summaryrefslogtreecommitdiff
path: root/source3/libsmb/cliconnect.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/libsmb/cliconnect.c')
-rw-r--r--source3/libsmb/cliconnect.c94
1 files changed, 44 insertions, 50 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 54a282e805..763878f9b3 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -228,39 +228,11 @@ static BOOL cli_session_setup_plaintext(struct cli_state *cli, const char *user,
return True;
}
-static void set_signing_on_cli (struct cli_state *cli, uint8 user_session_key[16], DATA_BLOB response)
-{
- uint8 zero_sig[8];
- ZERO_STRUCT(zero_sig);
-
- DEBUG(5, ("Server returned security sig:\n"));
- dump_data(5, &cli->inbuf[smb_ss_field], 8);
-
- if (cli->sign_info.use_smb_signing) {
- DEBUG(5, ("smb signing already active on connection\n"));
- } else if (memcmp(&cli->inbuf[smb_ss_field], zero_sig, 8) != 0) {
-
- DEBUG(3, ("smb signing enabled!\n"));
- cli->sign_info.use_smb_signing = True;
- cli_calculate_mac_key(cli, user_session_key, response);
- } else {
- DEBUG(5, ("smb signing NOT enabled!\n"));
- }
-}
-
static void set_cli_session_key (struct cli_state *cli, DATA_BLOB session_key)
{
memcpy(cli->user_session_key, session_key.data, MIN(session_key.length, sizeof(cli->user_session_key)));
}
-
-static void set_temp_signing_on_cli(struct cli_state *cli)
-{
- if (cli->sign_info.negotiated_smb_signing)
- cli->sign_info.temp_smb_signing = True;
-}
-
-
/****************************************************************************
do a NT1 NTLM/LM encrypted session setup
@param cli client state to create do session setup on
@@ -310,8 +282,7 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, const char *user,
session_key = data_blob(NULL, 16);
SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data);
}
-
- set_temp_signing_on_cli(cli);
+ cli_simple_set_signing(cli, session_key.data, nt_response);
} else {
/* pre-encrypted password supplied. Only used for
security=server, can't do
@@ -374,26 +345,24 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, const char *user,
if (session_key.data) {
/* Have plaintext orginal */
set_cli_session_key(cli, session_key);
- set_signing_on_cli(cli, session_key.data, nt_response);
}
+ ret = True;
end:
data_blob_free(&lm_response);
data_blob_free(&nt_response);
data_blob_free(&session_key);
- return True;
+ return ret;
}
/****************************************************************************
- Send a extended security session setup blob, returning a reply blob.
+ Send a extended security session setup blob
****************************************************************************/
-static DATA_BLOB cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
+static BOOL cli_session_setup_blob_send(struct cli_state *cli, DATA_BLOB blob)
{
uint32 capabilities = cli_session_setup_capabilities(cli);
char *p;
- DATA_BLOB blob2 = data_blob(NULL, 0);
- uint32 len;
capabilities |= CAP_EXTENDED_SECURITY;
@@ -403,8 +372,6 @@ static DATA_BLOB cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
set_message(cli->outbuf,12,0,True);
SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
- set_temp_signing_on_cli(cli);
-
cli_setup_packet(cli);
SCVAL(cli->outbuf,smb_vwv0,0xFF);
@@ -420,7 +387,18 @@ static DATA_BLOB cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
cli_setup_bcc(cli, p);
- cli_send_smb(cli);
+ return cli_send_smb(cli);
+}
+
+/****************************************************************************
+ Send a extended security session setup blob, returning a reply blob.
+****************************************************************************/
+
+static DATA_BLOB cli_session_setup_blob_receive(struct cli_state *cli)
+{
+ DATA_BLOB blob2 = data_blob(NULL, 0);
+ char *p;
+ size_t len;
if (!cli_receive_smb(cli))
return blob2;
@@ -449,6 +427,20 @@ static DATA_BLOB cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
return blob2;
}
+/****************************************************************************
+ Send a extended security session setup blob, returning a reply blob.
+****************************************************************************/
+
+static DATA_BLOB cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
+{
+ DATA_BLOB blob2 = data_blob(NULL, 0);
+ if (!cli_session_setup_blob_send(cli, blob)) {
+ return blob2;
+ }
+
+ return cli_session_setup_blob_receive(cli);
+}
+
#ifdef HAVE_KRB5
/****************************************************************************
Use in-memory credentials cache
@@ -502,6 +494,8 @@ static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, const char *user,
DATA_BLOB blob_in = data_blob(NULL, 0);
DATA_BLOB blob_out;
+ cli_temp_set_signing(cli);
+
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_client_start(&ntlmssp_state))) {
return False;
}
@@ -532,8 +526,15 @@ static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, const char *user,
}
/* now send that blob on its way */
- blob = cli_session_setup_blob(cli, msg1);
+ if (!cli_session_setup_blob_send(cli, msg1)) {
+ return False;
+ }
data_blob_free(&msg1);
+
+ cli_ntlmssp_set_signing(cli, ntlmssp_state);
+
+ blob = cli_session_setup_blob_receive(cli);
+
nt_status = cli_nt_error(cli);
}
@@ -570,6 +571,9 @@ static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, const char *user,
set_cli_session_key(cli, ntlmssp_state->session_key);
}
+ /* we have a reference conter on ntlmssp_state, if we are signing
+ then the state will be kept by the signing engine */
+
if (!NT_STATUS_IS_OK(ntlmssp_client_end(&ntlmssp_state))) {
return False;
}
@@ -883,11 +887,6 @@ BOOL cli_negprot(struct cli_state *cli)
int numprots;
int plength;
- if (cli->sign_info.use_smb_signing) {
- DEBUG(0, ("Cannot send negprot again, particularly after setting up SMB Signing\n"));
- return False;
- }
-
if (cli->protocol < PROTOCOL_NT1)
cli->use_spnego = False;
@@ -1013,11 +1012,6 @@ BOOL cli_session_request(struct cli_state *cli,
if (cli->port == 445)
return True;
- if (cli->sign_info.use_smb_signing) {
- DEBUG(0, ("Cannot send session resquest again, particularly after setting up SMB Signing\n"));
- return False;
- }
-
/* send a session request (RFC 1002) */
/* setup the packet length
* Remove four bytes from the length count, since the length
generated by cgit (git 2.34.1) at 2024-07-26 14:00:31 +0000