Changeset 988 for vendor/current/source3/smbd/signing.c
- Timestamp:
- Nov 24, 2016, 1:14:11 PM (9 years ago)
- File:
-
- 1 edited
-
vendor/current/source3/smbd/signing.c (modified) (16 diffs)
Legend:
- Unmodified
- Added
- Removed
-
vendor/current/source3/smbd/signing.c
r740 r988 23 23 #include "smbd/smbd.h" 24 24 #include "smbd/globals.h" 25 #include "smb_signing.h" 25 #include "../libcli/smb/smb_signing.h" 26 #include "lib/param/param.h" 26 27 27 28 /*********************************************************** … … 29 30 ************************************************************/ 30 31 31 bool srv_check_sign_mac(struct smb d_server_connection *conn,32 bool srv_check_sign_mac(struct smbXsrv_connection *conn, 32 33 const char *inbuf, uint32_t *seqnum, 33 34 bool trusted_channel) 34 35 { 36 const uint8_t *inhdr; 37 size_t len; 38 35 39 /* Check if it's a non-session message. */ 36 40 if(CVAL(inbuf,0)) { … … 38 42 } 39 43 44 len = smb_len(inbuf); 45 inhdr = (const uint8_t *)inbuf + NBT_HDR_SIZE; 46 40 47 if (trusted_channel) { 41 48 NTSTATUS status; 42 49 43 if ( smb_len(inbuf) < (smb_ss_field + 8 - 4)) {50 if (len < (HDR_SS_FIELD + 8)) { 44 51 DEBUG(1,("smb_signing_check_pdu: Can't check signature " 45 52 "on short packet! smb_len = %u\n", 46 smb_len(inbuf)));47 return false; 48 } 49 50 status = NT_STATUS(IVAL(in buf, smb_ss_field+ 4));53 (unsigned)len)); 54 return false; 55 } 56 57 status = NT_STATUS(IVAL(inhdr, HDR_SS_FIELD + 4)); 51 58 if (!NT_STATUS_IS_OK(status)) { 52 59 DEBUG(1,("smb_signing_check_pdu: trusted channel passed %s\n", … … 55 62 } 56 63 57 *seqnum = IVAL(in buf, smb_ss_field);64 *seqnum = IVAL(inhdr, HDR_SS_FIELD); 58 65 return true; 59 66 } … … 61 68 *seqnum = smb_signing_next_seqnum(conn->smb1.signing_state, false); 62 69 return smb_signing_check_pdu(conn->smb1.signing_state, 63 (const uint8_t *)inbuf,70 inhdr, len, 64 71 *seqnum); 65 72 } … … 69 76 ************************************************************/ 70 77 71 void srv_calculate_sign_mac(struct smb d_server_connection *conn,78 void srv_calculate_sign_mac(struct smbXsrv_connection *conn, 72 79 char *outbuf, uint32_t seqnum) 73 80 { 81 uint8_t *outhdr; 82 size_t len; 83 74 84 /* Check if it's a non-session message. */ 75 85 if(CVAL(outbuf,0)) { … … 77 87 } 78 88 79 smb_signing_sign_pdu(conn->smb1.signing_state, (uint8_t *)outbuf, seqnum); 89 len = smb_len(outbuf); 90 outhdr = (uint8_t *)outbuf + NBT_HDR_SIZE; 91 92 smb_signing_sign_pdu(conn->smb1.signing_state, outhdr, len, seqnum); 80 93 } 81 94 … … 84 97 Called to indicate a oneway request 85 98 ************************************************************/ 86 void srv_cancel_sign_response(struct smb d_server_connection *conn)99 void srv_cancel_sign_response(struct smbXsrv_connection *conn) 87 100 { 88 101 smb_signing_cancel_reply(conn->smb1.signing_state, true); … … 155 168 ************************************************************/ 156 169 157 bool srv_init_signing(struct smb d_server_connection *conn)170 bool srv_init_signing(struct smbXsrv_connection *conn) 158 171 { 159 172 bool allowed = true; 173 bool desired; 160 174 bool mandatory = false; 161 175 162 switch (lp_server_signing()) { 163 case Required: 164 mandatory = true; 165 break; 166 case Auto: 167 break; 168 case True: 169 break; 170 case False: 171 allowed = false; 172 break; 173 } 176 struct loadparm_context *lp_ctx = loadparm_init_s3(conn, loadparm_s3_helpers()); 177 if (lp_ctx == NULL) { 178 DEBUG(10, ("loadparm_init_s3 failed\n")); 179 return false; 180 } 181 182 /* 183 * if the client and server allow signing, 184 * we desire to use it. 185 * 186 * This matches Windows behavior and is needed 187 * because not every client that requires signing 188 * sends FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED. 189 * 190 * Note that we'll always allow signing if the client 191 * does send FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED. 192 */ 193 194 desired = lpcfg_server_signing_allowed(lp_ctx, &mandatory); 195 talloc_unlink(conn, lp_ctx); 174 196 175 197 if (lp_async_smb_echo_handler()) { … … 177 199 178 200 /* setup the signing state in shared memory */ 179 s = talloc_zero( smbd_event_context(), struct smbd_shm_signing);201 s = talloc_zero(conn, struct smbd_shm_signing); 180 202 if (s == NULL) { 181 203 return false; … … 190 212 talloc_set_destructor(s, smbd_shm_signing_destructor); 191 213 conn->smb1.signing_state = smb_signing_init_ex(s, 192 allowed, mandatory,214 allowed, desired, mandatory, 193 215 smbd_shm_signing_alloc, 194 216 smbd_shm_signing_free); … … 199 221 } 200 222 201 conn->smb1.signing_state = smb_signing_init( smbd_event_context(),202 allowed, mandatory);223 conn->smb1.signing_state = smb_signing_init(conn, 224 allowed, desired, mandatory); 203 225 if (!conn->smb1.signing_state) { 204 226 return false; … … 208 230 } 209 231 210 void srv_set_signing_negotiated(struct smbd_server_connection *conn) 211 { 212 smb_signing_set_negotiated(conn->smb1.signing_state); 232 void srv_set_signing_negotiated(struct smbXsrv_connection *conn, 233 bool allowed, bool mandatory) 234 { 235 smb_signing_set_negotiated(conn->smb1.signing_state, 236 allowed, mandatory); 213 237 } 214 238 … … 218 242 ************************************************************/ 219 243 220 bool srv_is_signing_active(struct smb d_server_connection *conn)244 bool srv_is_signing_active(struct smbXsrv_connection *conn) 221 245 { 222 246 return smb_signing_is_active(conn->smb1.signing_state); … … 229 253 ************************************************************/ 230 254 231 bool srv_is_signing_negotiated(struct smb d_server_connection *conn)255 bool srv_is_signing_negotiated(struct smbXsrv_connection *conn) 232 256 { 233 257 return smb_signing_is_negotiated(conn->smb1.signing_state); … … 238 262 ************************************************************/ 239 263 240 void srv_set_signing(struct smb d_server_connection *conn,264 void srv_set_signing(struct smbXsrv_connection *conn, 241 265 const DATA_BLOB user_session_key, 242 266 const DATA_BLOB response)
Note:
See TracChangeset
for help on using the changeset viewer.
