[PATCH] Revert "lib: Fix deps for LIBCRYPTO" because arcfour need DATA_BLOB
Volker Lendecke
Volker.Lendecke at SerNet.DE
Fri Jun 26 14:32:42 MDT 2015
On Fri, Jun 26, 2015 at 09:23:12AM -0700, Jeremy Allison wrote:
> On Fri, Jun 26, 2015 at 05:37:25PM +1200, Douglas Bagnall wrote:
> > On 26/06/15 17:20, Volker Lendecke wrote:
> >
> > > Question: Why does arcfour.c have to use data_blob? Would it
> > > be okay to liberate this from DATA_BLOB and use direct
> > > pointers?
> > >
> >
> > I wondered that myself, though I dared not go further than wondering.
>
> Yes. Please fix it :-).
Attached. UNTESTED. But it is pretty much boiler plate.
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 735549cc60a193ba3c637267b38fd3882d9a0a53 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 26 Jun 2015 22:02:16 +0200
Subject: [PATCH 1/3] lib: Fix whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
---
lib/crypto/arcfour.c | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/lib/crypto/arcfour.c b/lib/crypto/arcfour.c
index d310649..ffcecdc 100644
--- a/lib/crypto/arcfour.c
+++ b/lib/crypto/arcfour.c
@@ -1,20 +1,20 @@
-/*
+/*
Unix SMB/CIFS implementation.
An implementation of the arcfour algorithm
Copyright (C) Andrew Tridgell 1998
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -23,19 +23,19 @@
#include "../lib/crypto/arcfour.h"
/* initialise the arcfour sbox with key */
-_PUBLIC_ void arcfour_init(struct arcfour_state *state, const DATA_BLOB *key)
+_PUBLIC_ void arcfour_init(struct arcfour_state *state, const DATA_BLOB *key)
{
int ind;
uint8_t j = 0;
for (ind = 0; ind < sizeof(state->sbox); ind++) {
state->sbox[ind] = (uint8_t)ind;
}
-
+
for (ind = 0; ind < sizeof(state->sbox); ind++) {
uint8_t tc;
-
+
j += (state->sbox[ind] + key->data[ind%key->length]);
-
+
tc = state->sbox[ind];
state->sbox[ind] = state->sbox[j];
state->sbox[j] = tc;
@@ -45,10 +45,10 @@ _PUBLIC_ void arcfour_init(struct arcfour_state *state, const DATA_BLOB *key)
}
/* crypt the data with arcfour */
-_PUBLIC_ void arcfour_crypt_sbox(struct arcfour_state *state, uint8_t *data, int len)
+_PUBLIC_ void arcfour_crypt_sbox(struct arcfour_state *state, uint8_t *data, int len)
{
int ind;
-
+
for (ind = 0; ind < len; ind++) {
uint8_t tc;
uint8_t t;
@@ -59,7 +59,7 @@ _PUBLIC_ void arcfour_crypt_sbox(struct arcfour_state *state, uint8_t *data, int
tc = state->sbox[state->index_i];
state->sbox[state->index_i] = state->sbox[state->index_j];
state->sbox[state->index_j] = tc;
-
+
t = state->sbox[state->index_i] + state->sbox[state->index_j];
data[ind] = data[ind] ^ state->sbox[t];
}
@@ -68,7 +68,7 @@ _PUBLIC_ void arcfour_crypt_sbox(struct arcfour_state *state, uint8_t *data, int
/*
arcfour encryption with a blob key
*/
-_PUBLIC_ void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key)
+_PUBLIC_ void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key)
{
struct arcfour_state state;
arcfour_init(&state, key);
--
1.7.9.5
From 61ab928ac15c61aa9c8cc61e855d92dc43470b43 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 26 Jun 2015 22:08:13 +0200
Subject: [PATCH 2/3] lib: Remove DATA_BLOB from arcfour_init
Signed-off-by: Volker Lendecke <vl at samba.org>
---
auth/ntlmssp/ntlmssp_sign.c | 6 +++---
lib/crypto/arcfour.c | 7 ++++---
lib/crypto/arcfour.h | 3 ++-
3 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/auth/ntlmssp/ntlmssp_sign.c b/auth/ntlmssp/ntlmssp_sign.c
index c0be914..620ea65 100644
--- a/auth/ntlmssp/ntlmssp_sign.c
+++ b/auth/ntlmssp/ntlmssp_sign.c
@@ -623,7 +623,7 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
