The branch, master has been updated
via 0361a26e395 libcli:auth Check return code of
netlogon_creds_aes_encrypt()
via 32e75bb4cca libcli:auth: Check return code of
netlogon_creds_step_crypt()
via 05f59cbcf80 libcli:auth: Check return code of netlogon_creds_step()
via a64a5b7e17d s4:librpc: Check return code of
netlogon_creds_client_authenticator()
via 0906848936c libcli:auth: Check return code of
netlogon_creds_client_authenticator()
via d3fffca5e9a auth:pycreds: Check return code of
netlogon_creds_client_authenticator()
via 7c7dc855ba9 libcli:auth: Return NTSTATUS for
netlogon_creds_client_authenticator()
via 0ed92e3e606 libcli:auth: Check return status of
netlogon_creds_first_step()
via e4ae1ba451d libcli:auth: Check return status of
netlogon_creds_init_64bit()
via 2c21cd6d49d libcli:auth: Check return value of
netlogon_creds_init_128bit()
via fbfb11b0f7e s4:torture: Remove calls to gnutls_global_(de)init() in
backupkey test
via 0e159b725ec s4:lib: Remove gnutls_global_(de)init() from libtls
via afb5cb669ce s4:rpc_server: Remove gnutls_global_(de)init()
via 3db2ca2dcf3 libcli:auth: Check return code of SMBOWFencrypt_ntv2()
via dc75a5f27eb libcli:auth: Return NTSTATUS for SMBOWFencrypt_ntv2()
via 0914824684b libcli:auth: Check return codes of SMBsesskeygen_ntv2()
via 045b9eb3f08 libcli:auth: Return NTSTATUS for SMBOWFencrypt_ntv2()
via 83b1c21dd0f librpc: Do not return an NDR table for a zero GUID
from e45feaf28da ctdb-tcp: Simplify freeing of transport data on shutdown
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0361a26e395723296899c3d48cff86d532372710
Author: Andrew Bartlett <[email protected]>
Date: Thu Nov 14 11:16:09 2019 +1300
libcli:auth Check return code of netlogon_creds_aes_encrypt()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Autobuild-User(master): Andreas Schneider <[email protected]>
Autobuild-Date(master): Thu Nov 14 09:25:36 UTC 2019 on sn-devel-184
commit 32e75bb4cca994af80bb8440009446e4a0ff5d40
Author: Andreas Schneider <[email protected]>
Date: Wed Nov 13 10:13:53 2019 +0100
libcli:auth: Check return code of netlogon_creds_step_crypt()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 05f59cbcf803d57ab41b4c7fa4f81da50cd02cd6
Author: Andreas Schneider <[email protected]>
Date: Wed Nov 13 10:12:41 2019 +0100
libcli:auth: Check return code of netlogon_creds_step()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit a64a5b7e17d80a4363774d4e35d3ee676ecf426d
Author: Andreas Schneider <[email protected]>
Date: Wed Nov 13 10:06:20 2019 +0100
s4:librpc: Check return code of netlogon_creds_client_authenticator()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 0906848936c410f49b26f7688df7ce1a0e1097f5
Author: Andreas Schneider <[email protected]>
Date: Wed Nov 13 10:06:20 2019 +0100
libcli:auth: Check return code of netlogon_creds_client_authenticator()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit d3fffca5e9ab45b43fa3f460ad6051356c9a00a9
Author: Andreas Schneider <[email protected]>
Date: Wed Nov 13 10:06:20 2019 +0100
auth:pycreds: Check return code of netlogon_creds_client_authenticator()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 7c7dc855ba982a37cb5040752ca473aab3446d6c
Author: Andreas Schneider <[email protected]>
Date: Wed Nov 13 09:52:53 2019 +0100
libcli:auth: Return NTSTATUS for netlogon_creds_client_authenticator()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 0ed92e3e60684bfb02b01479d985535d525a5be5
Author: Andreas Schneider <[email protected]>
Date: Wed Nov 13 09:44:32 2019 +0100
libcli:auth: Check return status of netlogon_creds_first_step()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit e4ae1ba451d408b3b5c74d303493cb7c38e6e1c8
Author: Andreas Schneider <[email protected]>
Date: Wed Nov 13 09:41:18 2019 +0100
libcli:auth: Check return status of netlogon_creds_init_64bit()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 2c21cd6d49d56611acb2f364473d8c2e73e74545
Author: Andreas Schneider <[email protected]>
Date: Wed Nov 13 09:39:19 2019 +0100
libcli:auth: Check return value of netlogon_creds_init_128bit()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit fbfb11b0f7ebd69cc4b1b545b398a367720d5473
Author: Andreas Schneider <[email protected]>
Date: Wed Nov 13 14:01:46 2019 +0100
s4:torture: Remove calls to gnutls_global_(de)init() in backupkey test
This is handled by the gnutls library constructor/destructor.
