diff options
| author | Jeremy Allison <jra@samba.org> | 2007-03-19 22:45:35 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:18:43 -0500 |
| commit | 7ccf45684a1f83d7d48a4227aa56c53081d68283 (patch) | |
| tree | 53132d4c8691a556ca2cfcdca155c974467d23fa /source3/libsmb/smb_seal.c | |
| parent | 496dbdf4350ffc5f53c9f8f734d2c29b312ff11b (diff) | |
| download | samba-7ccf45684a1f83d7d48a4227aa56c53081d68283.tar.gz samba-7ccf45684a1f83d7d48a4227aa56c53081d68283.tar.bz2 samba-7ccf45684a1f83d7d48a4227aa56c53081d68283.zip | |
r21880: Make client and server calls into encryption code symetrical,
depending on encryption context pointer.
Jeremy.
(This used to be commit d3f3ced6c8a03d971143baf878158d671dfcbc3b)
Diffstat (limited to 'source3/libsmb/smb_seal.c')
| -rw-r--r-- | source3/libsmb/smb_seal.c | 299 |
1 files changed, 211 insertions, 88 deletions
diff --git a/source3/libsmb/smb_seal.c b/source3/libsmb/smb_seal.c index 90efa05f0b..2d1201ae7e 100644 --- a/source3/libsmb/smb_seal.c +++ b/source3/libsmb/smb_seal.c @@ -20,65 +20,22 @@ #include "includes.h" -NTSTATUS cli_decrypt_message(struct cli_state *cli) -{ - return NT_STATUS_OK; -} - -NTSTATUS cli_encrypt_message(struct cli_state *cli) -{ - return NT_STATUS_OK; -} - -/* Server state if we're encrypting SMBs. If NULL then enc is off. */ - -static struct smb_trans_enc_state *srv_trans_enc_state; - /****************************************************************************** - Is server encryption on ? + Generic code for client and server. + Is encryption turned on ? ******************************************************************************/ -BOOL srv_encryption_on(void) +static BOOL internal_encryption_on(struct smb_trans_enc_state *es) { - return srv_trans_enc_state != NULL; + return ((es != NULL) && es->enc_on); } /****************************************************************************** - Free an encryption-allocated buffer. -******************************************************************************/ - -void srv_free_buffer(char *buf_out) -{ - if (!srv_trans_enc_state) { - return; - } - - if (srv_trans_enc_state->smb_enc_type == SMB_TRANS_ENC_NTLM) { - SAFE_FREE(buf_out); - return; - } - -#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5) - /* gss-api free buffer.... */ -#endif -} - -/****************************************************************************** - gss-api decrypt an incoming buffer. -******************************************************************************/ - -#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5) -static NTSTATUS srv_gss_decrypt_buffer(gss_ctx_id_t context_handle, char *buf) -{ - return NT_STATUS_NOT_SUPPORTED; -} -#endif - -/****************************************************************************** + Generic code for client and server. NTLM decrypt an incoming buffer. ******************************************************************************/ -static NTSTATUS srv_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf) +static NTSTATUS internal_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf) { NTSTATUS status; size_t orig_len = smb_len(buf); @@ -109,42 +66,11 @@ static NTSTATUS srv_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf) } /****************************************************************************** - Decrypt an incoming buffer. -******************************************************************************/ - -NTSTATUS srv_decrypt_buffer(char *buf) -{ - if (!srv_trans_enc_state) { - /* Not decrypting. */ - return NT_STATUS_OK; - } - if (srv_trans_enc_state->smb_enc_type == SMB_TRANS_ENC_NTLM) { - return srv_ntlm_decrypt_buffer(srv_trans_enc_state->ntlmssp_state, buf); - } else { -#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5) - return srv_gss_decrypt_buffer(srv_trans_enc_state->context_handle, buf); -#else - return NT_STATUS_NOT_SUPPORTED; -#endif - } -} - -/****************************************************************************** - gss-api encrypt an outgoing buffer. Return the encrypted pointer in buf_out. -******************************************************************************/ - -#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5) -static NTSTATUS srv_gss_encrypt_buffer(gss_ctx_id_t context_handle, char *buf, char **buf_out) -{ - return NT_STATUS_NOT_SUPPORTED; -} -#endif - -/****************************************************************************** + Generic code for client and server. NTLM encrypt an outgoing buffer. Return the encrypted pointer in ppbuf_out. ******************************************************************************/ -static NTSTATUS srv_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf, char **ppbuf_out) +static NTSTATUS internal_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf, char **ppbuf_out) { NTSTATUS status; char *buf_out; @@ -192,24 +118,221 @@ static NTSTATUS srv_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf, } /****************************************************************************** - Encrypt an outgoing buffer. Return the encrypted pointer in buf_out. + Generic code for client and server. + gss-api decrypt an incoming buffer. ******************************************************************************/ -NTSTATUS srv_encrypt_buffer(char *buffer, char **buf_out) +#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5) +static NTSTATUS internal_gss_decrypt_buffer(gss_ctx_id_t context_handle, char *buf) +{ + return NT_STATUS_NOT_SUPPORTED; +} +#endif + +/****************************************************************************** + Generic code for client and server. + gss-api encrypt an outgoing buffer. Return the alloced encrypted pointer in buf_out. +******************************************************************************/ + +#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5) +static NTSTATUS srv_gss_encrypt_buffer(gss_ctx_id_t context_handle, char *buf, char **buf_out) { - if (!srv_trans_enc_state) { + return NT_STATUS_NOT_SUPPORTED; +} +#endif + +/****************************************************************************** + Generic code for client and server. + Encrypt an outgoing buffer. Return the alloced encrypted pointer in buf_out. +******************************************************************************/ + +static NTSTATUS internal_encrypt_buffer(struct smb_trans_enc_state *es, char *buffer, char **buf_out) +{ + if (!internal_encryption_on(es)) { /* Not encrypting. */ *buf_out = buffer; return NT_STATUS_OK; } - if (srv_trans_enc_state->smb_enc_type == SMB_TRANS_ENC_NTLM) { - return srv_ntlm_encrypt_buffer(srv_trans_enc_state->ntlmssp_state, buffer, buf_out); + if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) { + return internal_ntlm_encrypt_buffer(es->ntlmssp_state, buffer, buf_out); } else { #if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5) - return srv_gss_encrypt_buffer(srv_trans_enc_state->context_handle, buffer, buf_out); + return internal_gss_encrypt_buffer(es->context_handle, buffer, buf_out); #else return NT_STATUS_NOT_SUPPORTED; #endif } } + +/****************************************************************************** + Generic code for client and server. + Decrypt an incoming SMB buffer. Replaces the data within it. + New data must be less than or equal to the current length. +******************************************************************************/ + +static NTSTATUS internal_decrypt_buffer(struct smb_trans_enc_state *es, char *buf) +{ + if (!internal_encryption_on(es)) { + /* Not decrypting. */ + return NT_STATUS_OK; + } + if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) { + return internal_ntlm_decrypt_buffer(es->ntlmssp_state, buf); + } else { +#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5) + return internal_gss_decrypt_buffer(es->context_handle, buf); +#else + return NT_STATUS_NOT_SUPPORTED; +#endif + } +} + +/****************************************************************************** + Shutdown an encryption state. +******************************************************************************/ + +static void internal_free_encryption_context(struct smb_trans_enc_state **pp_es) +{ + struct smb_trans_enc_state *es = *pp_es; + + if (es == NULL) { + return; + } + + if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) { + ntlmssp_end(&es->ntlmssp_state); + } +#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5) + if (es->smb_enc_type == SMB_TRANS_ENC_GSS) { + /* Free the gss context handle. */ + } +#endif + SAFE_FREE(es); + *pp_es = NULL; +} + +/****************************************************************************** + Free an encryption-allocated buffer. +******************************************************************************/ + +static void internal_free_enc_buffer(struct smb_trans_enc_state *es, char *buf) +{ + if (!internal_encryption_on(es)) { + return; + } + + if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) { + SAFE_FREE(buf); + return; + } + +#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5) + /* gss-api free buffer.... */ +#endif +} + +/****************************************************************************** + Client side encryption. +******************************************************************************/ + +/****************************************************************************** + Is client encryption on ? +******************************************************************************/ + +BOOL cli_encryption_on(struct cli_state *cli) +{ + return internal_encryption_on(cli->trans_enc_state); +} + +/****************************************************************************** + Shutdown a client encryption state. +******************************************************************************/ + +void cli_free_encryption_context(struct cli_state *cli) +{ + return internal_free_encryption_context(&cli->trans_enc_state); +} + +/****************************************************************************** + Free an encryption-allocated buffer. +******************************************************************************/ + +void cli_free_enc_buffer(struct cli_state *cli, char *buf) +{ + return internal_free_enc_buffer(cli->trans_enc_state, buf); +} + +/****************************************************************************** + Decrypt an incoming buffer. +******************************************************************************/ + +NTSTATUS cli_decrypt_message(struct cli_state *cli) +{ + return internal_decrypt_buffer(cli->trans_enc_state, cli->inbuf); +} + +/****************************************************************************** + Encrypt an outgoing buffer. Return the encrypted pointer in buf_out. +******************************************************************************/ + +NTSTATUS cli_encrypt_message(struct cli_state *cli, char **buf_out) +{ + return internal_encrypt_buffer(cli->trans_enc_state, cli->outbuf, buf_out); +} + +/****************************************************************************** + Server side encryption. +******************************************************************************/ + +/****************************************************************************** + Global server state. +******************************************************************************/ + +static struct smb_trans_enc_state *partial_srv_trans_enc_state; +static struct smb_trans_enc_state *srv_trans_enc_state; + +/****************************************************************************** + Is server encryption on ? +******************************************************************************/ + +BOOL srv_encryption_on(void) +{ + return internal_encryption_on(srv_trans_enc_state); +} + +/****************************************************************************** + Shutdown a server encryption state. +******************************************************************************/ + +void srv_free_encryption_context(void) +{ + return internal_free_encryption_context(&srv_trans_enc_state); +} + +/****************************************************************************** + Free an encryption-allocated buffer. +******************************************************************************/ + +void srv_free_enc_buffer(char *buf) +{ + return internal_free_enc_buffer(srv_trans_enc_state, buf); +} + +/****************************************************************************** + Decrypt an incoming buffer. +******************************************************************************/ + +NTSTATUS srv_decrypt_buffer(char *buf) +{ + return internal_decrypt_buffer(srv_trans_enc_state, buf); +} + +/****************************************************************************** + Encrypt an outgoing buffer. Return the encrypted pointer in buf_out. +******************************************************************************/ + +NTSTATUS srv_encrypt_buffer(char *buffer, char **buf_out) +{ + return internal_encrypt_buffer(srv_trans_enc_state, buffer, buf_out); +} |