summaryrefslogtreecommitdiff
path: root/source4/smb_server/smb2/receive.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2008-06-10 13:19:56 +1000
committerAndrew Bartlett <abartlet@samba.org>2008-06-10 13:19:56 +1000
commit7721ea8f9c75d304111935048167dd27525cc91a (patch)
treefdc6563d085003cf6fe003748fb85291166a5454 /source4/smb_server/smb2/receive.c
parent7974ccbebf5c684200850a726d79b976eaeea261 (diff)
parent1384f836b601d35f3c499a9e26c3e3b0d12b3ad0 (diff)
downloadsamba-7721ea8f9c75d304111935048167dd27525cc91a.tar.gz
samba-7721ea8f9c75d304111935048167dd27525cc91a.tar.bz2
samba-7721ea8f9c75d304111935048167dd27525cc91a.zip
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
(This used to be commit 1d52d9cc70158dbe30325220aa5c1e6203c8b72b)
Diffstat (limited to 'source4/smb_server/smb2/receive.c')
-rw-r--r--source4/smb_server/smb2/receive.c40
1 files changed, 40 insertions, 0 deletions
diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c
index dea7c9e79e..2f4e9df2b6 100644
--- a/source4/smb_server/smb2/receive.c
+++ b/source4/smb_server/smb2/receive.c
@@ -29,6 +29,8 @@
#include "lib/stream/packet.h"
#include "ntvfs/ntvfs.h"
#include "param/param.h"
+#include "auth/gensec/gensec.h"
+#include "auth/auth.h"
/* fill in the bufinfo */
@@ -233,6 +235,20 @@ void smb2srv_send_reply(struct smb2srv_request *req)
_smb2_setlen(req->out.buffer, req->out.size - NBT_HDR_SIZE);
}
+ /* if the request was signed or doing_signing is true, then we
+ must sign the reply */
+ if (req->session &&
+ (req->smb_conn->doing_signing ||
+ (IVAL(req->in.hdr, SMB2_HDR_FLAGS) & SMB2_HDR_FLAG_SIGNED))) {
+ status = smb2_sign_message(&req->out,
+ req->session->session_info->session_key);
+ if (!NT_STATUS_IS_OK(status)) {
+ smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
+ return;
+ }
+ }
+
+
blob = data_blob_const(req->out.buffer, req->out.size);
status = packet_send(req->smb_conn->packet, blob);
if (!NT_STATUS_IS_OK(status)) {
@@ -275,18 +291,42 @@ static NTSTATUS smb2srv_reply(struct smb2srv_request *req)
uint16_t opcode;
uint32_t tid;
uint64_t uid;
+ uint32_t flags;
opcode = SVAL(req->in.hdr, SMB2_HDR_OPCODE);
req->chain_offset = IVAL(req->in.hdr, SMB2_HDR_NEXT_COMMAND);
req->seqnum = BVAL(req->in.hdr, SMB2_HDR_MESSAGE_ID);
tid = IVAL(req->in.hdr, SMB2_HDR_TID);
uid = BVAL(req->in.hdr, SMB2_HDR_SESSION_ID);
+ flags = IVAL(req->in.hdr, SMB2_HDR_FLAGS);
req->session = smbsrv_session_find(req->smb_conn, uid, req->request_time);
req->tcon = smbsrv_smb2_tcon_find(req->session, tid, req->request_time);
errno = 0;
+ /* supporting signing is mandatory in SMB2, and is per-packet. So we
+ should check the signature on any incoming packet that is signed, and
+ should give a signed reply to any signed request */
+ if (flags & SMB2_HDR_FLAG_SIGNED) {
+ NTSTATUS status;
+ if (req->session == NULL) {
+ /* we can't check signing with no session */
+ smb2srv_send_error(req, NT_STATUS_ACCESS_DENIED);
+ return NT_STATUS_OK;
+ }
+ status = smb2_check_signature(&req->in,
+ req->session->session_info->session_key);
+ if (!NT_STATUS_IS_OK(status)) {
+ smb2srv_send_error(req, status);
+ return NT_STATUS_OK;
+ }
+ } else if (req->smb_conn->doing_signing && req->session != NULL) {
+ /* we require signing and this request was not signed */
+ smb2srv_send_error(req, NT_STATUS_ACCESS_DENIED);
+ return NT_STATUS_OK;
+ }
+
/* TODO: check the seqnum */
switch (opcode) {