libcli:auth Return NTSTATUS from netlogon_creds_aes_decrypt()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index cfeab6efdcd50249a7e0f955482137d0b9df0d19..955e08b73859ff4da434c1e5da0a487fcc023884 100644 (file)
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -346,7 +346,7 @@ NTSTATUS netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds
 /*
   AES decrypt a password buffer using the session key
 */
-void netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len)
+NTSTATUS netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len)
 {
 #ifdef HAVE_GNUTLS_AES_CFB8
        gnutls_cipher_hd_t cipher_hnd = NULL;
@@ -370,18 +370,17 @@ void netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, ui
                                &key,
                                &iv);
        if (rc < 0) {
-               DBG_ERR("ERROR: gnutls_cipher_init: %s\n",
-                       gnutls_strerror(rc));
-               return;
+               return gnutls_error_to_ntstatus(rc,
+                                               NT_STATUS_CRYPTO_SYSTEM_INVALID);
        }
 
        rc = gnutls_cipher_decrypt(cipher_hnd, data, len);
        gnutls_cipher_deinit(cipher_hnd);
        if (rc < 0) {
-               DBG_ERR("ERROR: gnutls_cipher_decrypt: %s\n",
-                       gnutls_strerror(rc));
-               return;
+               return gnutls_error_to_ntstatus(rc,
+                                               NT_STATUS_CRYPTO_SYSTEM_INVALID);
        }
+
 #else /* NOT HAVE_GNUTLS_AES_CFB8 */
        AES_KEY key;
        uint8_t iv[AES_BLOCK_SIZE] = {0};
@@ -390,6 +389,8 @@ void netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, ui
 
        aes_cfb8_encrypt(data, data, len, &key, iv, AES_DECRYPT);
 #endif /* HAVE_GNUTLS_AES_CFB8 */
+
+       return NT_STATUS_OK;
 }
 
 /*****************************************************************

diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index 639a50425e5c7aa9c930b9b99274a10d46d56ae8..714652bdb765905f02ea7fbc37e226847571bb34 100644 (file)
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -21,7 +21,9 @@ NTSTATUS netlogon_creds_arcfour_crypt(struct netlogon_creds_CredentialState *cre
 NTSTATUS netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds,
                                    uint8_t *data,
                                    size_t len);
-void netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len);
+NTSTATUS netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds,
+                                   uint8_t *data,
+                                   size_t len);
 
 /*****************************************************************
 The above functions are common to the client and server interface