summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2007-03-21 00:25:08 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:18:46 -0500
commit071db6fdbff694681fa1793ee678a9a0af3e266a (patch)
tree53a916c3350b9b9a75fc647095c3f4bb78dc88cc /source3/smbd
parent6b0dcfa62d23980351e852eec05123c0a9823f1d (diff)
downloadsamba-071db6fdbff694681fa1793ee678a9a0af3e266a.tar.gz
samba-071db6fdbff694681fa1793ee678a9a0af3e266a.tar.bz2
samba-071db6fdbff694681fa1793ee678a9a0af3e266a.zip
r21897: Add in a basic raw NTLM encrypt request. Now
for testing. Jeremy. (This used to be commit 783a7b3085a155d9652cd725bf2960cd272cb554)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/seal.c31
-rw-r--r--source3/smbd/trans2.c5
2 files changed, 34 insertions, 2 deletions
diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c
index 9910a84f4c..8283346c28 100644
--- a/source3/smbd/seal.c
+++ b/source3/smbd/seal.c
@@ -385,8 +385,36 @@ NTSTATUS srv_request_encryption_setup(unsigned char **ppdata, size_t *p_data_siz
Negotiation was successful - turn on server-side encryption.
******************************************************************************/
-void srv_encryption_start(void)
+static NTSTATUS check_enc_good(struct smb_srv_trans_enc_ctx *ec)
{
+ if (!ec || !ec->es) {
+ return NT_STATUS_LOGON_FAILURE;
+ }
+
+ if (ec->es->smb_enc_type == SMB_TRANS_ENC_NTLM) {
+ if ((ec->es->ntlmssp_state->neg_flags & (NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL)) !=
+ (NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+ /* Todo - check gssapi case. */
+
+ return NT_STATUS_OK;
+}
+
+/******************************************************************************
+ Negotiation was successful - turn on server-side encryption.
+******************************************************************************/
+
+NTSTATUS srv_encryption_start(void)
+{
+ NTSTATUS status;
+
+ /* Check that we are really doing sign+seal. */
+ status = check_enc_good(partial_srv_trans_enc_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
/* Throw away the context we're using currently (if any). */
srv_free_encryption_context(&srv_trans_enc_ctx);
@@ -395,6 +423,7 @@ void srv_encryption_start(void)
srv_trans_enc_ctx->es->enc_on = True;
partial_srv_trans_enc_ctx = NULL;
+ return NT_STATUS_OK;
}
/******************************************************************************
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 25fd6621e9..158642a588 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -2781,7 +2781,10 @@ cap_low = 0x%x, cap_high = 0x%x\n",
if (NT_STATUS_IS_OK(status)) {
/* Server-side transport encryption is now *on*. */
- srv_encryption_start();
+ status = srv_encryption_start();
+ if (!NT_STATUS_IS_OK(status)) {
+ exit_server_cleanly("Failure in setting up encrypted transport");
+ }
}
return -1;
}