Putting the framework for server signing in place. Ensure we don't use

sendfile when signing (I need to add this for readbraw/writebraw too...).
Jeremy.
(This used to be commit f2e84f1ba67b13ff29e24a38099b559d9033a680)

3 files changed, 89 insertions, 6 deletions

diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c
index 683a382369..8e3a4ff8d8 100644
--- a/source3/libsmb/smb_signing.c
+++ b/source3/libsmb/smb_signing.c
@@ -479,24 +479,86 @@ BOOL cli_check_sign_mac(struct cli_state *cli)
  SMB signing - server API's.
 ************************************************************/
 
+static struct smb_sign_info srv_sign_info = {
+	null_sign_outgoing_message,
+	null_check_incoming_message,
+	null_free_signing_context,
+	NULL,
+	False,
+	False,
+	False,
+	False
+};
+
+/***********************************************************
+ Turn on signing after sending an oplock break.
+************************************************************/
+
 void srv_enable_signing(void)
 {
+	srv_sign_info.doing_signing = True;
 }
 
+/***********************************************************
+ Turn off signing before sending an oplock break.
+************************************************************/
+
 void srv_disable_signing(void)
 {
+	srv_sign_info.doing_signing = False;
 }
 
-BOOL srv_check_sign_mac(char *buf)
+/***********************************************************
+ Called to validate an incoming packet from the client.
+************************************************************/
+
+BOOL srv_check_sign_mac(char *inbuf)
 {
-	return True;
+	if (!srv_sign_info.doing_signing)
+		return True;
+
+	/* Check if it's a session keepalive. */
+	if(CVAL(inbuf,0) == SMBkeepalive)
+		return True;
+
+	if (smb_len(inbuf) < (smb_ss_field + 8 - 4)) {
+		DEBUG(1, ("srv_check_sign_mac: Can't check signature on short packet! smb_len = %u\n", smb_len(inbuf) ));
+		return False;
+	}
+
+	return srv_sign_info.check_incoming_message(inbuf, &srv_sign_info);
 }
 
-void srv_calculate_sign_mac(char *buf)
+/***********************************************************
+ Called to sign an outgoing packet to the client.
+************************************************************/
+
+void srv_calculate_sign_mac(char *outbuf)
 {
+	if (!srv_sign_info.doing_signing)
+		return;
+
+	/* Check if it's a session keepalive. */
+	/* JRA Paranioa test - do we ever generate these in the server ? */
+	if(CVAL(outbuf,0) == SMBkeepalive)
+		return;
+
+	/* JRA Paranioa test - we should be able to get rid of this... */
+	if (smb_len(outbuf) < (smb_ss_field + 8 - 4)) {
+		DEBUG(1, ("srv_calculate_sign_mac: Logic error. Can't check signature on short packet! smb_len = %u\n",
+					smb_len(outbuf) ));
+		abort();
+	}
+
+	srv_sign_info.sign_outgoing_message(outbuf, &srv_sign_info);
 }
 
-BOOL allow_sendfile(void)
+/***********************************************************
+ Returns whether signing is active. We can't use sendfile or raw
+ reads/writes if it is.
+************************************************************/
+
+BOOL srv_signing_active(void)
 {
-	return True;
+	return srv_sign_info.doing_signing;
 }
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 3739407810..1af8d51114 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -1864,7 +1864,7 @@ FN_LOCAL_BOOL(lp_inherit_acls, bInheritACLS)
 FN_LOCAL_BOOL(lp_use_client_driver, bUseClientDriver)
 FN_LOCAL_BOOL(lp_default_devmode, bDefaultDevmode)
 FN_LOCAL_BOOL(lp_nt_acl_support, bNTAclSupport)
-FN_LOCAL_BOOL(lp_use_sendfile, bUseSendfile)
+FN_LOCAL_BOOL(_lp_use_sendfile, bUseSendfile)
 FN_LOCAL_BOOL(lp_profile_acls, bProfileAcls)
 FN_LOCAL_BOOL(lp_map_acl_inherit, bMap_acl_inherit)
 FN_LOCAL_INTEGER(lp_create_mask, iCreate_mask)
@@ -4291,3 +4291,12 @@ int lp_maxprintjobs(int snum)
 
 	return maxjobs;
 }
+
+/*******************************************************************
+ Ensure we don't use sendfile if server smb signing is active.
+********************************************************************/
+
+BOOL lp_use_sendfile(int snum)
+{
+	return (_lp_use_sendfile(snum) && !srv_signing_active());
+}
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index f452dd845b..0b58eb3eb2 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -277,6 +277,14 @@ static int reply_nt1(char *inbuf, char *outbuf)
 	if (global_encrypted_passwords_negotiated)
 		secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
 	
+	if (lp_server_signing()) {
+		secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
+		/* No raw mode with smb signing. */
+		capabilities &= ~CAP_RAW_MODE;
+		if (lp_server_signing() == Required)
+			secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
+	}
+
 	set_message(outbuf,17,0,True);
 	
 	SCVAL(outbuf,smb_vwv1,secword);
@@ -521,6 +529,10 @@ int reply_negprot(connection_struct *conn,
   
 	DEBUG( 5, ( "negprot index=%d\n", choice ) );
 
+	if ((lp_server_signing() == Required) && (Protocol < PROTOCOL_NT1)) {
+		exit_server("SMB signing is required and client negotiated a downlevel protocol");
+	}
+
 	END_PROFILE(SMBnegprot);
 	return(outsize);
 }