dump_data_pw("NTLMSSP send seal key:\n", send_seal_key, 16);
arcfour_init(&ntlmssp_state->crypt->ntlm2.sending.seal_state,
- &send_seal_blob);
+ send_seal_blob.data, send_seal_blob.length);
dump_arc4_state("NTLMSSP send seal arc4 state:\n",
&ntlmssp_state->crypt->ntlm2.sending.seal_state);
@@ -643,7 +643,7 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
dump_data_pw("NTLMSSP recv seal key:\n", recv_seal_key, 16);
arcfour_init(&ntlmssp_state->crypt->ntlm2.receiving.seal_state,
- &recv_seal_blob);
+ recv_seal_blob.data, recv_seal_blob.length);
dump_arc4_state("NTLMSSP recv seal arc4 state:\n",
&ntlmssp_state->crypt->ntlm2.receiving.seal_state);
@@ -694,7 +694,7 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
}
arcfour_init(&ntlmssp_state->crypt->ntlm.seal_state,
- &seal_session_key);
+ seal_session_key.data, seal_session_key.length);
dump_arc4_state("NTLMv1 arc4 state:\n",
&ntlmssp_state->crypt->ntlm.seal_state);
diff --git a/lib/crypto/arcfour.c b/lib/crypto/arcfour.c
index ffcecdc..cedf5b0 100644
--- a/lib/crypto/arcfour.c
+++ b/lib/crypto/arcfour.c
@@ -23,7 +23,8 @@
#include "../lib/crypto/arcfour.h"
/* initialise the arcfour sbox with key */
-_PUBLIC_ void arcfour_init(struct arcfour_state *state, const DATA_BLOB *key)
+_PUBLIC_ void arcfour_init(struct arcfour_state *state,
+ const uint8_t *key, size_t keylen)
{
int ind;
uint8_t j = 0;
@@ -34,7 +35,7 @@ _PUBLIC_ void arcfour_init(struct arcfour_state *state, const DATA_BLOB *key)
for (ind = 0; ind < sizeof(state->sbox); ind++) {
uint8_t tc;
- j += (state->sbox[ind] + key->data[ind%key->length]);
+ j += (state->sbox[ind] + key[ind%keylen]);
tc = state->sbox[ind];
state->sbox[ind] = state->sbox[j];
@@ -71,7 +72,7 @@ _PUBLIC_ void arcfour_crypt_sbox(struct arcfour_state *state, uint8_t *data, int
_PUBLIC_ void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key)
{
struct arcfour_state state;
- arcfour_init(&state, key);
+ arcfour_init(&state, key->data, key->length);
arcfour_crypt_sbox(&state, data, len);
}
diff --git a/lib/crypto/arcfour.h b/lib/crypto/arcfour.h
index a9f80c4..0e9a04c 100644
--- a/lib/crypto/arcfour.h
+++ b/lib/crypto/arcfour.h
@@ -9,7 +9,8 @@ struct arcfour_state {
uint8_t index_j;
};
-void arcfour_init(struct arcfour_state *state, const DATA_BLOB *key);
+void arcfour_init(struct arcfour_state *state,
+ const uint8_t *key, size_t keylen);
void arcfour_crypt_sbox(struct arcfour_state *state, uint8_t *data, int len);
void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key);
void arcfour_crypt(uint8_t *data, const uint8_t keystr[16], int len);
--
1.7.9.5
From 6d3158a0860316f9438b234989ef15ad271092cf Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 26 Jun 2015 22:31:23 +0200
Subject: [PATCH 3/3] lib: Remove DATA_BLOB from arcfour
---
lib/crypto/arcfour.c | 12 +++----
lib/crypto/arcfour.h | 5 ++-
libcli/auth/credentials.c | 2 +-
libcli/auth/smbencrypt.c | 6 ++--
libcli/drsuapi/repl_decrypt.c | 6 ++--
source3/libsmb/ntlmssp.c | 3 +-
source3/rpc_client/init_samr.c | 6 ++--
source3/rpc_server/lsa/srv_lsa_nt.c | 3 +-
source3/rpc_server/samr/srv_samr_nt.c | 6 ++--
source3/utils/net_rpc_trust.c | 6 ++--
source4/libnet/libnet_passwd.c | 14 +++++---
source4/rpc_server/backupkey/dcesrv_backupkey.c | 6 ++--
source4/rpc_server/lsa/dcesrv_lsa.c | 3 +-
source4/rpc_server/samr/samr_password.c | 12 ++++---
source4/torture/rpc/backupkey.c | 6 ++--
source4/torture/rpc/forest_trust.c | 2 +-
source4/torture/rpc/lsa.c | 3 +-
source4/torture/rpc/samba3rpc.c | 7 ++--
source4/torture/rpc/samr.c | 43 ++++++++++++++++-------
source4/torture/rpc/testjoin.c | 3 +-
