summaryrefslogtreecommitdiff
path: root/source3/libsmb/smb_signing.c
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2003-08-02 03:06:07 +0000
committerJeremy Allison <jra@samba.org>2003-08-02 03:06:07 +0000
commit760e58cf807e099b450c83fbdb8d393d53b9dca3 (patch)
tree5c0735dc3a69c9e789becdc6fcffc4a7161f3b97 /source3/libsmb/smb_signing.c
parent2443f7ffa20a683eabb792182cb0206402ad8059 (diff)
downloadsamba-760e58cf807e099b450c83fbdb8d393d53b9dca3.tar.gz
Add the same signing code to the server. Ensure we use identical session
numbers and MIDs when in trans/trans2/nttrans code. Jeremy. (This used to be commit 901544b29b4d815709b3dbad3012f1d2c419d904)
Diffstat (limited to 'source3/libsmb/smb_signing.c')
-rw-r--r--source3/libsmb/smb_signing.c76
1 files changed, 64 insertions, 12 deletions
diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c
index 81e25cb67c8..d4c50a71f0f 100644
--- a/source3/libsmb/smb_signing.c
+++ b/source3/libsmb/smb_signing.c
@@ -477,8 +477,8 @@ void cli_signing_trans_stop(struct cli_state *cli)
if (!cli->sign_info.doing_signing)
return;
- if (data->trans_info)
- SAFE_FREE(data->trans_info);
+ SAFE_FREE(data->trans_info);
+ data->trans_info = NULL;
data->send_seq_num += 2;
}
@@ -598,10 +598,11 @@ static void srv_sign_outgoing_message(char *outbuf, struct smb_sign_info *si)
struct smb_basic_signing_context *data = si->signing_context;
uint32 send_seq_number = data->send_seq_num;
BOOL was_deferred_packet;
+ uint16 mid;
if (!si->doing_signing) {
if (si->allow_smb_signing && si->negotiated_smb_signing) {
- uint16 mid = SVAL(outbuf, smb_mid);
+ mid = SVAL(outbuf, smb_mid);
was_deferred_packet = get_sequence_for_reply(&data->outstanding_packet_list,
mid, &send_seq_number);
@@ -632,10 +633,13 @@ static void srv_sign_outgoing_message(char *outbuf, struct smb_sign_info *si)
/* mark the packet as signed - BEFORE we sign it...*/
mark_packet_signed(outbuf);
+ mid = SVAL(outbuf, smb_mid);
+
/* See if this is a reply for a deferred packet. */
- was_deferred_packet = get_sequence_for_reply(&data->outstanding_packet_list,
- SVAL(outbuf, smb_mid),
- &send_seq_number);
+ was_deferred_packet = get_sequence_for_reply(&data->outstanding_packet_list, mid, &send_seq_number);
+
+ if (data->trans_info && (data->trans_info->mid == mid))
+ send_seq_number = data->trans_info->send_seq_num;
simple_packet_signature(data, outbuf, send_seq_number, calc_md5_mac);
@@ -647,7 +651,7 @@ static void srv_sign_outgoing_message(char *outbuf, struct smb_sign_info *si)
/* cli->outbuf[smb_ss_field+2]=0;
Uncomment this to test if the remote server actually verifies signatures...*/
- if (!was_deferred_packet)
+ if (!was_deferred_packet && !data->trans_info)
data->send_seq_num++;
}
@@ -661,6 +665,7 @@ static BOOL srv_check_incoming_message(char *inbuf, struct smb_sign_info *si)
uint32 reply_seq_number;
unsigned char calc_md5_mac[16];
unsigned char *server_sent_mac;
+ uint mid;
struct smb_basic_signing_context *data = si->signing_context;
@@ -672,12 +677,16 @@ static BOOL srv_check_incoming_message(char *inbuf, struct smb_sign_info *si)
return False;
}
+ mid = SVAL(inbuf, smb_mid);
+
/* Oplock break requests store an outgoing mid in the packet list. */
- if (!get_sequence_for_reply(&data->outstanding_packet_list,
- SVAL(inbuf, smb_mid),
- &reply_seq_number)) {
- reply_seq_number = data->send_seq_num;
- data->send_seq_num++;
+ if (!get_sequence_for_reply(&data->outstanding_packet_list, mid, &reply_seq_number)) {
+ if (data->trans_info && (data->trans_info->mid == mid)) {
+ reply_seq_number = data->trans_info->reply_seq_num;
+ } else {
+ reply_seq_number = data->send_seq_num;
+ data->send_seq_num++;
+ }
}
simple_packet_signature(data, inbuf, reply_seq_number, calc_md5_mac);
@@ -810,6 +819,49 @@ BOOL srv_is_signing_active(void)
}
/***********************************************************
+ Tell server code we are in a multiple trans reply state.
+************************************************************/
+
+void srv_signing_trans_start(uint16 mid)
+{
+ struct smb_basic_signing_context *data;
+
+ if (!srv_sign_info.doing_signing)
+ return;
+
+ data = (struct smb_basic_signing_context *)srv_sign_info.signing_context;
+
+ data->trans_info = smb_xmalloc(sizeof(struct trans_info_context));
+ ZERO_STRUCTP(data->trans_info);
+
+ data->trans_info->reply_seq_num = data->send_seq_num-1;
+ data->trans_info->mid = mid;
+ data->trans_info->send_seq_num = data->send_seq_num;
+
+ /* Increment now in case we need to send a non-trans
+ * reply in the middle of the trans stream. */
+ data->send_seq_num++;
+}
+
+/***********************************************************
+ Tell server code we are out of a multiple trans reply state.
+************************************************************/
+
+void srv_signing_trans_stop(void)
+{
+ struct smb_basic_signing_context *data;
+
+ if (!srv_sign_info.doing_signing)
+ return;
+
+ data = (struct smb_basic_signing_context *)srv_sign_info.signing_context;
+
+ SAFE_FREE(data->trans_info);
+ data->trans_info = NULL;
+}
+
+
+/***********************************************************
Turn on signing from this packet onwards.
************************************************************/