The branch, master has been updated
       via  06601b3 winbind: don't try to do an authenticated SMB connection as 
AD DC
       via  55c3af8 winbind: set_dc_type_and_flags() is not needed on a DC
       via  18f27b5 winbind: make sure we don't contact trusted domains via 
LDAP as AD DC
       via  32a63e3 winbind: make sure we don't contact trusted domains via 
SAMR as AD DC
       via  532a14d winbind: let cm_connect_netlogon_transport() only work 
against direct trust as AD DC
       via  3e17a3b winbind: force the usage of schannel in cm_connect_lsa() as 
AD DC
       via  c58f8c3 s3:smb_macros.h: add IS_AD_DC as addition to IS_DC
       via  07844a9 dsdb/encrypted_secrets: remove dependency to libnettle and 
use our own aes_gcm_128_*()
       via  f9e2cb1 vfs_fruit: use off_t, not size_t for TM size calculations
      from  7f2d45a winbind: Use one queue for all domain children

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 06601b3a9293db35feda1b033fa864dc1a764164
Author: Stefan Metzmacher <me...@samba.org>
Date:   Thu Feb 22 10:19:58 2018 +0100

    winbind: don't try to do an authenticated SMB connection as AD DC
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Ralph Boehme <s...@samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <me...@samba.org>
    Autobuild-Date(master): Fri Feb 23 17:58:23 CET 2018 on sn-devel-144

commit 55c3af89f1b0baecf5e2d6c2646902edd0684aa8
Author: Stefan Metzmacher <me...@samba.org>
Date:   Thu Feb 22 11:24:38 2018 +0100

    winbind: set_dc_type_and_flags() is not needed on a DC
    
    On a DC we load the trusts in the parent in add_trusted_domains_dc()
    from our local configuration. There's no need to find out the trust details
    via network calls.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Ralph Boehme <s...@samba.org>

commit 18f27b5385240852e537cd5010cedb09f0bf233d
Author: Stefan Metzmacher <me...@samba.org>
Date:   Fri Feb 2 16:55:01 2018 +0100

    winbind: make sure we don't contact trusted domains via LDAP as AD DC
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Ralph Boehme <s...@samba.org>

commit 32a63e3ea985c967ca2aadbcd9e0c60ade2d0367
Author: Stefan Metzmacher <me...@samba.org>
Date:   Thu Feb 22 10:33:48 2018 +0100

    winbind: make sure we don't contact trusted domains via SAMR as AD DC
    
    This is not needed for the normal operation of an AD DC.
    
    Administrators should just use other tools instead of
    wbinfo to list and query users and groups.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Ralph Boehme <s...@samba.org>

commit 532a14dc684e7a6d8c584d5671a4ebbad00aa4fc
Author: Stefan Metzmacher <me...@samba.org>
Date:   Thu Feb 22 10:40:19 2018 +0100

    winbind: let cm_connect_netlogon_transport() only work against direct trust 
as AD DC
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Ralph Boehme <s...@samba.org>

commit 3e17a3b7cd4083299037ba9377931bea792b2d18
Author: Stefan Metzmacher <me...@samba.org>
Date:   Thu Feb 22 10:40:19 2018 +0100

    winbind: force the usage of schannel in cm_connect_lsa() as AD DC
    
    This makes sure we only talk to direct trusts.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Ralph Boehme <s...@samba.org>

commit c58f8c3cd84ab18d04bd39ad7d5f53676e092abb
Author: Stefan Metzmacher <me...@samba.org>
Date:   Thu Feb 22 10:03:23 2018 +0100

    s3:smb_macros.h: add IS_AD_DC as addition to IS_DC
    
    In the long run we should remove this again (as well as IS_DC).
    
    But for now this makes some code changes in winbindd easier to
    follow.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Ralph Boehme <s...@samba.org>

commit 07844a9a13506b4ca9181cfde05d9e4170208f88
Author: Stefan Metzmacher <me...@samba.org>
Date:   Thu Feb 22 15:56:45 2018 +0100

    dsdb/encrypted_secrets: remove dependency to libnettle and use our own 
aes_gcm_128_*()
    
    We already rely on gnutls in order to implement SSL/TLS, so using that
    to speed up crypto like aes gcm 128 is fine, but as we already have
    code for that algorithm, we should use that instead of adding a new
    dependency to libnettle.
    