20 files changed, 99 insertions(+), 55 deletions(-)
diff --git a/lib/crypto/arcfour.c b/lib/crypto/arcfour.c
index cedf5b0..b35860a 100644
--- a/lib/crypto/arcfour.c
+++ b/lib/crypto/arcfour.c
@@ -69,10 +69,11 @@ _PUBLIC_ void arcfour_crypt_sbox(struct arcfour_state *state, uint8_t *data, int
/*
arcfour encryption with a blob key
*/
-_PUBLIC_ void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key)
+_PUBLIC_ void arcfour_crypt_blob(uint8_t *data, int len,
+ const uint8_t *key, size_t keylen)
{
struct arcfour_state state;
- arcfour_init(&state, key->data, key->length);
+ arcfour_init(&state, key, keylen);
arcfour_crypt_sbox(&state, data, len);
}
@@ -82,12 +83,7 @@ _PUBLIC_ void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key)
*/
_PUBLIC_ void arcfour_crypt(uint8_t *data, const uint8_t keystr[16], int len)
{
- uint8_t keycopy[16];
- DATA_BLOB key = { .data = keycopy, .length = sizeof(keycopy) };
-
- memcpy(keycopy, keystr, sizeof(keycopy));
-
- arcfour_crypt_blob(data, len, &key);
+ arcfour_crypt_blob(data, len, keystr, 16);
}
diff --git a/lib/crypto/arcfour.h b/lib/crypto/arcfour.h
index 0e9a04c..8a408dc 100644
--- a/lib/crypto/arcfour.h
+++ b/lib/crypto/arcfour.h
@@ -1,8 +1,6 @@
#ifndef ARCFOUR_HEADER_H
#define ARCFOUR_HEADER_H
-#include "../lib/util/data_blob.h"
-
struct arcfour_state {
uint8_t sbox[256];
uint8_t index_i;
@@ -12,7 +10,8 @@ struct arcfour_state {
void arcfour_init(struct arcfour_state *state,
const uint8_t *key, size_t keylen);
void arcfour_crypt_sbox(struct arcfour_state *state, uint8_t *data, int len);
-void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key);
+void arcfour_crypt_blob(uint8_t *data, int len,
+ const uint8_t *key, size_t keylen);
void arcfour_crypt(uint8_t *data, const uint8_t keystr[16], int len);
#endif /* ARCFOUR_HEADER_H */
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index 91f37b7..db62f64 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -217,7 +217,7 @@ void netlogon_creds_arcfour_crypt(struct netlogon_creds_CredentialState *creds,
{
DATA_BLOB session_key = data_blob(creds->session_key, 16);
- arcfour_crypt_blob(data, len, &session_key);
+ arcfour_crypt_blob(data, len, session_key.data, session_key.length);
data_blob_free(&session_key);
}
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index e9eaadf..d543a5e 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -739,7 +739,8 @@ void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
MD5Update(&ctx, confounder, confounder_len);
MD5Final(confounded_session_key.data, &ctx);
- arcfour_crypt_blob(buffer, 516, &confounded_session_key);
+ arcfour_crypt_blob(buffer, 516, confounded_session_key.data,
+ confounded_session_key.length);
memcpy(&my_pwd_buf->data[0], confounder, confounder_len);
memcpy(&my_pwd_buf->data[8], buffer, 516);
@@ -784,7 +785,8 @@ WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
MD5Update(&ctx, confounder, confounder_len);
MD5Final(confounded_session_key.data, &ctx);
- arcfour_crypt_blob(buffer, 516, &confounded_session_key);
+ arcfour_crypt_blob(buffer, 516, confounded_session_key.data,
+ confounded_session_key.length);
if (!decode_pw_buffer(mem_ctx, buffer, pwd, &pwd_len, CH_UTF16)) {
data_blob_free(&confounded_session_key);
diff --git a/libcli/drsuapi/repl_decrypt.c b/libcli/drsuapi/repl_decrypt.c
index 00b8db8..568f86c 100644
--- a/libcli/drsuapi/repl_decrypt.c
+++ b/libcli/drsuapi/repl_decrypt.c
@@ -86,7 +86,8 @@ WERROR drsuapi_decrypt_attribute_value(TALLOC_CTX *mem_ctx,
* decrypt it using the created encryption key using arcfour
*/
dec_buffer = data_blob_const(enc_buffer.data, enc_buffer.length);
