From ac2eeb7a8f49d389e024af82184b86e79bfd8976 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 2 Feb 2003 00:11:12 +0000
Subject: More signing updates - start checking that the server isn't being
 spoofed.

Andrew Bartlett
(This used to be commit b1c722e306533babeffeba9d8c7dcfa00e019423)
---
 source3/client/smbmount.c   |  3 +++
 source3/libsmb/clientgen.c  |  5 ++++-
 source3/libsmb/smbencrypt.c | 38 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/source3/client/smbmount.c b/source3/client/smbmount.c
index f90c56859f..573b2fe2f6 100644
--- a/source3/client/smbmount.c
+++ b/source3/client/smbmount.c
@@ -157,6 +157,9 @@ static struct cli_state *do_connection(char *the_service)
 	/* SPNEGO doesn't work till we get NTSTATUS error support */
 	c->use_spnego = False;
 
+	/* The kernel doesn't yet know how to sign it's packets */
+	c->sign_info->allow_smb_signing = False;
+
 	if (!cli_session_request(c, &calling, &called)) {
 		char *p;
 		DEBUG(0,("%d: session request to %s failed (%s)\n", 
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 3d0bad6c99..b35c7ea2ed 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -114,9 +114,12 @@ BOOL cli_receive_smb(struct cli_state *cli)
 		cli->smb_rw_error = smb_read_error;
 		close(cli->fd);
 		cli->fd = -1;
+		return ret;
 	}
 
-	return ret;
+	if (!cli_check_sign_mac(cli)) {
+		DEBUG(0, ("SMB Signiture verification failed on incoming packet!\n"));
+	};
 }
 
 /****************************************************************************
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index 022a57ef6a..a30a48a020 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -5,6 +5,7 @@
    Modified by Jeremy Allison 1995.
    Copyright (C) Jeremy Allison 1995-2000.
    Copyright (C) Luke Kennethc Casson Leighton 1996-2000.
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2002-2003
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -420,3 +421,40 @@ void cli_caclulate_sign_mac(struct cli_state *cli)
 	cli->sign_info.reply_seq_num = cli->sign_info.send_seq_num;
 	cli->sign_info.send_seq_num++;
 }
+
+/***********************************************************
+ SMB signing - check a MAC sent by server.
+************************************************************/
+
+BOOL cli_check_sign_mac(struct cli_state *cli)
+{
+	unsigned char calc_md5_mac[16];
+	unsigned char server_sent_mac[8];
+	struct MD5Context md5_ctx;
+
+	if (cli->sign_info.temp_smb_signing) {
+		return True;
+	}
+
+	if (!cli->sign_info.use_smb_signing) {
+		return True;
+	}
+
+	/*
+	 * Firstly put the sequence number into the first 4 bytes.
+	 * and zero out the next 4 bytes.
+	 */
+
+	memcpy(server_sent_mac, &cli->inbuf[smb_ss_field], sizeof(server_sent_mac));
+
+	SIVAL(cli->inbuf, smb_ss_field, cli->sign_info.reply_seq_num);
+	SIVAL(cli->inbuf, smb_ss_field + 4, 0);
+
+	/* Calculate the 16 byte MAC and place first 8 bytes into the field. */
+	MD5Init(&md5_ctx);
+	MD5Update(&md5_ctx, cli->sign_info.mac_key, cli->sign_info.mac_key_len);
+	MD5Update(&md5_ctx, cli->inbuf + 4, smb_len(cli->inbuf));
+	MD5Final(calc_md5_mac, &md5_ctx);
+
+	return (memcmp(server_sent_mac, calc_md5_mac, 8) == 0);
+}
-- 
cgit