2007-03-17 00:32:54 +00:00
/*
Unix SMB / CIFS implementation .
SMB Transport encryption ( sealing ) code .
Copyright ( C ) Jeremy Allison 2007.
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA .
*/
# include "includes.h"
2007-03-27 21:13:31 +00:00
/******************************************************************************
Pull out the encryption context for this packet . 0 means global context .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
NTSTATUS get_enc_ctx_num ( char * buf , uint16 * p_enc_ctx_num )
{
if ( smb_len ( buf ) < 8 ) {
return NT_STATUS_INVALID_BUFFER_SIZE ;
}
2007-03-30 22:19:51 +00:00
if ( buf [ 4 ] = = ( char ) 0xFF ) {
if ( buf [ 5 ] = = ' S ' & & buf [ 6 ] = = ' M ' & & buf [ 7 ] = = ' B ' ) {
2007-03-27 21:13:31 +00:00
/* Not an encrypted buffer. */
return NT_STATUS_NOT_FOUND ;
}
2007-03-30 22:19:51 +00:00
if ( buf [ 5 ] = = ' E ' ) {
* p_enc_ctx_num = SVAL ( buf , 6 ) ;
return NT_STATUS_OK ;
}
2007-03-27 21:13:31 +00:00
}
return NT_STATUS_INVALID_NETWORK_RESPONSE ;
}
2007-03-19 20:39:58 +00:00
/******************************************************************************
2007-03-19 22:45:35 +00:00
Generic code for client and server .
Is encryption turned on ?
2007-03-19 20:39:58 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-03-20 01:17:47 +00:00
BOOL common_encryption_on ( struct smb_trans_enc_state * es )
2007-03-19 20:39:58 +00:00
{
2007-03-19 22:45:35 +00:00
return ( ( es ! = NULL ) & & es - > enc_on ) ;
2007-03-19 20:39:58 +00:00
}
/******************************************************************************
2007-03-19 22:45:35 +00:00
Generic code for client and server .
2007-03-19 20:39:58 +00:00
NTLM decrypt an incoming buffer .
2007-03-30 22:19:51 +00:00
Abartlett tells me that SSPI puts the signature first before the encrypted
output , so cope with the same for compatibility .
2007-03-19 20:39:58 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-03-20 01:17:47 +00:00
NTSTATUS common_ntlm_decrypt_buffer ( NTLMSSP_STATE * ntlmssp_state , char * buf )
2007-03-19 20:39:58 +00:00
{
NTSTATUS status ;
2007-03-21 02:02:09 +00:00
size_t buf_len = smb_len ( buf ) + 4 ; /* Don't forget the 4 length bytes. */
2007-03-30 22:19:51 +00:00
size_t data_len ;
char * inbuf ;
2007-03-19 20:39:58 +00:00
DATA_BLOB sig ;
2007-03-21 02:02:09 +00:00
if ( buf_len < 8 + NTLMSSP_SIG_SIZE ) {
2007-03-19 20:39:58 +00:00
return NT_STATUS_BUFFER_TOO_SMALL ;
}
2007-05-07 15:07:49 +00:00
inbuf = ( char * ) smb_xmemdup ( buf , buf_len ) ;
2007-03-30 22:19:51 +00:00
2007-03-21 02:02:09 +00:00
/* Adjust for the signature. */
2007-03-30 22:19:51 +00:00
data_len = buf_len - 8 - NTLMSSP_SIG_SIZE ;
2007-03-21 02:02:09 +00:00
2007-03-30 22:19:51 +00:00
/* Point at the signature. */
sig = data_blob_const ( inbuf + 8 , NTLMSSP_SIG_SIZE ) ;
2007-03-19 20:39:58 +00:00
status = ntlmssp_unseal_packet ( ntlmssp_state ,
2007-03-30 22:19:51 +00:00
( unsigned char * ) inbuf + 8 + NTLMSSP_SIG_SIZE , /* 4 byte len + 0xFF 'E' <enc> <ctx> */
data_len ,
( unsigned char * ) inbuf + 8 + NTLMSSP_SIG_SIZE ,
data_len ,
2007-03-19 20:39:58 +00:00
& sig ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-03-30 22:19:51 +00:00
SAFE_FREE ( inbuf ) ;
2007-03-19 20:39:58 +00:00
return status ;
}
2007-03-21 02:02:09 +00:00
2007-03-30 22:19:51 +00:00
memcpy ( buf + 8 , inbuf + 8 + NTLMSSP_SIG_SIZE , data_len ) ;
2007-03-19 20:39:58 +00:00
/* Reset the length. */
2007-04-19 22:40:32 +00:00
smb_setlen ( inbuf , buf , data_len + 4 ) ;
2007-04-19 20:50:49 +00:00
SAFE_FREE ( inbuf ) ;
2007-03-17 00:32:54 +00:00
return NT_STATUS_OK ;
}
2007-03-19 20:39:58 +00:00
/******************************************************************************
2007-03-19 22:45:35 +00:00
Generic code for client and server .
