sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00
Code

r21880: Make client and server calls into encryption code symetrical,

Browse Source 
depending on encryption context pointer.
Jeremy.
This commit is contained in:
Jeremy Allison 2007-03-19 22:45:35 +00:00 committed by Gerald (Jerry) Carter
parent 7e31b8ce21
commit d3f3ced6c8
4 changed files with 224 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
source/include/client.h
View File

@ -83,6 +83,7 @@ enum smb_trans_enc_type { SMB_TRANS_ENC_NTLM, SMB_TRANS_ENC_KRB5 };
struct smb_trans_enc_state {
enum smb_trans_enc_type smb_enc_type;
BOOL enc_on;
union {
NTLMSSP_STATE *ntlmssp_state;
#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)

4
source/lib/util_sock.c
View File

@ -789,13 +789,13 @@ BOOL send_smb(int fd, char *buffer)
if (ret <= 0) {
DEBUG(0,("Error writing %d bytes to client. %d. (%s)\n",
(int)len,(int)ret, strerror(errno) ));
srv_free_buffer(buf_out);
srv_free_enc_buffer(buf_out);
return False;
}
nwritten += ret;
}
srv_free_buffer(buf_out);
srv_free_enc_buffer(buf_out);
return True;
}

13
source/libsmb/clientgen.c
View File

@ -164,6 +164,7 @@ BOOL cli_send_smb(struct cli_state *cli)
size_t len;
size_t nwritten=0;
ssize_t ret;
char *buf_out;
/* fd == -1 causes segfaults -- Tom (tom@ninja.nl) */
if (cli->fd == -1) {
@ -172,7 +173,7 @@ BOOL cli_send_smb(struct cli_state *cli)
cli_calculate_sign_mac(cli);
status = cli_encrypt_message(cli);
status = cli_encrypt_message(cli, &buf_out);
if (!NT_STATUS_IS_OK(status)) {
close(cli->fd);
cli->fd = -1;
@ -182,11 +183,12 @@ BOOL cli_send_smb(struct cli_state *cli)
return False;
}
len = smb_len(cli->outbuf) + 4;
len = smb_len(buf_out) + 4;
while (nwritten < len) {
ret = write_socket(cli->fd,cli->outbuf+nwritten,len - nwritten);
ret = write_socket(cli->fd,buf_out+nwritten,len - nwritten);
if (ret <= 0) {
cli_free_enc_buffer(cli, buf_out);
close(cli->fd);
cli->fd = -1;
cli->smb_rw_error = WRITE_ERROR;
@ -196,6 +198,9 @@ BOOL cli_send_smb(struct cli_state *cli)
}
nwritten += ret;
}
cli_free_enc_buffer(cli, buf_out);
/* Increment the mid so we can tell between responses. */
cli->mid++;
if (!cli->mid) {
@ -447,6 +452,8 @@ void cli_shutdown(struct cli_state *cli)
SAFE_FREE(cli->inbuf);
cli_free_signing_context(cli);
cli_free_encryption_context(cli);
data_blob_free(&cli->secblob);
data_blob_free(&cli->user_session_key);

