summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-08-11 18:05:30 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:57:50 -0500
commitd9ff454a87410d4756cd61612bfb4aa768301be5 (patch)
tree16e4d7b58d7c4294092710e668843f566ddbe818
parent5fa350cb1334a4b888bc65746ed6912a5ed6e7ed (diff)
downloadsamba-d9ff454a87410d4756cd61612bfb4aa768301be5.tar.gz
samba-d9ff454a87410d4756cd61612bfb4aa768301be5.tar.bz2
samba-d9ff454a87410d4756cd61612bfb4aa768301be5.zip
r1729: Make the SMB signing code more generic (to share more between client and servers).
Andrew Bartlett (This used to be commit b90b04e84bc8add235cf9ee7797a608ff48c4ca0)
-rw-r--r--source4/include/cli_context.h24
-rw-r--r--source4/libcli/raw/smb_signing.c99
2 files changed, 70 insertions, 53 deletions
diff --git a/source4/include/cli_context.h b/source4/include/cli_context.h
index 2e1bc11d8c..d3ac878b13 100644
--- a/source4/include/cli_context.h
+++ b/source4/include/cli_context.h
@@ -34,6 +34,18 @@ struct smb_basic_signing_context {
uint32_t next_seq_num;
};
+struct smb_signing_context {
+ void (*sign_outgoing_message)(struct smbcli_request *req);
+ BOOL (*check_incoming_message)(struct smbcli_request *req);
+ void (*free_signing_context)(struct smb_signing_context *sign_info);
+ struct smb_basic_signing_context *signing_context;
+ BOOL negotiated_smb_signing;
+ BOOL allow_smb_signing;
+ BOOL doing_signing;
+ BOOL mandatory_signing;
+ BOOL seen_valid; /* Have I ever seen a validly signed packet? */
+};
+
/* context that will be and has been negotiated between the client and server */
struct smbcli_negotiate {
/*
@@ -53,17 +65,7 @@ struct smbcli_negotiate {
DATA_BLOB secblob; /* cryptkey or negTokenInit blob */
uint32_t sesskey;
- struct {
- void (*sign_outgoing_message)(struct smbcli_request *req);
- BOOL (*check_incoming_message)(struct smbcli_request *req);
- void (*free_signing_context)(struct smbcli_transport *transport);
- struct smb_basic_signing_context *signing_context;
- BOOL negotiated_smb_signing;
- BOOL allow_smb_signing;
- BOOL doing_signing;
- BOOL mandatory_signing;
- BOOL seen_valid; /* Have I ever seen a validly signed packet? */
- } sign_info;
+ struct smb_signing_context sign_info;
/* capabilities that the server reported */
uint32_t capabilities;
diff --git a/source4/libcli/raw/smb_signing.c b/source4/libcli/raw/smb_signing.c
index b65513ebce..c1fad1eaf8 100644
--- a/source4/libcli/raw/smb_signing.c
+++ b/source4/libcli/raw/smb_signing.c
@@ -41,7 +41,8 @@ static BOOL set_smb_signing_common(struct smbcli_transport *transport)
}
if (transport->negotiate.sign_info.free_signing_context)
- transport->negotiate.sign_info.free_signing_context(transport);
+ transport->negotiate.sign_info
+ .free_signing_context(&transport->negotiate.sign_info);
/* These calls are INCOMPATIBLE with SMB signing */
transport->negotiate.readbraw_supported = False;
@@ -58,26 +59,27 @@ static void mark_packet_signed(struct request_buffer *out)
SSVAL(out->hdr, HDR_FLG2, flags2);
}
-static BOOL signing_good(struct smbcli_request *req, unsigned int seq, BOOL good)
+static BOOL signing_good(struct smb_signing_context *sign_info,
+ unsigned int seq, BOOL good)
{
if (good) {
- if (!req->transport->negotiate.sign_info.doing_signing) {
- req->transport->negotiate.sign_info.doing_signing = True;
+ if (!sign_info->doing_signing) {
+ sign_info->doing_signing = True;
}
- if (!req->transport->negotiate.sign_info.seen_valid) {
- req->transport->negotiate.sign_info.seen_valid = True;
+ if (!sign_info->seen_valid) {
+ sign_info->seen_valid = True;
}
} else {
- if (!req->transport->negotiate.sign_info.seen_valid) {
+ if (!sign_info->seen_valid) {
/* If we have never seen a good packet, just turn it off */
DEBUG(5, ("signing_good: signing negotiated but not required and peer\n"
"isn't sending correct signatures. Turning off.\n"));
- req->transport->negotiate.sign_info.negotiated_smb_signing = False;
- req->transport->negotiate.sign_info.allow_smb_signing = False;
- req->transport->negotiate.sign_info.doing_signing = False;
- if (req->transport->negotiate.sign_info.free_signing_context)
- req->transport->negotiate.sign_info.free_signing_context(req->transport);
- smbcli_null_set_signing(req->transport);
+ sign_info->negotiated_smb_signing = False;
+ sign_info->allow_smb_signing = False;
+ sign_info->doing_signing = False;
+ if (sign_info->free_signing_context)
+ sign_info->free_signing_context(sign_info);
+ smbcli_null_set_signing(sign_info);
return True;
} else {
/* bad packet after signing started - fail and disconnect. */
@@ -223,45 +225,41 @@ static BOOL smbcli_request_simple_check_incoming_message(struct smbcli_request *
&data->mac_key,
req->seq_num+1);
- return signing_good(req, req->seq_num+1, good);
+ return signing_good(&req->transport->negotiate.sign_info,
+ req->seq_num+1, good);
}
/***********************************************************
SMB signing - Simple implementation - free signing context
************************************************************/
-static void smbcli_transport_simple_free_signing_context(struct smbcli_transport *transport)
+static void smbcli_transport_simple_free_signing_context(struct smb_signing_context *sign_info)
{
- struct smb_basic_signing_context *data = transport->negotiate.sign_info.signing_context;
+ struct smb_basic_signing_context *data = sign_info->signing_context;
data_blob_free(&data->mac_key);
- SAFE_FREE(transport->negotiate.sign_info.signing_context);
+ SAFE_FREE(sign_info->signing_context);
return;
}
-
/***********************************************************
SMB signing - Simple implementation - setup the MAC key.
