diff options
author | Jeremy Allison <jra@samba.org> | 2007-03-20 01:17:47 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:18:43 -0500 |
commit | 296dcbac5897ad208c890720d3356a3ddc5f7794 (patch) | |
tree | 3fe4d1926ba57b0517a1b09966ca31a21c30c1a1 | |
parent | b4f19aea18fd6406c56b00c1410ef842720ca4d2 (diff) | |
download | samba-296dcbac5897ad208c890720d3356a3ddc5f7794.tar.gz samba-296dcbac5897ad208c890720d3356a3ddc5f7794.tar.bz2 samba-296dcbac5897ad208c890720d3356a3ddc5f7794.zip |
r21882: The server part of the code has to use an AUTH_NTLMSSP struct,
not just an NTLMSSP - grr. This complicates the re-use of
common client and server code but I think I've got it right.
Not turned on of valgrinded yet, but you can see it start
to take shape !
Jeremy.
(This used to be commit 60fc9c0aedf42dcd9df2ef9f1df07eaf3bca9bce)
-rw-r--r-- | source3/Makefile.in | 2 | ||||
-rw-r--r-- | source3/lib/dummysmbd.c | 15 | ||||
-rw-r--r-- | source3/libsmb/smb_seal.c | 102 | ||||
-rw-r--r-- | source3/smbd/seal.c | 257 | ||||
-rw-r--r-- | source3/smbd/server.c | 2 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 2 | ||||
-rw-r--r-- | source3/smbd/trans2.c | 27 |
7 files changed, 327 insertions, 80 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 40351900c8..4d3fb106cd 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -472,7 +472,7 @@ SMBD_OBJ_SRV = smbd/files.o smbd/chgpasswd.o smbd/connection.o \ smbd/reply.o smbd/sesssetup.o smbd/trans2.o smbd/uid.o \ smbd/dosmode.o smbd/filename.o smbd/open.o smbd/close.o \ smbd/blocking.o smbd/sec_ctx.o smbd/srvstr.o \ - smbd/vfs.o smbd/statcache.o \ + smbd/vfs.o smbd/statcache.o smbd/seal.o \ smbd/posix_acls.o lib/sysacls.o $(SERVER_MUTEX_OBJ) \ smbd/process.o smbd/service.o smbd/error.o \ printing/printfsp.o lib/sysquotas.o lib/sysquotas_linux.o \ diff --git a/source3/lib/dummysmbd.c b/source3/lib/dummysmbd.c index a291a5884d..6017a12928 100644 --- a/source3/lib/dummysmbd.c +++ b/source3/lib/dummysmbd.c @@ -48,3 +48,18 @@ NTSTATUS can_delete_directory(struct connection_struct *conn, return NT_STATUS_OK; } +NTSTATUS srv_decrypt_buffer(char *buf) +{ + return NT_STATUS_OK; +} + +NTSTATUS srv_encrypt_buffer(char *buffer, char **buf_out) +{ + *buf_out = buffer; + return NT_STATUS_OK; +} + +void srv_free_enc_buffer(char *buf) +{ + ; +} diff --git a/source3/libsmb/smb_seal.c b/source3/libsmb/smb_seal.c index 2d1201ae7e..10b9d8fdcb 100644 --- a/source3/libsmb/smb_seal.c +++ b/source3/libsmb/smb_seal.c @@ -25,7 +25,7 @@ Is encryption turned on ? ******************************************************************************/ -static BOOL internal_encryption_on(struct smb_trans_enc_state *es) +BOOL common_encryption_on(struct smb_trans_enc_state *es) { return ((es != NULL) && es->enc_on); } @@ -35,7 +35,7 @@ static BOOL internal_encryption_on(struct smb_trans_enc_state *es) NTLM decrypt an incoming buffer. ******************************************************************************/ -static NTSTATUS internal_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf) +NTSTATUS common_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf) { NTSTATUS status; size_t orig_len = smb_len(buf); @@ -70,7 +70,7 @@ static NTSTATUS internal_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char NTLM encrypt an outgoing buffer. Return the encrypted pointer in ppbuf_out. ******************************************************************************/ -static NTSTATUS internal_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf, char **ppbuf_out) +NTSTATUS common_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf, char **ppbuf_out) { NTSTATUS status; char *buf_out; @@ -123,7 +123,7 @@ static NTSTATUS internal_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char ******************************************************************************/ #if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5) -static NTSTATUS internal_gss_decrypt_buffer(gss_ctx_id_t context_handle, char *buf) +NTSTATUS common_gss_decrypt_buffer(gss_ctx_id_t context_handle, char *buf) { return NT_STATUS_NOT_SUPPORTED; } @@ -135,7 +135,7 @@ static NTSTATUS internal_gss_decrypt_buffer(gss_ctx_id_t context_handle, char *b ******************************************************************************/ #if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5) -static NTSTATUS srv_gss_encrypt_buffer(gss_ctx_id_t context_handle, char *buf, char **buf_out) +NTSTATUS common_gss_encrypt_buffer(gss_ctx_id_t context_handle, char *buf, char **buf_out) { return NT_STATUS_NOT_SUPPORTED; } @@ -146,19 +146,19 @@ static NTSTATUS srv_gss_encrypt_buffer(gss_ctx_id_t context_handle, char *buf, c Encrypt an outgoing buffer. Return the alloced encrypted pointer in buf_out. ******************************************************************************/ -static NTSTATUS internal_encrypt_buffer(struct smb_trans_enc_state *es, char *buffer, char **buf_out) +NTSTATUS common_encrypt_buffer(struct smb_trans_enc_state *es, char *buffer, char **buf_out) { - if (!internal_encryption_on(es)) { + if (!common_encryption_on(es)) { /* Not encrypting. */ *buf_out = buffer; return NT_STATUS_OK; } if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) { - return internal_ntlm_encrypt_buffer(es->ntlmssp_state, buffer, buf_out); + return common_ntlm_encrypt_buffer(es->ntlmssp_state, buffer, buf_out); } else { #if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5) - return internal_gss_encrypt_buffer(es->context_handle, buffer, buf_out); + return common_gss_encrypt_buffer(es->context_handle, buffer, buf_out); #else return NT_STATUS_NOT_SUPPORTED; #endif @@ -171,17 +171,17 @@ static NTSTATUS internal_encrypt_buffer(struct smb_trans_enc_state *es, char *bu New data must be less than or equal to the current length. ******************************************************************************/ -static NTSTATUS internal_decrypt_buffer(struct smb_trans_enc_state *es, char *buf) +NTSTATUS common_decrypt_buffer(struct smb_trans_enc_state *es, char *buf) { - if (!internal_encryption_on(es)) { + if (!common_encryption_on(es)) { /* Not decrypting. */ return NT_STATUS_OK; } if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) { - return internal_ntlm_decrypt_buffer(es->ntlmssp_state, buf); + return common_ntlm_decrypt_buffer(es->ntlmssp_state, buf); } else { #if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5) - return internal_gss_decrypt_buffer(es->context_handle, buf); + return common_gss_decrypt_buffer(es->context_handle, buf); #else return NT_STATUS_NOT_SUPPORTED; #endif @@ -192,7 +192,7 @@ static NTSTATUS internal_decrypt_buffer(struct smb_trans_enc_state *es, char *bu Shutdown an encryption state. ******************************************************************************/ -static void internal_free_encryption_context(struct smb_trans_enc_state **pp_es) +void common_free_encryption_state(struct smb_trans_enc_state **pp_es) { struct smb_trans_enc_state *es = *pp_es; @@ -201,7 +201,9 @@ static void internal_free_encryption_context(struct smb_trans_enc_state **pp_es) } if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) { - ntlmssp_end(&es->ntlmssp_state); + if (es->ntlmssp_state) { + ntlmssp_end(&es->ntlmssp_state); + } } #if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5) if (es->smb_enc_type == SMB_TRANS_ENC_GSS) { @@ -216,9 +218,9 @@ static void internal_free_encryption_context(struct smb_trans_enc_state **pp_es) Free an encryption-allocated buffer. ******************************************************************************/ -static void internal_free_enc_buffer(struct smb_trans_enc_state *es, char *buf) +void common_free_enc_buffer(struct smb_trans_enc_state *es, char *buf) { - if (!internal_encryption_on(es)) { + if (!common_encryption_on(es)) { return; } @@ -242,7 +244,7 @@ static void internal_free_enc_buffer(struct smb_trans_enc_state *es, char *buf) BOOL cli_encryption_on(struct cli_state *cli) { - return internal_encryption_on(cli->trans_enc_state); + return common_encryption_on(cli->trans_enc_state); } /****************************************************************************** @@ -251,7 +253,7 @@ BOOL cli_encryption_on(struct cli_state *cli) void cli_free_encryption_context(struct cli_state *cli) { - return internal_free_encryption_context(&cli->trans_enc_state); + return common_free_encryption_state(&cli->trans_enc_state); } /****************************************************************************** @@ -260,7 +262,7 @@ void cli_free_encryption_context(struct cli_state *cli) void cli_free_enc_buffer(struct cli_state *cli, char *buf) { - return internal_free_enc_buffer(cli->trans_enc_state, buf); + return common_free_enc_buffer(cli->trans_enc_state, buf); } /****************************************************************************** @@ -269,7 +271,7 @@ void cli_free_enc_buffer(struct cli_state *cli, char *buf) NTSTATUS cli_decrypt_message(struct cli_state *cli) { - return internal_decrypt_buffer(cli->trans_enc_state, cli->inbuf); + return common_decrypt_buffer(cli->trans_enc_state, cli->inbuf); } /****************************************************************************** @@ -278,61 +280,5 @@ NTSTATUS cli_decrypt_message(struct cli_state *cli) NTSTATUS cli_encrypt_message(struct cli_state *cli, char **buf_out) { - return internal_encrypt_buffer(cli->trans_enc_state, cli->outbuf, buf_out); -} - -/****************************************************************************** - Server side encryption. -******************************************************************************/ - -/****************************************************************************** - Global server state. -******************************************************************************/ - -static struct smb_trans_enc_state *partial_srv_trans_enc_state; -static struct smb_trans_enc_state *srv_trans_enc_state; - -/****************************************************************************** - Is server encryption on ? -******************************************************************************/ - -BOOL srv_encryption_on(void) -{ - return internal_encryption_on(srv_trans_enc_state); -} - -/****************************************************************************** - Shutdown a server encryption state. -******************************************************************************/ - -void srv_free_encryption_context(void) -{ - return internal_free_encryption_context(&srv_trans_enc_state); -} - -/****************************************************************************** - Free an encryption-allocated buffer. -******************************************************************************/ - -void srv_free_enc_buffer(char *buf) -{ - return internal_free_enc_buffer(srv_trans_enc_state, buf); -} - -/****************************************************************************** - Decrypt an incoming buffer. -******************************************************************************/ - -NTSTATUS srv_decrypt_buffer(char *buf) -{ - return internal_decrypt_buffer(srv_trans_enc_state, buf); -} - -/****************************************************************************** - Encrypt an outgoing buffer. Return the encrypted pointer in buf_out. -******************************************************************************/ - -NTSTATUS srv_encrypt_buffer(char *buffer, char **buf_out) -{ - return internal_encrypt_buffer(srv_trans_enc_state, buffer, buf_out); + return common_encrypt_buffer(cli->trans_enc_state, cli->outbuf, buf_out); } diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c new file mode 100644 index 0000000000..2dd4fc8b62 --- /dev/null +++ b/source3/smbd/seal.c @@ -0,0 +1,257 @@ +/* + Unix SMB/CIFS implementation. + SMB Transport encryption (sealing) code - server code. + Copyright (C) Jeremy Allison 2007. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/****************************************************************************** + Server side encryption. +******************************************************************************/ + +/****************************************************************************** + Global server state. +******************************************************************************/ + +struct smb_srv_trans_enc_ctx { + struct smb_trans_enc_state *es; + AUTH_NTLMSSP_STATE *auth_ntlmssp_state; /* Must be kept in sync with pointer in ec->ntlmssp_state. */ +}; + +static struct smb_srv_trans_enc_ctx *partial_srv_trans_enc_ctx; +static struct smb_srv_trans_enc_ctx *srv_trans_enc_ctx; + +/****************************************************************************** + Is server encryption on ? +******************************************************************************/ + +BOOL srv_encryption_on(void) +{ + if (srv_trans_enc_ctx) { + return common_encryption_on(srv_trans_enc_ctx->es); + } + return