- arcfour_crypt_blob(dec_buffer.data, dec_buffer.length, &enc_key);
+ arcfour_crypt_blob(dec_buffer.data, dec_buffer.length,
+ enc_key.data, enc_key.length);
/*
* the first 4 byte are the crc32 checksum
@@ -282,7 +283,8 @@ static WERROR drsuapi_encrypt_attribute_value(TALLOC_CTX *mem_ctx,
memcpy(enc_buffer.data+20, in->data, in->length);
talloc_free(rid_crypt_out.data);
- arcfour_crypt_blob(enc_buffer.data+16, enc_buffer.length-16, &enc_key);
+ arcfour_crypt_blob(enc_buffer.data+16, enc_buffer.length-16,
+ enc_key.data, enc_key.length);
*out = enc_buffer;
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index e661aeb..c1e1555 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -648,7 +648,8 @@ noccache:
/* Encrypt the new session key with the old one */
encrypted_session_key = data_blob(client_session_key, sizeof(client_session_key));
dump_data_pw("KEY_EXCH session key:\n", encrypted_session_key.data, encrypted_session_key.length);
- arcfour_crypt_blob(encrypted_session_key.data, encrypted_session_key.length, &session_key);
+ arcfour_crypt_blob(encrypted_session_key.data, encrypted_session_key.length,
+ session_key.data, session_key.length);
dump_data_pw("KEY_EXCH session key (enc):\n", encrypted_session_key.data, encrypted_session_key.length);
/* Mark the new session key as the 'real' session key */
diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c
index 7f1a229..ea6a1b4 100644
--- a/source3/rpc_client/init_samr.c
+++ b/source3/rpc_client/init_samr.c
@@ -48,7 +48,8 @@ void init_samr_CryptPasswordEx(const char *pwd,
session_key->length);
MD5Final(confounded_session_key.data, &md5_ctx);
- arcfour_crypt_blob(pwbuf, 516, &confounded_session_key);
+ arcfour_crypt_blob(pwbuf, 516, confounded_session_key.data,
+ confounded_session_key.length);
memcpy(&pwbuf[516], confounder, 16);
memcpy(pwd_buf->data, pwbuf, sizeof(pwbuf));
@@ -66,5 +67,6 @@ void init_samr_CryptPassword(const char *pwd,
/* samr_CryptPassword */
encode_pw_buffer(pwd_buf->data, pwd, STR_UNICODE);
- arcfour_crypt_blob(pwd_buf->data, 516, session_key);
+ arcfour_crypt_blob(pwd_buf->data, 516, session_key->data,
+ session_key->length);
}
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index 1e3f9f9..b476707 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -1689,7 +1689,8 @@ static NTSTATUS get_trustdom_auth_blob(struct pipes_struct *p,
return NT_STATUS_INVALID_PARAMETER;
}
- arcfour_crypt_blob(auth_blob->data, auth_blob->length, &lsession_key);
+ arcfour_crypt_blob(auth_blob->data, auth_blob->length,
+ lsession_key.data, lsession_key.length);
ndr_err = ndr_pull_struct_blob(auth_blob, mem_ctx,
auth_struct,
(ndr_pull_flags_fn_t)ndr_pull_trustDomainPasswords);
diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
index 4b4b77a..6767baa 100644
--- a/source3/rpc_server/samr/srv_samr_nt.c
+++ b/source3/rpc_server/samr/srv_samr_nt.c
@@ -5125,7 +5125,8 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
case 23:
status = session_extract_session_key(p->session_info, &session_key, KEY_USE_16BYTES);
arcfour_crypt_blob(info->info23.password.data, 516,
- &session_key);
+ session_key.data,
+ session_key.length);
dump_data(100, info->info23.password.data, 516);
@@ -5139,7 +5140,8 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
status = session_extract_session_key(p->session_info, &session_key, KEY_USE_16BYTES);
arcfour_crypt_blob(info->info24.password.data,
516,
- &session_key);
+ session_key.data,
+ session_key.length);
dump_data(100, info->info24.password.data, 516);
diff --git a/source3/utils/net_rpc_trust.c b/source3/utils/net_rpc_trust.c
