summaryrefslogtreecommitdiff
path: root/source3/libsmb/smb_signing.c
AgeCommit message (Collapse)AuthorFilesLines
2004-03-27Let the comment match the function...Andrew Bartlett1-2/+1
Andrew Bartlett (This used to be commit 43c71b3202e909cca7c41c54d0b340aea1323db6)
2004-03-27Make it clearer that this error refers to the peer, as this code is in bothAndrew Bartlett1-2/+2
the client and server. Andrew Bartlett (This used to be commit 414d3fdc753b44262e9a281170d1058608d01bdf)
2004-03-27Merge from HEAD the SMB signing patch that I developed a couple of weeksAndrew Bartlett1-44/+76
ago. This patch re-adds support for 'optional' SMB signing. It also ensures that we are much more careful about when we enable signing, particularly with on-the-fly smb.conf reloads. The client code will now attempt to use smb signing by default, and disable it if the server doesn't correctly support it. Andrew Bartlett (This used to be commit e27b5cbe75d89ec839dafd52dd33101885a4c263)
2004-01-17Fix for a signing bug when the mid wraps.Jeremy Allison1-3/+11
Found by Fran Fabrizio <fran@cis.uab.edu>. Add to the *start* of the list not the end of the list. This ensures that the *last* send sequence with this mid is returned by preference. This can happen if the mid wraps and one of the early mid numbers didn't get a reply and is still lurking on the list. Jeremy. (This used to be commit 25d739978fe9081ba0946c36901492127248e3e0)
2003-12-27Preliminary fix for our signing problem with failed NTLMSSP logins. This patchVolker Lendecke1-2/+4
solves the problem for me here, I can still successfully set up signing using NTLMSSP against w2k3 and it does not show a signing error anymoe when the password was wrong. Jeremy, you might want to take a further look at it as this is not particularly elegant. Volker (This used to be commit f5afaafd61dc7bd191225ffa8eee184125dd97c3)
2003-12-01Fix spurious error msg. when seq=0.Jeremy Allison1-0/+2
Jeremy (This used to be commit 4912ad8f18041c9c3abe2cfa67dd26a324c9c31e)
2003-12-01Better fix for client signing bug. Ensure we don't malloc/free trans signingJeremy Allison1-6/+14
state info each packet. Jeremy. (This used to be commit 818cf32d6330f7e7855ce662326003e75d4a1d46)
2003-11-25If signing starts successfully, don't just turn it off automatically ifJeremy Allison1-5/+5
it fails later. Only turn it off automatically if it fails at the start. Jeremy. (This used to be commit 4a145531c2b6353291cd25f14f5572aa31e86594)
2003-11-25When server signing is set to "auto", if the client doesn't sign justJeremy Allison1-2/+23
ignore it. Only fail if signing is set to "required". Jeremy. (This used to be commit 8916ddfc39c3e70265188926f24034152f0e7b6b)
2003-11-22Changes all over the shop, but all towards:Andrew Bartlett1-11/+15
- NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
2003-10-21Fix signing miss-sequence noticed by Stefan Metzmacher <metze@metzemix.de>Jeremy Allison1-46/+27
Jeremy. (This used to be commit 63f331564396e7a4f16dce95bb98d3b6c4b75351)
2003-10-14Enable us to see what sequence number we were expecting when we fail a signJeremy Allison1-4/+4
(should help track down out of sequence bugs). Jeremy. (This used to be commit 6e21261fe40698b2ee46c802bd1c044a909f8e5d)
2003-08-15get rid of more compiler warningsHerb Lewis1-18/+18
(This used to be commit 398bd14fc6e2f8ab2f34211270e179b8928a6669)
2003-08-07An oplock break reply from the client causes the sequence number to beJeremy Allison1-1/+40
updated by 2 if there is no open reply outstanding, else by one.... Yes - this makes no sense.... Jeremy. (This used to be commit b43ce1ff6109f6422a621329ceb713b42df40040)
2003-08-07Turns out I had my packet sequences wrong for oplock break code.Jeremy Allison1-46/+19
I was storing the mid of the oplock break - I should have been storing the mid from the open. There are thus 2 types of deferred packet sequence returns - ones that increment the sequence number (returns from oplock causing opens) and ones that don't (change notify returns etc). Running with signing forced on does lead to some interesting tests :-). Jeremy. (This used to be commit 85907f02cec566502d9e4adabbd414020a26064d)
2003-08-03Fix oplock break detection code on incoming oplock break responses. ThisJeremy Allison1-7/+15
fixes signing for oplocks. Jeremy. (This used to be commit 69c56ee8bce122839a8fec4e59198f84b0757166)
2003-08-02Ensure we don't leak any sign records on cancel of pending requests.Jeremy Allison1-0/+27
Jeremy. (This used to be commit 9a8ffc239c0f1aada713de7e9e007066738d8874)
2003-08-02Only look for mid sign records on incoming packets for oplock break replies.Jeremy Allison1-20/+28
