summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-04-21 13:00:39 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-04-21 13:00:39 +0000
commit1e2147fc0f677914fb2e3168b4fd4d7ddb4b9867 (patch)
tree0e1940167dadde16357fc2eb24fff19aa81e938d
parentfd8d17393d90f756ddbbbec02be10ee3fb673e76 (diff)
downloadsamba-1e2147fc0f677914fb2e3168b4fd4d7ddb4b9867.tar.gz
samba-1e2147fc0f677914fb2e3168b4fd4d7ddb4b9867.tar.bz2
samba-1e2147fc0f677914fb2e3168b4fd4d7ddb4b9867.zip
Merge SMB signing, cli buffer clobber and NTLMSSP signing tweaks from HEAD.
(This used to be commit c6c4f69b8ddc500890a65829e1b9fb7a3e9839e9)
-rw-r--r--source3/libsmb/clientgen.c15
-rw-r--r--source3/libsmb/clierror.c12
-rw-r--r--source3/libsmb/ntlmssp.c2
-rw-r--r--source3/libsmb/ntlmssp_sign.c26
-rw-r--r--source3/libsmb/smb_signing.c15
5 files changed, 50 insertions, 20 deletions
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 81b3bbcab5..81cb61d757 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -118,7 +118,10 @@ BOOL cli_receive_smb(struct cli_state *cli)
}
if (!cli_check_sign_mac(cli)) {
- DEBUG(0, ("SMB Signiture verification failed on incoming packet!\n"));
+ DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
+ cli->smb_rw_error = READ_BAD_SIG;
+ close(cli->fd);
+ cli->fd = -1;
return False;
};
return True;
@@ -259,9 +262,6 @@ struct cli_state *cli_initialise(struct cli_state *cli)
if (getenv("CLI_FORCE_DOSERR"))
cli->force_dos_errors = True;
- /* initialise signing */
- cli_null_set_signing(cli);
-
if (lp_client_signing())
cli->sign_info.allow_smb_signing = True;
@@ -274,6 +274,13 @@ struct cli_state *cli_initialise(struct cli_state *cli)
memset(cli->outbuf, 0, cli->bufsize);
memset(cli->inbuf, 0, cli->bufsize);
+ /* just becouse we over-allocate, doesn't mean it's right to use it */
+ clobber_region(FUNCTION_MACRO, __LINE__, cli->outbuf+cli->bufsize, SAFETY_MARGIN);
+ clobber_region(FUNCTION_MACRO, __LINE__, cli->inbuf+cli->bufsize, SAFETY_MARGIN);
+
+ /* initialise signing */
+ cli_null_set_signing(cli);
+
cli->nt_pipe_fnum = 0;
cli->saved_netlogon_pipe_fnum = 0;
diff --git a/source3/libsmb/clierror.c b/source3/libsmb/clierror.c
index cea736ef18..9ee181a90f 100644
--- a/source3/libsmb/clierror.c
+++ b/source3/libsmb/clierror.c
@@ -96,17 +96,21 @@ const char *cli_errstr(struct cli_state *cli)
break;
case READ_EOF:
slprintf(cli_error_message, sizeof(cli_error_message) - 1,
- "Call returned zero bytes (EOF)\n" );
+ "Call returned zero bytes (EOF)" );
break;
case READ_ERROR:
slprintf(cli_error_message, sizeof(cli_error_message) - 1,
- "Read error: %s\n", strerror(errno) );
+ "Read error: %s", strerror(errno) );
break;
case WRITE_ERROR:
slprintf(cli_error_message, sizeof(cli_error_message) - 1,
- "Write error: %s\n", strerror(errno) );
+ "Write error: %s", strerror(errno) );
break;
- default:
+ case READ_BAD_SIG:
+ slprintf(cli_error_message, sizeof(cli_error_message) - 1,
+ "Server packet had invalid SMB signiture!");
+ break;
+ default:
slprintf(cli_error_message, sizeof(cli_error_message) - 1,
"Unknown error code %d\n", cli->smb_rw_error );
break;
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index c179b98abf..d54655d17f 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -385,7 +385,7 @@ NTSTATUS ntlmssp_server_update(NTLMSSP_STATE *ntlmssp_state,
} else if (ntlmssp_command == NTLMSSP_AUTH) {
return ntlmssp_server_auth(ntlmssp_state, request, reply);
} else {
- DEBUG(1, ("unknown NTLMSSP command %u expected %u\n", ntlmssp_command, ntlmssp_state->expected_state));