index 5e58103..895a441 100644
--- a/source3/utils/net_rpc_trust.c
+++ b/source3/utils/net_rpc_trust.c
@@ -546,7 +546,8 @@ static int rpc_trust_common(struct net_context *net_ctx, int argc,
arcfour_crypt_blob(authinfo.auth_blob.data,
authinfo.auth_blob.size,
- &session_key[0]);
+ session_key[0].data,
+ session_key[0].length);
status = create_trust(mem_ctx, pipe_hnd[0]->binding_handle,
&pol_hnd[0],
@@ -573,7 +574,8 @@ static int rpc_trust_common(struct net_context *net_ctx, int argc,
arcfour_crypt_blob(authinfo.auth_blob.data,
authinfo.auth_blob.size,
- &session_key[1]);
+ session_key[1].data,
+ session_key[1].length);
status = create_trust(mem_ctx,
pipe_hnd[1]->binding_handle,
diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c
index 77176bc..87835e1 100644
--- a/source4/libnet/libnet_passwd.c
+++ b/source4/libnet/libnet_passwd.c
@@ -300,7 +300,9 @@ static NTSTATUS libnet_SetPassword_samr_handle_26(struct libnet_context *ctx, TA
MD5Update(&md5, session_key.data, session_key.length);
MD5Final(confounded_session_key.data, &md5);
- arcfour_crypt_blob(u_info.info26.password.data, 516, &confounded_session_key);
+ arcfour_crypt_blob(u_info.info26.password.data, 516,
+ confounded_session_key.data,
+ confounded_session_key.length);
memcpy(&u_info.info26.password.data[516], confounder, 16);
sui.in.user_handle = r->samr_handle.in.user_handle;
@@ -357,7 +359,9 @@ static NTSTATUS libnet_SetPassword_samr_handle_25(struct libnet_context *ctx, TA
MD5Update(&md5, session_key.data, session_key.length);
MD5Final(confounded_session_key.data, &md5);
- arcfour_crypt_blob(u_info.info25.password.data, 516, &confounded_session_key);
+ arcfour_crypt_blob(u_info.info25.password.data, 516,
+ confounded_session_key.data,
+ confounded_session_key.length);
memcpy(&u_info.info25.password.data[516], confounder, 16);
sui.in.user_handle = r->samr_handle.in.user_handle;
@@ -402,7 +406,8 @@ static NTSTATUS libnet_SetPassword_samr_handle_24(struct libnet_context *ctx, TA
return status;
}
- arcfour_crypt_blob(u_info.info24.password.data, 516, &session_key);
+ arcfour_crypt_blob(u_info.info24.password.data, 516, session_key.data,
+ session_key.length);
sui.in.user_handle = r->samr_handle.in.user_handle;
sui.in.info = &u_info;
@@ -448,7 +453,8 @@ static NTSTATUS libnet_SetPassword_samr_handle_23(struct libnet_context *ctx, TA
return status;
}
- arcfour_crypt_blob(u_info.info23.password.data, 516, &session_key);
+ arcfour_crypt_blob(u_info.info23.password.data, 516, session_key.data,
+ session_key.length);
sui.in.user_handle = r->samr_handle.in.user_handle;
sui.in.info = &u_info;
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
index 3edd1b6..613df6e 100644
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -1544,7 +1544,8 @@ static WERROR bkrp_server_wrap_decrypt_data(struct dcesrv_call_state *dce_call,
encrypted_blob = data_blob_const(decrypt_request.rc4encryptedpayload,
decrypt_request.ciphertext_length);
- arcfour_crypt_blob(encrypted_blob.data, encrypted_blob.length, &symkey_blob);
+ arcfour_crypt_blob(encrypted_blob.data, encrypted_blob.length,
+ symkey_blob.data, symkey_blob.length);
ndr_err = ndr_pull_struct_blob_all(&encrypted_blob, mem_ctx, &rc4payload,
(ndr_pull_flags_fn_t)ndr_pull_bkrp_rc4encryptedpayload);
@@ -1761,7 +1762,8 @@ static WERROR bkrp_server_wrap_encrypt_data(struct dcesrv_call_state *dce_call,
/* rc4 encrypt sid and secret using sym key */
symkey_blob = data_blob_const(symkey, sizeof(symkey));
- arcfour_crypt_blob(encrypted_blob.data, encrypted_blob.length, &symkey_blob);
+ arcfour_crypt_blob(encrypted_blob.data, encrypted_blob.length,
