diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2003-02-02 00:11:12 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2003-02-02 00:11:12 +0000 |
| commit | ac2eeb7a8f49d389e024af82184b86e79bfd8976 (patch) | |
| tree | 35302b2b4342d1d0cd8626bc484e63330bf96981 /source3/libsmb | |
| parent | bdeb0de487dfa12fe178eb0b0430fff069ad047d (diff) | |
| download | samba-ac2eeb7a8f49d389e024af82184b86e79bfd8976.tar.gz samba-ac2eeb7a8f49d389e024af82184b86e79bfd8976.tar.bz2 samba-ac2eeb7a8f49d389e024af82184b86e79bfd8976.zip | |
More signing updates - start checking that the server isn't being spoofed.
Andrew Bartlett
(This used to be commit b1c722e306533babeffeba9d8c7dcfa00e019423)
Diffstat (limited to 'source3/libsmb')
| -rw-r--r-- | source3/libsmb/clientgen.c | 5 | ||||
| -rw-r--r-- | source3/libsmb/smbencrypt.c | 38 |
2 files changed, 42 insertions, 1 deletions
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index 3d0bad6c99..b35c7ea2ed 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -114,9 +114,12 @@ BOOL cli_receive_smb(struct cli_state *cli) cli->smb_rw_error = smb_read_error; close(cli->fd); cli->fd = -1; + return ret; } - return ret; + if (!cli_check_sign_mac(cli)) { + DEBUG(0, ("SMB Signiture verification failed on incoming packet!\n")); + }; } /**************************************************************************** diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index 022a57ef6a..a30a48a020 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -5,6 +5,7 @@ Modified by Jeremy Allison 1995. Copyright (C) Jeremy Allison 1995-2000. Copyright (C) Luke Kennethc Casson Leighton 1996-2000. + Copyright (C) Andrew Bartlett <abartlet@samba.org> 2002-2003 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -420,3 +421,40 @@ void cli_caclulate_sign_mac(struct cli_state *cli) cli->sign_info.reply_seq_num = cli->sign_info.send_seq_num; cli->sign_info.send_seq_num++; } + +/*********************************************************** + SMB signing - check a MAC sent by server. +************************************************************/ + +BOOL cli_check_sign_mac(struct cli_state *cli) +{ + unsigned char calc_md5_mac[16]; + unsigned char server_sent_mac[8]; + struct MD5Context md5_ctx; + + if (cli->sign_info.temp_smb_signing) { + return True; + } + + if (!cli->sign_info.use_smb_signing) { + return True; + } + + /* + * Firstly put the sequence number into the first 4 bytes. + * and zero out the next 4 bytes. + */ + + memcpy(server_sent_mac, &cli->inbuf[smb_ss_field], sizeof(server_sent_mac)); + + SIVAL(cli->inbuf, smb_ss_field, cli->sign_info.reply_seq_num); + SIVAL(cli->inbuf, smb_ss_field + 4, 0); + + /* Calculate the 16 byte MAC and place first 8 bytes into the field. */ + MD5Init(&md5_ctx); + MD5Update(&md5_ctx, cli->sign_info.mac_key, cli->sign_info.mac_key_len); + MD5Update(&md5_ctx, cli->inbuf + 4, smb_len(cli->inbuf)); + MD5Final(calc_md5_mac, &md5_ctx); + + return (memcmp(server_sent_mac, calc_md5_mac, 8) == 0); +} |