source3/smbd/signing.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    SMB Signing Code
   4    Copyright (C) Jeremy Allison 2003.
   5    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2002-2003
   6    Copyright (C) Stefan Metzmacher 2009
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 3 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20 */
  21
  22 #include "includes.h"
  23 #include "smbd/smbd.h"
  24 #include "smbd/globals.h"
  25 #include "../libcli/smb/smb_signing.h"
  26 #include "lib/param/param.h"
  27
  28 /***********************************************************
  29  Called to validate an incoming packet from the client.
  30 ************************************************************/
  31
  32 bool srv_check_sign_mac(struct smbXsrv_connection *conn,
  33                         const char *inbuf, uint32_t *seqnum,
  34                         bool trusted_channel)
  35 {
  36         const uint8_t *inhdr;
  37         size_t len;
  38
  39         /* Check if it's a non-session message. */
  40         if(CVAL(inbuf,0)) {
  41                 return true;
  42         }
  43
  44         len = smb_len(inbuf);
  45         inhdr = (const uint8_t *)inbuf + NBT_HDR_SIZE;
  46
  47         if (trusted_channel) {
  48                 NTSTATUS status;
  49
  50                 if (len < (HDR_SS_FIELD + 8)) {
  51                         DBG_WARNING("Can't check signature "
  52                                  "on short packet! smb_len = %u\n",
  53                                  (unsigned)len);
  54                         return false;
  55                 }
  56
  57                 status = NT_STATUS(IVAL(inhdr, HDR_SS_FIELD + 4));
  58                 if (!NT_STATUS_IS_OK(status)) {
  59                         DBG_WARNING("trusted channel passed %s\n",
  60                                  nt_errstr(status));
  61                         return false;
  62                 }
  63
  64                 *seqnum = IVAL(inhdr, HDR_SS_FIELD);
  65                 return true;
  66         }
  67
  68         *seqnum = smb1_signing_next_seqnum(conn->smb1.signing_state, false);
  69         return smb1_signing_check_pdu(conn->smb1.signing_state,
  70                                      inhdr, len,
  71                                      *seqnum);
  72 }
  73
  74 /***********************************************************
  75  Called to sign an outgoing packet to the client.
  76 ************************************************************/
  77
  78 NTSTATUS srv_calculate_sign_mac(struct smbXsrv_connection *conn,
  79                                 char *outbuf, uint32_t seqnum)
  80 {
  81         uint8_t *outhdr;
  82         size_t len;
  83
  84         /* Check if it's a non-session message. */
  85         if(CVAL(outbuf,0)) {
  86                 return NT_STATUS_OK;;
  87         }
  88
  89         len = smb_len(outbuf);
  90         outhdr = (uint8_t *)outbuf + NBT_HDR_SIZE;
  91
  92         return smb1_signing_sign_pdu(conn->smb1.signing_state,
  93                                     outhdr,
  94                                     len,
  95                                     seqnum);
  96 }
  97
  98
  99 /***********************************************************
 100  Called to indicate a oneway request
 101 ************************************************************/
 102 void srv_cancel_sign_response(struct smbXsrv_connection *conn)
 103 {
 104         smb1_signing_cancel_reply(conn->smb1.signing_state, true);
 105 }
 106
 107 struct smbd_shm_signing {
 108         size_t shm_size;
 109         uint8_t *shm_pointer;
 110
 111         /* we know the signing engine will only allocate 2 chunks */
 112         uint8_t *ptr1;
 113         size_t len1;
 114         uint8_t *ptr2;
 115         size_t len2;
 116 };
 117
 118 static int smbd_shm_signing_destructor(struct smbd_shm_signing *s)
 119 {
 120         anonymous_shared_free(s->shm_pointer);
 121         return 0;
 122 }
 123
 124 static void *smbd_shm_signing_alloc(TALLOC_CTX *mem_ctx, size_t len)
 125 {
 126         struct smbd_shm_signing *s = talloc_get_type_abort(mem_ctx,
 127                                      struct smbd_shm_signing);
 128
 129         if (s->ptr1 == NULL) {
 130                 s->len1 = len;
 131                 if (len % 8) {
 132                         s->len1 += (8 - (len % 8));
 133                 }
 134                 if (s->len1 > s->shm_size) {
 135                         s->len1 = 0;
 136                         errno = ENOMEM;
 137                         return NULL;
 138                 }
 139                 s->ptr1 = s->shm_pointer;
 140                 return s->ptr1;
 141         }
 142
 143         if (s->ptr2 == NULL) {
 144                 s->len2 = len;
 145                 if (s->len2 > (s->shm_size - s->len1)) {
 146                         s->len2 = 0;
 147                         errno = ENOMEM;
 148                         return NULL;
 149                 }
 150                 s->ptr2 = s->shm_pointer + s->len1;
 151                 return s->ptr2;
 152         }
 153
 154         errno = ENOMEM;
 155         return NULL;
 156 }
 157
 158 static void smbd_shm_signing_free(TALLOC_CTX *mem_ctx, void *ptr)
 159 {
 160         struct smbd_shm_signing *s = talloc_get_type_abort(mem_ctx,
 161                                      struct smbd_shm_signing);
 162
 163         if (s->ptr2 == ptr) {
 164                 s->ptr2 = NULL;
 165                 s->len2 = 0;
 166         }
 167 }
 168
 169 /***********************************************************
 170  Called by server negprot when signing has been negotiated.
 171 ************************************************************/
 172
 173 static bool smb1_srv_init_signing(struct smbXsrv_connection *conn)
 174 {
 175         bool allowed = true;
 176         bool desired;
 177         bool mandatory = false;
 178
 179         struct loadparm_context *lp_ctx = loadparm_init_s3(conn, loadparm_s3_helpers());
 180         if (lp_ctx == NULL) {
 181                 DEBUG(10, ("loadparm_init_s3 failed\n"));
 182                 return false;
 183         }
 184
 185         /*
 186          * if the client and server allow signing,
 187          * we desire to use it.
