summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/torture/rpc/dssync.c62
1 files changed, 16 insertions, 46 deletions
diff --git a/source4/torture/rpc/dssync.c b/source4/torture/rpc/dssync.c
index 0f07c51516..c601b08248 100644
--- a/source4/torture/rpc/dssync.c
+++ b/source4/torture/rpc/dssync.c
@@ -300,36 +300,6 @@ static BOOL test_GetInfo(struct DsSyncTest *ctx)
return ret;
}
-static void sam_rid_crypt_len(uint_t rid, uint32_t len, const uint8_t *in, uint8_t *out, int forw)
-{
- uint8_t s[14];
- uint8_t in_pad[8], out_pad[8];
- uint32_t b_off, s_off = 0;
-
- s[0] = s[4] = s[8] = s[12] = (uint8_t)(rid & 0xFF);
- s[1] = s[5] = s[9] = s[13] = (uint8_t)((rid >> 8) & 0xFF);
- s[2] = s[6] = s[10] = (uint8_t)((rid >> 16) & 0xFF);
- s[3] = s[7] = s[11] = (uint8_t)((rid >> 24) & 0xFF);
-
- for (b_off=0; b_off < len; b_off += 8) {
- uint32_t left = len - b_off;
- if (left >= 8) {
- des_crypt56(out + b_off, in + b_off, s + s_off, forw);
- } else {
- ZERO_STRUCT(in_pad);
- memcpy(in_pad, in + b_off, left);
- des_crypt56(out_pad, in + b_off, s + s_off, forw);
- memcpy(out + b_off, out_pad, left);
- ZERO_STRUCT(out_pad);
- }
- if (s_off == 0) {
- s_off = 7;
- } else {
- s_off--;
- }
- }
-}
-
static DATA_BLOB decrypt_blob(TALLOC_CTX *mem_ctx,
const DATA_BLOB *gensec_skey,
bool rcrypt,
@@ -357,8 +327,11 @@ static DATA_BLOB decrypt_blob(TALLOC_CTX *mem_ctx,
* was successful!!!!!!!!!!!!!!!!!!!!!!!!!!
*/
- /* the first 16 bytes at the beginning are the confounder */
- if (buffer->length <= 16) {
+ /*
+ * the first 16 bytes at the beginning are the confounder
+ * followed by the 4 byte crc32 checksum
+ */
+ if (buffer->length < 20) {
return data_blob_const(NULL, 0);
}
confounder = data_blob_const(buffer->data, 16);
@@ -391,10 +364,6 @@ static DATA_BLOB decrypt_blob(TALLOC_CTX *mem_ctx,
* the first 4 byte are the crc32 checksum
* of the remaining bytes
*/
- if (dec_buffer.length < 4) {
- return data_blob_const(NULL, 0);
- }
-
crc32_given = IVAL(dec_buffer.data, 0);
crc32_calc = crc32_calc_buffer(dec_buffer.data + 4 , dec_buffer.length - 4);
if (crc32_given != crc32_calc) {
@@ -421,21 +390,22 @@ static DATA_BLOB decrypt_blob(TALLOC_CTX *mem_ctx,
* so it doesn't depend on sessionkeys.
*/
if (rcrypt) {
+ uint32_t i, num_hashes;
+
+ if ((checked_buffer.length % 16) != 0) {
+ return data_blob_const(NULL, 0);
+ }
+
plain_buffer = data_blob_talloc(mem_ctx, checked_buffer.data, checked_buffer.length);
if (!plain_buffer.data) {
return data_blob_const(NULL, 0);
}
- if (plain_buffer.length < 16) {
- return data_blob_const(NULL, 0);
+
+ num_hashes = plain_buffer.length / 16;
+ for (i = 0; i < num_hashes; i++) {
+ uint32_t offset = i * 16;
+ sam_rid_crypt(rid, checked_buffer.data + offset, plain_buffer.data + offset, 0);
}
- /*
- * TODO: check if that's correct for the history fields,
- * which can be larger than 16 bytes (but in 16 byte steps)
- * maybe we need to call the 16 byte sam_rid_crypt() function
- * for each hash, but here we assume the rid des key is shifted
- * by one for each 8 byte block.
- */
- sam_rid_crypt_len(rid, checked_buffer.length, checked_buffer.data, plain_buffer.data, 0);
} else {
plain_buffer = checked_buffer;
}