+ DEBUG(1, ("unknown NTLMSSP command %u, expected %u\n", ntlmssp_command, ntlmssp_state->expected_state));
return NT_STATUS_INVALID_PARAMETER;
}
}
diff --git a/source3/libsmb/ntlmssp_sign.c b/source3/libsmb/ntlmssp_sign.c
index 8f6bd0c691..86faf1f5e6 100644
--- a/source3/libsmb/ntlmssp_sign.c
+++ b/source3/libsmb/ntlmssp_sign.c
@@ -92,8 +92,14 @@ static void calc_ntlmv2_hash(unsigned char hash[16], char digest[16],
calc_hash(hash, digest, 16);
}
+enum ntlmssp_direction {
+ NTLMSSP_SEND,
+ NTLMSSP_RECEIVE
+};
+
static NTSTATUS ntlmssp_make_packet_signiture(NTLMSSP_CLIENT_STATE *ntlmssp_state,
const uchar *data, size_t length,
+ enum ntlmssp_direction direction,
DATA_BLOB *sig)
{
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
@@ -110,8 +116,14 @@ static NTSTATUS ntlmssp_make_packet_signiture(NTLMSSP_CLIENT_STATE *ntlmssp_stat
if (!msrpc_gen(sig, "Bd", digest, sizeof(digest), ntlmssp_state->ntlmssp_seq_num)) {
return NT_STATUS_NO_MEMORY;
}
-
- NTLMSSPcalc_ap(ntlmssp_state->cli_seal_hash, sig->data, sig->length);
+ switch (direction) {
+ case NTLMSSP_SEND:
+ NTLMSSPcalc_ap(ntlmssp_state->cli_sign_hash, sig->data, sig->length);
+ break;
+ case NTLMSSP_RECEIVE:
+ NTLMSSPcalc_ap(ntlmssp_state->srv_sign_hash, sig->data, sig->length);
+ break;
+ }
} else {
uint32 crc;
crc = crc32_calc_buffer(data, length);
@@ -129,7 +141,7 @@ NTSTATUS ntlmssp_client_sign_packet(NTLMSSP_CLIENT_STATE *ntlmssp_state,
DATA_BLOB *sig)
{
ntlmssp_state->ntlmssp_seq_num++;
- return ntlmssp_make_packet_signiture(ntlmssp_state, data, length, sig);
+ return ntlmssp_make_packet_signiture(ntlmssp_state, data, length, NTLMSSP_SEND, sig);
}
/**
@@ -151,7 +163,7 @@ NTSTATUS ntlmssp_client_check_packet(NTLMSSP_CLIENT_STATE *ntlmssp_state,
}
nt_status = ntlmssp_make_packet_signiture(ntlmssp_state, data,
- length, &local_sig);
+ length, NTLMSSP_RECEIVE, &local_sig);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("NTLMSSP packet check failed with %s\n", nt_errstr(nt_status)));
@@ -161,6 +173,12 @@ NTSTATUS ntlmssp_client_check_packet(NTLMSSP_CLIENT_STATE *ntlmssp_state,
if (memcmp(sig->data, local_sig.data, MIN(sig->length, local_sig.length)) == 0) {
return NT_STATUS_OK;
} else {
+ DEBUG(5, ("BAD SIG: wanted signature of\n"));
+ dump_data(5, local_sig.data, local_sig.length);
+
+ DEBUG(5, ("BAD SIG: got signature of\n"));
+ dump_data(5, sig->data, sig->length);
+
DEBUG(0, ("NTLMSSP packet check failed due to invalid signiture!\n"));
return NT_STATUS_ACCESS_DENIED;
}
diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c
index 9b473fa736..4e9b895a1b 100644
--- a/source3/libsmb/smb_signing.c
+++ b/source3/libsmb/smb_signing.c
@@ -160,11 +160,6 @@ static BOOL cli_simple_check_incoming_message(struct cli_state *cli)
SIVAL(sequence_buf, 0, data->reply_seq_num);
SIVAL(sequence_buf, 4, 0);
- if (smb_len(cli->inbuf) < (offset_end_of_sig - 4)) {
- DEBUG(1, ("Can't check signature on short packet! smb_len = %u\n", smb_len(cli->inbuf)));
- return False;
- }
-
/* get a copy of the server-sent mac */
memcpy(server_sent_mac, &cli->inbuf[smb_ss_field], sizeof(server_sent_mac));
@@ -460,8 +455,14 @@ void cli_caclulate_sign_mac(struct cli_state *cli)
BOOL cli_check_sign_mac(struct cli_state *cli)
{
BOOL good;
- good = cli->sign_info.check_incoming_message(cli);
-
+
+ if (smb_len(cli->inbuf) < (smb_ss_field + 8 - 4)) {
+ DEBUG(cli->sign_info.doing_signing ? 1 : 10, ("Can't check signature on short packet! smb_len = %u\n", smb_len(cli->inbuf)));
+ good = False;
+ } else {
+ good = cli->sign_info.check_incoming_message(cli);
+ }
+
if (!good) {
if (cli->sign_info.doing_signing) {
return False;