[PATCH] Revert "lib: Fix deps for LIBCRYPTO" because arcfour need DATA_BLOB

Volker Lendecke Volker.Lendecke at SerNet.DE
Fri Jun 26 14:32:42 MDT 2015


On Fri, Jun 26, 2015 at 09:23:12AM -0700, Jeremy Allison wrote:
> On Fri, Jun 26, 2015 at 05:37:25PM +1200, Douglas Bagnall wrote:
> > On 26/06/15 17:20, Volker Lendecke wrote:
> > 
> > > Question: Why does arcfour.c have to use data_blob? Would it
> > > be okay to liberate this from DATA_BLOB and use direct
> > > pointers?
> > > 
> > 
> > I wondered that myself, though I dared not go further than wondering.
> 
> Yes. Please fix it :-).

Attached. UNTESTED. But it is pretty much boiler plate.

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 735549cc60a193ba3c637267b38fd3882d9a0a53 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 26 Jun 2015 22:02:16 +0200
Subject: [PATCH 1/3] lib: Fix whitespace

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 lib/crypto/arcfour.c |   24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/lib/crypto/arcfour.c b/lib/crypto/arcfour.c
index d310649..ffcecdc 100644
--- a/lib/crypto/arcfour.c
+++ b/lib/crypto/arcfour.c
@@ -1,20 +1,20 @@
-/* 
+/*
    Unix SMB/CIFS implementation.
 
    An implementation of the arcfour algorithm
 
    Copyright (C) Andrew Tridgell 1998
-   
+
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -23,19 +23,19 @@
 #include "../lib/crypto/arcfour.h"
 
 /* initialise the arcfour sbox with key */
-_PUBLIC_ void arcfour_init(struct arcfour_state *state, const DATA_BLOB *key) 
+_PUBLIC_ void arcfour_init(struct arcfour_state *state, const DATA_BLOB *key)
 {
 	int ind;
 	uint8_t j = 0;
 	for (ind = 0; ind < sizeof(state->sbox); ind++) {
 		state->sbox[ind] = (uint8_t)ind;
 	}
-	
+
 	for (ind = 0; ind < sizeof(state->sbox); ind++) {
 		uint8_t tc;
-		
+
 		j += (state->sbox[ind] + key->data[ind%key->length]);
-		
+
 		tc = state->sbox[ind];
 		state->sbox[ind] = state->sbox[j];
 		state->sbox[j] = tc;
@@ -45,10 +45,10 @@ _PUBLIC_ void arcfour_init(struct arcfour_state *state, const DATA_BLOB *key)
 }
 
 /* crypt the data with arcfour */
-_PUBLIC_ void arcfour_crypt_sbox(struct arcfour_state *state, uint8_t *data, int len) 
+_PUBLIC_ void arcfour_crypt_sbox(struct arcfour_state *state, uint8_t *data, int len)
 {
 	int ind;
-	
+
 	for (ind = 0; ind < len; ind++) {
 		uint8_t tc;
 		uint8_t t;
@@ -59,7 +59,7 @@ _PUBLIC_ void arcfour_crypt_sbox(struct arcfour_state *state, uint8_t *data, int
 		tc = state->sbox[state->index_i];
 		state->sbox[state->index_i] = state->sbox[state->index_j];
 		state->sbox[state->index_j] = tc;
-		
+
 		t = state->sbox[state->index_i] + state->sbox[state->index_j];
 		data[ind] = data[ind] ^ state->sbox[t];
 	}
@@ -68,7 +68,7 @@ _PUBLIC_ void arcfour_crypt_sbox(struct arcfour_state *state, uint8_t *data, int
 /*
   arcfour encryption with a blob key
 */
-_PUBLIC_ void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key) 
+_PUBLIC_ void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key)
 {
 	struct arcfour_state state;
 	arcfour_init(&state, key);
-- 
1.7.9.5


From 61ab928ac15c61aa9c8cc61e855d92dc43470b43 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 26 Jun 2015 22:08:13 +0200
Subject: [PATCH 2/3] lib: Remove DATA_BLOB from arcfour_init