2007-03-19 20:39:58 +00:00
NTLM encrypt an outgoing buffer . Return the encrypted pointer in ppbuf_out .
2007-03-30 22:19:51 +00:00
Abartlett tells me that SSPI puts the signature first before the encrypted
output , so do the same for compatibility .
2007-03-19 20:39:58 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-03-27 21:13:31 +00:00
NTSTATUS common_ntlm_encrypt_buffer ( NTLMSSP_STATE * ntlmssp_state ,
uint16 enc_ctx_num ,
char * buf ,
char * * ppbuf_out )
2007-03-19 20:39:58 +00:00
{
NTSTATUS status ;
char * buf_out ;
2007-03-30 22:19:51 +00:00
size_t data_len = smb_len ( buf ) - 4 ; /* Ignore the 0xFF SMB bytes. */
2007-03-19 20:39:58 +00:00
DATA_BLOB sig ;
* ppbuf_out = NULL ;
2007-03-30 22:19:51 +00:00
if ( data_len = = 0 ) {
2007-03-19 20:39:58 +00:00
return NT_STATUS_BUFFER_TOO_SMALL ;
}
/*
* We know smb_len can ' t return a value > 128 k , so no int overflow
* check needed .
*/
2007-03-30 22:19:51 +00:00
buf_out = SMB_XMALLOC_ARRAY ( char , 8 + NTLMSSP_SIG_SIZE + data_len ) ;
2007-03-19 20:39:58 +00:00
2007-03-30 22:19:51 +00:00
/* Copy the data from the original buffer. */
memcpy ( buf_out + 8 + NTLMSSP_SIG_SIZE , buf + 8 , data_len ) ;
2007-03-19 20:39:58 +00:00
2007-03-27 21:13:31 +00:00
smb_set_enclen ( buf_out , smb_len ( buf ) + NTLMSSP_SIG_SIZE , enc_ctx_num ) ;
2007-03-19 20:39:58 +00:00
sig = data_blob ( NULL , NTLMSSP_SIG_SIZE ) ;
status = ntlmssp_seal_packet ( ntlmssp_state ,
2007-03-30 22:19:51 +00:00
( unsigned char * ) buf_out + 8 + NTLMSSP_SIG_SIZE , /* 4 byte len + 0xFF 'S' <enc> <ctx> */
data_len ,
( unsigned char * ) buf_out + 8 + NTLMSSP_SIG_SIZE ,
data_len ,
2007-03-19 20:39:58 +00:00
& sig ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
data_blob_free ( & sig ) ;
SAFE_FREE ( buf_out ) ;
return status ;
}
2007-03-30 22:19:51 +00:00
/* First 16 data bytes are signature for SSPI compatibility. */
memcpy ( buf_out + 8 , sig . data , NTLMSSP_SIG_SIZE ) ;
2007-03-19 20:39:58 +00:00
* ppbuf_out = buf_out ;
2007-03-17 00:32:54 +00:00
return NT_STATUS_OK ;
}
2007-03-19 20:39:58 +00:00
/******************************************************************************
2007-03-19 22:45:35 +00:00
Generic code for client and server .