Otherwise we find spurious mid sign records on reply_ntcancel calls (they cancel by mid). That took a *lot* of tracking down. I still need to remove the mid records from the sign state on reply_ntcancel to avoid leaking memory.... Jeremy. (This used to be commit 270bf20fe3e226ab5cfc689bd20ed4c22b2fa7e6)
2003-08-02More fixes for client and server side signing. Ensure sequence numbersJeremy Allison1-15/+42
are updated correctly on returning an error for server trans streams. Ensure we turn off client trans streams on error. Jeremy. (This used to be commit 3a789cb7f01115c37404e5a696de363287cb0e5f)
2003-08-02Leave the packet sequence checkers enabled whilst I track down a smbclient ↵Jeremy Allison1-2/+2
-> smbd sequence number problem. Jeremy. (This used to be commit 844898dbd8e99837ef1621aa73024714aa819ce4)
2003-08-02Add the same signing code to the server. Ensure we use identical sessionJeremy Allison1-12/+64
numbers and MIDs when in trans/trans2/nttrans code. Jeremy. (This used to be commit 901544b29b4d815709b3dbad3012f1d2c419d904)
2003-08-02Correct fix (removed the earlier band-aid) for what I thought was a signingJeremy Allison1-2/+65
bug with w2k. Turns out that when we're doing a trans/trans2/nttrans call the MID and send_sequence_number and reply_sequence_number must remain constant. This was something we got very wrong in earlier versions of Samba. I can now get a directory listing from WINNT\SYSTEM32 with the older earlier parameters for clilist.c This still needs to be fixed for the server side of Samba, client appears to be working happily now (I'm doing a signed smbtar download of an entire W2K3 image to test this :-). Jeremy. (This used to be commit 2093a3130d4087d0659b497eebd580e7a66e5aa3)
2003-07-31Turn the 'doing_signing' variable on - fix bug where it was only being setJeremy Allison1-1/+1
on when signing was mandatory. Jeremy. (This used to be commit 7c58673a103195435ca75ebb2684880d1f7242d3)
2003-07-27Fix commentAndrew Bartlett1-1/+1
(This used to be commit 2c395a3904395c2743df9c3035459c6f3866232d)
2003-07-25W00t! Client smb signing is now working correctly with krb5 and w2k server.Jeremy Allison1-0/+15
Server code *should* also work (I'll check shortly). May be the odd memory leak. Problem was we (a) weren't setting signing on in the client krb5 sessionsetup code (b) we need to ask for a subkey... (c). The client and server need to ask for local and remote subkeys respectively. Thanks to Paul Nelson @ Thursby for some sage advice on this :-). Jeremy. (This used to be commit 3f9e3b60709df5ab755045a093e642510d4cde00)
2003-07-24Fix packet signing with asynchronous oplock breaks. Removed bad error messageJeremy Allison1-5/+67
due to w2k bug. I think this code is now working.... Need more testing of course but works on all the obvious cases I can think of. Jeremy. (This used to be commit a6e537f6611cc1357fffea0b69901fba7c9ad6ea)
2003-07-24SMB signing is now working with change notify. Need to fix the disconnectJeremy Allison1-18/+28
when bad signature received, plus check the oplock breaks.... Jermey. (This used to be commit dd83931a00ec0a2c4b78b939c54bc101ec82312f)
2003-07-24Server side NTLM signing works - until the first async packet. Working on thisJeremy Allison1-22/+114
next.... Jeremy. (This used to be commit eff74a1fcc597497a4c70589a44c1b70e93ab549)
2003-07-23Don't check in two places for signing turned off...Jeremy Allison1-3/+0
Jeremy. (This used to be commit f4b02e52e25556e5b101d493e2e6404563bf96dd)
2003-07-18Signing so far... the client code fails on a SMBtrans2 secondary transactionJeremy Allison1-50/+114
I think (my changes haven't affected this I believe). Initial support on the server side for smbclient. Still doesn't work for w2k clients I think... Work in progress..... (don't change). Jeremy. (This used to be commit e5714edc233424c2f74edb6d658f32f8e0ec9275)
2003-07-17Correctly toggle the signing state to what it was previosly when sendingJeremy Allison1-12/+5
an oplock break. Jeremy. (This used to be commit 9515de83a864250c417cf490b7be714c8e1e127e)
2003-07-17Putting the framework for server signing in place. Ensure we don't useJeremy Allison1-5/+67
sendfile when signing (I need to add this for readbraw/writebraw too...). Jeremy. (This used to be commit f2e84f1ba67b13ff29e24a38099b559d9033a680)
2003-07-16Refactor signing code to remove most dependencies on 'struct cli'.Jeremy Allison1-92/+113
Ensure a server can't do a downgrade attack if client signing is mandatory. Add a lp_server_signing() function and a 'server signing' parameter that will act as the client one does. Jeremy (This used to be commit 203e4bf0bfb66fd9239e9a0656438a71280113cb)
