From 9254bb4ef1c3c3a52ea8e935edb0e7a86ec3ea7a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 4 Jan 2008 12:56:23 -0800 Subject: Refactor the crypto code after a very helpful conversation with Volker. Mostly making sure we have data on the incoming packet type, not stored in the smb header. Jeremy. (This used to be commit c4e5a505043965eec77b5bb9bc60957e8f3b97c8) --- source3/lib/dummysmbd.c | 21 -------------- source3/lib/util_sock.c | 74 ------------------------------------------------- 2 files changed, 95 deletions(-) (limited to 'source3/lib') diff --git a/source3/lib/dummysmbd.c b/source3/lib/dummysmbd.c index 464ba92306..dbe886e3d1 100644 --- a/source3/lib/dummysmbd.c +++ b/source3/lib/dummysmbd.c @@ -51,24 +51,3 @@ NTSTATUS can_delete_directory(struct connection_struct *conn, { return NT_STATUS_OK; } - -NTSTATUS srv_decrypt_buffer(char *buf) -{ - return NT_STATUS_OK; -} - -NTSTATUS srv_encrypt_buffer(char *buffer, char **buf_out) -{ - *buf_out = buffer; - return NT_STATUS_OK; -} - -void srv_free_enc_buffer(char *buf) -{ - ; -} - -bool srv_encryption_on(void) -{ - return false; -} diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index b92cd3d624..945506ea77 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -1276,80 +1276,6 @@ ssize_t receive_smb_raw(int fd, return len; } -/**************************************************************************** - Wrapper for receive_smb_raw(). - Checks the MAC on signed packets. -****************************************************************************/ - -bool receive_smb(int fd, char *buffer, unsigned int timeout, enum smb_read_errors *pre) -{ - if (receive_smb_raw(fd, buffer, timeout, 0, pre) < 0) { - return false; - } - - if (srv_encryption_on()) { - NTSTATUS status = srv_decrypt_buffer(buffer); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("receive_smb: SMB decryption failed " - "on incoming packet! Error %s\n", - nt_errstr(status) )); - cond_set_smb_read_error(pre, SMB_READ_BAD_DECRYPT); - return false; - } - } - - /* Check the incoming SMB signature. */ - if (!srv_check_sign_mac(buffer, true)) { - DEBUG(0, ("receive_smb: SMB Signature verification " - "failed on incoming packet!\n")); - cond_set_smb_read_error(pre,SMB_READ_BAD_SIG); - return false; - } - - return true; -} - -/**************************************************************************** - Send an smb to a fd. -****************************************************************************/ - -bool send_smb(int fd, char *buffer) -{ - size_t len; - size_t nwritten=0; - ssize_t ret; - char *buf_out = buffer; - - /* Sign the outgoing packet if required. */ - srv_calculate_sign_mac(buf_out); - - if (srv_encryption_on()) { - NTSTATUS status = srv_encrypt_buffer(buffer, &buf_out); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("send_smb: SMB encryption failed " - "on outgoing packet! Error %s\n", - nt_errstr(status) )); - return false; - } - } - - len = smb_len(buf_out) + 4; - - while (nwritten < len) { - ret = write_data(fd,buf_out+nwritten,len - nwritten); - if (ret <= 0) { - DEBUG(0,("Error writing %d bytes to client. %d. (%s)\n", - (int)len,(int)ret, strerror(errno) )); - srv_free_enc_buffer(buf_out); - return false; - } - nwritten += ret; - } - - srv_free_enc_buffer(buf_out); - return true; -} - /**************************************************************************** Open a socket of the specified type, port, and address for incoming data. ****************************************************************************/ -- cgit