nt_status = NT_STATUS_INTERNAL_ERROR;
+ goto done;
+ }
+ rc = gnutls_hmac(hmac_hnd, in.data, in.length);
+ if (rc < 0) {
+ gnutls_hmac_deinit(hmac_hnd, NULL);
+ nt_status = NT_STATUS_INTERNAL_ERROR;
+ goto done;
+ }
+ rc = gnutls_hmac(hmac_hnd, out->data, out->length);
+ if (rc < 0) {
+ gnutls_hmac_deinit(hmac_hnd, NULL);
+ nt_status = NT_STATUS_INTERNAL_ERROR;
+ goto done;
+ }
+
+ gnutls_hmac_deinit(hmac_hnd, mic_buffer);
+
memcpy(out->data + NTLMSSP_MIC_OFFSET, mic_buffer, NTLMSSP_MIC_SIZE);
+ ZERO_ARRAY(mic_buffer);
+ nt_status = NT_STATUS_OK;
done:
+ ZERO_ARRAY_LEN(ntlmssp_state->negotiate_blob.data,
+ ntlmssp_state->negotiate_blob.length);
data_blob_free(&ntlmssp_state->negotiate_blob);
ntlmssp_state->session_key = session_key;
@@ -776,7 +809,7 @@ done:
}
talloc_free(mem_ctx);
- return NT_STATUS_OK;
+ return nt_status;
}
NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
index 140e89daeb1..48bd743ef74 100644
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -29,7 +29,6 @@
#include "../librpc/gen_ndr/ndr_ntlmssp.h"
#include "auth/ntlmssp/ntlmssp_ndr.h"
#include "../libcli/auth/libcli_auth.h"
-#include "../lib/crypto/crypto.h"
#include "auth/gensec/gensec.h"
#include "auth/gensec/gensec_internal.h"
#include "auth/common_auth.h"
@@ -37,6 +36,9 @@
#include "param/loadparm.h"
#include "libcli/security/session.h"
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
@@ -424,7 +426,6 @@ static NTSTATUS ntlmssp_server_preauth(struct gensec_security *gensec_security,
DATA_BLOB version_blob = data_blob_null;
const unsigned int mic_len = NTLMSSP_MIC_SIZE;
DATA_BLOB mic_blob = data_blob_null;
- uint8_t session_nonce_hash[16];
const char *parse_string;
bool ok;
struct timeval endtime;
@@ -751,7 +752,6 @@ static NTSTATUS ntlmssp_server_preauth(struct gensec_security *gensec_security,
*/
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
if (ntlmssp_state->nt_resp.length == 24 && ntlmssp_state->lm_resp.length == 24) {
- MD5_CTX md5_session_nonce_ctx;
state->doing_ntlm2 = true;
memcpy(state->session_nonce, ntlmssp_state->internal_chal.data, 8);
@@ -759,18 +759,30 @@ static NTSTATUS ntlmssp_server_preauth(struct gensec_security *gensec_security,
SMB_ASSERT(ntlmssp_state->internal_chal.data && ntlmssp_state->internal_chal.length == 8);
- MD5Init(&md5_session_nonce_ctx);
- MD5Update(&md5_session_nonce_ctx, state->session_nonce, 16);
- MD5Final(session_nonce_hash, &md5_session_nonce_ctx);
-
/* LM response is no longer useful */
data_blob_free(&ntlmssp_state->lm_resp);
/* We changed the effective challenge - set it */
if (auth_context->set_ntlm_challenge) {
+ uint8_t session_nonce_hash[16];
+ int rc;
+
+ rc = gnutls_hash_fast(GNUTLS_DIG_MD5,
+ state->session_nonce,
+ 16,
+ session_nonce_hash);
+ if (rc < 0) {
+ if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
+ return NT_STATUS_NTLM_BLOCKED;
+ }
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+
nt_status = auth_context->set_ntlm_challenge(auth_context,
session_nonce_hash,
"NTLMSSP callback (NTLM2)");
+ ZERO_ARRAY(session_nonce_hash);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(1, ("gensec_ntlmssp_server_negotiate: failed to get challenge: %s\n",
nt_errstr(nt_status)));
@@ -927,10 +939,24 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
/* Handle the different session key derivation for NTLM2 */
if (state->doing_ntlm2) {
if (user_session_key.data && user_session_key.length == 16) {
+ int rc;
+
session_key = data_blob_talloc(ntlmssp_state,
NULL, 16);
- hmac_md5(user_session_key.data, state->session_nonce,
- sizeof(state->session_nonce), session_key.data);
+
+ rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+ user_session_key.data,
+ user_session_key.length,
+ state->session_nonce,
+ sizeof(state->session_nonce),
+ session_key.data);
+ if (rc < 0) {
+ if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
+ return NT_STATUS_NTLM_BLOCKED;
+ }
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
DEBUG(10,("ntlmssp_server_auth: Created NTLM2 session key.\n"));
dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length);
@@ -1031,33 +1057,58 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list