diff options
| author | Jeremy Allison <jra@samba.org> | 2007-03-21 00:25:08 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:18:46 -0500 |
| commit | 071db6fdbff694681fa1793ee678a9a0af3e266a (patch) | |
| tree | 53a916c3350b9b9a75fc647095c3f4bb78dc88cc /source3/smbd | |
| parent | 6b0dcfa62d23980351e852eec05123c0a9823f1d (diff) | |
| download | samba-071db6fdbff694681fa1793ee678a9a0af3e266a.tar.gz samba-071db6fdbff694681fa1793ee678a9a0af3e266a.tar.bz2 samba-071db6fdbff694681fa1793ee678a9a0af3e266a.zip | |
r21897: Add in a basic raw NTLM encrypt request. Now
for testing.
Jeremy.
(This used to be commit 783a7b3085a155d9652cd725bf2960cd272cb554)
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/seal.c | 31 | ||||
| -rw-r--r-- | source3/smbd/trans2.c | 5 |
2 files changed, 34 insertions, 2 deletions
diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c index 9910a84f4c..8283346c28 100644 --- a/source3/smbd/seal.c +++ b/source3/smbd/seal.c @@ -385,8 +385,36 @@ NTSTATUS srv_request_encryption_setup(unsigned char **ppdata, size_t *p_data_siz Negotiation was successful - turn on server-side encryption. ******************************************************************************/ -void srv_encryption_start(void) +static NTSTATUS check_enc_good(struct smb_srv_trans_enc_ctx *ec) { + if (!ec || !ec->es) { + return NT_STATUS_LOGON_FAILURE; + } + + if (ec->es->smb_enc_type == SMB_TRANS_ENC_NTLM) { + if ((ec->es->ntlmssp_state->neg_flags & (NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL)) != + (NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL)) { + return NT_STATUS_INVALID_PARAMETER; + } + } + /* Todo - check gssapi case. */ + + return NT_STATUS_OK; +} + +/****************************************************************************** + Negotiation was successful - turn on server-side encryption. +******************************************************************************/ + +NTSTATUS srv_encryption_start(void) +{ + NTSTATUS status; + + /* Check that we are really doing sign+seal. */ + status = check_enc_good(partial_srv_trans_enc_ctx); + if (!NT_STATUS_IS_OK(status)) { + return status; + } /* Throw away the context we're using currently (if any). */ srv_free_encryption_context(&srv_trans_enc_ctx); @@ -395,6 +423,7 @@ void srv_encryption_start(void) srv_trans_enc_ctx->es->enc_on = True; partial_srv_trans_enc_ctx = NULL; + return NT_STATUS_OK; } /****************************************************************************** diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 25fd6621e9..158642a588 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -2781,7 +2781,10 @@ cap_low = 0x%x, cap_high = 0x%x\n", if (NT_STATUS_IS_OK(status)) { /* Server-side transport encryption is now *on*. */ - srv_encryption_start(); + status = srv_encryption_start(); + if (!NT_STATUS_IS_OK(status)) { + exit_server_cleanly("Failure in setting up encrypted transport"); + } } return -1; } |