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 auth/ntlmssp/ntlmssp_sign.c |    6 +++---
 lib/crypto/arcfour.c        |    7 ++++---
 lib/crypto/arcfour.h        |    3 ++-
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/auth/ntlmssp/ntlmssp_sign.c b/auth/ntlmssp/ntlmssp_sign.c
index c0be914..620ea65 100644
--- a/auth/ntlmssp/ntlmssp_sign.c
+++ b/auth/ntlmssp/ntlmssp_sign.c
@@ -623,7 +623,7 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
 		dump_data_pw("NTLMSSP send seal key:\n", send_seal_key, 16);
 
 		arcfour_init(&ntlmssp_state->crypt->ntlm2.sending.seal_state,
-			     &send_seal_blob);
+			     send_seal_blob.data, send_seal_blob.length);
 
 		dump_arc4_state("NTLMSSP send seal arc4 state:\n",
 				&ntlmssp_state->crypt->ntlm2.sending.seal_state);
@@ -643,7 +643,7 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
 		dump_data_pw("NTLMSSP recv seal key:\n", recv_seal_key, 16);
 
 		arcfour_init(&ntlmssp_state->crypt->ntlm2.receiving.seal_state,
-			     &recv_seal_blob);
+			     recv_seal_blob.data, recv_seal_blob.length);
 
 		dump_arc4_state("NTLMSSP recv seal arc4 state:\n",
 				&ntlmssp_state->crypt->ntlm2.receiving.seal_state);
@@ -694,7 +694,7 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
 		}
 
 		arcfour_init(&ntlmssp_state->crypt->ntlm.seal_state,
-			     &seal_session_key);
+			     seal_session_key.data, seal_session_key.length);
 
 		dump_arc4_state("NTLMv1 arc4 state:\n",
 				&ntlmssp_state->crypt->ntlm.seal_state);
diff --git a/lib/crypto/arcfour.c b/lib/crypto/arcfour.c
index ffcecdc..cedf5b0 100644
--- a/lib/crypto/arcfour.c
+++ b/lib/crypto/arcfour.c
@@ -23,7 +23,8 @@
 #include "../lib/crypto/arcfour.h"
 
 /* initialise the arcfour sbox with key */
-_PUBLIC_ void arcfour_init(struct arcfour_state *state, const DATA_BLOB *key)
+_PUBLIC_ void arcfour_init(struct arcfour_state *state,
+			   const uint8_t *key, size_t keylen)
 {
 	int ind;
 	uint8_t j = 0;
@@ -34,7 +35,7 @@ _PUBLIC_ void arcfour_init(struct arcfour_state *state, const DATA_BLOB *key)
 	for (ind = 0; ind < sizeof(state->sbox); ind++) {
 		uint8_t tc;
 
-		j += (state->sbox[ind] + key->data[ind%key->length]);
+		j += (state->sbox[ind] + key[ind%keylen]);
 
 		tc = state->sbox[ind];
 		state->sbox[ind] = state->sbox[j];
@@ -71,7 +72,7 @@ _PUBLIC_ void arcfour_crypt_sbox(struct arcfour_state *state, uint8_t *data, int
 _PUBLIC_ void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key)
 {
 	struct arcfour_state state;
-	arcfour_init(&state, key);
+	arcfour_init(&state, key->data, key->length);
 	arcfour_crypt_sbox(&state, data, len);
 }
 
diff --git a/lib/crypto/arcfour.h b/lib/crypto/arcfour.h
index a9f80c4..0e9a04c 100644
--- a/lib/crypto/arcfour.h
+++ b/lib/crypto/arcfour.h
@@ -9,7 +9,8 @@ struct arcfour_state {
 	uint8_t index_j;
 };
 
-void arcfour_init(struct arcfour_state *state, const DATA_BLOB *key);
+void arcfour_init(struct arcfour_state *state,
+		  const uint8_t *key, size_t keylen);
 void arcfour_crypt_sbox(struct arcfour_state *state, uint8_t *data, int len);
 void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key);
 void arcfour_crypt(uint8_t *data, const uint8_t keystr[16], int len);
-- 
1.7.9.5


From 6d3158a0860316f9438b234989ef15ad271092cf Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 26 Jun 2015 22:31:23 +0200
Subject: [PATCH 3/3] lib: Remove DATA_BLOB from arcfour

