summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2002-06-14 22:38:43 +0000
committerJeremy Allison <jra@samba.org>2002-06-14 22:38:43 +0000
commitcaa4262db6115a6880af9618b7fe8130eecd4b98 (patch)
tree7b0c6f88fd735de9b3991dd04e8faa869b7ddbfe
parentd8b685ea2743291593bff0886f29f7359273f39a (diff)
downloadsamba-caa4262db6115a6880af9618b7fe8130eecd4b98.tar.gz
samba-caa4262db6115a6880af9618b7fe8130eecd4b98.tar.bz2
samba-caa4262db6115a6880af9618b7fe8130eecd4b98.zip
More of SMB signing for client - not yet finished (should be harmless).
Jeremy. (This used to be commit c1b20db4bb4bb1ba485466f50b9795470027327c)
-rw-r--r--source3/include/client.h3
-rw-r--r--source3/include/smb.h3
-rw-r--r--source3/libsmb/clientgen.c23
-rw-r--r--source3/libsmb/smbencrypt.c27
4 files changed, 45 insertions, 11 deletions
diff --git a/source3/include/client.h b/source3/include/client.h
index 90ba30c7dd..e2eda54948 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -61,7 +61,8 @@ typedef struct smb_sign_info {
BOOL use_smb_signing;
size_t mac_key_len;
uint8 mac_key[44];
- uint32 seq_num;
+ uint32 send_seq_num;
+ uint32 reply_seq_num;
} smb_sign_info;
struct cli_state {
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 531f270c3d..6211ddef22 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -787,7 +787,8 @@ struct bitmap {
#define smb_err 11
#define smb_flg 13
#define smb_flg2 14
-#define smb_reb 13
+#define smb_pidhigh 16
+#define smb_ss_field 18
#define smb_tid 28
#define smb_pid 30
#define smb_uid 32
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index dee86b2b05..5f42148078 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -107,7 +107,7 @@ BOOL cli_receive_smb(struct cli_state *cli)
}
/****************************************************************************
- send an smb to a fd.
+ Send an smb to a fd.
****************************************************************************/
BOOL cli_send_smb(struct cli_state *cli)
@@ -117,31 +117,34 @@ BOOL cli_send_smb(struct cli_state *cli)
ssize_t ret;
/* fd == -1 causes segfaults -- Tom (tom@ninja.nl) */
- if (cli->fd == -1) return False;
+ if (cli->fd == -1)
+ return False;
+
+ if (SVAL(cli->outbuf,smb_flg2) & FLAGS2_SMB_SECUIRTY_SIGNITURES)
+ cli_caclulate_sign_mac(cli);
len = smb_len(cli->outbuf) + 4;
while (nwritten < len) {
ret = write_socket(cli->fd,cli->outbuf+nwritten,len - nwritten);
if (ret <= 0) {
- close(cli->fd);
- cli->fd = -1;
- DEBUG(0,("Error writing %d bytes to client. %d\n",
- (int)len,(int)ret));
+ close(cli->fd);
+ cli->fd = -1;
+ DEBUG(0,("Error writing %d bytes to client. %d\n", (int)len,(int)ret));
return False;
}
nwritten += ret;
}
-
return True;
}
/****************************************************************************
-setup basics in a outgoing packet
+ Setup basics in a outgoing packet.
****************************************************************************/
+
void cli_setup_packet(struct cli_state *cli)
{
- cli->rap_error = 0;
+ cli->rap_error = 0;
SSVAL(cli->outbuf,smb_pid,cli->pid);
SSVAL(cli->outbuf,smb_uid,cli->vuid);
SSVAL(cli->outbuf,smb_mid,cli->mid);
@@ -158,6 +161,8 @@ void cli_setup_packet(struct cli_state *cli)
if (cli->use_spnego) {
flags2 |= FLAGS2_EXTENDED_SECURITY;
}
+ if (cli->sign_info.use_smb_signing)
+ flags2 |= FLAGS2_SMB_SECUIRTY_SIGNITURES;
SSVAL(cli->outbuf,smb_flg2, flags2);
}
}
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index fa1eaedb5a..de469c0293 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -331,5 +331,32 @@ BOOL decode_pw_buffer(char in_buffer[516], char *new_pwrd,
#endif
return True;
+}
+
+/***********************************************************
+ SMB signing - calculate a MAC to send.
+************************************************************/
+void cli_caclulate_sign_mac(struct cli_state *cli)
+{
+ unsigned char calc_md5_mac[16];
+ struct MD5Context md5_ctx;
+
+ /*
+ * Firstly put the sequence number into the first 4 bytes.
+ * and zero out the next 4 bytes.
+ */
+ SIVAL(cli->outbuf, smb_ss_field, cli->sign_info.send_seq_num);
+ SIVAL(cli->outbuf, smb_ss_field + 4, 0);
+
+ /* Calculate the 16 byte MAC and place first 8 bytes into the field. */
+ MD5Init(&md5_ctx);
+ MD5Update(&md5_ctx, cli->sign_info.mac_key, cli->sign_info.mac_key_len);
+ MD5Update(&md5_ctx, cli->outbuf + 4, smb_len(cli->outbuf));
+ MD5Final(calc_md5_mac, &md5_ctx);
+
+ memcpy(&cli->outbuf[smb_ss_field], calc_md5_mac, 8);
+ cli->sign_info.send_seq_num++;
+ cli->sign_info.reply_seq_num = cli->sign_info.send_seq_num;
+ cli->sign_info.send_seq_num++;
}