299
source/libsmb/smb_seal.c
View File

@ -20,65 +20,22 @@
#include "includes.h"
NTSTATUS cli_decrypt_message(struct cli_state *cli)
{
return NT_STATUS_OK;
}
NTSTATUS cli_encrypt_message(struct cli_state *cli)
{
return NT_STATUS_OK;
}
/* Server state if we're encrypting SMBs. If NULL then enc is off. */
static struct smb_trans_enc_state *srv_trans_enc_state;
/******************************************************************************
Is server encryption on ?
Generic code for client and server.
Is encryption turned on ?
******************************************************************************/
BOOL srv_encryption_on(void)
static BOOL internal_encryption_on(struct smb_trans_enc_state *es)
{
return srv_trans_enc_state != NULL;
return ((es != NULL) && es->enc_on);
}
/******************************************************************************
Free an encryption-allocated buffer.
******************************************************************************/
void srv_free_buffer(char *buf_out)
{
if (!srv_trans_enc_state) {
return;
}
if (srv_trans_enc_state->smb_enc_type == SMB_TRANS_ENC_NTLM) {
SAFE_FREE(buf_out);
return;
}
#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
/* gss-api free buffer.... */
#endif
}
/******************************************************************************
gss-api decrypt an incoming buffer.
******************************************************************************/
#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
static NTSTATUS srv_gss_decrypt_buffer(gss_ctx_id_t context_handle, char *buf)
{
return NT_STATUS_NOT_SUPPORTED;
}
#endif
/******************************************************************************
Generic code for client and server.
NTLM decrypt an incoming buffer.
******************************************************************************/
static NTSTATUS srv_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf)
static NTSTATUS internal_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf)
{
NTSTATUS status;
size_t orig_len = smb_len(buf);
@ -109,42 +66,11 @@ static NTSTATUS srv_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf)
}
/******************************************************************************
Decrypt an incoming buffer.
******************************************************************************/
NTSTATUS srv_decrypt_buffer(char *buf)
{
if (!srv_trans_enc_state) {
/* Not decrypting. */
return NT_STATUS_OK;
}
if (srv_trans_enc_state->smb_enc_type == SMB_TRANS_ENC_NTLM) {
return srv_ntlm_decrypt_buffer(srv_trans_enc_state->ntlmssp_state, buf);
} else {
#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
return srv_gss_decrypt_buffer(srv_trans_enc_state->context_handle, buf);
#else
return NT_STATUS_NOT_SUPPORTED;
#endif
}
}
/******************************************************************************
gss-api encrypt an outgoing buffer. Return the encrypted pointer in buf_out.
******************************************************************************/
#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
static NTSTATUS srv_gss_encrypt_buffer(gss_ctx_id_t context_handle, char *buf, char **buf_out)
{
return NT_STATUS_NOT_SUPPORTED;
}
#endif
/******************************************************************************
Generic code for client and server.
NTLM encrypt an outgoing buffer. Return the encrypted pointer in ppbuf_out.
******************************************************************************/
static NTSTATUS srv_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf, char **ppbuf_out)
static NTSTATUS internal_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf, char **ppbuf_out)
{
NTSTATUS status;
char *buf_out;
@ -192,24 +118,221 @@ static NTSTATUS srv_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf,
}
/******************************************************************************
Encrypt an outgoing buffer. Return the encrypted pointer in buf_out.
Generic code for client and server.
gss-api decrypt an incoming buffer.
******************************************************************************/
NTSTATUS srv_encrypt_buffer(char *buffer, char **buf_out)
#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
static NTSTATUS internal_gss_decrypt_buffer(gss_ctx_id_t context_handle, char *buf)
{
if (!srv_trans_enc_state) {
return NT_STATUS_NOT_SUPPORTED;
}
#endif
/******************************************************************************
Generic code for client and server.
gss-api encrypt an outgoing buffer. Return the alloced encrypted pointer in buf_out.
******************************************************************************/
#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
static NTSTATUS srv_gss_encrypt_buffer(gss_ctx_id_t context_handle, char *buf, char **buf_out)
{
return NT_STATUS_NOT_SUPPORTED;
}
#endif
/******************************************************************************
Generic code for client and server.
Encrypt an outgoing buffer. Return the alloced encrypted pointer in buf_out.
******************************************************************************/
static NTSTATUS internal_encrypt_buffer(struct smb_trans_enc_state *es, char *buffer, char **buf_out)
{
if (!internal_encryption_on(es)) {
/* Not encrypting. */
*buf_out = buffer;
return NT_STATUS_OK;
}
if (srv_trans_enc_state->smb_enc_type == SMB_TRANS_ENC_NTLM) {
return srv_ntlm_encrypt_buffer(srv_trans_enc_state->ntlmssp_state, buffer, buf_out);
if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) {
return internal_ntlm_encrypt_buffer(es->ntlmssp_state, buffer, buf_out);
} else {
#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
return srv_gss_encrypt_buffer(srv_trans_enc_state->context_handle, buffer, buf_out);
