diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2003-04-06 13:08:07 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2003-04-06 13:08:07 +0000 |
| commit | 88ed48d0f935db136318fafe6e541cf7cbaed5e2 (patch) | |
| tree | 1d1d62ce15b731e3e40b7212da3bc836f2c176df /source3/libsmb/smb_signing.c | |
| parent | 9496f1e2063eb0b93142bfaf86979b21bf8b56e6 (diff) | |
| download | samba-88ed48d0f935db136318fafe6e541cf7cbaed5e2.tar.gz samba-88ed48d0f935db136318fafe6e541cf7cbaed5e2.tar.bz2 samba-88ed48d0f935db136318fafe6e541cf7cbaed5e2.zip | |
SMB signing updates - this gets NTLMSSP signing workin to the point where I
just need to get the verifiction code working - we get back a signiture from
the server, and just can't verify it yet.
This also brings the short-packet checks into common code, and breaks the
connection if the server sends a signed reply, on an established connection,
that fails the test.
This breaks our read/write code at the moment, as we need to keep a list
of outstanding packets.
(signing is not enabled by default, unless the server demands it)
Not for 3.0 till I fix the outstanding packet list.
Andrew Barlett
(This used to be commit 808d1fcf20153970d587cb631a08607beb09703a)
Diffstat (limited to 'source3/libsmb/smb_signing.c')
| -rw-r--r-- | source3/libsmb/smb_signing.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c index 9bbf7ef91c..42c4d5574d 100644 --- a/source3/libsmb/smb_signing.c +++ b/source3/libsmb/smb_signing.c @@ -160,11 +160,6 @@ static BOOL cli_simple_check_incoming_message(struct cli_state *cli) SIVAL(sequence_buf, 0, data->reply_seq_num); SIVAL(sequence_buf, 4, 0); - if (smb_len(cli->inbuf) < (offset_end_of_sig - 4)) { - DEBUG(1, ("Can't check signature on short packet! smb_len = %u\n", smb_len(cli->inbuf))); - return False; - } - /* get a copy of the server-sent mac */ memcpy(server_sent_mac, &cli->inbuf[smb_ss_field], sizeof(server_sent_mac)); @@ -275,7 +270,7 @@ static BOOL cli_ntlmssp_check_incoming_message(struct cli_state *cli) { BOOL good; NTSTATUS nt_status; - DATA_BLOB sig = data_blob(&cli->outbuf[smb_ss_field], 8); + DATA_BLOB sig = data_blob(&cli->inbuf[smb_ss_field], 8); NTLMSSP_CLIENT_STATE *ntlmssp_state = cli->sign_info.signing_context; @@ -460,8 +455,14 @@ void cli_caclulate_sign_mac(struct cli_state *cli) BOOL cli_check_sign_mac(struct cli_state *cli) { BOOL good; - good = cli->sign_info.check_incoming_message(cli); - + + if (smb_len(cli->inbuf) < (smb_ss_field + 8 - 4)) { + DEBUG(1, ("Can't check signature on short packet! smb_len = %u\n", smb_len(cli->inbuf))); + good = False; + } else { + good = cli->sign_info.check_incoming_message(cli); + } + if (!good) { if (cli->sign_info.doing_signing) { return False; |