2007-03-22 00:08:22 +00:00
gss - api decrypt an incoming buffer . We insist that the size of the
unwrapped buffer must be smaller or identical to the incoming buffer .
2007-03-19 20:39:58 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-03-21 19:15:14 +00:00
# if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
2007-03-30 23:23:45 +00:00
static NTSTATUS common_gss_decrypt_buffer ( struct smb_tran_enc_state_gss * gss_state , char * buf )
2007-03-19 22:45:35 +00:00
{
2007-03-27 00:50:53 +00:00
gss_ctx_id_t gss_ctx = gss_state - > gss_ctx ;
2007-03-22 00:08:22 +00:00
OM_uint32 ret = 0 ;
OM_uint32 minor = 0 ;
int flags_got = 0 ;
gss_buffer_desc in_buf , out_buf ;
size_t buf_len = smb_len ( buf ) + 4 ; /* Don't forget the 4 length bytes. */
if ( buf_len < 8 ) {
return NT_STATUS_BUFFER_TOO_SMALL ;
}
in_buf . value = buf + 8 ;
in_buf . length = buf_len - 8 ;
ret = gss_unwrap ( & minor ,
2007-03-27 00:50:53 +00:00
gss_ctx ,
2007-03-22 00:08:22 +00:00
& in_buf ,
& out_buf ,
& flags_got , /* did we get sign+seal ? */
( gss_qop_t * ) NULL ) ;
if ( ret ! = GSS_S_COMPLETE ) {
ADS_STATUS adss = ADS_ERROR_GSS ( ret , minor ) ;
DEBUG ( 0 , ( " common_gss_encrypt_buffer: gss_unwrap failed. Error %s \n " ,
ads_errstr ( adss ) ) ) ;
2007-04-19 01:26:38 +00:00
return map_nt_error_from_gss ( ret , minor ) ;
2007-03-22 00:08:22 +00:00
}
if ( out_buf . length > in_buf . length ) {
DEBUG ( 0 , ( " common_gss_encrypt_buffer: gss_unwrap size (%u) too large (%u) ! \n " ,
( unsigned int ) out_buf . length ,
( unsigned int ) in_buf . length ) ) ;
gss_release_buffer ( & minor , & out_buf ) ;
return NT_STATUS_INVALID_PARAMETER ;
}
memcpy ( buf + 8 , out_buf . value , out_buf . length ) ;
2007-05-07 15:07:49 +00:00
smb_setlen ( ( char * ) out_buf . value , buf , out_buf . length + 4 ) ;
2007-03-22 00:08:22 +00:00
gss_release_buffer ( & minor , & out_buf ) ;
return NT_STATUS_OK ;
2007-03-19 22:45:35 +00:00
}
/******************************************************************************
Generic code for client and server .