---
 lib/crypto/arcfour.c                            |   12 +++----
 lib/crypto/arcfour.h                            |    5 ++-
 libcli/auth/credentials.c                       |    2 +-
 libcli/auth/smbencrypt.c                        |    6 ++--
 libcli/drsuapi/repl_decrypt.c                   |    6 ++--
 source3/libsmb/ntlmssp.c                        |    3 +-
 source3/rpc_client/init_samr.c                  |    6 ++--
 source3/rpc_server/lsa/srv_lsa_nt.c             |    3 +-
 source3/rpc_server/samr/srv_samr_nt.c           |    6 ++--
 source3/utils/net_rpc_trust.c                   |    6 ++--
 source4/libnet/libnet_passwd.c                  |   14 +++++---
 source4/rpc_server/backupkey/dcesrv_backupkey.c |    6 ++--
 source4/rpc_server/lsa/dcesrv_lsa.c             |    3 +-
 source4/rpc_server/samr/samr_password.c         |   12 ++++---
 source4/torture/rpc/backupkey.c                 |    6 ++--
 source4/torture/rpc/forest_trust.c              |    2 +-
 source4/torture/rpc/lsa.c                       |    3 +-
 source4/torture/rpc/samba3rpc.c                 |    7 ++--
 source4/torture/rpc/samr.c                      |   43 ++++++++++++++++-------
 source4/torture/rpc/testjoin.c                  |    3 +-
 20 files changed, 99 insertions(+), 55 deletions(-)

diff --git a/lib/crypto/arcfour.c b/lib/crypto/arcfour.c
index cedf5b0..b35860a 100644
--- a/lib/crypto/arcfour.c
+++ b/lib/crypto/arcfour.c
@@ -69,10 +69,11 @@ _PUBLIC_ void arcfour_crypt_sbox(struct arcfour_state *state, uint8_t *data, int
 /*
   arcfour encryption with a blob key
 */
-_PUBLIC_ void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key)
+_PUBLIC_ void arcfour_crypt_blob(uint8_t *data, int len,
+				 const uint8_t *key, size_t keylen)
 {
 	struct arcfour_state state;
-	arcfour_init(&state, key->data, key->length);
+	arcfour_init(&state, key, keylen);
 	arcfour_crypt_sbox(&state, data, len);
 }
 
@@ -82,12 +83,7 @@ _PUBLIC_ void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key)
 */
 _PUBLIC_ void arcfour_crypt(uint8_t *data, const uint8_t keystr[16], int len)
 {
-	uint8_t keycopy[16];
-	DATA_BLOB key = { .data = keycopy, .length = sizeof(keycopy) };
-
-	memcpy(keycopy, keystr, sizeof(keycopy));
-
-	arcfour_crypt_blob(data, len, &key);
+	arcfour_crypt_blob(data, len, keystr, 16);
 }
 
 
diff --git a/lib/crypto/arcfour.h b/lib/crypto/arcfour.h
index 0e9a04c..8a408dc 100644
--- a/lib/crypto/arcfour.h
+++ b/lib/crypto/arcfour.h
@@ -1,8 +1,6 @@
 #ifndef ARCFOUR_HEADER_H
 #define ARCFOUR_HEADER_H
 
-#include "../lib/util/data_blob.h"
-
 struct arcfour_state {
 	uint8_t sbox[256];
 	uint8_t index_i;
@@ -12,7 +10,8 @@ struct arcfour_state {
 void arcfour_init(struct arcfour_state *state,
 		  const uint8_t *key, size_t keylen);
 void arcfour_crypt_sbox(struct arcfour_state *state, uint8_t *data, int len);
-void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key);
+void arcfour_crypt_blob(uint8_t *data, int len,
+			const uint8_t *key, size_t keylen);
 void arcfour_crypt(uint8_t *data, const uint8_t keystr[16], int len);
 
 #endif /* ARCFOUR_HEADER_H */
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index 91f37b7..db62f64 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -217,7 +217,7 @@ void netlogon_creds_arcfour_crypt(struct netlogon_creds_CredentialState *creds,
 {
 	DATA_BLOB session_key = data_blob(creds->session_key, 16);
 
-	arcfour_crypt_blob(data, len, &session_key);
+	arcfour_crypt_blob(data, len, session_key.data, session_key.length);
 
 	data_blob_free(&session_key);
 }
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index e9eaadf..d543a5e 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -739,7 +739,8 @@ void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
 	MD5Update(&ctx, confounder, confounder_len);
 	MD5Final(confounded_session_key.data, &ctx);
 
-	arcfour_crypt_blob(buffer, 516, &confounded_session_key);
+	arcfour_crypt_blob(buffer, 516, confounded_session_key.data,
+			   confounded_session_key.length);
 
 	memcpy(&my_pwd_buf->data[0], confounder, confounder_len);
 	memcpy(&my_pwd_buf->data[8], buffer, 516);
@@ -784,7 +785,8 @@ WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
 	MD5Update(&ctx, confounder, confounder_len);
 	MD5Final(confounded_session_key.data, &ctx);
 
