From 1e2147fc0f677914fb2e3168b4fd4d7ddb4b9867 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 21 Apr 2003 13:00:39 +0000
Subject: Merge SMB signing, cli buffer clobber and NTLMSSP signing tweaks from
 HEAD. (This used to be commit c6c4f69b8ddc500890a65829e1b9fb7a3e9839e9)

---
 source3/libsmb/clientgen.c    | 15 +++++++++++----
 source3/libsmb/clierror.c     | 12 ++++++++----
 source3/libsmb/ntlmssp.c      |  2 +-
 source3/libsmb/ntlmssp_sign.c | 26 ++++++++++++++++++++++----
 source3/libsmb/smb_signing.c  | 15 ++++++++-------
 5 files changed, 50 insertions(+), 20 deletions(-)

(limited to 'source3/libsmb')

diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 81b3bbcab5..81cb61d757 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -118,7 +118,10 @@ BOOL cli_receive_smb(struct cli_state *cli)
 	}
 
 	if (!cli_check_sign_mac(cli)) {
-		DEBUG(0, ("SMB Signiture verification failed on incoming packet!\n"));
+		DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
+		cli->smb_rw_error = READ_BAD_SIG;
+		close(cli->fd);
+		cli->fd = -1;
 		return False;
 	};
 	return True;
@@ -259,9 +262,6 @@ struct cli_state *cli_initialise(struct cli_state *cli)
 	if (getenv("CLI_FORCE_DOSERR"))
 		cli->force_dos_errors = True;
 
-	/* initialise signing */
-	cli_null_set_signing(cli);
-
 	if (lp_client_signing()) 
 		cli->sign_info.allow_smb_signing = True;
                                    
@@ -274,6 +274,13 @@ struct cli_state *cli_initialise(struct cli_state *cli)
 	memset(cli->outbuf, 0, cli->bufsize);
 	memset(cli->inbuf, 0, cli->bufsize);
 
+	/* just becouse we over-allocate, doesn't mean it's right to use it */
+	clobber_region(FUNCTION_MACRO, __LINE__, cli->outbuf+cli->bufsize, SAFETY_MARGIN);
+	clobber_region(FUNCTION_MACRO, __LINE__, cli->inbuf+cli->bufsize, SAFETY_MARGIN);
+
+	/* initialise signing */
+	cli_null_set_signing(cli);
+
 	cli->nt_pipe_fnum = 0;
 	cli->saved_netlogon_pipe_fnum = 0;
 
diff --git a/source3/libsmb/clierror.c b/source3/libsmb/clierror.c
index cea736ef18..9ee181a90f 100644
--- a/source3/libsmb/clierror.c
+++ b/source3/libsmb/clierror.c
@@ -96,17 +96,21 @@ const char *cli_errstr(struct cli_state *cli)
 				break;
 			case READ_EOF:
 				slprintf(cli_error_message, sizeof(cli_error_message) - 1,
-					"Call returned zero bytes (EOF)\n" );
+					"Call returned zero bytes (EOF)" );
 				break;
 			case READ_ERROR:
 				slprintf(cli_error_message, sizeof(cli_error_message) - 1,
-					"Read error: %s\n", strerror(errno) );
+					"Read error: %s", strerror(errno) );
 				break;
 			case WRITE_ERROR:
 				slprintf(cli_error_message, sizeof(cli_error_message) - 1,
-					"Write error: %s\n", strerror(errno) );
+					"Write error: %s", strerror(errno) );
 				break;
-			default:
+		        case READ_BAD_SIG:
+				slprintf(cli_error_message, sizeof(cli_error_message) - 1,
+					"Server packet had invalid SMB signiture!");
+				break;
+		        default:
 				slprintf(cli_error_message, sizeof(cli_error_message) - 1,
 					"Unknown error code %d\n", cli->smb_rw_error );
 				break;
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index c179b98abf..d54655d17f 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -385,7 +385,7 @@ NTSTATUS ntlmssp_server_update(NTLMSSP_STATE *ntlmssp_state,
 	} else if (ntlmssp_command == NTLMSSP_AUTH) {
 		return ntlmssp_server_auth(ntlmssp_state, request, reply);
 	} else {
-		DEBUG(1, ("unknown NTLMSSP command %u expected %u\n", ntlmssp_command, ntlmssp_state->expected_state));
+		DEBUG(1, ("unknown NTLMSSP command %u, expected %u\n", ntlmssp_command, ntlmssp_state->expected_state));
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 }
diff --git a/source3/libsmb/ntlmssp_sign.c b/source3/libsmb/ntlmssp_sign.c
index 8f6bd0c691..86faf1f5e6 100644
--- a/source3/libsmb/ntlmssp_sign.c
+++ b/source3/libsmb/ntlmssp_sign.c
@@ -92,8 +92,14 @@ static void calc_ntlmv2_hash(unsigned char hash[16], char digest[16],
 	calc_hash(hash, digest, 16);
 }
 
