diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2004-07-16 02:54:57 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:57:39 -0500 |
| commit | b3c46674a670ea51607d5c2a73271dff531ae7d6 (patch) | |
| tree | c09e07ce443ab9521ff1b0f57e55c8945d7df513 /source4/smb_server/signing.c | |
| parent | 526d687cbbdf323dc883bb1298dfd2dc952fecc6 (diff) | |
| download | samba-b3c46674a670ea51607d5c2a73271dff531ae7d6.tar.gz samba-b3c46674a670ea51607d5c2a73271dff531ae7d6.tar.bz2 samba-b3c46674a670ea51607d5c2a73271dff531ae7d6.zip | |
r1521: Updates to our SMB signing code.
- This causes our client and server code to use the same core code,
with the same debugs etc.
- In turn, this will allow the 'mandetory/fallback' signing algorithms
to be shared, and only written once.
Updates to the SPNEGO code
- Don't wrap an empty token to the server, if we are actually already finished.
Andrew Bartlett
(This used to be commit 35b83eb329482ac1b3bc67285854cc47844ff353)
Diffstat (limited to 'source4/smb_server/signing.c')
| -rw-r--r-- | source4/smb_server/signing.c | 60 |
1 files changed, 6 insertions, 54 deletions
diff --git a/source4/smb_server/signing.c b/source4/smb_server/signing.c index d6ccebb174..37c1f6f7b1 100644 --- a/source4/smb_server/signing.c +++ b/source4/smb_server/signing.c @@ -21,34 +21,6 @@ #include "includes.h" /* - mark the flags2 field in a packet as signed -*/ -static void mark_packet_signed(struct smbsrv_request *req) -{ - uint16_t flags2; - flags2 = SVAL(req->out.hdr, HDR_FLG2); - flags2 |= FLAGS2_SMB_SECURITY_SIGNATURES; - SSVAL(req->out.hdr, HDR_FLG2, flags2); -} - -/* - calculate the signature for a message -*/ -static void calc_signature(uint8_t *buffer, size_t length, - DATA_BLOB *mac_key, uint8_t signature[8]) -{ - uint8_t calc_md5_mac[16]; - struct MD5Context md5_ctx; - - MD5Init(&md5_ctx); - MD5Update(&md5_ctx, mac_key->data, mac_key->length); - MD5Update(&md5_ctx, buffer, length); - MD5Final(calc_md5_mac, &md5_ctx); - memcpy(signature, calc_md5_mac, 8); -} - - -/* sign an outgoing packet */ void req_sign_packet(struct smbsrv_request *req) @@ -57,14 +29,9 @@ void req_sign_packet(struct smbsrv_request *req) if (req->smb_conn->signing.signing_state != SMB_SIGNING_REQUIRED) { return; } - - SBVAL(req->out.hdr, HDR_SS_FIELD, req->seq_num+1); - - mark_packet_signed(req); - - calc_signature(req->out.hdr, req->out.size - NBT_HDR_SIZE, - &req->smb_conn->signing.mac_key, - &req->out.hdr[HDR_SS_FIELD]); + sign_outgoing_message(&req->out, + &req->smb_conn->signing.mac_key, + req->seq_num+1); } @@ -127,23 +94,8 @@ BOOL req_signing_check_incoming(struct smbsrv_request *req) return True; } - /* room enough for the signature? */ - if (req->in.size < NBT_HDR_SIZE + HDR_SS_FIELD + 8) { - return False; - } - - memcpy(client_md5_mac, req->in.hdr + HDR_SS_FIELD, 8); - - SBVAL(req->in.hdr, HDR_SS_FIELD, req->seq_num); - - calc_signature(req->in.hdr, req->in.size - NBT_HDR_SIZE, - &req->smb_conn->signing.mac_key, - signature); - - if (memcmp(client_md5_mac, signature, 8) != 0) { - DEBUG(2,("Bad SMB signature seq_num=%d\n", (int)req->seq_num)); - return False; - } + return check_signed_incoming_message(&req->in, + &req->smb_conn->signing.mac_key, + req->seq_num); - return True; } |