-	arcfour_crypt_blob(buffer, 516, &confounded_session_key);
+	arcfour_crypt_blob(buffer, 516, confounded_session_key.data,
+			   confounded_session_key.length);
 
 	if (!decode_pw_buffer(mem_ctx, buffer, pwd, &pwd_len, CH_UTF16)) {
 		data_blob_free(&confounded_session_key);
diff --git a/libcli/drsuapi/repl_decrypt.c b/libcli/drsuapi/repl_decrypt.c
index 00b8db8..568f86c 100644
--- a/libcli/drsuapi/repl_decrypt.c
+++ b/libcli/drsuapi/repl_decrypt.c
@@ -86,7 +86,8 @@ WERROR drsuapi_decrypt_attribute_value(TALLOC_CTX *mem_ctx,
 	 * decrypt it using the created encryption key using arcfour
 	 */
 	dec_buffer = data_blob_const(enc_buffer.data, enc_buffer.length);
-	arcfour_crypt_blob(dec_buffer.data, dec_buffer.length, &enc_key);
+	arcfour_crypt_blob(dec_buffer.data, dec_buffer.length,
+			   enc_key.data, enc_key.length);
 
 	/* 
 	 * the first 4 byte are the crc32 checksum
@@ -282,7 +283,8 @@ static WERROR drsuapi_encrypt_attribute_value(TALLOC_CTX *mem_ctx,
 	memcpy(enc_buffer.data+20, in->data, in->length); 
 	talloc_free(rid_crypt_out.data);
 
-	arcfour_crypt_blob(enc_buffer.data+16, enc_buffer.length-16, &enc_key);
+	arcfour_crypt_blob(enc_buffer.data+16, enc_buffer.length-16,
+			   enc_key.data, enc_key.length);
 
 	*out = enc_buffer;
 
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index e661aeb..c1e1555 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -648,7 +648,8 @@ noccache:
 		/* Encrypt the new session key with the old one */
 		encrypted_session_key = data_blob(client_session_key, sizeof(client_session_key));
 		dump_data_pw("KEY_EXCH session key:\n", encrypted_session_key.data, encrypted_session_key.length);
-		arcfour_crypt_blob(encrypted_session_key.data, encrypted_session_key.length, &session_key);
+		arcfour_crypt_blob(encrypted_session_key.data, encrypted_session_key.length,
+				   session_key.data, session_key.length);
 		dump_data_pw("KEY_EXCH session key (enc):\n", encrypted_session_key.data, encrypted_session_key.length);
 
 		/* Mark the new session key as the 'real' session key */
diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c
index 7f1a229..ea6a1b4 100644
--- a/source3/rpc_client/init_samr.c
+++ b/source3/rpc_client/init_samr.c
@@ -48,7 +48,8 @@ void init_samr_CryptPasswordEx(const char *pwd,
 			    session_key->length);
 	MD5Final(confounded_session_key.data, &md5_ctx);
 
-	arcfour_crypt_blob(pwbuf, 516, &confounded_session_key);
+	arcfour_crypt_blob(pwbuf, 516, confounded_session_key.data,
+			   confounded_session_key.length);
 	memcpy(&pwbuf[516], confounder, 16);
 
 	memcpy(pwd_buf->data, pwbuf, sizeof(pwbuf));
@@ -66,5 +67,6 @@ void init_samr_CryptPassword(const char *pwd,
 	/* samr_CryptPassword */
 
 	encode_pw_buffer(pwd_buf->data, pwd, STR_UNICODE);
-	arcfour_crypt_blob(pwd_buf->data, 516, session_key);
+	arcfour_crypt_blob(pwd_buf->data, 516, session_key->data,
+			   session_key->length);
 }
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index 1e3f9f9..b476707 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -1689,7 +1689,8 @@ static NTSTATUS get_trustdom_auth_blob(struct pipes_struct *p,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	arcfour_crypt_blob(auth_blob->data, auth_blob->length, &lsession_key);
+	arcfour_crypt_blob(auth_blob->data, auth_blob->length,
+			   lsession_key.data, lsession_key.length);
 	ndr_err = ndr_pull_struct_blob(auth_blob, mem_ctx,
 				       auth_struct,
 				       (ndr_pull_flags_fn_t)ndr_pull_trustDomainPasswords);
diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
index 4b4b77a..6767baa 100644
--- a/source3/rpc_server/samr/srv_samr_nt.c
+++ b/source3/rpc_server/samr/srv_samr_nt.c
@@ -5125,7 +5125,8 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
 		case 23:
 			status = session_extract_session_key(p->session_info, &session_key, KEY_USE_16BYTES);
 			arcfour_crypt_blob(info->info23.password.data, 516,
-					   &session_key);
+					   session_key.data,
+					   session_key.length);
 
 			dump_data(100, info->info23.password.data, 516);
 
