sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

r21922: Fixed the build by rather horrid means. I really need

Browse Source 
to restructure libsmb/smb_signing.c so it isn't in
the base libs path but lives in libsmb instead (like
smb_seal.c does).
Jeremy.
(This used to be commit 1b828f051d)
This commit is contained in:
Jeremy Allison 2007-03-21 23:49:57 +00:00 committed by Gerald (Jerry) Carter
parent a38b34aa3b
commit 8c395be5e5
7 changed files with 81 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
source3/Makefile.in
View File

@ -258,7 +258,7 @@ LIB_WITH_PROTO_OBJ = $(VERSION_OBJ) lib/charcnv.o lib/debug.o lib/fault.o \
lib/tallocmsg.o lib/dmallocmsg.o libsmb/smb_signing.o \
lib/md5.o lib/hmacmd5.o lib/arc4.o lib/iconv.o \
nsswitch/wb_client.o $(WBCOMMON_OBJ) \
lib/pam_errors.o intl/lang_tdb.o libsmb/smb_seal.o \
lib/pam_errors.o intl/lang_tdb.o \
lib/adt_tree.o lib/gencache.o $(TDB_OBJ) \
lib/module.o lib/events.o lib/ldap_escape.o @CHARSET_STATIC@ \
lib/secdesc.o lib/util_seaccess.o lib/secace.o lib/secacl.o \
@ -313,7 +313,7 @@ LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \
libsmb/clistr.o libsmb/cliquota.o libsmb/clifsinfo.o libsmb/clidfs.o \
libsmb/smberr.o libsmb/credentials.o libsmb/pwd_cache.o \
libsmb/clioplock.o $(ERRORMAP_OBJ) libsmb/clirap2.o \
$(DOSERR_OBJ) \
libsmb/smb_seal.o $(DOSERR_OBJ) \
$(RPC_PARSE_OBJ1) $(LIBSAMBA_OBJ) $(LIBNMB_OBJ)
RPC_CLIENT_OBJ1 = rpc_client/cli_netlogon.o

57
source3/lib/util_sock.c
View File

@ -732,32 +732,32 @@ BOOL receive_smb_raw(int fd, char *buffer, unsigned int timeout)
BOOL receive_smb(int fd, char *buffer, unsigned int timeout)
{
NTSTATUS status;
if (!receive_smb_raw(fd, buffer, timeout)) {
return False;
}
status = srv_decrypt_buffer(buffer);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("receive_smb: SMB decryption failed on incoming packet! Error %s\n",
nt_errstr(status) ));
if (smb_read_error == 0) {
smb_read_error = READ_BAD_DECRYPT;
if (srv_encryption_on()) {
NTSTATUS status = srv_decrypt_buffer(buffer);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("receive_smb: SMB decryption failed on incoming packet! Error %s\n",
nt_errstr(status) ));
if (smb_read_error == 0) {
smb_read_error = READ_BAD_DECRYPT;
}
return False;
}
} else {
/* Check the incoming SMB signature. */
if (!srv_check_sign_mac(buffer, True)) {
DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n"));
if (smb_read_error == 0) {
smb_read_error = READ_BAD_SIG;
}
return False;
}
return False;
}
/* Check the incoming SMB signature. */
if (!srv_check_sign_mac(buffer, True)) {
DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n"));
if (smb_read_error == 0) {
smb_read_error = READ_BAD_SIG;
}
return False;
};
return(True);
return True;
}
/****************************************************************************
@ -766,20 +766,21 @@ BOOL receive_smb(int fd, char *buffer, unsigned int timeout)
BOOL send_smb(int fd, char *buffer)
{
NTSTATUS status;
size_t len;
size_t nwritten=0;
ssize_t ret;
char *buf_out;
char *buf_out = buffer;
/* Sign the outgoing packet if required. */
srv_calculate_sign_mac(buffer);
status = srv_encrypt_buffer(buffer, &buf_out);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("send_smb: SMB encryption failed on outgoing packet! Error %s\n",
nt_errstr(status) ));
return False;
if (!srv_encryption_on()) {
srv_calculate_sign_mac(buf_out);
} else {
NTSTATUS status = srv_encrypt_buffer(buffer, &buf_out);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("send_smb: SMB encryption failed on outgoing packet! Error %s\n",
nt_errstr(status) ));
return False;
}
}
len = smb_len(buf_out) + 4;