2003-07-16Add API framework for server SMB signing.Jeremy Allison1-0/+21
Jeremy. (This used to be commit 61fc9a7b2eafdf8cbed1f8d9aae016b828c91a08)
2003-07-16Add krb5_princ_component to Heimdal. Remove cli_ from mark packet signed.Jeremy Allison1-5/+5
Jeremy. (This used to be commit dd46f8b22d6e8411081a1279e1cd32929e40370b)
2003-07-16Spelling.Tim Potter1-2/+2
(This used to be commit 2750418752e491c5e87f0f2adf253291e31ee4c2)
2003-07-15Added the "required" keyword to the "client signing" parameter to force itJeremy Allison1-3/+2
on. Fail if missmatch. Small format tidyups in smbd/sesssetup.c. Preparing to add signing on server side. Jeremy. (This used to be commit c390b3e4cd68cfc233ddf14d139e25d40f050f27)
2003-07-15Add a cli_ prefix to a few functions to ensure everything that takes a ↵Jeremy Allison1-10/+10
struct cli_state is so marked. Jeremy (This used to be commit 0b8724ed65799f94f2af5d1dbb9ba20f1bac53a7)
2003-07-14Fix SMB signing when using NTLMSSP...Andrew Bartlett1-91/+3
It's so simple now I know how it works - and it has nothing to do with NTLMSSP (it's just a slightly different use of the old algorithm). :-). Note: This is actually less secure then the non-NTLMSSP code, as there is no per-session random data included for NTLM logins. (NTLMv2 is better, fortunetly). Andrew Bartlett (This used to be commit 95ec8317d4c6817d192bcd52eec44a22286e10ee)
2003-06-08Rework our smb signing code again, this factors out some of the commonAndrew Bartlett1-54/+109
MAC calcuation code, and now supports multiple outstanding packets. Fixes bug #40 Andrew Bartlett (This used to be commit dd33212f1ec08f46223d6de8e5ff3140ce367a9a)
2003-05-14spellingTim Potter1-1/+1
(This used to be commit 865c11275685c85124b506c9bbd2a8bde2e760b9)
2003-05-07SMB Signing with NTLMv2 works!Andrew Bartlett1-11/+2
(well, under certain conditions :-) There is no length limit on the size of the authentication response added into the MD5 hash. (We had previously limited this to lengths like 40, 44 or 64 in attempts to make sense of what the SNIA spec tells us). Instead, the entire authentication response is added in. Currently, this only works on a Win2k domain members with a Samba PDC, becouse our NTLMv2 code currently fails against an Win2k PDC. However, this splits the problem in half - particularly as the NTLMv2 format is known, and even has an ethereal disector! (thanks tpot). Andrew Bartlett (This used to be commit 7645d3d28afbb8eea502c0e063df3afb3aa812f4)
2003-05-04Add doco to our SMB signing code.Andrew Bartlett1-5/+32
This should make it clearer what magic numbers refer to the magic numbers in the CIFS spec, and what bits and peices are being appended into the MD5 calculation where. Andrew Bartlett (This used to be commit 7f1c271cfb04f621e36f1acf60979652e82dc6f4)
2003-04-21Merge SMB signing, cli buffer clobber and NTLMSSP signing tweaks from HEAD.Andrew Bartlett1-7/+8
(This used to be commit c6c4f69b8ddc500890a65829e1b9fb7a3e9839e9)
2003-04-20Merge a trivial fix across from HEAD. Not that thisVolker Lendecke1-1/+1
would work now... Volker (This used to be commit 8c70f657cfb2f2b32fbaa31112d7953a3a6dc775)
2003-03-30Merge from HEAD - leave the SMB buffer untouched when checking it's SMB sig.Andrew Bartlett1-10/+26
Andrew Bartlett (This used to be commit 3d4c4b6cb3f4850f0801f140ea3dad2c8423ee52)
2003-03-18Removed unused var.Jeremy Allison1-2/+0
Jeremy. (This used to be commit f93c64b5ca1bc21f5fa89200034cd82dcbc0910b)
2003-03-14We haven't implemented The Singing Contexts so far.Rafal Szczesniak1-1/+1
Who knows what .NET server brings, though ...? ;-) Rafal (This used to be commit d81b0d26903004be6a99ac029dd531fd18947268)
2003-03-10Further work on NTLMSSP-based SMB signing. Current status is that I cannnotAndrew Bartlett1-30/+150
get Win2k to send a valid signiture in it's session setup reply - which it will give to win2k clients. So, I need to look at becoming 'more like MS', but for now I'll get this code into the tree. It's actually based on the TNG cli_pipe_ntlmssp.c, as it was slightly easier to understand than our own (but only the utility functions remain in any way intact...). This includes the mysical 'NTLM2' code - I have no idea if it actually works. (I couldn't get TNG to use it for its pipes either). Andrew Bartlett (This used to be commit a034a5e381ba5612be21e2ba640d11f82cd945da)
2003-03-09Try not to clobber the session request.Andrew Bartlett1-3/+15
(This used to be commit 05cffbee56f0556f550b4d14f3111bd7db972621)