sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-28 01:58:17 +03:00
Code

libcli/smb2: fix per session signing state

Browse Source 
metze
(This used to be commit 8bc12dc77a59e792830d96e84a4e8d1b2c651505)
This commit is contained in:
Stefan Metzmacher 2008-06-09 21:57:41 +02:00
parent 1a4f4d2cf0
commit 35bd7a6378
4 changed files with 12 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
source4/libcli/smb2/connect.c
View File

@ -112,19 +112,19 @@ static void continue_negprot(struct smb2_request *req)
composite_error(c, NT_STATUS_ACCESS_DENIED);
return;
}
transport->signing.doing_signing = false;
transport->signing_required = false;
break;
case SMB_SIGNING_SUPPORTED:
case SMB_SIGNING_AUTO:
if (transport->negotiate.security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) {
transport->signing.doing_signing = true;
transport->signing_required = true;
} else {
transport->signing.doing_signing = false;
transport->signing_required = false;
}
break;
case SMB_SIGNING_REQUIRED:
if (transport->negotiate.security_mode & SMB2_NEGOTIATE_SIGNING_ENABLED) {
transport->signing.doing_signing = true;
transport->signing_required = true;
} else {
composite_error(c, NT_STATUS_ACCESS_DENIED);
return;

6
source4/libcli/smb2/session.c
View File

@ -187,14 +187,14 @@ static void session_request_handler(struct smb2_request *req)
return;
}
if (session->transport->signing.doing_signing) {
if (session->transport->signing_required) {
if (session->session_key.length != 16) {
DEBUG(2,("Wrong session key length %u for SMB2 signing\n",
(unsigned)session->session_key.length));
composite_error(c, NT_STATUS_ACCESS_DENIED);
return;
}
session->transport->signing.signing_started = true;
session->signing_active = true;
}
composite_done(c);
@ -218,7 +218,7 @@ struct composite_context *smb2_session_setup_spnego_send(struct smb2_session *se
ZERO_STRUCT(state->io);
state->io.in.vc_number = 0;
if (session->transport->signing.doing_signing) {
if (session->transport->signing_required) {
state->io.in.security_mode =
SMB2_NEGOTIATE_SIGNING_ENABLED | SMB2_NEGOTIATE_SIGNING_REQUIRED;
}

9
source4/libcli/smb2/smb2.h
View File

@ -27,11 +27,6 @@
struct smb2_handle;
struct smb2_signing_context {
bool doing_signing;
bool signing_started;
};
/*
information returned from the negotiate process
*/
@ -78,7 +73,8 @@ struct smb2_transport {
} oplock;
struct smbcli_options options;
struct smb2_signing_context signing;
bool signing_required;
};
@ -98,6 +94,7 @@ struct smb2_session {
struct gensec_security *gensec;
uint64_t uid;
DATA_BLOB session_key;
bool signing_active;
};

6
source4/libcli/smb2/transport.c
View File

@ -235,7 +235,7 @@ static NTSTATUS smb2_transport_finish_recv(void *private, DATA_BLOB blob)
req->in.body_size = req->in.size - (SMB2_HDR_BODY+NBT_HDR_SIZE);
req->status = NT_STATUS(IVAL(hdr, SMB2_HDR_STATUS));
if (req->session && transport->signing.doing_signing) {
if (req->session && req->session->signing_active) {
status = smb2_check_signature(&req->in,
req->session->session_key);
if (!NT_STATUS_IS_OK(status)) {
@ -352,9 +352,7 @@ void smb2_transport_send(struct smb2_request *req)
}
/* possibly sign the message */
if (req->transport->signing.doing_signing &&
req->transport->signing.signing_started &&
req->session) {
if (req->session && req->session->signing_active) {
status = smb2_sign_message(&req->out, req->session->session_key);
if (!NT_STATUS_IS_OK(status)) {
req->state = SMB2_REQUEST_ERROR;