Add SMB encryption. Still fixing client decrypt but

negotiation works.
Jeremy.
(This used to be commit d78045601af787731f0737b8627450018902b104)

3 files changed, 60 insertions, 28 deletions

diff --git a/source3/lib/dummysmbd.c b/source3/lib/dummysmbd.c
index e3b179b763..464ba92306 100644
--- a/source3/lib/dummysmbd.c
+++ b/source3/lib/dummysmbd.c
@@ -52,3 +52,23 @@ NTSTATUS can_delete_directory(struct connection_struct *conn,
 	return NT_STATUS_OK;
 }
 
+NTSTATUS srv_decrypt_buffer(char *buf)
+{
+        return NT_STATUS_OK;
+}
+
+NTSTATUS srv_encrypt_buffer(char *buffer, char **buf_out)
+{
+        *buf_out = buffer;
+        return NT_STATUS_OK;
+}
+
+void srv_free_enc_buffer(char *buf)
+{
+        ;
+}
+
+bool srv_encryption_on(void)
+{
+        return false;
+}
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 11c14ea538..7f8a297fac 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -605,32 +605,30 @@ void show_msg(char *buf)
 }
 
 /*******************************************************************
- Set the length and marker of an smb packet.
+ Set the length and marker of an encrypted smb packet.
 ********************************************************************/
 
-void smb_setlen(char *buf,int len)
+void smb_set_enclen(char *buf,int len,uint16 enc_ctx_num)
 {
 	_smb_setlen(buf,len);
 
 	SCVAL(buf,4,0xFF);
-	SCVAL(buf,5,'S');
-	SCVAL(buf,6,'M');
-	SCVAL(buf,7,'B');
+	SCVAL(buf,5,'E');
+	SSVAL(buf,6,enc_ctx_num);
 }
 
 /*******************************************************************
- Setup the word count and byte count for a smb message.
+ Set the length and marker of an smb packet.
 ********************************************************************/
 
-int set_message(char *buf,int num_words,int num_bytes,bool zero)
+void smb_setlen(char *buf,int len)
 {
-	if (zero && (num_words || num_bytes)) {
-		memset(buf + smb_size,'\0',num_words*2 + num_bytes);
-	}
-	SCVAL(buf,smb_wct,num_words);
-	SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);  
-	smb_setlen(buf,smb_size + num_words*2 + num_bytes - 4);
-	return (smb_size + num_words*2 + num_bytes);
+	_smb_setlen(buf,len);
+
+	SCVAL(buf,4,0xFF);
+	SCVAL(buf,5,'S');
+	SCVAL(buf,6,'M');
+	SCVAL(buf,7,'B');
 }
 
 /*******************************************************************
@@ -641,21 +639,11 @@ int set_message_bcc(char *buf,int num_bytes)
 {
 	int num_words = CVAL(buf,smb_wct);
 	SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);
-	smb_setlen(buf,smb_size + num_words*2 + num_bytes - 4);
+	_smb_setlen(buf,smb_size + num_words*2 + num_bytes - 4);
 	return (smb_size + num_words*2 + num_bytes);
 }
 
 /*******************************************************************
- Setup only the byte count for a smb message, using the end of the
- message as a marker.
-********************************************************************/
-
-int set_message_end(void *outbuf,void *end_ptr)
-{
-	return set_message_bcc((char *)outbuf,PTR_DIFF(end_ptr,smb_buf((char *)outbuf)));
-}
-
-/*******************************************************************
  Add a data blob to the end of a smb_buf, adjusting bcc and smb_len.
  Return the bytes added
 ********************************************************************/
diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c
index 8f1bd9e686..d16a8f079a 100644
--- a/source3/lib/util_sock.c
+++ b/source3/lib/util_sock.c
@@ -1287,6 +1287,17 @@ bool receive_smb(int fd, char *buffer, unsigned int timeout, enum smb_read_error
 		return false;
 	}
 
+	if (srv_encryption_on()) {
+		NTSTATUS status = srv_decrypt_buffer(buffer);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0, ("receive_smb: SMB decryption failed "
+				"on incoming packet! Error %s\n",
+				nt_errstr(status) ));
+			cond_set_smb_read_error(pre, SMB_READ_BAD_DECRYPT);
+			return false;
+		}
+	}
+
 	/* Check the incoming SMB signature. */
 	if (!srv_check_sign_mac(buffer, true)) {
 		DEBUG(0, ("receive_smb: SMB Signature verification "
@@ -1307,22 +1318,35 @@ bool send_smb(int fd, char *buffer)
 	size_t len;
 	size_t nwritten=0;
 	ssize_t ret;
+	char *buf_out = buffer;
 
 	/* Sign the outgoing packet if required. */
-	srv_calculate_sign_mac(buffer);
+	srv_calculate_sign_mac(buf_out);
+
+	if (srv_encryption_on()) {
+		NTSTATUS status = srv_encrypt_buffer(buffer, &buf_out);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0, ("send_smb: SMB encryption failed "
+				"on outgoing packet! Error %s\n",
+				nt_errstr(status) ));
+			return false;
+		}
+	}
 
-	len = smb_len(buffer) + 4;
+	len = smb_len(buf_out) + 4;
 
 	while (nwritten < len) {
-		ret = write_data(fd,buffer+nwritten,len - nwritten);
+		ret = write_data(fd,buf_out+nwritten,len - nwritten);
 		if (ret <= 0) {
 			DEBUG(0,("Error writing %d bytes to client. %d. (%s)\n",
 				(int)len,(int)ret, strerror(errno) ));
+			srv_free_enc_buffer(buf_out);
 			return false;
 		}
 		nwritten += ret;
 	}
 
+	srv_free_enc_buffer(buf_out);
 	return true;
 }