False; +} + +/****************************************************************************** + Shutdown a server encryption state. +******************************************************************************/ + +static void srv_free_encryption_context(struct smb_srv_trans_enc_ctx **pp_ec) +{ + struct smb_srv_trans_enc_ctx *ec = *pp_ec; + + if (!ec) { + return; + } + + if (ec->es) { + struct smb_trans_enc_state *es = ec->es; + if (es->smb_enc_type == SMB_TRANS_ENC_NTLM && + ec->auth_ntlmssp_state) { + auth_ntlmssp_end(&ec->auth_ntlmssp_state); + /* The auth_ntlmssp_end killed this already. */ + es->ntlmssp_state = NULL; + } + common_free_encryption_state(&ec->es); + } + + SAFE_FREE(ec); + *pp_ec = NULL; +} + +/****************************************************************************** + Free an encryption-allocated buffer. +******************************************************************************/ + +void srv_free_enc_buffer(char *buf) +{ + if (srv_trans_enc_ctx) { + return common_free_enc_buffer(srv_trans_enc_ctx->es, buf); + } +} + +/****************************************************************************** + Decrypt an incoming buffer. +******************************************************************************/ + +NTSTATUS srv_decrypt_buffer(char *buf) +{ + if (srv_trans_enc_ctx) { + return common_decrypt_buffer(srv_trans_enc_ctx->es, buf); + } + return NT_STATUS_OK; +} + +/****************************************************************************** + Encrypt an outgoing buffer. Return the encrypted pointer in buf_out. +******************************************************************************/ + +NTSTATUS srv_encrypt_buffer(char *buffer, char **buf_out) +{ + if (srv_trans_enc_ctx) { + return common_encrypt_buffer(srv_trans_enc_ctx->es, buffer, buf_out); + } + /* Not encrypting. */ + *buf_out = buffer; + return NT_STATUS_OK; +} + +/****************************************************************************** + Do the gss encryption negotiation. Parameters are in/out. + Until success we do everything on the partial enc ctx. +******************************************************************************/ + +#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5) +static NTSTATUS srv_enc_spnego_gss_negotiate(char **ppdata, size_t *p_data_size, DATA_BLOB *psecblob) +{ + return NT_STATUS_NOT_SUPPORTED; +} +#endif + +/****************************************************************************** + Do the SPNEGO encryption negotiation. Parameters are in/out. + Covers the NTLM case. Based off code in smbd/sesssionsetup.c + Until success we do everything on the partial enc ctx. +******************************************************************************/ + +static NTSTATUS srv_enc_spnego_negotiate(unsigned char **ppdata, size_t *p_data_size) +{ + NTSTATUS status; + DATA_BLOB blob = data_blob(NULL,0); + DATA_BLOB secblob = data_blob(NULL, 0); + DATA_BLOB chal = data_blob(NULL, 0); + DATA_BLOB response = data_blob(NULL, 0); + BOOL got_kerberos_mechanism = False; + struct smb_srv_trans_enc_ctx *ec = NULL; + + blob = data_blob_const(*ppdata, *p_data_size); + + status = parse_spnego_mechanisms(blob, &secblob, &got_kerberos_mechanism); + if (!NT_STATUS_IS_OK(status)) { + return nt_status_squash(status); + } + + /* We should have no partial context at this point. */ + + srv_free_encryption_context(&partial_srv_trans_enc_ctx); + + partial_srv_trans_enc_ctx = SMB_MALLOC_P(struct smb_srv_trans_enc_ctx); + if (!partial_srv_trans_enc_ctx) { + data_blob_free(&secblob); + return NT_STATUS_NO_MEMORY; + } + ZERO_STRUCTP(partial_srv_trans_enc_ctx); + +#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5) + if (got_kerberos_mechanism && lp_use_kerberos_keytab()) ) { + status = srv_enc_spnego_gss_negotiate(ppdata, p_data_size, &secblob); + if (!NT_STATUS_IS_OK(status)) { + data_blob_free(&secblob); + srv_free_encryption_context(&partial_srv_trans_enc_ctx); + } + return status; + } +#endif + + /* Deal with an NTLM enc. setup. */ + ec = partial_srv_trans_enc_ctx; + + status = auth_ntlmssp_start(&ec->auth_ntlmssp_state); + if (!NT_STATUS_IS_OK(status)) { + srv_free_encryption_context(&partial_srv_trans_enc_ctx); + return nt_status_squash(status); + } + + status = auth_ntlmssp_update(ec->auth_ntlmssp_state, secblob, &chal); + data_blob_free(&secblob); + + /* status here should be NT_STATUS_MORE_PROCESSING_REQUIRED + * for success ... */ + + response = spnego_gen_auth_response(&chal, status, OID_NTLMSSP); + data_blob_free(&chal); + + SAFE_FREE(*ppdata); + *ppdata = response.data; + *p_data_size = response.length; + + return status; +} + +/****************************************************************************** + Complete a SPNEGO encryption negotiation. Parameters are in/out. +******************************************************************************/ + +static NTSTATUS srv_enc_spnego_auth(unsigned char **ppdata, size_t *p_data_size) +{ + return NT_STATUS_NOT_SUPPORTED; +} + +/****************************************************************************** + Do the SPNEGO encryption negotiation. Parameters are in/out. +******************************************************************************/ + +NTSTATUS srv_request_encryption_setup(unsigned char **ppdata, size_t *p_data_size) +{ + unsigned char *pdata = *ppdata; + + if (*p_data_size < 1) { + return NT_STATUS_INVALID_PARAMETER; + } + + if (pdata[0] == ASN1_APPLICATION(0)) { + /* + * Until success we do everything on the partial + * enc state. + */ + /* its a negTokenTarg packet */ + return srv_enc_spnego_negotiate(ppdata, p_data_size); + } + + if (pdata[0] == ASN1_CONTEXT(1)) { + /* Its a auth packet */ + return srv_enc_spnego_auth(ppdata, p_data_size); + } + + return NT_STATUS_INVALID_PARAMETER; +} + +/****************************************************************************** + Negotiation was successful - turn on server-side encryption. +******************************************************************************/ + +void srv_encryption_start(void) +{ + srv_free_encryption_context(&srv_trans_enc_ctx); + /* Steal the partial pointer. Deliberate shallow copy. */ + srv_trans_enc_ctx = partial_srv_trans_enc_ctx; + srv_trans_enc_ctx->es->enc_on = True; + + partial_srv_trans_enc_ctx = NULL; +} + +/****************************************************************************** + Shutdown all server contexts. +******************************************************************************/ + +void server_encryption_shutdown(void) +{ + srv_free_encryption_context(&partial_srv_trans_enc_ctx); + srv_free_encryption_context(&srv_trans_enc_ctx); +} diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 3f4313ce7f..348d3354d7 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -743,6 +743,8 @@ static void exit_server_common(enum server_exit_reason how, locking_end(); printing_end(); + server_encryption_shutdown(); + if (how != SERVER_EXIT_NORMAL) { int oldlevel = DEBUGLEVEL; char *last_inbuf = get_InBuffer(); diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index ff1b2821cc..91f4a9e12f 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -634,7 +634,7 @@ static BOOL reply_spnego_ntlmssp(connection_struct *conn, char *inbuf, char *out Is this a krb5 mechanism ? ****************************************************************************/ -static NTSTATUS parse_spnego_mechanisms(DATA_BLOB blob_in, DATA_BLOB *pblob_out, BOOL *p_is_krb5) +NTSTATUS parse_spnego_mechanisms(DATA_BLOB blob_in, DATA_BLOB *pblob_out, BOOL *p_is_krb5) { char *OIDs[ASN1_MAX_OIDS]; int i; diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index deb5db1baf..25fd6621e9 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -2758,6 +2758,33 @@ cap_low = 0x%x, cap_high = 0x%x\n", } break; } + case SMB_REQUEST_TRANSPORT_ENCRYPTION: + { + NTSTATUS status; + size_t data_len = total_data; + + if (!lp_unix_extensions()) { + return ERROR_NT(NT_STATUS_INVALID_LEVEL); + } + + DEBUG( 4,("call_trans2setfsinfo: request transport encrption.\n")); + + status = srv_request_encryption_setup((unsigned char **)&pdata, &data_len); + + if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + error_packet_set(outbuf, 0, 0, status, __LINE__,__FILE__); + } else if (!NT_STATUS_IS_OK(status)) { + return ERROR_NT(status); + } + + send_trans2_replies( outbuf, bufsize, params, 0, pdata, data_len, max_data_bytes); + + if (NT_STATUS_IS_OK(status)) { + /* Server-side transport encryption is now *on*. */ + srv_encryption_start(); + } + return -1; + } case SMB_FS_QUOTA_INFORMATION: { files_struct *fsp = NULL; |