LCOV - code coverage report
Current view: top level - source3/rpc_client - init_samr.c (source / functions) Hit Total Coverage
Test: coverage report for master 2f515e9b Lines: 34 43 79.1 %
Date: 2024-04-21 15:09:00 Functions: 3 3 100.0 % 

          Line data    Source code
       1             : /*
       2             :  *  Unix SMB/CIFS implementation.
       3             :  *  RPC Pipe client / server routines
       4             :  *  Copyright (C) Guenther Deschner                  2008.
       5             :  *
       6             :  *  This program is free software; you can redistribute it and/or modify
       7             :  *  it under the terms of the GNU General Public License as published by
       8             :  *  the Free Software Foundation; either version 3 of the License, or
       9             :  *  (at your option) any later version.
      10             :  *
      11             :  *  This program is distributed in the hope that it will be useful,
      12             :  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
      13             :  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      14             :  *  GNU General Public License for more details.
      15             :  *
      16             :  *  You should have received a copy of the GNU General Public License
      17             :  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
      18             :  */
      19             : 
      20             : #include "includes.h"
      21             : #include "../libcli/auth/libcli_auth.h"
      22             : #include "rpc_client/init_samr.h"
      23             : #include "librpc/rpc/dcerpc_samr.h"
      24             : 
      25             : #include "lib/crypto/gnutls_helpers.h"
      26             : #include <gnutls/gnutls.h>
      27             : #include <gnutls/crypto.h>
      28             : 
      29             : /*************************************************************************
      30             :  inits a samr_CryptPasswordEx structure
      31             :  *************************************************************************/
      32             : 
      33         208 : NTSTATUS init_samr_CryptPasswordEx(const char *pwd,
      34             :                                    DATA_BLOB *session_key,
      35             :                                    struct samr_CryptPasswordEx *pwd_buf)
      36             : {
      37         208 :         return encode_rc4_passwd_buffer(pwd, session_key, pwd_buf);
      38             : }
      39             : 
      40             : /*************************************************************************
      41             :  inits a samr_CryptPassword structure
      42             :  *************************************************************************/
      43             : 
      44        2657 : NTSTATUS init_samr_CryptPassword(const char *pwd,
      45             :                                  DATA_BLOB *session_key,
      46             :                                  struct samr_CryptPassword *pwd_buf)
      47             : {
      48             :         /* samr_CryptPassword */
      49        2657 :         gnutls_cipher_hd_t cipher_hnd = NULL;
      50        2657 :         gnutls_datum_t sess_key = {
      51        2657 :                 .data = session_key->data,
      52        2657 :                 .size = session_key->length,
      53             :         };
      54           0 :         bool ok;
      55           0 :         int rc;
      56             : 
      57        2657 :         ok = encode_pw_buffer(pwd_buf->data, pwd, STR_UNICODE);
      58        2657 :         if (!ok) {
      59           0 :                 return NT_STATUS_INTERNAL_ERROR;
      60             :         }
      61             : 
      62        2657 :         rc = gnutls_cipher_init(&cipher_hnd,
      63             :                                 GNUTLS_CIPHER_ARCFOUR_128,
      64             :                                 &sess_key,
      65             :                                 NULL);
      66        2657 :         if (rc != 0) {
      67           0 :                 return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
      68             :         }
      69        2657 :         rc = gnutls_cipher_encrypt(cipher_hnd,
      70        2657 :                                    pwd_buf->data,
      71             :                                    516);
      72        2657 :         gnutls_cipher_deinit(cipher_hnd);
      73        2657 :         if (rc != 0) {
      74           0 :                 return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
      75             :         }
      76             : 
      77        2657 :         return NT_STATUS_OK;
      78             : }
      79             : 
      80         166 : NTSTATUS init_samr_CryptPasswordAES(TALLOC_CTX *mem_ctx,
      81             :                                     const char *password,
      82             :                                     DATA_BLOB *salt,
      83             :                                     DATA_BLOB *session_key,
      84             :                                     struct samr_EncryptedPasswordAES *ppwd_buf)
      85             : {
      86         166 :         uint8_t pw_data[514] = {0};
      87         166 :         DATA_BLOB plaintext = {
      88             :                 .data = pw_data,
      89             :                 .length = sizeof(pw_data),
      90             :         };
      91         166 :         DATA_BLOB ciphertext = data_blob_null;
      92         166 :         NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
      93           0 :         bool ok;
      94             : 
      95         166 :         if (ppwd_buf == NULL) {
      96           0 :                 return NT_STATUS_INVALID_PARAMETER;
      97             :         }
      98             : 
      99         166 :         ok = encode_pwd_buffer514_from_str(pw_data, password, STR_UNICODE);
     100         166 :         if (!ok) {
     101           0 :                 return NT_STATUS_INTERNAL_ERROR;
     102             :         }
     103             : 
     104         166 :         status = samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt(
     105             :                         mem_ctx,
     106             :                         &plaintext,
     107             :                         session_key,
     108             :                         &samr_aes256_enc_key_salt,
     109             :                         &samr_aes256_mac_key_salt,
     110             :                         salt,
     111             :                         &ciphertext,
     112         166 :                         ppwd_buf->auth_data);
     113         166 :         BURN_DATA(pw_data);
     114         166 :         if (!NT_STATUS_IS_OK(status)) {
     115           0 :                 return status;
     116             :         }
     117             : 
     118         166 :         ppwd_buf->cipher_len = ciphertext.length;
     119         166 :         ppwd_buf->cipher = ciphertext.data;
     120         166 :         ppwd_buf->PBKDF2Iterations = 0;
     121             : 
     122         166 :         SMB_ASSERT(salt->length == sizeof(ppwd_buf->salt));
     123         166 :         memcpy(ppwd_buf->salt, salt->data, salt->length);
     124             : 
     125         166 :         return NT_STATUS_OK;
     126             : }

Generated by: LCOV version 1.14