return internal_gss_encrypt_buffer(es->context_handle, buffer, buf_out);
#else
return NT_STATUS_NOT_SUPPORTED;
#endif
}
}
/******************************************************************************
Generic code for client and server.
Decrypt an incoming SMB buffer. Replaces the data within it.
New data must be less than or equal to the current length.
******************************************************************************/
static NTSTATUS internal_decrypt_buffer(struct smb_trans_enc_state *es, char *buf)
{
if (!internal_encryption_on(es)) {
/* Not decrypting. */
return NT_STATUS_OK;
}
if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) {
return internal_ntlm_decrypt_buffer(es->ntlmssp_state, buf);
} else {
#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
return internal_gss_decrypt_buffer(es->context_handle, buf);
#else
return NT_STATUS_NOT_SUPPORTED;
#endif
}
}
/******************************************************************************
Shutdown an encryption state.
******************************************************************************/
static void internal_free_encryption_context(struct smb_trans_enc_state **pp_es)
{
struct smb_trans_enc_state *es = *pp_es;
if (es == NULL) {
return;
}
if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) {
ntlmssp_end(&es->ntlmssp_state);
}
#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
if (es->smb_enc_type == SMB_TRANS_ENC_GSS) {
/* Free the gss context handle. */
}
#endif
SAFE_FREE(es);
*pp_es = NULL;
}
/******************************************************************************
Free an encryption-allocated buffer.
******************************************************************************/
static void internal_free_enc_buffer(struct smb_trans_enc_state *es, char *buf)
{
if (!internal_encryption_on(es)) {
return;
}
if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) {
SAFE_FREE(buf);
return;
}
#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
/* gss-api free buffer.... */
#endif
}
/******************************************************************************
Client side encryption.
******************************************************************************/
/******************************************************************************
Is client encryption on ?
******************************************************************************/
BOOL cli_encryption_on(struct cli_state *cli)
{
return internal_encryption_on(cli->trans_enc_state);
}
/******************************************************************************
Shutdown a client encryption state.
******************************************************************************/
void cli_free_encryption_context(struct cli_state *cli)
{
return internal_free_encryption_context(&cli->trans_enc_state);
}
/******************************************************************************
Free an encryption-allocated buffer.
******************************************************************************/
void cli_free_enc_buffer(struct cli_state *cli, char *buf)
{
return internal_free_enc_buffer(cli->trans_enc_state, buf);
}
/******************************************************************************
Decrypt an incoming buffer.
******************************************************************************/
NTSTATUS cli_decrypt_message(struct cli_state *cli)
{
return internal_decrypt_buffer(cli->trans_enc_state, cli->inbuf);
}
/******************************************************************************
Encrypt an outgoing buffer. Return the encrypted pointer in buf_out.
******************************************************************************/
NTSTATUS cli_encrypt_message(struct cli_state *cli, char **buf_out)
{
return internal_encrypt_buffer(cli->trans_enc_state, cli->outbuf, buf_out);
}
/******************************************************************************
Server side encryption.
******************************************************************************/
/******************************************************************************
Global server state.
******************************************************************************/
static struct smb_trans_enc_state *partial_srv_trans_enc_state;
static struct smb_trans_enc_state *srv_trans_enc_state;
/******************************************************************************
Is server encryption on ?
******************************************************************************/
BOOL srv_encryption_on(void)
{
return internal_encryption_on(srv_trans_enc_state);
}
/******************************************************************************
Shutdown a server encryption state.
******************************************************************************/
void srv_free_encryption_context(void)
{
return internal_free_encryption_context(&srv_trans_enc_state);
}
/******************************************************************************
Free an encryption-allocated buffer.
******************************************************************************/
void srv_free_enc_buffer(char *buf)
{
return internal_free_enc_buffer(srv_trans_enc_state, buf);
}
/******************************************************************************
Decrypt an incoming buffer.
******************************************************************************/
NTSTATUS srv_decrypt_buffer(char *buf)
{
return internal_decrypt_buffer(srv_trans_enc_state, buf);
}
/******************************************************************************
Encrypt an outgoing buffer. Return the encrypted pointer in buf_out.
******************************************************************************/
NTSTATUS srv_encrypt_buffer(char *buffer, char **buf_out)
{
return internal_encrypt_buffer(srv_trans_enc_state, buffer, buf_out);
}