From f1b6cd794dd5de853c4b068361a326160a3d0384 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 17 Jul 2003 00:48:21 +0000 Subject: Putting the framework for server signing in place. Ensure we don't use sendfile when signing (I need to add this for readbraw/writebraw too...). Jeremy. (This used to be commit f2e84f1ba67b13ff29e24a38099b559d9033a680) --- source3/libsmb/smb_signing.c | 72 +++++++++++++++++++++++++++++++++++++++++--- source3/param/loadparm.c | 11 ++++++- source3/smbd/negprot.c | 12 ++++++++ 3 files changed, 89 insertions(+), 6 deletions(-) diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c index 683a382369..8e3a4ff8d8 100644 --- a/source3/libsmb/smb_signing.c +++ b/source3/libsmb/smb_signing.c @@ -479,24 +479,86 @@ BOOL cli_check_sign_mac(struct cli_state *cli) SMB signing - server API's. ************************************************************/ +static struct smb_sign_info srv_sign_info = { + null_sign_outgoing_message, + null_check_incoming_message, + null_free_signing_context, + NULL, + False, + False, + False, + False +}; + +/*********************************************************** + Turn on signing after sending an oplock break. +************************************************************/ + void srv_enable_signing(void) { + srv_sign_info.doing_signing = True; } +/*********************************************************** + Turn off signing before sending an oplock break. +************************************************************/ + void srv_disable_signing(void) { + srv_sign_info.doing_signing = False; } -BOOL srv_check_sign_mac(char *buf) +/*********************************************************** + Called to validate an incoming packet from the client. +************************************************************/ + +BOOL srv_check_sign_mac(char *inbuf) { - return True; + if (!srv_sign_info.doing_signing) + return True; + + /* Check if it's a session keepalive. */ + if(CVAL(inbuf,0) == SMBkeepalive) + return True; + + if (smb_len(inbuf) < (smb_ss_field + 8 - 4)) { + DEBUG(1, ("srv_check_sign_mac: Can't check signature on short packet! smb_len = %u\n", smb_len(inbuf) )); + return False; + } + + return srv_sign_info.check_incoming_message(inbuf, &srv_sign_info); } -void srv_calculate_sign_mac(char *buf) +/*********************************************************** + Called to sign an outgoing packet to the client. +************************************************************/ + +void srv_calculate_sign_mac(char *outbuf) { + if (!srv_sign_info.doing_signing) + return; + + /* Check if it's a session keepalive. */ + /* JRA Paranioa test - do we ever generate these in the server ? */ + if(CVAL(outbuf,0) == SMBkeepalive) + return; + + /* JRA Paranioa test - we should be able to get rid of this... */ + if (smb_len(outbuf) < (smb_ss_field + 8 - 4)) { + DEBUG(1, ("srv_calculate_sign_mac: Logic error. Can't check signature on short packet! smb_len = %u\n", + smb_len(outbuf) )); + abort(); + } + + srv_sign_info.sign_outgoing_message(outbuf, &srv_sign_info); } -BOOL allow_sendfile(void) +/*********************************************************** + Returns whether signing is active. We can't use sendfile or raw + reads/writes if it is. +************************************************************/ + +BOOL srv_signing_active(void) { - return True; + return srv_sign_info.doing_signing; } diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 3739407810..1af8d51114 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -1864,7 +1864,7 @@ FN_LOCAL_BOOL(lp_inherit_acls, bInheritACLS) FN_LOCAL_BOOL(lp_use_client_driver, bUseClientDriver) FN_LOCAL_BOOL(lp_default_devmode, bDefaultDevmode) FN_LOCAL_BOOL(lp_nt_acl_support, bNTAclSupport) -FN_LOCAL_BOOL(lp_use_sendfile, bUseSendfile) +FN_LOCAL_BOOL(_lp_use_sendfile, bUseSendfile) FN_LOCAL_BOOL(lp_profile_acls, bProfileAcls) FN_LOCAL_BOOL(lp_map_acl_inherit, bMap_acl_inherit) FN_LOCAL_INTEGER(lp_create_mask, iCreate_mask) @@ -4291,3 +4291,12 @@ int lp_maxprintjobs(int snum) return maxjobs; } + +/******************************************************************* + Ensure we don't use sendfile if server smb signing is active. +********************************************************************/ + +BOOL lp_use_sendfile(int snum) +{ + return (_lp_use_sendfile(snum) && !srv_signing_active()); +} diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index f452dd845b..0b58eb3eb2 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -277,6 +277,14 @@ static int reply_nt1(char *inbuf, char *outbuf) if (global_encrypted_passwords_negotiated) secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE; + if (lp_server_signing()) { + secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED; + /* No raw mode with smb signing. */ + capabilities &= ~CAP_RAW_MODE; + if (lp_server_signing() == Required) + secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED; + } + set_message(outbuf,17,0,True); SCVAL(outbuf,smb_vwv1,secword); @@ -521,6 +529,10 @@ int reply_negprot(connection_struct *conn, DEBUG( 5, ( "negprot index=%d\n", choice ) ); + if ((lp_server_signing() == Required) && (Protocol < PROTOCOL_NT1)) { + exit_server("SMB signing is required and client negotiated a downlevel protocol"); + } + END_PROFILE(SMBnegprot); return(outsize); } -- cgit