gss - api encrypt an outgoing buffer . Return the alloced encrypted pointer in buf_out .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-03-30 23:23:45 +00:00
static NTSTATUS common_gss_encrypt_buffer ( struct smb_tran_enc_state_gss * gss_state ,
2007-03-27 21:13:31 +00:00
uint16 enc_ctx_num ,
char * buf ,
char * * ppbuf_out )
2007-03-19 20:39:58 +00:00
{
2007-03-27 00:50:53 +00:00
gss_ctx_id_t gss_ctx = gss_state - > gss_ctx ;
2007-03-21 19:15:14 +00:00
OM_uint32 ret = 0 ;
OM_uint32 minor = 0 ;
int flags_got = 0 ;
gss_buffer_desc in_buf , out_buf ;
size_t buf_len = smb_len ( buf ) + 4 ; /* Don't forget the 4 length bytes. */
* ppbuf_out = NULL ;
if ( buf_len < 8 ) {
return NT_STATUS_BUFFER_TOO_SMALL ;
}
in_buf . value = buf + 8 ;
in_buf . length = buf_len - 8 ;
ret = gss_wrap ( & minor ,
2007-03-27 00:50:53 +00:00
gss_ctx ,
2007-03-21 19:15:14 +00:00
True , /* we want sign+seal. */
GSS_C_QOP_DEFAULT ,
& in_buf ,
& flags_got , /* did we get sign+seal ? */
& out_buf ) ;
if ( ret ! = GSS_S_COMPLETE ) {
2007-03-21 23:49:57 +00:00
ADS_STATUS adss = ADS_ERROR_GSS ( ret , minor ) ;
DEBUG ( 0 , ( " common_gss_encrypt_buffer: gss_wrap failed. Error %s \n " ,
ads_errstr ( adss ) ) ) ;
2007-04-19 01:26:38 +00:00
return map_nt_error_from_gss ( ret , minor ) ;
2007-03-21 19:15:14 +00:00
}
if ( ! flags_got ) {
/* Sign+seal not supported. */
gss_release_buffer ( & minor , & out_buf ) ;
return NT_STATUS_NOT_SUPPORTED ;
}
/* Ya see - this is why I *hate* gss-api. I don't
* want to have to malloc another buffer of the
* same size + 8 bytes just to get a continuous
* header + buffer , but gss won ' t let me pass in
* a pre - allocated buffer . Bastards ( and you know
* who you are . . . . ) . I might fix this by
* going to " encrypt_and_send " passing in a file
* descriptor and doing scatter - gather write with
* TCP cork on Linux . But I shouldn ' t have to
* bother : - * ( . JRA .
*/
2007-05-07 15:07:49 +00:00
* ppbuf_out = ( char * ) SMB_MALLOC ( out_buf . length + 8 ) ; /* We know this can't wrap. */
2007-03-21 19:15:14 +00:00
if ( ! * ppbuf_out ) {
gss_release_buffer ( & minor , & out_buf ) ;
return NT_STATUS_NO_MEMORY ;
}
memcpy ( * ppbuf_out + 8 , out_buf . value , out_buf . length ) ;
2007-03-27 21:13:31 +00:00
smb_set_enclen ( * ppbuf_out , out_buf . length + 4 , enc_ctx_num ) ;
2007-03-22 00:08:22 +00:00
2007-03-21 19:15:14 +00:00
gss_release_buffer ( & minor , & out_buf ) ;
return NT_STATUS_OK ;
2007-03-19 22:45:35 +00:00
}
# endif
/******************************************************************************
Generic code for client and server .
Encrypt an outgoing buffer . Return the alloced encrypted pointer in buf_out .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-03-20 01:17:47 +00:00
NTSTATUS common_encrypt_buffer ( struct smb_trans_enc_state * es , char * buffer , char * * buf_out )
2007-03-19 22:45:35 +00:00
{
2007-03-20 01:17:47 +00:00
if ( ! common_encryption_on ( es ) ) {
2007-03-19 20:39:58 +00:00
/* Not encrypting. */
* buf_out = buffer ;
return NT_STATUS_OK ;
}
2007-03-21 19:15:14 +00:00
switch ( es - > smb_enc_type ) {
case SMB_TRANS_ENC_NTLM :
2007-03-27 21:13:31 +00:00
return common_ntlm_encrypt_buffer ( es - > s . ntlmssp_state , es - > enc_ctx_num , buffer , buf_out ) ;
2007-03-21 19:15:14 +00:00
# if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
case SMB_TRANS_ENC_GSS :
2007-03-27 21:13:31 +00:00
return common_gss_encrypt_buffer ( es - > s . gss_state , es - > enc_ctx_num , buffer , buf_out ) ;
2007-03-19 20:39:58 +00:00
# endif
2007-03-21 19:15:14 +00:00
default :
return NT_STATUS_NOT_SUPPORTED ;
2007-03-19 20:39:58 +00:00
}
}
2007-03-19 22:45:35 +00:00
/******************************************************************************
Generic code for client and server .