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 0e159b725ecf2f9a6d026170253e2d1eb73ed0c2
Author: Andreas Schneider <[email protected]>
Date: Wed Nov 13 13:59:30 2019 +0100
s4:lib: Remove gnutls_global_(de)init() from libtls
This is handled by the gnutls library constructor/destructor.
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit afb5cb669ceeb68bf93ef8db07abcc5d424580cd
Author: Andreas Schneider <[email protected]>
Date: Wed Nov 13 13:57:53 2019 +0100
s4:rpc_server: Remove gnutls_global_(de)init()
This is done by the gnutls library constructor/destructor.
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 3db2ca2dcf367a6c57071a76668d19f3cbf62565
Author: Andreas Schneider <[email protected]>
Date: Wed Nov 13 12:52:44 2019 +0100
libcli:auth: Check return code of SMBOWFencrypt_ntv2()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit dc75a5f27eb32caf2f2adc289bc82fb0f8042cb3
Author: Andreas Schneider <[email protected]>
Date: Wed Nov 13 12:48:18 2019 +0100
libcli:auth: Return NTSTATUS for SMBOWFencrypt_ntv2()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 0914824684b3a69a9926402d447e1d5781f2ec02
Author: Andreas Schneider <[email protected]>
Date: Wed Nov 13 12:45:04 2019 +0100
libcli:auth: Check return codes of SMBsesskeygen_ntv2()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 045b9eb3f088c66e20bd19e144a2ce3597328d93
Author: Andreas Schneider <[email protected]>
Date: Wed Nov 13 12:40:02 2019 +0100
libcli:auth: Return NTSTATUS for SMBOWFencrypt_ntv2()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 83b1c21dd0fb932b81491065067a973398bdca91
Author: Andrew Bartlett <[email protected]>
Date: Wed Nov 13 15:51:08 2019 +1300
librpc: Do not return an NDR table for a zero GUID
The source3 RPC server will do a lookup by GUID and should
not be returned a table for a zero GUID.
Thankfully such a pipe would also need to have been registered
but regardless this is not a determinsitic result so should
be avoided.
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/pycredentials.c | 11 +-
libcli/auth/credentials.c | 138 +++++++++++++++++++-----
libcli/auth/netlogon_creds_cli.c | 76 +++++++++----
libcli/auth/ntlm_check.c | 33 +++++-
libcli/auth/proto.h | 18 ++--
libcli/auth/smbencrypt.c | 84 +++++++++++----
librpc/ndr/ndr_table.c | 8 ++
source4/lib/tls/tls_tstream.c | 12 ---
source4/lib/tls/tlscert.c | 3 -
source4/librpc/rpc/dcerpc_schannel.c | 8 +-
source4/rpc_server/backupkey/dcesrv_backupkey.c | 3 -
source4/torture/rpc/backupkey.c | 48 ---------
12 files changed, 288 insertions(+), 154 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/credentials/pycredentials.c b/auth/credentials/pycredentials.c
index 446f30970a2..7427e286dca 100644
--- a/auth/credentials/pycredentials.c
+++ b/auth/credentials/pycredentials.c
@@ -832,6 +832,7 @@ static PyObject *py_creds_new_client_authenticator(PyObject
*self,
struct cli_credentials *creds = NULL;
struct netlogon_creds_CredentialState *nc = NULL;
PyObject *ret = NULL;
+ NTSTATUS status;
creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
@@ -848,9 +849,13 @@ static PyObject
*py_creds_new_client_authenticator(PyObject *self,
return NULL;
}
- netlogon_creds_client_authenticator(
- nc,
- &auth);
+ status = netlogon_creds_client_authenticator(nc, &auth);
+ if (!NT_STATUS_IS_OK(status)) {
+ PyErr_SetString(PyExc_ValueError,
+ "Failed to create client authenticator");
+ return NULL;
+ }
+
ret = Py_BuildValue("{s"PYARG_BYTES_LEN"si}",
"credential",
(const char *) &auth.cred, sizeof(auth.cred),
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index baa436df71b..f1088a1d8e0 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -33,17 +33,25 @@
