summaryrefslogtreecommitdiff
path: root/source4/libcli
diff options
context:
space:
mode:
Diffstat (limited to 'source4/libcli')
-rw-r--r--source4/libcli/raw/smb_signing.c56
1 files changed, 20 insertions, 36 deletions
diff --git a/source4/libcli/raw/smb_signing.c b/source4/libcli/raw/smb_signing.c
index 03794829c2..09da8e9983 100644
--- a/source4/libcli/raw/smb_signing.c
+++ b/source4/libcli/raw/smb_signing.c
@@ -21,8 +21,7 @@
*/
#include "includes.h"
-static void smbcli_free_signing_context(struct smb_signing_context *sign_info);
-static BOOL smbcli_null_set_signing(struct smb_signing_context *sign_info);
+static BOOL smbcli_set_signing_off(struct smb_signing_context *sign_info);
/***********************************************************
SMB signing - Common code before we set a new signing implementation
@@ -42,8 +41,6 @@ static BOOL set_smb_signing_common(struct smbcli_transport *transport)
return False;
}
- smbcli_free_signing_context(&transport->negotiate.sign_info);
-
/* These calls are INCOMPATIBLE with SMB signing */
transport->negotiate.readbraw_supported = False;
transport->negotiate.writebraw_supported = False;
@@ -74,10 +71,7 @@ static BOOL signing_good(struct smb_signing_context *sign_info,
/* If we have never seen a good packet, just turn it off */
DEBUG(5, ("signing_good: signing negotiated but not required and peer\n"
"isn't sending correct signatures. Turning off.\n"));
- sign_info->doing_signing = False;
- smbcli_free_signing_context(sign_info);
-
- smbcli_null_set_signing(sign_info);
+ smbcli_set_signing_off(sign_info);
return True;
} else {
/* bad packet after signing started - fail and disconnect. */
@@ -162,25 +156,23 @@ BOOL check_signed_incoming_message(struct request_buffer *in, DATA_BLOB *mac_key
good = (memcmp(server_sent_mac, calc_md5_mac, 8) == 0);
- if (i == 0) {
- if (!good) {
- DEBUG(5, ("check_signed_incoming_message: BAD SIG (seq: %d): wanted SMB signature of\n", seq_num + i));
- dump_data(5, calc_md5_mac, 8);
-
- DEBUG(5, ("check_signed_incoming_message: BAD SIG (seq: %d): got SMB signature of\n", seq_num + i));
- dump_data(5, server_sent_mac, 8);
- } else {
- DEBUG(15, ("check_signed_incoming_message: GOOD SIG (seq: %d): got SMB signature of\n", seq_num + i));
- dump_data(5, server_sent_mac, 8);
- }
- }
-
if (good) break;
}
if (good && i != 0) {
DEBUG(0,("SIGNING OFFSET %d (should be %d)\n", i, seq_num));
}
+
+ if (!good) {
+ DEBUG(5, ("check_signed_incoming_message: BAD SIG (seq: %d): wanted SMB signature of\n", seq_num + i));
+ dump_data(5, calc_md5_mac, 8);
+
+ DEBUG(5, ("check_signed_incoming_message: BAD SIG (seq: %d): got SMB signature of\n", seq_num + i));
+ dump_data(5, server_sent_mac, 8);
+ } else {
+ DEBUG(15, ("check_signed_incoming_message: GOOD SIG (seq: %d): got SMB signature of\n", seq_num + i));
+ dump_data(5, server_sent_mac, 8);
+ }
return good;
}
@@ -230,14 +222,15 @@ void smbcli_request_calculate_sign_mac(struct smbcli_request *req)
/**
- SMB signing - NULL implementation - setup the MAC key.
+ SMB signing - NULL implementation
@note Used as an initialisation only - it will not correctly
shut down a real signing mechanism
*/
-static BOOL smbcli_null_set_signing(struct smb_signing_context *sign_info)
+static BOOL smbcli_set_signing_off(struct smb_signing_context *sign_info)
{
- sign_info->mac_key = data_blob(NULL, 0);
+ sign_info->doing_signing = False;
+ data_blob_free(&sign_info->mac_key);
sign_info->signing_state = SMB_SIGNING_ENGINE_OFF;
return True;
}
@@ -245,14 +238,13 @@ static BOOL smbcli_null_set_signing(struct smb_signing_context *sign_info)
/**
SMB signing - TEMP implementation - setup the MAC key.
- @note Used as an initialisation only - it will not correctly
- shut down a real signing mechanism
*/
BOOL smbcli_temp_set_signing(struct smbcli_transport *transport)
{
if (!set_smb_signing_common(transport)) {
return False;
}
+ smbcli_set_signing_off(&transport->negotiate.sign_info);
transport->negotiate.sign_info.mac_key = data_blob(NULL, 0);
transport->negotiate.sign_info.signing_state = SMB_SIGNING_ENGINE_BSRSPYL;
@@ -260,15 +252,6 @@ BOOL smbcli_temp_set_signing(struct smbcli_transport *transport)
return True;
}
-/**
- * Free the signing context
- */
-static void smbcli_free_signing_context(struct smb_signing_context *sign_info)
-{
- data_blob_free(&sign_info->mac_key);
- smbcli_null_set_signing(sign_info);
-}
-
/***********************************************************
SMB signing - Simple implementation - check a MAC sent by server.
************************************************************/
@@ -355,7 +338,8 @@ BOOL smbcli_transport_simple_set_signing(struct smbcli_transport *transport,
BOOL smbcli_init_signing(struct smbcli_transport *transport)
{
- if (!smbcli_null_set_signing(&transport->negotiate.sign_info)) {
+ transport->negotiate.sign_info.mac_key = data_blob(NULL, 0);
+ if (!smbcli_set_signing_off(&transport->negotiate.sign_info)) {
return False;
}