Decrypt an incoming SMB buffer . Replaces the data within it .
New data must be less than or equal to the current length .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-03-20 01:17:47 +00:00
NTSTATUS common_decrypt_buffer ( struct smb_trans_enc_state * es , char * buf )
2007-03-19 22:45:35 +00:00
{
2007-03-20 01:17:47 +00:00
if ( ! common_encryption_on ( es ) ) {
2007-03-19 22:45:35 +00:00
/* Not decrypting. */
return NT_STATUS_OK ;
}
2007-03-21 00:25:08 +00:00
2007-03-21 19:15:14 +00:00
switch ( es - > smb_enc_type ) {
case SMB_TRANS_ENC_NTLM :
2007-03-22 02:24:12 +00:00
return common_ntlm_decrypt_buffer ( es - > s . ntlmssp_state , buf ) ;
2007-03-21 19:15:14 +00:00
# if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
case SMB_TRANS_ENC_GSS :
2007-03-27 00:50:53 +00:00
return common_gss_decrypt_buffer ( es - > s . gss_state , buf ) ;
2007-03-19 22:45:35 +00:00
# endif
2007-03-21 19:15:14 +00:00
default :
return NT_STATUS_NOT_SUPPORTED ;
2007-03-19 22:45:35 +00:00
}
}
2007-03-27 00:50:53 +00:00
# if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
/******************************************************************************
Shutdown a gss encryption state .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static void common_free_gss_state ( struct smb_tran_enc_state_gss * * pp_gss_state )
{
OM_uint32 minor = 0 ;
struct smb_tran_enc_state_gss * gss_state = * pp_gss_state ;
2007-03-28 01:11:27 +00:00
if ( gss_state - > creds ! = GSS_C_NO_CREDENTIAL ) {
gss_release_cred ( & minor , & gss_state - > creds ) ;
}
if ( gss_state - > gss_ctx ! = GSS_C_NO_CONTEXT ) {
gss_delete_sec_context ( & minor , & gss_state - > gss_ctx , NULL ) ;
}
2007-03-27 00:50:53 +00:00
SAFE_FREE ( * pp_gss_state ) ;
}
# endif
2007-03-19 22:45:35 +00:00
/******************************************************************************
Shutdown an encryption state .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-03-20 01:17:47 +00:00
void common_free_encryption_state ( struct smb_trans_enc_state * * pp_es )
2007-03-19 22:45:35 +00:00
{
struct smb_trans_enc_state * es = * pp_es ;
if ( es = = NULL ) {
return ;
}
if ( es - > smb_enc_type = = SMB_TRANS_ENC_NTLM ) {
2007-03-22 02:24:12 +00:00
if ( es - > s . ntlmssp_state ) {
ntlmssp_end ( & es - > s . ntlmssp_state ) ;
2007-03-20 01:17:47 +00:00
}
2007-03-19 22:45:35 +00:00
}
2007-03-21 19:15:14 +00:00
# if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
2007-03-19 22:45:35 +00:00
if ( es - > smb_enc_type = = SMB_TRANS_ENC_GSS ) {
/* Free the gss context handle. */
2007-03-27 00:50:53 +00:00
if ( es - > s . gss_state ) {
common_free_gss_state ( & es - > s . gss_state ) ;
}
2007-03-19 22:45:35 +00:00
}
# endif
SAFE_FREE ( es ) ;
* pp_es = NULL ;
}
/******************************************************************************
Free an encryption - allocated buffer .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-03-20 01:17:47 +00:00
void common_free_enc_buffer ( struct smb_trans_enc_state * es , char * buf )
2007-03-19 22:45:35 +00:00
{
2007-03-20 01:17:47 +00:00
if ( ! common_encryption_on ( es ) ) {
2007-03-19 22:45:35 +00:00
return ;
}
if ( es - > smb_enc_type = = SMB_TRANS_ENC_NTLM ) {
SAFE_FREE ( buf ) ;
return ;
}
2007-03-21 19:15:14 +00:00
# if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
2007-03-27 21:13:31 +00:00
if ( es - > smb_enc_type = = SMB_TRANS_ENC_GSS ) {
OM_uint32 min ;
gss_buffer_desc rel_buf ;
rel_buf . value = buf ;
rel_buf . length = smb_len ( buf ) + 4 ;
gss_release_buffer ( & min , & rel_buf ) ;
}
2007-03-19 22:45:35 +00:00
# endif
}
/******************************************************************************
Client side encryption .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
/******************************************************************************
Is client encryption on ?