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
-static void netlogon_creds_step_crypt(struct netlogon_creds_CredentialState
*creds,
- const struct netr_Credential *in,
- struct netr_Credential *out)
+static NTSTATUS netlogon_creds_step_crypt(struct
netlogon_creds_CredentialState *creds,
+ const struct netr_Credential *in,
+ struct netr_Credential *out)
{
+ NTSTATUS status;
if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
memcpy(out->data, in->data, sizeof(out->data));
- netlogon_creds_aes_encrypt(creds, out->data, sizeof(out->data));
+ status = netlogon_creds_aes_encrypt(creds,
+ out->data,
+ sizeof(out->data));
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
} else {
des_crypt112(out->data, in->data, creds->session_key, 1);
}
+
+ return NT_STATUS_OK;
}
/*
@@ -51,10 +59,10 @@ static void netlogon_creds_step_crypt(struct
netlogon_creds_CredentialState *cre
this call is made after the netr_ServerReqChallenge call
*/
-static void netlogon_creds_init_64bit(struct netlogon_creds_CredentialState
*creds,
- const struct netr_Credential
*client_challenge,
- const struct netr_Credential
*server_challenge,
- const struct samr_Password
*machine_password)
+static NTSTATUS netlogon_creds_init_64bit(struct
netlogon_creds_CredentialState *creds,
+ const struct netr_Credential
*client_challenge,
+ const struct netr_Credential
*server_challenge,
+ const struct samr_Password
*machine_password)
{
uint32_t sum[2];
uint8_t sum2[8];
@@ -68,6 +76,8 @@ static void netlogon_creds_init_64bit(struct
netlogon_creds_CredentialState *cre
ZERO_ARRAY(creds->session_key);
des_crypt128(creds->session_key, sum2, machine_password->hash);
+
+ return NT_STATUS_OK;
}
/*
@@ -172,24 +182,39 @@ static NTSTATUS netlogon_creds_init_hmac_sha256(struct
netlogon_creds_Credential
return NT_STATUS_OK;
}
-static void netlogon_creds_first_step(struct netlogon_creds_CredentialState
*creds,
- const struct netr_Credential
*client_challenge,
- const struct netr_Credential
*server_challenge)
+static NTSTATUS netlogon_creds_first_step(struct
netlogon_creds_CredentialState *creds,
+ const struct netr_Credential
*client_challenge,
+ const struct netr_Credential
*server_challenge)
{
- netlogon_creds_step_crypt(creds, client_challenge, &creds->client);
+ NTSTATUS status;
+
+ status = netlogon_creds_step_crypt(creds,
+ client_challenge,
+ &creds->client);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
- netlogon_creds_step_crypt(creds, server_challenge, &creds->server);
+ status = netlogon_creds_step_crypt(creds,
+ server_challenge,
+ &creds->server);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
creds->seed = creds->client;
+
+ return NT_STATUS_OK;
}
/*
step the credentials to the next element in the chain, updating the
current client and server credentials and the seed
*/
-static void netlogon_creds_step(struct netlogon_creds_CredentialState *creds)
+static NTSTATUS netlogon_creds_step(struct netlogon_creds_CredentialState
*creds)
{
struct netr_Credential time_cred;
+ NTSTATUS status;
DEBUG(5,("\tseed %08x:%08x\n",
IVAL(creds->seed.data, 0), IVAL(creds->seed.data, 4)));
@@ -199,7 +224,12 @@ static void netlogon_creds_step(struct
netlogon_creds_CredentialState *creds)
DEBUG(5,("\tseed+time %08x:%08x\n", IVAL(time_cred.data, 0),
IVAL(time_cred.data, 4)));
- netlogon_creds_step_crypt(creds, &time_cred, &creds->client);
+ status = netlogon_creds_step_crypt(creds,
+ &time_cred,
+ &creds->client);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
DEBUG(5,("\tCLIENT %08x:%08x\n",
IVAL(creds->client.data, 0), IVAL(creds->client.data, 4)));
@@ -210,12 +240,17 @@ static void netlogon_creds_step(struct