************************************************************/
-BOOL smbcli_transport_simple_set_signing(struct smbcli_transport *transport,
- const DATA_BLOB user_session_key,
- const DATA_BLOB response)
+BOOL smbcli_simple_set_signing(struct smb_signing_context *sign_info,
+ const DATA_BLOB user_session_key,
+ const DATA_BLOB response)
{
struct smb_basic_signing_context *data;
- if (!set_smb_signing_common(transport)) {
- return False;
- }
-
- if (transport->negotiate.sign_info.mandatory_signing) {
+ if (sign_info->mandatory_signing) {
DEBUG(5, ("Mandatory SMB signing enabled!\n"));
}
DEBUG(5, ("SMB signing enabled!\n"));
data = smb_xmalloc(sizeof(*data));
- transport->negotiate.sign_info.signing_context = data;
+ sign_info->signing_context = data;
data->mac_key = data_blob(NULL, response.length + user_session_key.length);
@@ -276,15 +274,32 @@ BOOL smbcli_transport_simple_set_signing(struct smbcli_transport *transport,
/* Initialise the sequence number */
data->next_seq_num = 0;
- transport->negotiate.sign_info.sign_outgoing_message = smbcli_request_simple_sign_outgoing_message;
- transport->negotiate.sign_info.check_incoming_message = smbcli_request_simple_check_incoming_message;
- transport->negotiate.sign_info.free_signing_context = smbcli_transport_simple_free_signing_context;
+ sign_info->sign_outgoing_message = smbcli_request_simple_sign_outgoing_message;
+ sign_info->check_incoming_message = smbcli_request_simple_check_incoming_message;
+ sign_info->free_signing_context = smbcli_transport_simple_free_signing_context;
return True;
}
/***********************************************************
+ SMB signing - Simple implementation - setup the MAC key.
+************************************************************/
+BOOL smbcli_transport_simple_set_signing(struct smbcli_transport *transport,
+ const DATA_BLOB user_session_key,
+ const DATA_BLOB response)
+{
+ if (!set_smb_signing_common(transport)) {
+ return False;
+ }
+
+ return smbcli_simple_set_signing(&transport->negotiate.sign_info,
+ user_session_key,
+ response);
+}
+
+
+/***********************************************************
SMB signing - NULL implementation - calculate a MAC to send.
************************************************************/
static void smbcli_request_null_sign_outgoing_message(struct smbcli_request *req)
@@ -307,7 +322,7 @@ static BOOL smbcli_request_null_check_incoming_message(struct smbcli_request *re
/***********************************************************
SMB signing - NULL implementation - free signing context
************************************************************/
-static void smbcli_null_free_signing_context(struct smbcli_transport *transport)
+static void smbcli_null_free_signing_context(struct smb_signing_context *sign_info)
{
}
@@ -317,13 +332,13 @@ static void smbcli_null_free_signing_context(struct smbcli_transport *transport)
@note Used as an initialisation only - it will not correctly
shut down a real signing mechanism
*/
-BOOL smbcli_null_set_signing(struct smbcli_transport *transport)
+BOOL smbcli_null_set_signing(struct smb_signing_context *sign_info)
{
- transport->negotiate.sign_info.signing_context = NULL;
+ sign_info->signing_context = NULL;
- transport->negotiate.sign_info.sign_outgoing_message = smbcli_request_null_sign_outgoing_message;
- transport->negotiate.sign_info.check_incoming_message = smbcli_request_null_check_incoming_message;
- transport->negotiate.sign_info.free_signing_context = smbcli_null_free_signing_context;
+ sign_info->sign_outgoing_message = smbcli_request_null_sign_outgoing_message;
+ sign_info->check_incoming_message = smbcli_request_null_check_incoming_message;
+ sign_info->free_signing_context = smbcli_null_free_signing_context;
return True;
}
@@ -354,7 +369,7 @@ static BOOL smbcli_request_temp_check_incoming_message(struct smbcli_request *re
/***********************************************************
SMB signing - NULL implementation - free signing context
************************************************************/
-static void smbcli_temp_free_signing_context(struct smbcli_transport *transport)
+static void smbcli_temp_free_signing_context(struct smb_signing_context *sign_info)
{
return;
}
@@ -383,13 +398,13 @@ BOOL smbcli_temp_set_signing(struct smbcli_transport *transport)
/**
* Free the signing context
*/
-void smbcli_transport_free_signing_context(struct smbcli_transport *transport)
+void smbcli_transport_free_signing_context(struct smb_signing_context *sign_info)
{
- if (transport->negotiate.sign_info.free_signing_context) {
- transport->negotiate.sign_info.free_signing_context(transport);
+ if (sign_info->free_signing_context) {
+ sign_info->free_signing_context(sign_info);
}
- smbcli_null_set_signing(transport);
+ smbcli_null_set_signing(sign_info);
}
@@ -427,7 +442,7 @@ BOOL smbcli_request_check_sign_mac(struct smbcli_request *req)
BOOL smbcli_init_signing(struct smbcli_transport *transport)
{
- if (!smbcli_null_set_signing(transport)) {
+ if (!smbcli_null_set_signing(&transport->negotiate.sign_info)) {
return False;
}