@@ -5139,7 +5140,8 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
 			status = session_extract_session_key(p->session_info, &session_key, KEY_USE_16BYTES);
 			arcfour_crypt_blob(info->info24.password.data,
 					   516,
-					   &session_key);
+					   session_key.data,
+					   session_key.length);
 
 			dump_data(100, info->info24.password.data, 516);
 
diff --git a/source3/utils/net_rpc_trust.c b/source3/utils/net_rpc_trust.c
index 5e58103..895a441 100644
--- a/source3/utils/net_rpc_trust.c
+++ b/source3/utils/net_rpc_trust.c
@@ -546,7 +546,8 @@ static int rpc_trust_common(struct net_context *net_ctx, int argc,
 
 		arcfour_crypt_blob(authinfo.auth_blob.data,
 				   authinfo.auth_blob.size,
-				   &session_key[0]);
+				   session_key[0].data,
+				   session_key[0].length);
 
 		status = create_trust(mem_ctx, pipe_hnd[0]->binding_handle,
 				      &pol_hnd[0],
@@ -573,7 +574,8 @@ static int rpc_trust_common(struct net_context *net_ctx, int argc,
 
 			arcfour_crypt_blob(authinfo.auth_blob.data,
 					   authinfo.auth_blob.size,
-					   &session_key[1]);
+					   session_key[1].data,
+					   session_key[1].length);
 
 			status = create_trust(mem_ctx,
 					      pipe_hnd[1]->binding_handle,
diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c
index 77176bc..87835e1 100644
--- a/source4/libnet/libnet_passwd.c
+++ b/source4/libnet/libnet_passwd.c
@@ -300,7 +300,9 @@ static NTSTATUS libnet_SetPassword_samr_handle_26(struct libnet_context *ctx, TA
 	MD5Update(&md5, session_key.data, session_key.length);
 	MD5Final(confounded_session_key.data, &md5);
 	
-	arcfour_crypt_blob(u_info.info26.password.data, 516, &confounded_session_key);
+	arcfour_crypt_blob(u_info.info26.password.data, 516,
+			   confounded_session_key.data,
+			   confounded_session_key.length);
 	memcpy(&u_info.info26.password.data[516], confounder, 16);
 	
 	sui.in.user_handle = r->samr_handle.in.user_handle;
@@ -357,7 +359,9 @@ static NTSTATUS libnet_SetPassword_samr_handle_25(struct libnet_context *ctx, TA
 	MD5Update(&md5, session_key.data, session_key.length);
 	MD5Final(confounded_session_key.data, &md5);
 
-	arcfour_crypt_blob(u_info.info25.password.data, 516, &confounded_session_key);
+	arcfour_crypt_blob(u_info.info25.password.data, 516,
+			   confounded_session_key.data,
+			   confounded_session_key.length);
 	memcpy(&u_info.info25.password.data[516], confounder, 16);
 
 	sui.in.user_handle = r->samr_handle.in.user_handle;
@@ -402,7 +406,8 @@ static NTSTATUS libnet_SetPassword_samr_handle_24(struct libnet_context *ctx, TA
 		return status;
 	}
 
-	arcfour_crypt_blob(u_info.info24.password.data, 516, &session_key);
+	arcfour_crypt_blob(u_info.info24.password.data, 516, session_key.data,
+			   session_key.length);
 
 	sui.in.user_handle = r->samr_handle.in.user_handle;
 	sui.in.info = &u_info;
@@ -448,7 +453,8 @@ static NTSTATUS libnet_SetPassword_samr_handle_23(struct libnet_context *ctx, TA
 		return status;
 	}
 
-	arcfour_crypt_blob(u_info.info23.password.data, 516, &session_key);
+	arcfour_crypt_blob(u_info.info23.password.data, 516, session_key.data,
+			   session_key.length);
 
 	sui.in.user_handle = r->samr_handle.in.user_handle;
 	sui.in.info = &u_info;
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
index 3edd1b6..613df6e 100644
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -1544,7 +1544,8 @@ static WERROR bkrp_server_wrap_decrypt_data(struct dcesrv_call_state *dce_call,
 	encrypted_blob = data_blob_const(decrypt_request.rc4encryptedpayload,
 					 decrypt_request.ciphertext_length);
 