    Some (I guess newer versions) of gnutls use nettle internally, so
    we may end up using that code, but we should not have a direct dependency.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13276
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>

commit f9e2cb1369fa9636ff613a4e9c7387151409eafc
Author: Ralph Boehme <s...@samba.org>
Date:   Thu Feb 22 15:52:46 2018 +0100

    vfs_fruit: use off_t, not size_t for TM size calculations
    
    size_t is only a 32-bit integer on 32-bit platforms. We must use off_t
    for file sizes.
    
    https://bugzilla.samba.org/show_bug.cgi?id=13296
    
    Signed-off-by: Ralph Boehme <s...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/include/smb_macros.h                       |   1 +
 source3/modules/vfs_fruit.c                        |  13 +-
 source3/winbindd/idmap_ad.c                        |  11 +
 source3/winbindd/winbindd_ads.c                    |  23 ++
 source3/winbindd/winbindd_cm.c                     | 108 +++++++-
 source4/dsdb/samdb/ldb_modules/encrypted_secrets.c | 278 +++++++--------------
 .../ldb_modules/tests/test_encrypted_secrets.c     |  54 ++--
 source4/dsdb/samdb/ldb_modules/wscript             |  22 --
 source4/dsdb/samdb/ldb_modules/wscript_build       |   1 -
 .../dsdb/samdb/ldb_modules/wscript_build_server    |   1 -
 10 files changed, 258 insertions(+), 254 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h
index f1191ac..06d2474 100644
--- a/source3/include/smb_macros.h
+++ b/source3/include/smb_macros.h
@@ -214,6 +214,7 @@ copy an IP address from one buffer to another
 *****************************************************************************/
 
 #define IS_DC  (lp_server_role()==ROLE_DOMAIN_PDC || 
lp_server_role()==ROLE_DOMAIN_BDC || lp_server_role() == 
ROLE_ACTIVE_DIRECTORY_DC) 
+#define IS_AD_DC  (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC)
 
 /*
  * If you add any entries to KERBEROS_VERIFY defines, please modify the below 
expressions
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index 40ee255..ec76f71 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -141,7 +141,7 @@ struct fruit_config_data {
        bool aapl_zero_file_id;
        const char *model;
        bool time_machine;
-       size_t time_machine_max_size;
+       off_t time_machine_max_size;
 
        /*
         * Additional options, all enabled by default,
@@ -1989,8 +1989,7 @@ static int init_fruit_config(vfs_handle_struct *handle)
                SNUM(handle->conn), FRUIT_PARAM_TYPE_NAME,
                "time machine max size", NULL);
        if (tm_size_str != NULL) {
-               config->time_machine_max_size =
-                       (size_t)conv_str_size(tm_size_str);
+               config->time_machine_max_size = conv_str_size(tm_size_str);
        }
 
        SMB_VFS_HANDLE_SET_DATA(handle, config,
@@ -6321,7 +6320,7 @@ out:
 }
 
 struct fruit_disk_free_state {
-       size_t total_size;
+       off_t total_size;
 };
 
 static bool fruit_get_num_bands(vfs_handle_struct *handle,
@@ -6394,7 +6393,7 @@ static bool fruit_tmsize_do_dirent(vfs_handle_struct 
*handle,
        size_t sparsebundle_strlen = strlen("sparsebundle");
        size_t bandsize = 0;
        size_t nbands;
-       double tm_size;
+       off_t tm_size;
 
        p = strstr(e->d_name, "sparsebundle");
        if (p == NULL) {
@@ -6444,8 +6443,8 @@ static bool fruit_tmsize_do_dirent(vfs_handle_struct 
*handle,
 
        state->total_size += tm_size;
 
