diff options
author | Andrew Tridgell <tridge@samba.org> | 2008-06-06 22:10:30 -0700 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2008-06-06 22:10:30 -0700 |
commit | e97cf207fac5e4101376d2a10dd95a93a9a1e0fb (patch) | |
tree | a779155e15beab87b6d4d023ee5211ffa357b99b /source4/libcli/smb2/transport.c | |
parent | 8e45338c8d5155376d511dcfda2f6d663de19159 (diff) | |
download | samba-e97cf207fac5e4101376d2a10dd95a93a9a1e0fb.tar.gz samba-e97cf207fac5e4101376d2a10dd95a93a9a1e0fb.tar.bz2 samba-e97cf207fac5e4101376d2a10dd95a93a9a1e0fb.zip |
added server side SMB2 signing
(This used to be commit 8e919dcb0826a5b25d037ee6144af5f7cb21f3ae)
Diffstat (limited to 'source4/libcli/smb2/transport.c')
-rw-r--r-- | source4/libcli/smb2/transport.c | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/source4/libcli/smb2/transport.c b/source4/libcli/smb2/transport.c index 561b6e528e..a9a9efb3aa 100644 --- a/source4/libcli/smb2/transport.c +++ b/source4/libcli/smb2/transport.c @@ -205,12 +205,6 @@ static NTSTATUS smb2_transport_finish_recv(void *private, DATA_BLOB blob) goto error; } - status = smb2_check_signature(transport, buffer, len); - if (!NT_STATUS_IS_OK(status)) { - talloc_free(buffer); - return status; - } - flags = IVAL(hdr, SMB2_HDR_FLAGS); seqnum = BVAL(hdr, SMB2_HDR_MESSAGE_ID); @@ -241,6 +235,18 @@ static NTSTATUS smb2_transport_finish_recv(void *private, DATA_BLOB blob) req->in.body_size = req->in.size - (SMB2_HDR_BODY+NBT_HDR_SIZE); req->status = NT_STATUS(IVAL(hdr, SMB2_HDR_STATUS)); + if (transport->signing.signing_started && + transport->signing.doing_signing) { + status = smb2_check_signature(&req->in, + transport->signing.session_key); + if (!NT_STATUS_IS_OK(status)) { + /* the spec says to ignore packets with a bad signature */ + talloc_free(buffer); + return status; + } + } + + if (NT_STATUS_EQUAL(req->status, STATUS_PENDING)) { if (flags & 0x00000002) { req->cancel.can_cancel = true; @@ -346,11 +352,15 @@ void smb2_transport_send(struct smb2_request *req) return; } - status = smb2_sign_message(req); - if (!NT_STATUS_IS_OK(status)) { - req->state = SMB2_REQUEST_ERROR; - req->status = status; - return; + /* possibly sign the message */ + if (req->transport->signing.doing_signing && + req->transport->signing.signing_started) { + status = smb2_sign_message(&req->out, req->transport->signing.session_key); + if (!NT_STATUS_IS_OK(status)) { + req->state = SMB2_REQUEST_ERROR; + req->status = status; + return; + } } blob = data_blob_const(req->out.buffer, req->out.size); |