netlogon_creds_CredentialState *creds)
DEBUG(5,("\tseed+time+1 %08x:%08x\n",
IVAL(time_cred.data, 0), IVAL(time_cred.data, 4)));
- netlogon_creds_step_crypt(creds, &time_cred, &creds->server);
+ status = netlogon_creds_step_crypt(creds, &time_cred, &creds->server);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
DEBUG(5,("\tSERVER %08x:%08x\n",
IVAL(creds->server.data, 0), IVAL(creds->server.data, 4)));
creds->seed = time_cred;
+
+ return NT_STATUS_OK;
}
@@ -458,10 +493,23 @@ struct netlogon_creds_CredentialState
*netlogon_creds_client_init(TALLOC_CTX *me
return NULL;
}
} else {
- netlogon_creds_init_64bit(creds, client_challenge,
server_challenge, machine_password);
+ status = netlogon_creds_init_64bit(creds,
+ client_challenge,
+ server_challenge,
+ machine_password);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(creds);
+ return NULL;
+ }
}
- netlogon_creds_first_step(creds, client_challenge, server_challenge);
+ status = netlogon_creds_first_step(creds,
+ client_challenge,
+ server_challenge);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(creds);
+ return NULL;
+ }
dump_data_pw("Session key", creds->session_key, 16);
dump_data_pw("Credential ", creds->client.data, 8);
@@ -496,10 +544,12 @@ struct netlogon_creds_CredentialState
*netlogon_creds_client_init_session_key(TA
produce the next authenticator in the sequence ready to send to
the server
*/
-void netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState
*creds,
- struct netr_Authenticator *next)
+NTSTATUS
+netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState
*creds,
+ struct netr_Authenticator *next)
{
uint32_t t32n = (uint32_t)time(NULL);
+ NTSTATUS status;
/*
* we always increment and ignore an overflow here
@@ -522,10 +572,15 @@ void netlogon_creds_client_authenticator(struct
netlogon_creds_CredentialState *
}
}
- netlogon_creds_step(creds);
+ status = netlogon_creds_step(creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
next->cred = creds->client;
next->timestamp = creds->sequence;
+
+ return NT_STATUS_OK;
}
/*
@@ -580,6 +635,8 @@ struct netlogon_creds_CredentialState
*netlogon_creds_server_init(TALLOC_CTX *me
{
struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx,
struct netlogon_creds_CredentialState);
+ NTSTATUS status;
+
if (!creds) {
return NULL;
@@ -604,8 +661,6 @@ struct netlogon_creds_CredentialState
*netlogon_creds_server_init(TALLOC_CTX *me
}
if (negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
- NTSTATUS status;
-
status = netlogon_creds_init_hmac_sha256(creds,
client_challenge,
server_challenge,
@@ -615,14 +670,32 @@ struct netlogon_creds_CredentialState
*netlogon_creds_server_init(TALLOC_CTX *me
return NULL;
}
} else if (negotiate_flags & NETLOGON_NEG_STRONG_KEYS) {
- netlogon_creds_init_128bit(creds, client_challenge,
server_challenge,
- machine_password);
+ status = netlogon_creds_init_128bit(creds,
+ client_challenge,
+ server_challenge,
+ machine_password);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(creds);
+ return NULL;
+ }
} else {
- netlogon_creds_init_64bit(creds, client_challenge,
server_challenge,
- machine_password);
+ status = netlogon_creds_init_64bit(creds,
+ client_challenge,
+ server_challenge,
+ machine_password);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(creds);
+ return NULL;
+ }
}
- netlogon_creds_first_step(creds, client_challenge, server_challenge);
+ status = netlogon_creds_first_step(creds,
+ client_challenge,
+ server_challenge);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(creds);
+ return NULL;
+ }
dump_data_pw("Session key", creds->session_key, 16);
dump_data_pw("Client Credential ", creds->client.data, 8);