6
source3/libads/ads_status.c
View File

@ -84,6 +84,10 @@ NTSTATUS ads_ntstatus(ADS_STATUS status)
#ifdef HAVE_KRB5
case ENUM_ADS_ERROR_KRB5:
return krb5_to_nt_status(status.err.rc);
#endif
#ifdef HAVE_GSSAPI
case ENUM_ADS_ERROR_GSS:
return NT_STATUS_UNSUCCESSFUL;
#endif
default:
break;
@ -143,5 +147,3 @@ const char *ads_errstr(ADS_STATUS status)
}
}

20
source3/libsmb/cliconnect.c
View File

@ -742,25 +742,25 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *use
DATA_BLOB key = data_blob(ntlmssp_state->session_key.data,
ntlmssp_state->session_key.length);
DATA_BLOB null_blob = data_blob(NULL, 0);
BOOL res;
fstrcpy(cli->server_domain, ntlmssp_state->server_domain);
cli_set_session_key(cli, ntlmssp_state->session_key);
res = cli_simple_set_signing(cli, key, null_blob);
if (!cli_encryption_on(cli)) {
BOOL res = cli_simple_set_signing(cli, key, null_blob);
data_blob_free(&key);
if (res) {
if (res) {
/* 'resign' the last message, so we get the right sequence numbers
for checking the first reply from the server */
cli_calculate_sign_mac(cli);
/* 'resign' the last message, so we get the right sequence numbers
for checking the first reply from the server */
cli_calculate_sign_mac(cli);
if (!cli_check_sign_mac(cli)) {
nt_status = NT_STATUS_ACCESS_DENIED;
if (!cli_check_sign_mac(cli)) {
nt_status = NT_STATUS_ACCESS_DENIED;
}
}
}
data_blob_free(&key);
}
/* we have a reference counter on ntlmssp_state, if we are signing

58
source3/libsmb/clientgen.c
View File

@ -57,7 +57,6 @@ int cli_set_port(struct cli_state *cli, int port)
static BOOL client_receive_smb(struct cli_state *cli)
{
BOOL ret;
NTSTATUS status;
int fd = cli->fd;
char *buffer = cli->inbuf;
unsigned int timeout = cli->timeout;
@ -75,14 +74,16 @@ static BOOL client_receive_smb(struct cli_state *cli)
if(CVAL(buffer,0) != SMBkeepalive)
break;
}
status = cli_decrypt_message(cli);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("SMB decryption failed on incoming packet! Error %s\n",
nt_errstr(status)));
cli->smb_rw_error = READ_BAD_DECRYPT;
close(cli->fd);
cli->fd = -1;
return False;
if (cli_encryption_on(cli)) {
NTSTATUS status = cli_decrypt_message(cli);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("SMB decryption failed on incoming packet! Error %s\n",
nt_errstr(status)));
cli->smb_rw_error = READ_BAD_DECRYPT;
close(cli->fd);
cli->fd = -1;
return False;
}
}
show_msg(buffer);
return ret;
@ -129,13 +130,15 @@ BOOL cli_receive_smb(struct cli_state *cli)
return ret;
}
if (!cli_check_sign_mac(cli)) {
DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
cli->smb_rw_error = READ_BAD_SIG;
close(cli->fd);
cli->fd = -1;
return False;
};
if (!cli_encryption_on(cli)) {
if (!cli_check_sign_mac(cli)) {
DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
cli->smb_rw_error = READ_BAD_SIG;
close(cli->fd);
cli->fd = -1;
return False;
}
}
return True;
}
@ -160,7 +163,6 @@ static ssize_t write_socket(int fd, const char *buf, size_t len)
BOOL cli_send_smb(struct cli_state *cli)
{
NTSTATUS status;
size_t len;
size_t nwritten=0;
ssize_t ret;
@ -171,16 +173,18 @@ BOOL cli_send_smb(struct cli_state *cli)
return False;
}
cli_calculate_sign_mac(cli);
status = cli_encrypt_message(cli, &buf_out);
if (!NT_STATUS_IS_OK(status)) {
close(cli->fd);
cli->fd = -1;
cli->smb_rw_error = WRITE_ERROR;
DEBUG(0,("Error in encrypting client message. Error %s\n",
nt_errstr(status) ));
return False;
if (cli_encryption_on(cli)) {
NTSTATUS status = cli_encrypt_message(cli, &buf_out);
if (!NT_STATUS_IS_OK(status)) {
close(cli->fd);
cli->fd = -1;
cli->smb_rw_error = WRITE_ERROR;
DEBUG(0,("Error in encrypting client message. Error %s\n",
nt_errstr(status) ));
return False;
}
} else {
cli_calculate_sign_mac(cli);
}
len = smb_len(buf_out) + 4;