-	arcfour_crypt_blob(encrypted_blob.data, encrypted_blob.length, &symkey_blob);
+	arcfour_crypt_blob(encrypted_blob.data, encrypted_blob.length,
+			   symkey_blob.data, symkey_blob.length);
 
 	ndr_err = ndr_pull_struct_blob_all(&encrypted_blob, mem_ctx, &rc4payload,
 					   (ndr_pull_flags_fn_t)ndr_pull_bkrp_rc4encryptedpayload);
@@ -1761,7 +1762,8 @@ static WERROR bkrp_server_wrap_encrypt_data(struct dcesrv_call_state *dce_call,
 
 	/* rc4 encrypt sid and secret using sym key */
 	symkey_blob = data_blob_const(symkey, sizeof(symkey));
-	arcfour_crypt_blob(encrypted_blob.data, encrypted_blob.length, &symkey_blob);
+	arcfour_crypt_blob(encrypted_blob.data, encrypted_blob.length,
+			   symkey_blob.data, symkey_blob.length);
 
 	/* create server wrap structure */
 
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index e7b0aae..c5c07bc 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -812,7 +812,8 @@ static NTSTATUS get_trustdom_auth_blob(struct dcesrv_call_state *dce_call,
 		return nt_status;
 	}
 
-	arcfour_crypt_blob(auth_blob->data, auth_blob->length, &session_key);
+	arcfour_crypt_blob(auth_blob->data, auth_blob->length,
+			   session_key.data, session_key.length);
 	ndr_err = ndr_pull_struct_blob(auth_blob, mem_ctx,
 				       auth_struct,
 				       (ndr_pull_flags_fn_t)ndr_pull_trustDomainPasswords);
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index 1466dec..ab77ffe 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -120,7 +120,8 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
 
 	/* decrypt the password we have been given */
 	lm_pwd_blob = data_blob(lm_pwd->hash, sizeof(lm_pwd->hash));
-	arcfour_crypt_blob(pwbuf->data, 516, &lm_pwd_blob);
+	arcfour_crypt_blob(pwbuf->data, 516, lm_pwd_blob.data,
+			   lm_pwd_blob.length);
 	data_blob_free(&lm_pwd_blob);
 
 	if (!extract_pw_from_buffer(mem_ctx, pwbuf->data, &new_password)) {
@@ -271,7 +272,8 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
 
 	/* decrypt the password we have been given */
 	nt_pwd_blob = data_blob(nt_pwd->hash, sizeof(nt_pwd->hash));
-	arcfour_crypt_blob(r->in.nt_password->data, 516, &nt_pwd_blob);
+	arcfour_crypt_blob(r->in.nt_password->data, 516, nt_pwd_blob.data,
+			   nt_pwd_blob.length);
 	data_blob_free(&nt_pwd_blob);
 
 	if (!extract_pw_from_buffer(mem_ctx, r->in.nt_password->data, &new_password)) {
@@ -422,7 +424,8 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
 		return nt_status;
 	}
 
-	arcfour_crypt_blob(pwbuf->data, 516, &session_key);
+	arcfour_crypt_blob(pwbuf->data, 516, session_key.data,
+			   session_key.length);
 
 	if (!extract_pw_from_buffer(mem_ctx, pwbuf->data, &new_password)) {
 		DEBUG(3,("samr: failed to decode password buffer\n"));
@@ -471,7 +474,8 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
 	MD5Update(&ctx, session_key.data, session_key.length);
 	MD5Final(co_session_key.data, &ctx);
 
-	arcfour_crypt_blob(pwbuf->data, 516, &co_session_key);
+	arcfour_crypt_blob(pwbuf->data, 516, co_session_key.data,
+			   co_session_key.length);
 
 	if (!extract_pw_from_buffer(mem_ctx, pwbuf->data, &new_password)) {
 		DEBUG(3,("samr: failed to decode password buffer\n"));
diff --git a/source4/torture/rpc/backupkey.c b/source4/torture/rpc/backupkey.c
index c3e9908..bfebcd8 100644
--- a/source4/torture/rpc/backupkey.c
+++ b/source4/torture/rpc/backupkey.c
@@ -1668,7 +1668,8 @@ static bool test_ServerWrap_encrypt_decrypt_manual(struct torture_context *tctx,
 	encrypted_blob = data_blob_talloc(tctx, server_side_wrapped->rc4encryptedpayload,
 					  server_side_wrapped->ciphertext_length);
 	