+enum ntlmssp_direction {
+	NTLMSSP_SEND,
+	NTLMSSP_RECEIVE
+};
+
 static NTSTATUS ntlmssp_make_packet_signiture(NTLMSSP_CLIENT_STATE *ntlmssp_state,
 					      const uchar *data, size_t length, 
+					      enum ntlmssp_direction direction,
 					      DATA_BLOB *sig) 
 {
 	if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
@@ -110,8 +116,14 @@ static NTSTATUS ntlmssp_make_packet_signiture(NTLMSSP_CLIENT_STATE *ntlmssp_stat
 		if (!msrpc_gen(sig, "Bd", digest, sizeof(digest), ntlmssp_state->ntlmssp_seq_num)) {
 			return NT_STATUS_NO_MEMORY;
 		}
-	       
-		NTLMSSPcalc_ap(ntlmssp_state->cli_seal_hash,  sig->data, sig->length);
+		switch (direction) {
+		case NTLMSSP_SEND:
+			NTLMSSPcalc_ap(ntlmssp_state->cli_sign_hash,  sig->data, sig->length);
+			break;
+		case NTLMSSP_RECEIVE:
+			NTLMSSPcalc_ap(ntlmssp_state->srv_sign_hash,  sig->data, sig->length);
+			break;
+		}
 	} else {
 		uint32 crc;
 		crc = crc32_calc_buffer(data, length);
@@ -129,7 +141,7 @@ NTSTATUS ntlmssp_client_sign_packet(NTLMSSP_CLIENT_STATE *ntlmssp_state,
 					   DATA_BLOB *sig) 
 {
 	ntlmssp_state->ntlmssp_seq_num++;
-	return ntlmssp_make_packet_signiture(ntlmssp_state, data, length, sig);
+	return ntlmssp_make_packet_signiture(ntlmssp_state, data, length, NTLMSSP_SEND, sig);
 }
 
 /**
@@ -151,7 +163,7 @@ NTSTATUS ntlmssp_client_check_packet(NTLMSSP_CLIENT_STATE *ntlmssp_state,
 	}
 
 	nt_status = ntlmssp_make_packet_signiture(ntlmssp_state, data, 
-						  length, &local_sig);
+						  length, NTLMSSP_RECEIVE, &local_sig);
 	
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(0, ("NTLMSSP packet check failed with %s\n", nt_errstr(nt_status)));
@@ -161,6 +173,12 @@ NTSTATUS ntlmssp_client_check_packet(NTLMSSP_CLIENT_STATE *ntlmssp_state,
 	if (memcmp(sig->data, local_sig.data, MIN(sig->length, local_sig.length)) == 0) {
 		return NT_STATUS_OK;
 	} else {
+		DEBUG(5, ("BAD SIG: wanted signature of\n"));
+		dump_data(5, local_sig.data, local_sig.length);
+		
+		DEBUG(5, ("BAD SIG: got signature of\n"));
+		dump_data(5, sig->data, sig->length);
+
 		DEBUG(0, ("NTLMSSP packet check failed due to invalid signiture!\n"));
 		return NT_STATUS_ACCESS_DENIED;
 	}
diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c
index 9b473fa736..4e9b895a1b 100644
--- a/source3/libsmb/smb_signing.c
+++ b/source3/libsmb/smb_signing.c
@@ -160,11 +160,6 @@ static BOOL cli_simple_check_incoming_message(struct cli_state *cli)
 	SIVAL(sequence_buf, 0, data->reply_seq_num);
 	SIVAL(sequence_buf, 4, 0);
 
-	if (smb_len(cli->inbuf) < (offset_end_of_sig - 4)) {
-		DEBUG(1, ("Can't check signature on short packet! smb_len = %u\n", smb_len(cli->inbuf)));
-		return False;
-	}
-
 	/* get a copy of the server-sent mac */
 	memcpy(server_sent_mac, &cli->inbuf[smb_ss_field], sizeof(server_sent_mac));
 	
@@ -460,8 +455,14 @@ void cli_caclulate_sign_mac(struct cli_state *cli)
 BOOL cli_check_sign_mac(struct cli_state *cli) 
 {
 	BOOL good;
-	good = cli->sign_info.check_incoming_message(cli);
-	
+
+	if (smb_len(cli->inbuf) < (smb_ss_field + 8 - 4)) {
+		DEBUG(cli->sign_info.doing_signing ? 1 : 10, ("Can't check signature on short packet! smb_len = %u\n", smb_len(cli->inbuf)));
+		good = False;
+	} else {
+		good = cli->sign_info.check_incoming_message(cli);
+	}
+
 	if (!good) {
 		if (cli->sign_info.doing_signing) {
 			return False;
-- 
cgit