-       DBG_DEBUG("[%s] tm_size [%.0f] total_size [%zu]\n",
-                 e->d_name, tm_size, state->total_size);
+       DBG_DEBUG("[%s] tm_size [%jd] total_size [%jd]\n",
+                 e->d_name, (intmax_t)tm_size, (intmax_t)state->total_size);
 
        return true;
 }
diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
index 315a944..1530410 100644
--- a/source3/winbindd/idmap_ad.c
+++ b/source3/winbindd/idmap_ad.c
@@ -532,6 +532,17 @@ static NTSTATUS idmap_ad_get_context(struct idmap_domain 
*dom,
        struct idmap_ad_context *ctx = NULL;
        NTSTATUS status;
 
+       if (IS_AD_DC) {
+               /*
+                * Make sure we never try to use LDAP against
+                * a trusted domain as AD_DC.
+                *
+                * This shouldn't be called currently,
+                * but you never know what happens in future.
+                */
+               return NT_STATUS_REQUEST_NOT_ACCEPTED;
+       }
+
        if (dom->private_data != NULL) {
                *pctx = talloc_get_type_abort(dom->private_data,
                                              struct idmap_ad_context);
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index c330b92..725fa4f 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -159,6 +159,14 @@ ADS_STATUS ads_idmap_cached_connection(ADS_STRUCT **adsp, 
const char *dom_name)
        struct winbindd_domain *wb_dom;
        ADS_STATUS status;
 
+       if (IS_AD_DC) {
+               /*
+                * Make sure we never try to use LDAP against
+                * a trusted domain as AD DC.
+                */
+               return ADS_ERROR_NT(NT_STATUS_REQUEST_NOT_ACCEPTED);
+       }
+
        ads_cached_connection_reuse(adsp);
        if (*adsp != NULL) {
                return ADS_SUCCESS;
@@ -231,6 +239,14 @@ static ADS_STRUCT *ads_cached_connection(struct 
winbindd_domain *domain)
        ADS_STATUS status;
        char *password, *realm;
 
+       if (IS_AD_DC) {
+               /*
+                * Make sure we never try to use LDAP against
+                * a trusted domain as AD DC.
+                */
+               return NULL;
+       }
+
        DEBUG(10,("ads_cached_connection\n"));
        ads_cached_connection_reuse((ADS_STRUCT **)&domain->private_data);
 
@@ -1309,6 +1325,13 @@ static NTSTATUS sequence_number(struct winbindd_domain 
*domain, uint32_t *seq)
                return NT_STATUS_OK;
        }
 
+       if (IS_AD_DC) {
+               DEBUG(10,("sequence: Avoid LDAP connection for domain %s\n",
+                         domain->name));
+               *seq = time(NULL);
+               return NT_STATUS_OK;
+       }
+
        *seq = DOM_SEQUENCE_NONE;
 
        ads = ads_cached_connection(domain);
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 4229647..1e44e9b 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -999,6 +999,31 @@ static NTSTATUS cm_prepare_connection(struct 
winbindd_domain *domain,
 
        enum smb_signing_setting smb_sign_client_connections = 
lp_client_ipc_signing();
 
+       if (IS_AD_DC) {
+               if (domain->secure_channel_type == SEC_CHAN_NULL) {
+                       /*
+                        * Make sure we don't even try to
+                        * connect to a foreign domain
+                        * without a direct outbound trust.
+                        */
+                       return NT_STATUS_NO_TRUST_LSA_SECRET;
+               }
+
+               /*
+                * As AD DC we only use netlogon and lsa
+                * using schannel over an anonymous transport
+                * (ncacn_ip_tcp or ncacn_np).
+                *
+                * Currently we always establish the SMB connection,
+                * even if we don't use it, because we later use ncacn_ip_tcp.
+                *
+                * As we won't use the SMB connection there's no
+                * need to try kerberos. And NT4 domains expect
+                * an anonymous IPC$ connection anyway.
+                */
+               smb_sign_client_connections = SMB_SIGNING_OFF;
+       }
+
        if (smb_sign_client_connections == SMB_SIGNING_DEFAULT) {
                /*
                 * If we are connecting to our own AD domain, require
@@ -1011,8 +1036,7 @@ static NTSTATUS cm_prepare_connection(struct 
winbindd_domain *domain,
                 * AD domain in our forest
                 * then require smb signing to disrupt MITM attacks
                 */
-               } else if ((lp_security() == SEC_ADS ||
-                           lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC)
+               } else if ((lp_security() == SEC_ADS)
                           && domain->active_directory
                           && (domain->domain_trust_attribs
                               & LSA_TRUST_ATTRIBUTE_WITHIN_FOREST)) {
@@ -1071,6 +1095,22 @@ static NTSTATUS cm_prepare_connection(struct 
winbindd_domain *domain,
                try_ipc_auth = true;
        }
 