 188          *
 189          * This matches Windows behavior and is needed
 190          * because not every client that requires signing
 191          * sends FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED.
 192          *
 193          * Note that we'll always allow signing if the client
 194          * does send FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED.
 195          */
 196
 197         desired = lpcfg_server_signing_allowed(lp_ctx, &mandatory);
 198         talloc_unlink(conn, lp_ctx);
 199
 200         if (lp_async_smb_echo_handler()) {
 201                 struct smbd_shm_signing *s;
 202
 203                 /* setup the signing state in shared memory */
 204                 s = talloc_zero(conn, struct smbd_shm_signing);
 205                 if (s == NULL) {
 206                         return false;
 207                 }
 208                 s->shm_size = 4096;
 209                 s->shm_pointer =
 210                         (uint8_t *)anonymous_shared_allocate(s->shm_size);
 211                 if (s->shm_pointer == NULL) {
 212                         talloc_free(s);
 213                         return false;
 214                 }
 215                 talloc_set_destructor(s, smbd_shm_signing_destructor);
 216                 conn->smb1.signing_state = smb1_signing_init_ex(s,
 217                                                         allowed, desired, mandatory,
 218                                                         smbd_shm_signing_alloc,
 219                                                         smbd_shm_signing_free);
 220                 if (!conn->smb1.signing_state) {
 221                         return false;
 222                 }
 223                 return true;
 224         }
 225
 226         conn->smb1.signing_state = smb1_signing_init(conn,
 227                                                     allowed, desired, mandatory);
 228         if (!conn->smb1.signing_state) {
 229                 return false;
 230         }
 231
 232         return true;
 233 }
 234
 235 static bool smb2_srv_init_signing(struct smbXsrv_connection *conn)
 236 {
 237         struct loadparm_context *lp_ctx = loadparm_init_s3(conn, loadparm_s3_helpers());
 238         if (lp_ctx == NULL) {
 239                 DBG_DEBUG("loadparm_init_s3 failed\n");
 240                 return false;
 241         }
 242
 243         /*
 244          * For SMB2 all we need to know is if signing is mandatory.
 245          * It is always allowed and desired, whatever the smb.conf says.
 246          */
 247         (void)lpcfg_server_signing_allowed(lp_ctx, &conn->smb2.signing_mandatory);
 248         talloc_unlink(conn, lp_ctx);
 249         return true;
 250 }
 251
 252 bool srv_init_signing(struct smbXsrv_connection *conn)
 253 {
 254         if (conn->protocol >= PROTOCOL_SMB2_02) {
 255                 return smb2_srv_init_signing(conn);
 256         } else {
 257                 return smb1_srv_init_signing(conn);
 258         }
 259 }
 260
 261 void srv_set_signing_negotiated(struct smbXsrv_connection *conn,
 262                                 bool allowed, bool mandatory)
 263 {
 264         smb1_signing_set_negotiated(conn->smb1.signing_state,
 265                                    allowed, mandatory);
 266 }
 267
 268 /***********************************************************
 269  Returns whether signing is active. We can't use sendfile or raw
 270  reads/writes if it is.
 271 ************************************************************/
 272
 273 bool srv_is_signing_active(struct smbXsrv_connection *conn)
 274 {
 275         return smb1_signing_is_active(conn->smb1.signing_state);
 276 }
 277
 278
 279 /***********************************************************
 280  Returns whether signing is negotiated. We can't use it unless it was
 281  in the negprot.
 282 ************************************************************/
 283
 284 bool srv_is_signing_negotiated(struct smbXsrv_connection *conn)
 285 {
 286         return smb_signing_is_negotiated(conn->smb1.signing_state);
 287 }
 288
 289 /***********************************************************
 290  Turn on signing from this packet onwards.
 291 ************************************************************/
 292
 293 void srv_set_signing(struct smbXsrv_connection *conn,
 294                      const DATA_BLOB user_session_key,
 295                      const DATA_BLOB response)
 296 {
 297         bool negotiated;
 298         bool mandatory;
 299
 300         if (!user_session_key.length)
 301                 return;
 302
 303         negotiated = smb_signing_is_negotiated(conn->smb1.signing_state);
 304         mandatory = smb1_signing_is_mandatory(conn->smb1.signing_state);
 305
 306         if (!negotiated && !mandatory) {
 307                 DEBUG(5,("srv_set_signing: signing negotiated = %u, "
 308                          "mandatory_signing = %u. Not allowing smb signing.\n",
 309                          negotiated, mandatory));
 310                 return;
 311         }
 312
 313         if (!smb1_signing_activate(conn->smb1.signing_state,
 314                                   user_session_key, response)) {
 315                 return;
 316         }
 317
 318         DEBUG(3,("srv_set_signing: turning on SMB signing: "
 319                  "signing negotiated = %u, mandatory_signing = %u.\n",
 320                  negotiated, mandatory));
 321 }
 322