diff options
author | Andrew Bartlett <abartlet@samba.org> | 2004-07-16 02:54:57 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:57:39 -0500 |
commit | b3c46674a670ea51607d5c2a73271dff531ae7d6 (patch) | |
tree | c09e07ce443ab9521ff1b0f57e55c8945d7df513 /source4/smb_server | |
parent | 526d687cbbdf323dc883bb1298dfd2dc952fecc6 (diff) | |
download | samba-b3c46674a670ea51607d5c2a73271dff531ae7d6.tar.gz samba-b3c46674a670ea51607d5c2a73271dff531ae7d6.tar.bz2 samba-b3c46674a670ea51607d5c2a73271dff531ae7d6.zip |
r1521: Updates to our SMB signing code.
- This causes our client and server code to use the same core code,
with the same debugs etc.
- In turn, this will allow the 'mandetory/fallback' signing algorithms
to be shared, and only written once.
Updates to the SPNEGO code
- Don't wrap an empty token to the server, if we are actually already finished.
Andrew Bartlett
(This used to be commit 35b83eb329482ac1b3bc67285854cc47844ff353)
Diffstat (limited to 'source4/smb_server')
-rw-r--r-- | source4/smb_server/signing.c | 60 | ||||
-rw-r--r-- | source4/smb_server/smb_server.h | 33 |
2 files changed, 8 insertions, 85 deletions
diff --git a/source4/smb_server/signing.c b/source4/smb_server/signing.c index d6ccebb174..37c1f6f7b1 100644 --- a/source4/smb_server/signing.c +++ b/source4/smb_server/signing.c @@ -21,34 +21,6 @@ #include "includes.h" /* - mark the flags2 field in a packet as signed -*/ -static void mark_packet_signed(struct smbsrv_request *req) -{ - uint16_t flags2; - flags2 = SVAL(req->out.hdr, HDR_FLG2); - flags2 |= FLAGS2_SMB_SECURITY_SIGNATURES; - SSVAL(req->out.hdr, HDR_FLG2, flags2); -} - -/* - calculate the signature for a message -*/ -static void calc_signature(uint8_t *buffer, size_t length, - DATA_BLOB *mac_key, uint8_t signature[8]) -{ - uint8_t calc_md5_mac[16]; - struct MD5Context md5_ctx; - - MD5Init(&md5_ctx); - MD5Update(&md5_ctx, mac_key->data, mac_key->length); - MD5Update(&md5_ctx, buffer, length); - MD5Final(calc_md5_mac, &md5_ctx); - memcpy(signature, calc_md5_mac, 8); -} - - -/* sign an outgoing packet */ void req_sign_packet(struct smbsrv_request *req) @@ -57,14 +29,9 @@ void req_sign_packet(struct smbsrv_request *req) if (req->smb_conn->signing.signing_state != SMB_SIGNING_REQUIRED) { return; } - - SBVAL(req->out.hdr, HDR_SS_FIELD, req->seq_num+1); - - mark_packet_signed(req); - - calc_signature(req->out.hdr, req->out.size - NBT_HDR_SIZE, - &req->smb_conn->signing.mac_key, - &req->out.hdr[HDR_SS_FIELD]); + sign_outgoing_message(&req->out, + &req->smb_conn->signing.mac_key, + req->seq_num+1); } @@ -127,23 +94,8 @@ BOOL req_signing_check_incoming(struct smbsrv_request *req) return True; } - /* room enough for the signature? */ - if (req->in.size < NBT_HDR_SIZE + HDR_SS_FIELD + 8) { - return False; - } - - memcpy(client_md5_mac, req->in.hdr + HDR_SS_FIELD, 8); - - SBVAL(req->in.hdr, HDR_SS_FIELD, req->seq_num); - - calc_signature(req->in.hdr, req->in.size - NBT_HDR_SIZE, - &req->smb_conn->signing.mac_key, - signature); - - if (memcmp(client_md5_mac, signature, 8) != 0) { - DEBUG(2,("Bad SMB signature seq_num=%d\n", (int)req->seq_num)); - return False; - } + return check_signed_incoming_message(&req->in, + &req->smb_conn->signing.mac_key, + req->seq_num); - return True; } diff --git a/source4/smb_server/smb_server.h b/source4/smb_server/smb_server.h index 2eb87f09a3..ae72bb5da4 100644 --- a/source4/smb_server/smb_server.h +++ b/source4/smb_server/smb_server.h @@ -141,37 +141,8 @@ struct smbsrv_request { NTSTATUS status; } async; - struct { - /* the raw SMB buffer, including the 4 byte length header */ - char *buffer; - - /* the size of the raw buffer, including 4 byte header */ - unsigned size; - - /* how much has been allocated - on reply the buffer is over-allocated to - prevent too many realloc() calls - */ - unsigned allocated; - - /* the start of the SMB header - this is always buffer+4 */ - char *hdr; - - /* the command words and command word count. vwv points - into the raw buffer */ - char *vwv; - unsigned wct; - - /* the data buffer and size. data points into the raw buffer */ - char *data; - unsigned data_size; - - /* ptr is used as a moving pointer into the data area - * of the packet. The reason its here and not a local - * variable in each function is that when a realloc of - * a reply packet is done we need to move this - * pointer */ - char *ptr; - } in, out; + struct request_buffer in; + struct request_buffer out; }; /* this contains variables that should be used in % substitutions for |