@@ -648,6 +721,8 @@ NTSTATUS netlogon_creds_server_step_check(struct
netlogon_creds_CredentialState
const struct netr_Authenticator
*received_authenticator,
struct netr_Authenticator
*return_authenticator)
{
+ NTSTATUS status;
+
if (!received_authenticator || !return_authenticator) {
return NT_STATUS_INVALID_PARAMETER;
}
@@ -657,7 +732,12 @@ NTSTATUS netlogon_creds_server_step_check(struct
netlogon_creds_CredentialState
}
creds->sequence = received_authenticator->timestamp;
- netlogon_creds_step(creds);
+ status = netlogon_creds_step(creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ ZERO_STRUCTP(return_authenticator);
+ return status;
+ }
+
if (netlogon_creds_server_check_internal(creds,
&received_authenticator->cred)) {
return_authenticator->cred = creds->server;
return_authenticator->timestamp = 0;
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index 3cc18e7fa60..6f043d774cd 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -1547,7 +1547,11 @@ struct tevent_req
*netlogon_creds_cli_check_send(TALLOC_CTX *mem_ctx,
*/
tevent_req_defer_callback(req, state->ev);
- netlogon_creds_client_authenticator(state->creds, &state->req_auth);
+ status = netlogon_creds_client_authenticator(state->creds,
+ &state->req_auth);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
ZERO_STRUCT(state->rep_auth);
subreq = dcerpc_netr_LogonGetCapabilities_send(state, state->ev,
@@ -1981,16 +1985,23 @@ static void
netlogon_creds_cli_ServerPasswordSet_locked(struct tevent_req *subre
tevent_req_defer_callback(req, state->ev);
state->tmp_creds = *state->creds;
- netlogon_creds_client_authenticator(&state->tmp_creds,
- &state->req_auth);
+ status = netlogon_creds_client_authenticator(&state->tmp_creds,
+ &state->req_auth);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
ZERO_STRUCT(state->rep_auth);
if (state->tmp_creds.negotiate_flags & NETLOGON_NEG_PASSWORD_SET2) {
if (state->tmp_creds.negotiate_flags &
NETLOGON_NEG_SUPPORTS_AES) {
- netlogon_creds_aes_encrypt(&state->tmp_creds,
- state->samr_crypt_password.data,
- 516);
+ status = netlogon_creds_aes_encrypt(&state->tmp_creds,
+
state->samr_crypt_password.data,
+ 516);
+ if (tevent_req_nterror(req, status)) {
+
netlogon_creds_cli_ServerPasswordSet_cleanup(req, status);
+ return;
+ }
} else {
status = netlogon_creds_arcfour_crypt(&state->tmp_creds,
state->samr_crypt_password.data,
@@ -2416,8 +2427,12 @@ static void
netlogon_creds_cli_LogonSamLogon_start(struct tevent_req *req)
}
state->tmp_creds = *state->lk_creds;
- netlogon_creds_client_authenticator(&state->tmp_creds,
- &state->req_auth);
+ status = netlogon_creds_client_authenticator(&state->tmp_creds,
+ &state->req_auth);
+ if (tevent_req_nterror(req, status)) {
+ netlogon_creds_cli_LogonSamLogon_cleanup(req, status);
+ return;
+ }
ZERO_STRUCT(state->rep_auth);
state->logon = netlogon_creds_shallow_copy_logon(state,
@@ -2848,8 +2863,11 @@ static void
netlogon_creds_cli_DsrUpdateReadOnlyServerDnsRecords_locked(struct t
tevent_req_defer_callback(req, state->ev);
state->tmp_creds = *state->creds;
- netlogon_creds_client_authenticator(&state->tmp_creds,
- &state->req_auth);
+ status = netlogon_creds_client_authenticator(&state->tmp_creds,
+ &state->req_auth);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
ZERO_STRUCT(state->rep_auth);
subreq = dcerpc_netr_DsrUpdateReadOnlyServerDnsRecords_send(state,
state->ev,
@@ -3100,8 +3118,11 @@ static void
netlogon_creds_cli_ServerGetTrustInfo_locked(struct tevent_req *subr
tevent_req_defer_callback(req, state->ev);
state->tmp_creds = *state->creds;
- netlogon_creds_client_authenticator(&state->tmp_creds,
- &state->req_auth);
+ status = netlogon_creds_client_authenticator(&state->tmp_creds,