+ symkey_blob.data, symkey_blob.length);
/* create server wrap structure */
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index e7b0aae..c5c07bc 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -812,7 +812,8 @@ static NTSTATUS get_trustdom_auth_blob(struct dcesrv_call_state *dce_call,
return nt_status;
}
- arcfour_crypt_blob(auth_blob->data, auth_blob->length, &session_key);
+ arcfour_crypt_blob(auth_blob->data, auth_blob->length,
+ session_key.data, session_key.length);
ndr_err = ndr_pull_struct_blob(auth_blob, mem_ctx,
auth_struct,
(ndr_pull_flags_fn_t)ndr_pull_trustDomainPasswords);
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index 1466dec..ab77ffe 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -120,7 +120,8 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
/* decrypt the password we have been given */
lm_pwd_blob = data_blob(lm_pwd->hash, sizeof(lm_pwd->hash));
- arcfour_crypt_blob(pwbuf->data, 516, &lm_pwd_blob);
+ arcfour_crypt_blob(pwbuf->data, 516, lm_pwd_blob.data,
+ lm_pwd_blob.length);
data_blob_free(&lm_pwd_blob);
if (!extract_pw_from_buffer(mem_ctx, pwbuf->data, &new_password)) {
@@ -271,7 +272,8 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
/* decrypt the password we have been given */
nt_pwd_blob = data_blob(nt_pwd->hash, sizeof(nt_pwd->hash));
- arcfour_crypt_blob(r->in.nt_password->data, 516, &nt_pwd_blob);
+ arcfour_crypt_blob(r->in.nt_password->data, 516, nt_pwd_blob.data,
+ nt_pwd_blob.length);
data_blob_free(&nt_pwd_blob);
if (!extract_pw_from_buffer(mem_ctx, r->in.nt_password->data, &new_password)) {
@@ -422,7 +424,8 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
return nt_status;
}
- arcfour_crypt_blob(pwbuf->data, 516, &session_key);
+ arcfour_crypt_blob(pwbuf->data, 516, session_key.data,
+ session_key.length);
if (!extract_pw_from_buffer(mem_ctx, pwbuf->data, &new_password)) {
DEBUG(3,("samr: failed to decode password buffer\n"));
@@ -471,7 +474,8 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
MD5Update(&ctx, session_key.data, session_key.length);
MD5Final(co_session_key.data, &ctx);
- arcfour_crypt_blob(pwbuf->data, 516, &co_session_key);
+ arcfour_crypt_blob(pwbuf->data, 516, co_session_key.data,
+ co_session_key.length);
if (!extract_pw_from_buffer(mem_ctx, pwbuf->data, &new_password)) {
DEBUG(3,("samr: failed to decode password buffer\n"));
diff --git a/source4/torture/rpc/backupkey.c b/source4/torture/rpc/backupkey.c
index c3e9908..bfebcd8 100644
--- a/source4/torture/rpc/backupkey.c
+++ b/source4/torture/rpc/backupkey.c
@@ -1668,7 +1668,8 @@ static bool test_ServerWrap_encrypt_decrypt_manual(struct torture_context *tctx,
encrypted_blob = data_blob_talloc(tctx, server_side_wrapped->rc4encryptedpayload,
server_side_wrapped->ciphertext_length);
- arcfour_crypt_blob(encrypted_blob.data, encrypted_blob.length, &symkey_blob);
+ arcfour_crypt_blob(encrypted_blob.data, encrypted_blob.length,
+ symkey_blob.data, symkey_blob.length);
torture_assert_ndr_err_equal(tctx, ndr_pull_struct_blob(&encrypted_blob, tctx, &rc4payload,
(ndr_pull_flags_fn_t)ndr_pull_bkrp_rc4encryptedpayload),
@@ -1750,7 +1751,8 @@ static bool test_ServerWrap_encrypt_decrypt_manual(struct torture_context *tctx,
}
/* rc4 encrypt sid and secret using sym key */
- arcfour_crypt_blob(encrypted_blob.data, encrypted_blob.length, &symkey_blob);
+ arcfour_crypt_blob(encrypted_blob.data, encrypted_blob.length,
+ symkey_blob.data, symkey_blob.length);
/* re-create server wrap structure */
diff --git a/source4/torture/rpc/forest_trust.c b/source4/torture/rpc/forest_trust.c
