summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/smb.h7
-rw-r--r--source3/libsmb/clientgen.c5
-rw-r--r--source3/libsmb/ntlmssp_sign.c26
-rw-r--r--source3/libsmb/smb_signing.c17
4 files changed, 39 insertions, 16 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 4f37c38413..3bb6bf9237 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -78,6 +78,10 @@ typedef int BOOL;
#define READ_EOF 2
#define READ_ERROR 3
+/* This error code can go into the client smb_rw_error. */
+#define WRITE_ERROR 4
+#define READ_BAD_SIG 5
+
#define DIR_STRUCT_SIZE 43
/* these define the attribute byte as seen by DOS */
@@ -161,9 +165,6 @@ typedef uint16 smb_ucs2_t;
typedef smb_ucs2_t wpstring[PSTRING_LEN];
typedef smb_ucs2_t wfstring[FSTRING_LEN];
-/* This error code can go into the client smb_rw_error. */
-#define WRITE_ERROR 4
-
#ifdef WORDS_BIGENDIAN
#define UCS2_SHIFT 8
#else
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 0da9a8932f..fe9453e6f2 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -118,7 +118,10 @@ BOOL cli_receive_smb(struct cli_state *cli)
}
if (!cli_check_sign_mac(cli)) {
- DEBUG(0, ("SMB Signiture verification failed on incoming packet!\n"));
+ DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
+ cli->smb_rw_error = READ_BAD_SIG;
+ close(cli->fd);
+ cli->fd = -1;
return False;
};
return True;
diff --git a/source3/libsmb/ntlmssp_sign.c b/source3/libsmb/ntlmssp_sign.c
index 8f6bd0c691..5426263fb9 100644
--- a/source3/libsmb/ntlmssp_sign.c
+++ b/source3/libsmb/ntlmssp_sign.c
@@ -92,8 +92,14 @@ static void calc_ntlmv2_hash(unsigned char hash[16], char digest[16],
calc_hash(hash, digest, 16);
}
+enum ntlmssp_direction {
+ NTLMSSP_SEND,
+ NTLMSSP_RECEIVE
+};
+
static NTSTATUS ntlmssp_make_packet_signiture(NTLMSSP_CLIENT_STATE *ntlmssp_state,
const uchar *data, size_t length,
+ enum ntlmssp_direction direction,
DATA_BLOB *sig)
{
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
@@ -110,8 +116,14 @@ static NTSTATUS ntlmssp_make_packet_signiture(NTLMSSP_CLIENT_STATE *ntlmssp_stat
if (!msrpc_gen(sig, "Bd", digest, sizeof(digest), ntlmssp_state->ntlmssp_seq_num)) {
return NT_STATUS_NO_MEMORY;
}
-
- NTLMSSPcalc_ap(ntlmssp_state->cli_seal_hash, sig->data, sig->length);
+ switch (direction) {
+ case NTLMSSP_SEND:
+ NTLMSSPcalc_ap(ntlmssp_state->cli_sign_hash, sig->data, sig->length);
+ break;
+ case NTLMSSP_RECEIVE:
+ NTLMSSPcalc_ap(ntlmssp_state->cli_sign_hash, sig->data, sig->length);
+ break;
+ }
} else {
uint32 crc;
crc = crc32_calc_buffer(data, length);
@@ -129,7 +141,7 @@ NTSTATUS ntlmssp_client_sign_packet(NTLMSSP_CLIENT_STATE *ntlmssp_state,
DATA_BLOB *sig)
{
ntlmssp_state->ntlmssp_seq_num++;
- return ntlmssp_make_packet_signiture(ntlmssp_state, data, length, sig);
+ return ntlmssp_make_packet_signiture(ntlmssp_state, data, length, NTLMSSP_SEND, sig);
}
/**
@@ -151,7 +163,7 @@ NTSTATUS ntlmssp_client_check_packet(NTLMSSP_CLIENT_STATE *ntlmssp_state,
}
nt_status = ntlmssp_make_packet_signiture(ntlmssp_state, data,
- length, &local_sig);
+ length, NTLMSSP_RECEIVE, &local_sig);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("NTLMSSP packet check failed with %s\n", nt_errstr(nt_status)));
@@ -161,6 +173,12 @@ NTSTATUS ntlmssp_client_check_packet(NTLMSSP_CLIENT_STATE *ntlmssp_state,
if (memcmp(sig->data, local_sig.data, MIN(sig->length, local_sig.length)) == 0) {
return NT_STATUS_OK;
} else {
+ DEBUG(5, ("BAD SIG: wanted signature of\n"));
+ dump_data(5, local_sig.data, local_sig.length);
+
+ DEBUG(5, ("BAD SIG: got signature of\n"));
+ dump_data(5, sig->data, sig->length);
+
DEBUG(0, ("NTLMSSP packet check failed due to invalid signiture!\n"));
return NT_STATUS_ACCESS_DENIED;
}
diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c
index 9bbf7ef91c..42c4d5574d 100644
--- a/source3/libsmb/smb_signing.c
+++ b/source3/libsmb/smb_signing.c
@@ -160,11 +160,6 @@ static BOOL cli_simple_check_incoming_message(struct cli_state *cli)
SIVAL(sequence_buf, 0, data->reply_seq_num);
SIVAL(sequence_buf, 4, 0);
- if (smb_len(cli->inbuf) < (offset_end_of_sig - 4)) {
- DEBUG(1, ("Can't check signature on short packet! smb_len = %u\n", smb_len(cli->inbuf)));
- return False;
- }
-
/* get a copy of the server-sent mac */
memcpy(server_sent_mac, &cli->inbuf[smb_ss_field], sizeof(server_sent_mac));
@@ -275,7 +270,7 @@ static BOOL cli_ntlmssp_check_incoming_message(struct cli_state *cli)
{
BOOL good;
NTSTATUS nt_status;
- DATA_BLOB sig = data_blob(&cli->outbuf[smb_ss_field], 8);
+ DATA_BLOB sig = data_blob(&cli->inbuf[smb_ss_field], 8);
NTLMSSP_CLIENT_STATE *ntlmssp_state = cli->sign_info.signing_context;
@@ -460,8 +455,14 @@ void cli_caclulate_sign_mac(struct cli_state *cli)
BOOL cli_check_sign_mac(struct cli_state *cli)
{
BOOL good;
- good = cli->sign_info.check_incoming_message(cli);
-
+
+ if (smb_len(cli->inbuf) < (smb_ss_field + 8 - 4)) {
+ DEBUG(1, ("Can't check signature on short packet! smb_len = %u\n", smb_len(cli->inbuf)));
+ good = False;
+ } else {
+ good = cli->sign_info.check_incoming_message(cli);
+ }
+
if (!good) {
if (cli->sign_info.doing_signing) {
return False;