+       if (IS_AD_DC) {
+               /*
+                * As AD DC we only use netlogon and lsa
+                * using schannel over an anonymous transport
+                * (ncacn_ip_tcp or ncacn_np).
+                *
+                * Currently we always establish the SMB connection,
+                * even if we don't use it, because we later use ncacn_ip_tcp.
+                *
+                * As we won't use the SMB connection there's no
+                * need to try kerberos. And NT4 domains expect
+                * an anonymous IPC$ connection anyway.
+                */
+               try_ipc_auth = false;
+       }
+
        if (try_ipc_auth) {
                result = get_trust_credentials(domain, talloc_tos(), false, 
&creds);
                if (!NT_STATUS_IS_OK(result)) {
@@ -2190,6 +2230,15 @@ static bool set_dc_type_and_flags_trustinfo( struct 
winbindd_domain *domain )
        TALLOC_CTX *mem_ctx = NULL;
        struct dcerpc_binding_handle *b;
 
+       if (IS_DC) {
+               /*
+                * On a DC we loaded all trusts
+                * from configuration and never learn
+                * new domains.
+                */
+               return true;
+       }
+
        DEBUG(5, ("set_dc_type_and_flags_trustinfo: domain %s\n", domain->name 
));
 
        /* Our primary domain doesn't need to worry about trust flags.
@@ -2584,6 +2633,15 @@ done:
 
 static void set_dc_type_and_flags( struct winbindd_domain *domain )
 {
+       if (IS_DC) {
+               /*
+                * On a DC we loaded all trusts
+                * from configuration and never learn
+                * new domains.
+                */
+               return;
+       }
+
        /* we always have to contact our primary domain */
 
        if ( domain->primary || domain->internal) {
@@ -2650,6 +2708,20 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, 
TALLOC_CTX *mem_ctx,
                }
        }
 
+       if (IS_AD_DC) {
+               /*
+                * In theory we should not use SAMR within
+                * winbindd at all, but that's a larger task to
+                * remove this and avoid breaking existing
+                * setups.
+                *
+                * At least as AD DC we have the restriction
+                * to avoid SAMR against trusted domains,
+                * as there're no existing setups.
+                */
+               return NT_STATUS_REQUEST_NOT_ACCEPTED;
+       }
+
 retry:
        status = init_dc_connection_rpc(domain, need_rw_dc);
        if (!NT_STATUS_IS_OK(status)) {
@@ -2970,6 +3042,13 @@ retry:
 
        TALLOC_FREE(conn->lsa_pipe);
 
+       if (IS_AD_DC) {
+               /*
+                * Make sure we only use schannel as AD DC.
+                */
+               goto schannel;
+       }
+
        result = get_trust_credentials(domain, talloc_tos(), false, &creds);
        if (!NT_STATUS_IS_OK(result)) {
                DEBUG(10, ("cm_connect_lsa: No user available for "
@@ -3083,6 +3162,13 @@ retry:
                goto done;
        }
 
+       if (IS_AD_DC) {
+               /*
+                * Make sure we only use schannel as AD DC.
+                */
+               goto done;
+       }
+
        DEBUG(10,("cm_connect_lsa: rpccli_lsa_open_policy failed, trying "
                  "anonymous\n"));
 
@@ -3090,6 +3176,13 @@ retry:
 
  anonymous:
 
+       if (IS_AD_DC) {
+               /*
+                * Make sure we only use schannel as AD DC.
+                */
+               goto done;
+       }
+
        if (lp_winbind_sealed_pipes() || lp_require_strong_key()) {
                result = NT_STATUS_DOWNGRADE_DETECTED;
                DEBUG(1, ("Unwilling to make LSA connection to domain %s "
@@ -3191,6 +3284,17 @@ static NTSTATUS cm_connect_netlogon_transport(struct 
winbindd_domain *domain,
 