index ccb19ed..7787e3c 100644
--- a/source4/torture/rpc/forest_trust.c
+++ b/source4/torture/rpc/forest_trust.c
@@ -703,7 +703,7 @@ static bool test_setup_trust(struct torture_context *tctx,
authinfo.auth_blob.size = auth_blob->length;
arcfour_crypt_blob(authinfo.auth_blob.data, authinfo.auth_blob.size,
- &session_key);
+ session_key.data, session_key.length);
if (!test_create_trust_and_set_info(p, tctx, netbios_name,
dns_name, sid, &authinfo)) {
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 1386189..c492e7c 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -2655,7 +2655,8 @@ static bool gen_authinfo_internal(TALLOC_CTX *mem_ctx, const char *password,
return false;
}
- arcfour_crypt_blob(auth_blob.data, auth_blob.length, &session_key);
+ arcfour_crypt_blob(auth_blob.data, auth_blob.length,
+ session_key.data, session_key.length);
authinfo_internal->auth_blob.size = auth_blob.length;
authinfo_internal->auth_blob.data = auth_blob.data;
diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c
index ff1a53c..1570c5b 100644
--- a/source4/torture/rpc/samba3rpc.c
+++ b/source4/torture/rpc/samba3rpc.c
@@ -594,7 +594,7 @@ static bool create_user(struct torture_context *tctx,
goto done;
}
arcfour_crypt_blob(u_info.info23.password.data, 516,
- &session_key);
+ session_key.data, session_key.length);
u_info.info23.info.password_expired = 0;
u_info.info23.info.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT |
SAMR_FIELD_LM_PASSWORD_PRESENT |
@@ -824,7 +824,8 @@ static bool join3(struct torture_context *tctx,
MD5Final(confounded_session_key.data, &ctx);
arcfour_crypt_blob(u_info.info25.password.data, 516,
- &confounded_session_key);
+ confounded_session_key.data,
+ confounded_session_key.length);
memcpy(&u_info.info25.password.data[516], confounder, 16);
sui2.in.user_handle = wks_handle;
@@ -860,7 +861,7 @@ static bool join3(struct torture_context *tctx,
goto done;
}
arcfour_crypt_blob(u_info.info24.password.data, 516,
- &session_key);
+ session_key.data, session_key.length);
sui2.in.user_handle = wks_handle;
sui2.in.info = &u_info;
sui2.in.level = 24;
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index 293b672..bf5a3a3 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -643,7 +643,8 @@ static bool test_SetUserPass(struct dcerpc_pipe *p, struct torture_context *tctx
return false;
}
- arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
+ arcfour_crypt_blob(u.info24.password.data, 516,
+ session_key.data, session_key.length);
torture_comment(tctx, "Testing SetUserInfo level 24 (set password)\n");
@@ -705,7 +706,8 @@ static bool test_SetUserPass_23(struct dcerpc_pipe *p, struct torture_context *t
return false;
}
- arcfour_crypt_blob(u.info23.password.data, 516, &session_key);
+ arcfour_crypt_blob(u.info23.password.data, 516,
+ session_key.data, session_key.length);
torture_comment(tctx, "Testing SetUserInfo level 23 (set password)\n");
@@ -733,7 +735,8 @@ static bool test_SetUserPass_23(struct dcerpc_pipe *p, struct torture_context *t
/* This should break the key nicely */
session_key.length--;
- arcfour_crypt_blob(u.info23.password.data, 516, &session_key);
+ arcfour_crypt_blob(u.info23.password.data, 516, session_key.data,
+ session_key.length);
torture_comment(tctx, "Testing SetUserInfo level 23 (set password) with wrong password\n");
@@ -804,7 +807,9 @@ static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tc
MD5Update(&ctx, session_key.data, session_key.length);
MD5Final(confounded_session_key.data, &ctx);
- arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key);
+ arcfour_crypt_blob(u.info26.password.data, 516,
