summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2007-03-21 02:02:09 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:18:47 -0500
commit6aff12a9f6c33b61fe9ab89d703677a3202185db (patch)
tree3bad9390d9db4619055b7d3ffdca7b65af8d0e25
parent9874b3bfa7f7e7de0e389ea84dbff4a824520bc2 (diff)
downloadsamba-6aff12a9f6c33b61fe9ab89d703677a3202185db.tar.gz
samba-6aff12a9f6c33b61fe9ab89d703677a3202185db.tar.bz2
samba-6aff12a9f6c33b61fe9ab89d703677a3202185db.zip
r21903: Get the length calculations right (I always forget
the 4 byte length isn't included in the length :-). We now have working NTLMSSP transport encryption with sign+seal. W00t! Jeremy. (This used to be commit d34584cb5c53c194693ce7236020ab83f60cd235)
-rw-r--r--source3/libsmb/smb_seal.c34
1 files changed, 18 insertions, 16 deletions
diff --git a/source3/libsmb/smb_seal.c b/source3/libsmb/smb_seal.c
index a509438f07..bf7f337a97 100644
--- a/source3/libsmb/smb_seal.c
+++ b/source3/libsmb/smb_seal.c
@@ -38,30 +38,33 @@ BOOL common_encryption_on(struct smb_trans_enc_state *es)
NTSTATUS common_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf)
{
NTSTATUS status;
- size_t orig_len = smb_len(buf);
- size_t new_len = orig_len - NTLMSSP_SIG_SIZE;
+ size_t buf_len = smb_len(buf) + 4; /* Don't forget the 4 length bytes. */
DATA_BLOB sig;
- if (orig_len < 8 + NTLMSSP_SIG_SIZE) {
+ if (buf_len < 8 + NTLMSSP_SIG_SIZE) {
return NT_STATUS_BUFFER_TOO_SMALL;
}
+ /* Adjust for the signature. */
+ buf_len -= NTLMSSP_SIG_SIZE;
+
/* Save off the signature. */
- sig = data_blob(buf+orig_len-NTLMSSP_SIG_SIZE, NTLMSSP_SIG_SIZE);
+ sig = data_blob(buf+buf_len, NTLMSSP_SIG_SIZE);
status = ntlmssp_unseal_packet(ntlmssp_state,
(unsigned char *)buf + 8, /* 4 byte len + 0xFF 'S' 'M' 'B' */
- new_len - 8,
+ buf_len - 8,
(unsigned char *)buf,
- new_len,
+ buf_len,
&sig);
if (!NT_STATUS_IS_OK(status)) {
data_blob_free(&sig);
return status;
}
+
/* Reset the length. */
- smb_setlen(buf, new_len);
+ smb_setlen(buf, smb_len(buf) - NTLMSSP_SIG_SIZE);
return NT_STATUS_OK;
}
@@ -74,13 +77,12 @@ NTSTATUS common_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf, cha
{
NTSTATUS status;
char *buf_out;
- size_t orig_len = smb_len(buf);
- size_t new_len = orig_len + NTLMSSP_SIG_SIZE;
+ size_t buf_len = smb_len(buf) + 4; /* Don't forget the 4 length bytes. */
DATA_BLOB sig;
*ppbuf_out = NULL;
- if (orig_len < 8) {
+ if (buf_len < 8) {
return NT_STATUS_BUFFER_TOO_SMALL;
}
@@ -91,19 +93,19 @@ NTSTATUS common_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf, cha
/* Copy the original buffer. */
- buf_out = SMB_XMALLOC_ARRAY(char, new_len);
- memcpy(buf_out, buf, orig_len);
+ buf_out = SMB_XMALLOC_ARRAY(char, buf_len + NTLMSSP_SIG_SIZE);
+ memcpy(buf_out, buf, buf_len);
/* Last 16 bytes undefined here... */
- smb_setlen(buf_out, new_len);
+ smb_setlen(buf_out, smb_len(buf) + NTLMSSP_SIG_SIZE);
sig = data_blob(NULL, NTLMSSP_SIG_SIZE);
status = ntlmssp_seal_packet(ntlmssp_state,
(unsigned char *)buf_out + 8, /* 4 byte len + 0xFF 'S' 'M' 'B' */
- orig_len - 8,
+ buf_len - 8,
(unsigned char *)buf_out,
- orig_len,
+ buf_len,
&sig);
if (!NT_STATUS_IS_OK(status)) {
@@ -112,7 +114,7 @@ NTSTATUS common_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf, cha
return status;
}
- memcpy(buf_out+orig_len, sig.data, NTLMSSP_SIG_SIZE);
+ memcpy(buf_out+buf_len, sig.data, NTLMSSP_SIG_SIZE);
*ppbuf_out = buf_out;
return NT_STATUS_OK;
}