        *cli = NULL;
 
+       if (IS_AD_DC) {
+               if (domain->secure_channel_type == SEC_CHAN_NULL) {
+                       /*
+                        * Make sure we don't even try to
+                        * connect to a foreign domain
+                        * without a direct outbound trust.
+                        */
+                       return NT_STATUS_NO_TRUST_LSA_SECRET;
+               }
+       }
+
        result = init_dc_connection_rpc(domain, domain->rodc);
        if (!NT_STATUS_IS_OK(result)) {
                return result;
diff --git a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c 
b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
index 226f62f..34c44c7 100644
--- a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
+++ b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
@@ -27,8 +27,8 @@
  * to protect the key.
  *
  * Data is encrypted with AES 128 GCM. The encryption uses gnutls where
- * available and if it supports AES 128 GCM AEAD modes, otherwise nettle is
- * used.
+ * available and if it supports AES 128 GCM AEAD modes, otherwise the
+ * samba internal implementation is used.
  *
  */
 
@@ -40,17 +40,15 @@
 #include "dsdb/samdb/ldb_modules/util.h"
 
 #ifdef TEST_ENCRYPTED_SECRETS
-       #ifdef HAVE_NETTLE_AES_GCM
-               #define BUILD_WITH_NETTLE_AES_GCM
-       #endif
+       #define BUILD_WITH_SAMBA_AES_GCM
        #ifdef HAVE_GNUTLS_AEAD
                #define BUILD_WITH_GNUTLS_AEAD
        #endif
 #else
        #ifdef HAVE_GNUTLS_AEAD
                #define BUILD_WITH_GNUTLS_AEAD
-       #elif defined  HAVE_NETTLE_AES_GCM
-               #define BUILD_WITH_NETTLE_AES_GCM
+       #else
+               #define BUILD_WITH_SAMBA_AES_GCM
        #endif
 #endif
 
@@ -59,9 +57,9 @@
        #include <gnutls/crypto.h>
 #endif /* BUILD_WITH_GNUTLS_AEAD */
 
-#ifdef BUILD_WITH_NETTLE_AES_GCM
-       #include <nettle/gcm.h>
-#endif /* BUILD_WITH_NETTLE_AES_GCM */
+#ifdef BUILD_WITH_SAMBA_AES_GCM
+       #include "lib/crypto/crypto.h"
+#endif /* BUILD_WITH_SAMBA_AES_GCM */
 
 static const char * const secret_attributes[] = {DSDB_SECRET_ATTRIBUTES};
 static const size_t num_secret_attributes = ARRAY_SIZE(secret_attributes);
@@ -72,85 +70,6 @@ static const size_t num_secret_attributes = 
ARRAY_SIZE(secret_attributes);
 #define SECRETS_KEY_FILE "encrypted_secrets.key"
 