+ confounded_session_key.data,
+ confounded_session_key.length);
memcpy(&u.info26.password.data[516], confounder, 16);
torture_comment(tctx, "Testing SetUserInfo level 26 (set password ex)\n");
@@ -825,7 +830,9 @@ static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tc
/* This should break the key nicely */
confounded_session_key.data[0]++;
- arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key);
+ arcfour_crypt_blob(u.info26.password.data, 516,
+ confounded_session_key.data,
+ confounded_session_key.length);
memcpy(&u.info26.password.data[516], confounder, 16);
torture_comment(tctx, "Testing SetUserInfo level 26 (set password ex) with wrong session key\n");
@@ -897,7 +904,9 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *t
MD5Update(&ctx, session_key.data, session_key.length);
MD5Final(confounded_session_key.data, &ctx);
- arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
+ arcfour_crypt_blob(u.info25.password.data, 516,
+ confounded_session_key.data,
+ confounded_session_key.length);
memcpy(&u.info25.password.data[516], confounder, 16);
torture_comment(tctx, "Testing SetUserInfo level 25 (set password ex)\n");
@@ -918,7 +927,9 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *t
/* This should break the key nicely */
confounded_session_key.data[0]++;
- arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
+ arcfour_crypt_blob(u.info25.password.data, 516,
+ confounded_session_key.data,
+ confounded_session_key.length);
memcpy(&u.info25.password.data[516], confounder, 16);
torture_comment(tctx, "Testing SetUserInfo level 25 (set password ex) with wrong session key\n");
@@ -1299,17 +1310,23 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p,
}
break;
case 23:
- arcfour_crypt_blob(u.info23.password.data, 516, &session_key);
+ arcfour_crypt_blob(u.info23.password.data, 516,
+ session_key.data, session_key.length);
break;
case 24:
- arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
+ arcfour_crypt_blob(u.info24.password.data, 516,
+ session_key.data, session_key.length);
break;
case 25:
- arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
+ arcfour_crypt_blob(u.info25.password.data, 516,
+ confounded_session_key.data,
+ confounded_session_key.length);
memcpy(&u.info25.password.data[516], confounder, 16);
break;
case 26:
- arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key);
+ arcfour_crypt_blob(u.info26.password.data, 516,
+ confounded_session_key.data,
+ confounded_session_key.length);
memcpy(&u.info26.password.data[516], confounder, 16);
break;
}
@@ -2678,7 +2695,9 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
MD5Update(&ctx, session_key.data, session_key.length);
MD5Final(confounded_session_key.data, &ctx);
- arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
+ arcfour_crypt_blob(u.info25.password.data, 516,
+ confounded_session_key.data,
+ confounded_session_key.length);
memcpy(&u.info25.password.data[516], confounder, 16);
torture_comment(tctx, "Testing SetUserInfo level 25 (set password ex) with a password made up of only random bytes\n");
diff --git a/source4/torture/rpc/testjoin.c b/source4/torture/rpc/testjoin.c
index 5ee2c2a..96558b5 100644
--- a/source4/torture/rpc/testjoin.c
+++ b/source4/torture/rpc/testjoin.c
@@ -339,7 +339,8 @@ again:
goto failed;
}
- arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
+ arcfour_crypt_blob(u.info24.password.data, 516, session_key.data,
+ session_key.length);
status = dcerpc_samr_SetUserInfo_r(b, join, &s);
if (!NT_STATUS_IS_OK(status)) {
--
1.7.9.5
More information about the samba-technical
mailing list