-	arcfour_crypt_blob(encrypted_blob.data, encrypted_blob.length, &symkey_blob);
+	arcfour_crypt_blob(encrypted_blob.data, encrypted_blob.length,
+			   symkey_blob.data, symkey_blob.length);
 
 	torture_assert_ndr_err_equal(tctx, ndr_pull_struct_blob(&encrypted_blob, tctx, &rc4payload,
 				       (ndr_pull_flags_fn_t)ndr_pull_bkrp_rc4encryptedpayload),
@@ -1750,7 +1751,8 @@ static bool test_ServerWrap_encrypt_decrypt_manual(struct torture_context *tctx,
 	}
 	
 	/* rc4 encrypt sid and secret using sym key */
-	arcfour_crypt_blob(encrypted_blob.data, encrypted_blob.length, &symkey_blob);
+	arcfour_crypt_blob(encrypted_blob.data, encrypted_blob.length,
+			   symkey_blob.data, symkey_blob.length);
 
 	/* re-create server wrap structure */
 
diff --git a/source4/torture/rpc/forest_trust.c b/source4/torture/rpc/forest_trust.c
index ccb19ed..7787e3c 100644
--- a/source4/torture/rpc/forest_trust.c
+++ b/source4/torture/rpc/forest_trust.c
@@ -703,7 +703,7 @@ static bool test_setup_trust(struct torture_context *tctx,
 	authinfo.auth_blob.size = auth_blob->length;
 
 	arcfour_crypt_blob(authinfo.auth_blob.data, authinfo.auth_blob.size,
-			   &session_key);
+			   session_key.data, session_key.length);
 
 	if (!test_create_trust_and_set_info(p, tctx, netbios_name,
 					    dns_name, sid, &authinfo)) {
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 1386189..c492e7c 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -2655,7 +2655,8 @@ static bool gen_authinfo_internal(TALLOC_CTX *mem_ctx, const char *password,
 		return false;
 	}
 
-	arcfour_crypt_blob(auth_blob.data, auth_blob.length, &session_key);
+	arcfour_crypt_blob(auth_blob.data, auth_blob.length,
+			   session_key.data, session_key.length);
 
 	authinfo_internal->auth_blob.size = auth_blob.length;
 	authinfo_internal->auth_blob.data = auth_blob.data;
diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c
index ff1a53c..1570c5b 100644
--- a/source4/torture/rpc/samba3rpc.c
+++ b/source4/torture/rpc/samba3rpc.c
@@ -594,7 +594,7 @@ static bool create_user(struct torture_context *tctx,
 			goto done;
 		}
 		arcfour_crypt_blob(u_info.info23.password.data, 516,
-				   &session_key);
+				   session_key.data, session_key.length);
 		u_info.info23.info.password_expired = 0;
 		u_info.info23.info.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT |
 						    SAMR_FIELD_LM_PASSWORD_PRESENT |
@@ -824,7 +824,8 @@ static bool join3(struct torture_context *tctx,
 		MD5Final(confounded_session_key.data, &ctx);
 
 		arcfour_crypt_blob(u_info.info25.password.data, 516,
-				   &confounded_session_key);
+				   confounded_session_key.data,
+				   confounded_session_key.length);
 		memcpy(&u_info.info25.password.data[516], confounder, 16);
 
 		sui2.in.user_handle = wks_handle;
@@ -860,7 +861,7 @@ static bool join3(struct torture_context *tctx,
 			goto done;
 		}
 		arcfour_crypt_blob(u_info.info24.password.data, 516,
-				   &session_key);
+				   session_key.data, session_key.length);
 		sui2.in.user_handle = wks_handle;
 		sui2.in.info = &u_info;
 		sui2.in.level = 24;
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index 293b672..bf5a3a3 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -643,7 +643,8 @@ static bool test_SetUserPass(struct dcerpc_pipe *p, struct torture_context *tctx
 		return false;
 	}
 
-	arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
+	arcfour_crypt_blob(u.info24.password.data, 516,
+			   session_key.data, session_key.length);
 
 	torture_comment(tctx, "Testing SetUserInfo level 24 (set password)\n");
 
@@ -705,7 +706,8 @@ static bool test_SetUserPass_23(struct dcerpc_pipe *p, struct torture_context *t
 		return false;
 	}
 
-	arcfour_crypt_blob(u.info23.password.data, 516, &session_key);
+	arcfour_crypt_blob(u.info23.password.data, 516,
+			   session_key.data, session_key.length);
 
 	torture_comment(tctx, "Testing SetUserInfo level 23 (set password)\n");
 
@@ -733,7 +735,8 @@ static bool test_SetUserPass_23(struct dcerpc_pipe *p, struct torture_context *t
 