5
source3/libsmb/smb_seal.c
View File

@ -163,8 +163,11 @@ NTSTATUS common_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf, cha
&out_buf);
if (ret != GSS_S_COMPLETE) {
ADS_STATUS adss = ADS_ERROR_GSS(ret, minor);
DEBUG(0,("common_gss_encrypt_buffer: gss_wrap failed. Error %s\n",
ads_errstr(adss) ));
/* Um - no mapping for gss-errs to NTSTATUS yet. */
return NT_STATUS_UNSUCCESSFUL;
return ads_ntstatus(adss);
}
if (!flags_got) {

31
source3/libsmb/smb_signing.c
View File

@ -585,9 +585,7 @@ void cli_free_signing_context(struct cli_state *cli)
void cli_calculate_sign_mac(struct cli_state *cli)
{
if (!cli_encryption_on(cli)) {
cli->sign_info.sign_outgoing_message(cli->outbuf, &cli->sign_info);
}
cli->sign_info.sign_outgoing_message(cli->outbuf, &cli->sign_info);
}
/**
@ -598,9 +596,6 @@ void cli_calculate_sign_mac(struct cli_state *cli)
BOOL cli_check_sign_mac(struct cli_state *cli)
{
if (cli_encryption_on(cli)) {
return True;
}
if (!cli->sign_info.check_incoming_message(cli->inbuf, &cli->sign_info, True)) {
free_signing_context(&cli->sign_info);
return False;
@ -617,9 +612,6 @@ BOOL client_set_trans_sign_state_on(struct cli_state *cli, uint16 mid)
struct smb_sign_info *si = &cli->sign_info;
struct smb_basic_signing_context *data = (struct smb_basic_signing_context *)si->signing_context;
if (cli_encryption_on(cli)) {
return True;
}
if (!si->doing_signing) {
return True;
}
@ -645,9 +637,6 @@ BOOL client_set_trans_sign_state_off(struct cli_state *cli, uint16 mid)
struct smb_sign_info *si = &cli->sign_info;
struct smb_basic_signing_context *data = (struct smb_basic_signing_context *)si->signing_context;
if (cli_encryption_on(cli)) {
return True;
}
if (!si->doing_signing) {
return True;
}
@ -813,15 +802,6 @@ BOOL srv_check_sign_mac(char *inbuf, BOOL must_be_ok)
return True;
}
/*
* If we have an encrypted transport
* don't sign - we're already doing that.
*/
if (srv_encryption_on()) {
return True;
}
return srv_sign_info.check_incoming_message(inbuf, &srv_sign_info, must_be_ok);
}
@ -836,15 +816,6 @@ void srv_calculate_sign_mac(char *outbuf)
return;
}
/*
* If we have an encrypted transport
* don't check sign - we're already doing that.
*/
if (srv_encryption_on()) {
return;
}
srv_sign_info.sign_outgoing_message(outbuf, &srv_sign_info);
}