+ &state->req_auth);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
ZERO_STRUCT(state->rep_auth);
subreq = dcerpc_netr_ServerGetTrustInfo_send(state, state->ev,
@@ -3402,8 +3423,11 @@ static void
netlogon_creds_cli_GetForestTrustInformation_locked(struct tevent_re
tevent_req_defer_callback(req, state->ev);
state->tmp_creds = *state->creds;
- netlogon_creds_client_authenticator(&state->tmp_creds,
- &state->req_auth);
+ status = netlogon_creds_client_authenticator(&state->tmp_creds,
+ &state->req_auth);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
ZERO_STRUCT(state->rep_auth);
subreq = dcerpc_netr_GetForestTrustInformation_send(state, state->ev,
@@ -3679,14 +3703,21 @@ static void netlogon_creds_cli_SendToSam_locked(struct
tevent_req *subreq)
tevent_req_defer_callback(req, state->ev);
state->tmp_creds = *state->creds;
- netlogon_creds_client_authenticator(&state->tmp_creds,
- &state->req_auth);
+ status = netlogon_creds_client_authenticator(&state->tmp_creds,
+ &state->req_auth);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
ZERO_STRUCT(state->rep_auth);
if (state->tmp_creds.negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
- netlogon_creds_aes_encrypt(&state->tmp_creds,
- state->opaque.data,
- state->opaque.length);
+ status = netlogon_creds_aes_encrypt(&state->tmp_creds,
+ state->opaque.data,
+ state->opaque.length);
+ if (tevent_req_nterror(req, status)) {
+ netlogon_creds_cli_SendToSam_cleanup(req, status);
+ return;
+ }
} else {
status = netlogon_creds_arcfour_crypt(&state->tmp_creds,
state->opaque.data,
@@ -3944,8 +3975,11 @@ static void
netlogon_creds_cli_LogonGetDomainInfo_locked(struct tevent_req *subr
tevent_req_defer_callback(req, state->ev);
state->tmp_creds = *state->creds;
- netlogon_creds_client_authenticator(&state->tmp_creds,
- &state->req_auth);
+ status = netlogon_creds_client_authenticator(&state->tmp_creds,
+ &state->req_auth);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
ZERO_STRUCT(state->rep_auth);
subreq = dcerpc_netr_LogonGetDomainInfo_send(state, state->ev,
diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c
index 3844abde528..5058add3811 100644
--- a/libcli/auth/ntlm_check.c
+++ b/libcli/auth/ntlm_check.c
@@ -93,6 +93,7 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx,
uint8_t kr[16];
uint8_t value_from_encryption[16];
DATA_BLOB client_key_data;
+ NTSTATUS status;
if (part_passwd == NULL) {
DEBUG(10,("No password set - DISALLOWING access\n"));
@@ -125,7 +126,13 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx,
return false;
}
- SMBOWFencrypt_ntv2(kr, sec_blob, &client_key_data,
value_from_encryption);
+ status = SMBOWFencrypt_ntv2(kr,
+ sec_blob,
+ &client_key_data,
+ value_from_encryption);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
#if DEBUG_PASSWORD
DEBUG(100,("Part password (P16) was |\n"));
@@ -143,7 +150,13 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx,
if (memcmp(value_from_encryption, ntv2_response->data, 16) == 0) {
if (user_sess_key != NULL) {
*user_sess_key = data_blob_talloc(mem_ctx, NULL, 16);
- SMBsesskeygen_ntv2(kr, value_from_encryption,
user_sess_key->data);
+
+ status = SMBsesskeygen_ntv2(kr,
+ value_from_encryption,
+ user_sess_key->data);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
}
return true;
}
@@ -166,6 +179,7 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx,
uint8_t kr[16];
uint8_t value_from_encryption[16];
DATA_BLOB client_key_data;
+ NTSTATUS status;
if (part_passwd == NULL) {
DEBUG(10,("No password set - DISALLOWING access\n"));
@@ -194,9 +208,20 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx,
return false;
}
--
Samba Shared Repository