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
BOOL cli_encryption_on ( struct cli_state * cli )
{
2007-03-27 21:13:31 +00:00
/* If we supported multiple encrytion contexts
* here we ' d look up based on tid .
*/
2007-03-20 01:17:47 +00:00
return common_encryption_on ( cli - > trans_enc_state ) ;
2007-03-19 22:45:35 +00:00
}
/******************************************************************************
Shutdown a client encryption state .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
void cli_free_encryption_context ( struct cli_state * cli )
{
2007-03-21 18:33:13 +00:00
common_free_encryption_state ( & cli - > trans_enc_state ) ;
2007-03-19 22:45:35 +00:00
}
/******************************************************************************
Free an encryption - allocated buffer .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
void cli_free_enc_buffer ( struct cli_state * cli , char * buf )
{
2007-03-27 21:13:31 +00:00
/* We know this is an smb buffer, and we
* didn ' t malloc , only copy , for a keepalive ,
* so ignore session keepalives . */
if ( CVAL ( buf , 0 ) = = SMBkeepalive ) {
return ;
}
/* If we supported multiple encrytion contexts
* here we ' d look up based on tid .
*/
2007-03-21 18:33:13 +00:00
common_free_enc_buffer ( cli - > trans_enc_state , buf ) ;
2007-03-19 22:45:35 +00:00
}
/******************************************************************************
Decrypt an incoming buffer .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
NTSTATUS cli_decrypt_message ( struct cli_state * cli )
{
2007-03-27 21:13:31 +00:00
NTSTATUS status ;
uint16 enc_ctx_num ;
/* Ignore session keepalives. */
if ( CVAL ( cli - > inbuf , 0 ) = = SMBkeepalive ) {
return NT_STATUS_OK ;
}
status = get_enc_ctx_num ( cli - > inbuf , & enc_ctx_num ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
if ( enc_ctx_num ! = cli - > trans_enc_state - > enc_ctx_num ) {
return NT_STATUS_INVALID_HANDLE ;
}
2007-03-20 01:17:47 +00:00
return common_decrypt_buffer ( cli - > trans_enc_state , cli - > inbuf ) ;
2007-03-19 22:45:35 +00:00
}
/******************************************************************************
Encrypt an outgoing buffer . Return the encrypted pointer in buf_out .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
NTSTATUS cli_encrypt_message ( struct cli_state * cli , char * * buf_out )
{
2007-03-27 21:13:31 +00:00
/* Ignore session keepalives. */
2007-03-27 22:37:42 +00:00
if ( CVAL ( cli - > outbuf , 0 ) = = SMBkeepalive ) {
2007-03-27 21:13:31 +00:00
return NT_STATUS_OK ;
}
/* If we supported multiple encrytion contexts
* here we ' d look up based on tid .
*/
2007-03-20 01:17:47 +00:00
return common_encrypt_buffer ( cli - > trans_enc_state , cli - > outbuf , buf_out ) ;
2007-03-19 22:45:35 +00:00
}