diff options
author | Andrew Bartlett <abartlet@samba.org> | 2004-08-11 18:05:30 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:57:50 -0500 |
commit | d9ff454a87410d4756cd61612bfb4aa768301be5 (patch) | |
tree | 16e4d7b58d7c4294092710e668843f566ddbe818 | |
parent | 5fa350cb1334a4b888bc65746ed6912a5ed6e7ed (diff) | |
download | samba-d9ff454a87410d4756cd61612bfb4aa768301be5.tar.gz samba-d9ff454a87410d4756cd61612bfb4aa768301be5.tar.bz2 samba-d9ff454a87410d4756cd61612bfb4aa768301be5.zip |
r1729: Make the SMB signing code more generic (to share more between client and servers).
Andrew Bartlett
(This used to be commit b90b04e84bc8add235cf9ee7797a608ff48c4ca0)
-rw-r--r-- | source4/include/cli_context.h | 24 | ||||
-rw-r--r-- | source4/libcli/raw/smb_signing.c | 99 |
2 files changed, 70 insertions, 53 deletions
diff --git a/source4/include/cli_context.h b/source4/include/cli_context.h index 2e1bc11d8c..d3ac878b13 100644 --- a/source4/include/cli_context.h +++ b/source4/include/cli_context.h @@ -34,6 +34,18 @@ struct smb_basic_signing_context { uint32_t next_seq_num; }; +struct smb_signing_context { + void (*sign_outgoing_message)(struct smbcli_request *req); + BOOL (*check_incoming_message)(struct smbcli_request *req); + void (*free_signing_context)(struct smb_signing_context *sign_info); + struct smb_basic_signing_context *signing_context; + BOOL negotiated_smb_signing; + BOOL allow_smb_signing; + BOOL doing_signing; + BOOL mandatory_signing; + BOOL seen_valid; /* Have I ever seen a validly signed packet? */ +}; + /* context that will be and has been negotiated between the client and server */ struct smbcli_negotiate { /* @@ -53,17 +65,7 @@ struct smbcli_negotiate { DATA_BLOB secblob; /* cryptkey or negTokenInit blob */ uint32_t sesskey; - struct { - void (*sign_outgoing_message)(struct smbcli_request *req); - BOOL (*check_incoming_message)(struct smbcli_request *req); - void (*free_signing_context)(struct smbcli_transport *transport); - struct smb_basic_signing_context *signing_context; - BOOL negotiated_smb_signing; - BOOL allow_smb_signing; - BOOL doing_signing; - BOOL mandatory_signing; - BOOL seen_valid; /* Have I ever seen a validly signed packet? */ - } sign_info; + struct smb_signing_context sign_info; /* capabilities that the server reported */ uint32_t capabilities; diff --git a/source4/libcli/raw/smb_signing.c b/source4/libcli/raw/smb_signing.c index b65513ebce..c1fad1eaf8 100644 --- a/source4/libcli/raw/smb_signing.c +++ b/source4/libcli/raw/smb_signing.c @@ -41,7 +41,8 @@ static BOOL set_smb_signing_common(struct smbcli_transport *transport) } if (transport->negotiate.sign_info.free_signing_context) - transport->negotiate.sign_info.free_signing_context(transport); + transport->negotiate.sign_info + .free_signing_context(&transport->negotiate.sign_info); /* These calls are INCOMPATIBLE with SMB signing */ transport->negotiate.readbraw_supported = False; @@ -58,26 +59,27 @@ static void mark_packet_signed(struct request_buffer *out) SSVAL(out->hdr, HDR_FLG2, flags2); } -static BOOL signing_good(struct smbcli_request *req, unsigned int seq, BOOL good) +static BOOL signing_good(struct smb_signing_context *sign_info, + unsigned int seq, BOOL good) { if (good) { - if (!req->transport->negotiate.sign_info.doing_signing) { - req->transport->negotiate.sign_info.doing_signing = True; + if (!sign_info->doing_signing) { + sign_info->doing_signing = True; } - if (!req->transport->negotiate.sign_info.seen_valid) { - req->transport->negotiate.sign_info.seen_valid = True; + if (!sign_info->seen_valid) { + sign_info->seen_valid = True; } } else { - if (!req->transport->negotiate.sign_info.seen_valid) { + if (!sign_info->seen_valid) { /* If we have never seen a good packet, just turn it off */ DEBUG(5, ("signing_good: signing negotiated but not required and peer\n" "isn't sending correct signatures. Turning off.\n")); - req->transport->negotiate.sign_info.negotiated_smb_signing = False; - req->transport->negotiate.sign_info.allow_smb_signing = False; - req->transport->negotiate.sign_info.doing_signing = False; - if (req->transport->negotiate.sign_info.free_signing_context) - req->transport->negotiate.sign_info.free_signing_context(req->transport); - smbcli_null_set_signing(req->transport); + sign_info->negotiated_smb_signing = False; + sign_info->allow_smb_signing = False; + sign_info->doing_signing = False; + if (sign_info->free_signing_context) + sign_info->free_signing_context(sign_info); + smbcli_null_set_signing(sign_info); return True; } else { /* bad packet after signing started - fail and disconnect. */ @@ -223,45 +225,41 @@ static BOOL smbcli_request_simple_check_incoming_message(struct smbcli_request * &data->mac_key, req->seq_num+1); - return signing_good(req, req->seq_num+1, good); + return signing_good(&req->transport->negotiate.sign_info, + req->seq_num+1, good); } /*********************************************************** SMB signing - Simple implementation - free signing context ************************************************************/ -static void smbcli_transport_simple_free_signing_context(struct smbcli_transport *transport) +static void smbcli_transport_simple_free_signing_context(struct smb_signing_context *sign_info) { - struct smb_basic_signing_context *data = transport->negotiate.sign_info.signing_context; + struct smb_basic_signing_context *data = sign_info->signing_context; data_blob_free(&data->mac_key); - SAFE_FREE(transport->negotiate.sign_info.signing_context); + SAFE_FREE(sign_info->signing_context); return; } - /*********************************************************** SMB signing - Simple implementation - setup the MAC key. ************************************************************/ -BOOL smbcli_transport_simple_set_signing(struct smbcli_transport *transport, - const DATA_BLOB user_session_key, - const DATA_BLOB response) +BOOL smbcli_simple_set_signing(struct smb_signing_context *sign_info, + const DATA_BLOB user_session_key, + const DATA_BLOB response) { struct smb_basic_signing_context *data; - if (!set_smb_signing_common(transport)) { - return False; - } - - if (transport->negotiate.sign_info.mandatory_signing) { + if (sign_info->mandatory_signing) { DEBUG(5, ("Mandatory SMB signing enabled!\n")); } DEBUG(5, ("SMB signing enabled!\n")); data = smb_xmalloc(sizeof(*data)); - transport->negotiate.sign_info.signing_context = data; + sign_info->signing_context = data; data->mac_key = data_blob(NULL, response.length + user_session_key.length); @@ -276,15 +274,32 @@ BOOL smbcli_transport_simple_set_signing(struct smbcli_transport *transport, /* Initialise the sequence number */ data->next_seq_num = 0; - transport->negotiate.sign_info.sign_outgoing_message = smbcli_request_simple_sign_outgoing_message; - transport->negotiate.sign_info.check_incoming_message = smbcli_request_simple_check_incoming_message; - transport->negotiate.sign_info.free_signing_context = smbcli_transport_simple_free_signing_context; + sign_info->sign_outgoing_message = smbcli_request_simple_sign_outgoing_message; + sign_info->check_incoming_message = smbcli_request_simple_check_incoming_message; + sign_info->free_signing_context = smbcli_transport_simple_free_signing_context; return True; } /*********************************************************** + SMB signing - Simple implementation - setup the MAC key. +************************************************************/ +BOOL smbcli_transport_simple_set_signing(struct smbcli_transport *transport, + const DATA_BLOB user_session_key, + const DATA_BLOB response) +{ + if (!set_smb_signing_common(transport)) { + return False; + } + + return smbcli_simple_set_signing(&transport->negotiate.sign_info, + user_session_key, + response); +} + + +/*********************************************************** SMB signing - NULL implementation - calculate a MAC to send. ************************************************************/ static void smbcli_request_null_sign_outgoing_message(struct smbcli_request *req) @@ -307,7 +322,7 @@ static BOOL smbcli_request_null_check_incoming_message(struct smbcli_request *re /*********************************************************** SMB signing - NULL implementation - free signing context ************************************************************/ -static void smbcli_null_free_signing_context(struct smbcli_transport *transport) +static void smbcli_null_free_signing_context(struct smb_signing_context *sign_info) { } @@ -317,13 +332,13 @@ static void smbcli_null_free_signing_context(struct smbcli_transport *transport) @note Used as an initialisation only - it will not correctly shut down a real signing mechanism */ -BOOL smbcli_null_set_signing(struct smbcli_transport *transport) +BOOL smbcli_null_set_signing(struct smb_signing_context *sign_info) { - transport->negotiate.sign_info.signing_context = NULL; + sign_info->signing_context = NULL; - transport->negotiate.sign_info.sign_outgoing_message = smbcli_request_null_sign_outgoing_message; - transport->negotiate.sign_info.check_incoming_message = smbcli_request_null_check_incoming_message; - transport->negotiate.sign_info.free_signing_context = smbcli_null_free_signing_context; + sign_info->sign_outgoing_message = smbcli_request_null_sign_outgoing_message; + sign_info->check_incoming_message = smbcli_request_null_check_incoming_message; + sign_info->free_signing_context = smbcli_null_free_signing_context; return True; } @@ -354,7 +369,7 @@ static BOOL smbcli_request_temp_check_incoming_message(struct smbcli_request *re /*********************************************************** SMB signing - NULL implementation - free signing context ************************************************************/ -static void smbcli_temp_free_signing_context(struct smbcli_transport *transport) +static void smbcli_temp_free_signing_context(struct smb_signing_context *sign_info) { return; } @@ -383,13 +398,13 @@ BOOL smbcli_temp_set_signing(struct smbcli_transport *transport) /** * Free the signing context */ -void smbcli_transport_free_signing_context(struct smbcli_transport *transport) +void smbcli_transport_free_signing_context(struct smb_signing_context *sign_info) { - if (transport->negotiate.sign_info.free_signing_context) { - transport->negotiate.sign_info.free_signing_context(transport); + if (sign_info->free_signing_context) { + sign_info->free_signing_context(sign_info); } - smbcli_null_set_signing(transport); + smbcli_null_set_signing(sign_info); } @@ -427,7 +442,7 @@ BOOL smbcli_request_check_sign_mac(struct smbcli_request *req) BOOL smbcli_init_signing(struct smbcli_transport *transport) { - if (!smbcli_null_set_signing(transport)) { + if (!smbcli_null_set_signing(&transport->negotiate.sign_info)) { return False; } |