summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2008-01-04 12:56:23 -0800
committerJeremy Allison <jra@samba.org>2008-01-04 12:56:23 -0800
commit9254bb4ef1c3c3a52ea8e935edb0e7a86ec3ea7a (patch)
treed4b770708ccb2a8b100d6817ee039f41b6e1ac00 /source3/libsmb
parent517ad5318d3d196713b96f69eff8e2f5d38d922a (diff)
downloadsamba-9254bb4ef1c3c3a52ea8e935edb0e7a86ec3ea7a.tar.gz
samba-9254bb4ef1c3c3a52ea8e935edb0e7a86ec3ea7a.tar.bz2
samba-9254bb4ef1c3c3a52ea8e935edb0e7a86ec3ea7a.zip
Refactor the crypto code after a very helpful conversation
with Volker. Mostly making sure we have data on the incoming packet type, not stored in the smb header. Jeremy. (This used to be commit c4e5a505043965eec77b5bb9bc60957e8f3b97c8)
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/smb_seal.c25
-rw-r--r--source3/libsmb/smb_signing.c8
2 files changed, 17 insertions, 16 deletions
diff --git a/source3/libsmb/smb_seal.c b/source3/libsmb/smb_seal.c
index 055a27d05a..b5befbf7cd 100644
--- a/source3/libsmb/smb_seal.c
+++ b/source3/libsmb/smb_seal.c
@@ -23,13 +23,13 @@
Pull out the encryption context for this packet. 0 means global context.
******************************************************************************/
-NTSTATUS get_enc_ctx_num(const char *buf, uint16 *p_enc_ctx_num)
+NTSTATUS get_enc_ctx_num(const uint8_t *buf, uint16 *p_enc_ctx_num)
{
if (smb_len(buf) < 8) {
return NT_STATUS_INVALID_BUFFER_SIZE;
}
- if (buf[4] == (char)0xFF) {
+ if (buf[4] == 0xFF) {
if (buf[5] == 'S' && buf [6] == 'M' && buf[7] == 'B') {
/* Not an encrypted buffer. */
return NT_STATUS_NOT_FOUND;
@@ -93,8 +93,8 @@ NTSTATUS common_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf)
memcpy(buf + 8, inbuf + 8 + NTLMSSP_SIG_SIZE, data_len);
- /* Reset the length. */
- _smb_setlen(buf,data_len + 4);
+ /* Reset the length and overwrite the header. */
+ smb_setlen(buf,data_len + 4);
SAFE_FREE(inbuf);
return NT_STATUS_OK;
@@ -203,7 +203,8 @@ static NTSTATUS common_gss_decrypt_buffer(struct smb_tran_enc_state_gss *gss_sta
}
memcpy(buf + 8, out_buf.value, out_buf.length);
- _smb_setlen(buf, out_buf.length + 4);
+ /* Reset the length and overwrite the header. */
+ smb_setlen(buf, out_buf.length + 4);
gss_release_buffer(&minor, &out_buf);
return NT_STATUS_OK;
@@ -440,9 +441,9 @@ void cli_free_enc_buffer(struct cli_state *cli, char *buf)
{
/* We know this is an smb buffer, and we
* didn't malloc, only copy, for a keepalive,
- * so ignore session keepalives. */
+ * so ignore non-session messages. */
- if(CVAL(buf,0) == SMBkeepalive) {
+ if(CVAL(buf,0)) {
return;
}
@@ -461,12 +462,12 @@ NTSTATUS cli_decrypt_message(struct cli_state *cli)
NTSTATUS status;
uint16 enc_ctx_num;
- /* Ignore session keepalives. */
- if(CVAL(cli->inbuf,0) == SMBkeepalive) {
+ /* Ignore non-session messages. */
+ if(CVAL(cli->inbuf,0)) {
return NT_STATUS_OK;
}
- status = get_enc_ctx_num(cli->inbuf, &enc_ctx_num);
+ status = get_enc_ctx_num((const uint8_t *)cli->inbuf, &enc_ctx_num);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -484,8 +485,8 @@ NTSTATUS cli_decrypt_message(struct cli_state *cli)
NTSTATUS cli_encrypt_message(struct cli_state *cli, char **buf_out)
{
- /* Ignore session keepalives. */
- if(CVAL(cli->outbuf,0) == SMBkeepalive) {
+ /* Ignore non-session messages. */
+ if(CVAL(cli->outbuf,0)) {
return NT_STATUS_OK;
}
diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c
index d5cbe3b125..f03c21bd0e 100644
--- a/source3/libsmb/smb_signing.c
+++ b/source3/libsmb/smb_signing.c
@@ -745,8 +745,8 @@ bool srv_oplock_set_signing(bool onoff)
bool srv_check_sign_mac(const char *inbuf, bool must_be_ok)
{
- /* Check if it's a session keepalive. */
- if(CVAL(inbuf,0) == SMBkeepalive) {
+ /* Check if it's a non-session message. */
+ if(CVAL(inbuf,0)) {
return True;
}
@@ -759,8 +759,8 @@ bool srv_check_sign_mac(const char *inbuf, bool must_be_ok)
void srv_calculate_sign_mac(char *outbuf)
{
- /* Check if it's a session keepalive. */
- if(CVAL(outbuf,0) == SMBkeepalive) {
+ /* Check if it's a non-session message. */
+ if(CVAL(outbuf,0)) {
return;
}