 
-#ifdef BUILD_WITH_NETTLE_AES_GCM
-/*
- * Details of a nettle encryption algorithm
- */
-
-#ifndef AES128_KEY_SIZE
-       #define AES128_KEY_SIZE 16
-       #define NETTLE_SIZE_TYPE unsigned
-#else
-       #define NETTLE_SIZE_TYPE size_t
-#endif
-#ifndef GCM_DIGEST_SIZE
-       #define GCM_DIGEST_SIZE 16
-#endif
-struct nettle_details {
-       size_t context_size;    /* Size of the nettle encryption context */
-       size_t block_size;      /* Cipher block size */
-       size_t key_size;        /* Size of the key */
-       size_t iv_size;         /* Size of the initialisation routine */
-       size_t tag_size;        /* Size of the aead tag */
-       /*
-        * Function to load the encryption key into the context
-        */
-       void (*set_key)(struct gcm_aes_ctx *,
-                       NETTLE_SIZE_TYPE,
-                       const uint8_t *);
-       /*
-        * Function to load the initialisation vector into the context
-        */
-       void (*set_iv)(struct gcm_aes_ctx *, NETTLE_SIZE_TYPE, const uint8_t *);
-       /*
-        * Function to encrypt data
-        */
-       void (*encrypt)
-               (struct gcm_aes_ctx *,
-                NETTLE_SIZE_TYPE,
-                uint8_t *,
-                const uint8_t *);
-       /*
-        * Function to decrypt data
-        */
-       void (*decrypt)
-               (struct gcm_aes_ctx *,
-                NETTLE_SIZE_TYPE,
-                uint8_t *,
-                const uint8_t *);
-       /*
-        * Function to add extra authentication data to the context.
-        */
-       void (*update)(struct gcm_aes_ctx *, NETTLE_SIZE_TYPE, const uint8_t *);
-       /*
-        * Function returning the authentication tag data
-        */
-       void (*digest)(struct gcm_aes_ctx *, NETTLE_SIZE_TYPE, uint8_t *);
-};
-
-/*
- * Configuration of the supported nettle algorithms
- */
-static struct nettle_details nettle_algorithms[] = {
-       /* Algorithms are numbered from 1, so element 0 is empty */
-       {},
-       /* AES-GCM 128 */
-       {
-               .context_size   = sizeof(struct gcm_aes_ctx),
-               .block_size     = GCM_BLOCK_SIZE,
-               .key_size       = AES128_KEY_SIZE,
-               .iv_size        = GCM_IV_SIZE,
-               .tag_size       = GCM_DIGEST_SIZE,
-               .set_key        = gcm_aes_set_key,
-               .set_iv         = gcm_aes_set_iv,
-               .encrypt        = gcm_aes_encrypt,
-               .decrypt        = gcm_aes_decrypt,
-               .update         = gcm_aes_update,
-               .digest         = gcm_aes_digest,
-       }
-};
-#endif /* BUILD_WITH_NETTLE_AES_GCM*/
-
 struct es_data {
        /*
         * Should secret attributes be encrypted and decrypted?
@@ -379,6 +298,7 @@ static bool should_encrypt(const struct ldb_message_element 
*el)
  *
  * @return Size rounded up to the nearest multiple of block_size
  */
+#ifdef BUILD_WITH_GNUTLS_AEAD
 static size_t round_to_block_size(size_t block_size, size_t size)
 {
        if ((size % block_size) == 0) {
@@ -387,6 +307,7 @@ static size_t round_to_block_size(size_t block_size, size_t 
size)
                return ((int)(size/block_size) + 1) * block_size;
        }
 }
+#endif /* BUILD_WITH_GNUTLS_AEAD */
 
 /*
  * @brief Create an new EncryptedSecret owned by the supplied talloc context.
@@ -453,11 +374,11 @@ static DATA_BLOB makePlainText(TALLOC_CTX *ctx,
        return pt;
 }
 
-#ifdef BUILD_WITH_NETTLE_AES_GCM
+#ifdef BUILD_WITH_SAMBA_AES_GCM
 /*
  * @brief Encrypt an ldb value using an aead algorithm.
  *
- * This function uses lib nettle directly to perform the encryption. However
+ * This function uses the samba internal implementation to perform the 
encryption. However
  * the encrypted data and tag are stored in a manner compatible with gnutls,
  * so the gnutls aead functions can be used to decrypt and verify the data.
  *
@@ -472,22 +393,19 @@ static DATA_BLOB makePlainText(TALLOC_CTX *ctx,
  *
  * @return The encrypted ldb_val, or data_blob_null if there was an error.
  */
-static struct ldb_val nettle_encrypt_aead(int *err,
-                                         TALLOC_CTX *ctx,
-                                         struct ldb_context *ldb,
-                                         const struct ldb_val val,
-                                         const struct es_data *data)
+static struct ldb_val samba_encrypt_aead(int *err,
+                                        TALLOC_CTX *ctx,
+                                        struct ldb_context *ldb,
+                                        const struct ldb_val val,
+                                        const struct es_data *data)
 {
+       struct aes_gcm_128_context cctx;
        struct EncryptedSecret *es = NULL;
        DATA_BLOB pt = data_blob_null;
-       const struct nettle_details *ntl = NULL;


-- 
Samba Shared Repository

Reply via email to