summaryrefslogtreecommitdiff
path: root/source4/libcli
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-01-11 14:04:58 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:08:42 -0500
commita249198d539685be5cb97e179e85ae00dbba8c83 (patch)
tree1e0ae58592cc6a4d7a09934a1fabca03e53871b6 /source4/libcli
parent7ab7debcf17d833ac15512604f73b551c27534c2 (diff)
downloadsamba-a249198d539685be5cb97e179e85ae00dbba8c83.tar.gz
samba-a249198d539685be5cb97e179e85ae00dbba8c83.tar.bz2
samba-a249198d539685be5cb97e179e85ae00dbba8c83.zip
r4682: A LDB-based secrets implementation in Samba4.
This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
Diffstat (limited to 'source4/libcli')
-rw-r--r--source4/libcli/auth/session.c43
1 files changed, 22 insertions, 21 deletions
diff --git a/source4/libcli/auth/session.c b/source4/libcli/auth/session.c
index 91eee9ce81..9b4132a490 100644
--- a/source4/libcli/auth/session.c
+++ b/source4/libcli/auth/session.c
@@ -113,18 +113,18 @@ char *sess_decrypt_string(DATA_BLOB *blob, const DATA_BLOB *session_key)
sess_crypt_blob(&out, blob, session_key, False);
- slen = IVAL(out.data, 0);
- if (slen > blob->length - 8) {
- DEBUG(0,("Invalid crypt length %d\n", slen));
- return NULL;
- }
-
if (IVAL(out.data, 4) != 1) {
DEBUG(0,("Unexpected revision number %d in session crypted string\n",
IVAL(out.data, 4)));
return NULL;
}
+ slen = IVAL(out.data, 0);
+ if (slen > blob->length - 8) {
+ DEBUG(0,("Invalid crypt length %d\n", slen));
+ return NULL;
+ }
+
ret = strndup((const char *)(out.data+8), slen);
data_blob_free(&out);
@@ -169,42 +169,43 @@ DATA_BLOB sess_encrypt_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob_in, const DATA_
}
/*
- a convenient wrapper around sess_crypt_blob() for strings, using the LSA convention
-
- caller should free the returned string
+ Decrypt a DATA_BLOB using the LSA convention
*/
-DATA_BLOB sess_decrypt_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const DATA_BLOB *session_key)
+NTSTATUS sess_decrypt_blob(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const DATA_BLOB *session_key,
+ DATA_BLOB *ret)
{
DATA_BLOB out;
int slen;
- DATA_BLOB ret;
if (blob->length < 8) {
- return data_blob(NULL, 0);
+ return NT_STATUS_INVALID_PARAMETER;
}
out = data_blob_talloc(mem_ctx, NULL, blob->length);
if (!out.data) {
- return data_blob(NULL, 0);
+ return NT_STATUS_NO_MEMORY;
}
sess_crypt_blob(&out, blob, session_key, False);
+ if (IVAL(out.data, 4) != 1) {
+ DEBUG(0,("Unexpected revision number %d in session crypted string\n",
+ IVAL(out.data, 4)));
+ return NT_STATUS_UNKNOWN_REVISION;
+ }
+
slen = IVAL(out.data, 0);
if (slen > blob->length - 8) {
DEBUG(0,("Invalid crypt length %d\n", slen));
- return data_blob(NULL, 0);
+ return NT_STATUS_WRONG_PASSWORD;
}
- if (IVAL(out.data, 4) != 1) {
- DEBUG(0,("Unexpected revision number %d in session crypted string\n",
- IVAL(out.data, 4)));
- return data_blob(NULL, 0);
+ *ret = data_blob_talloc(mem_ctx, out.data+8, slen);
+ if (!ret->data) {
+ return NT_STATUS_NO_MEMORY;
}
-
- ret = data_blob_talloc(mem_ctx, out.data+8, slen);
data_blob_free(&out);
- return ret;
+ return NT_STATUS_OK;
}