 	/* This should break the key nicely */
 	session_key.length--;
-	arcfour_crypt_blob(u.info23.password.data, 516, &session_key);
+	arcfour_crypt_blob(u.info23.password.data, 516, session_key.data,
+			   session_key.length);
 
 	torture_comment(tctx, "Testing SetUserInfo level 23 (set password) with wrong password\n");
 
@@ -804,7 +807,9 @@ static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tc
 	MD5Update(&ctx, session_key.data, session_key.length);
 	MD5Final(confounded_session_key.data, &ctx);
 
-	arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key);
+	arcfour_crypt_blob(u.info26.password.data, 516,
+			   confounded_session_key.data,
+			   confounded_session_key.length);
 	memcpy(&u.info26.password.data[516], confounder, 16);
 
 	torture_comment(tctx, "Testing SetUserInfo level 26 (set password ex)\n");
@@ -825,7 +830,9 @@ static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tc
 	/* This should break the key nicely */
 	confounded_session_key.data[0]++;
 
-	arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key);
+	arcfour_crypt_blob(u.info26.password.data, 516,
+			   confounded_session_key.data,
+			   confounded_session_key.length);
 	memcpy(&u.info26.password.data[516], confounder, 16);
 
 	torture_comment(tctx, "Testing SetUserInfo level 26 (set password ex) with wrong session key\n");
@@ -897,7 +904,9 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *t
 	MD5Update(&ctx, session_key.data, session_key.length);
 	MD5Final(confounded_session_key.data, &ctx);
 
-	arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
+	arcfour_crypt_blob(u.info25.password.data, 516,
+			   confounded_session_key.data,
+			   confounded_session_key.length);
 	memcpy(&u.info25.password.data[516], confounder, 16);
 
 	torture_comment(tctx, "Testing SetUserInfo level 25 (set password ex)\n");
@@ -918,7 +927,9 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *t
 	/* This should break the key nicely */
 	confounded_session_key.data[0]++;
 
-	arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
+	arcfour_crypt_blob(u.info25.password.data, 516,
+			   confounded_session_key.data,
+			   confounded_session_key.length);
 	memcpy(&u.info25.password.data[516], confounder, 16);
 
 	torture_comment(tctx, "Testing SetUserInfo level 25 (set password ex) with wrong session key\n");
@@ -1299,17 +1310,23 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p,
 		}
 		break;
 	case 23:
-		arcfour_crypt_blob(u.info23.password.data, 516, &session_key);
+		arcfour_crypt_blob(u.info23.password.data, 516,
+				   session_key.data, session_key.length);
 		break;
 	case 24:
-		arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
+		arcfour_crypt_blob(u.info24.password.data, 516,
+				   session_key.data, session_key.length);
 		break;
 	case 25:
-		arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
+		arcfour_crypt_blob(u.info25.password.data, 516,
+				   confounded_session_key.data,
+				   confounded_session_key.length);
 		memcpy(&u.info25.password.data[516], confounder, 16);
 		break;
 	case 26:
-		arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key);
+		arcfour_crypt_blob(u.info26.password.data, 516,
+				   confounded_session_key.data,
+				   confounded_session_key.length);
 		memcpy(&u.info26.password.data[516], confounder, 16);
 		break;
 	}
@@ -2678,7 +2695,9 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
 	MD5Update(&ctx, session_key.data, session_key.length);
 	MD5Final(confounded_session_key.data, &ctx);
 
-	arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
+	arcfour_crypt_blob(u.info25.password.data, 516,
+			   confounded_session_key.data,
+			   confounded_session_key.length);
 	memcpy(&u.info25.password.data[516], confounder, 16);
 
 	torture_comment(tctx, "Testing SetUserInfo level 25 (set password ex) with a password made up of only random bytes\n");
diff --git a/source4/torture/rpc/testjoin.c b/source4/torture/rpc/testjoin.c
index 5ee2c2a..96558b5 100644
--- a/source4/torture/rpc/testjoin.c
+++ b/source4/torture/rpc/testjoin.c
@@ -339,7 +339,8 @@ again:
 		goto failed;
 	}
 
-	arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
+	arcfour_crypt_blob(u.info24.password.data, 516, session_key.data,
+			   session_key.length);
 
 	status = dcerpc_samr_SetUserInfo_r(b, join, &s);
 	if (!NT_STATUS_IS_OK(status)) {
-- 
1.7.9.5



More information about the samba-technical mailing list