struct smbXcli_session *sessions;
};
+struct smb2cli_session {
+ uint64_t session_id;
+ uint16_t session_flags;
+ DATA_BLOB application_key;
+ DATA_BLOB signing_key;
+ bool should_sign;
+ bool should_encrypt;
+ DATA_BLOB encryption_key;
+ DATA_BLOB decryption_key;
+ uint64_t nonce_high;
+ uint64_t nonce_low;
+};
+
struct smbXcli_session {
struct smbXcli_session *prev, *next;
struct smbXcli_conn *conn;
uint16_t session_id;
} smb1;
+ struct smb2cli_session *smb2;
+
struct {
- uint64_t session_id;
- uint16_t session_flags;
- DATA_BLOB application_key;
DATA_BLOB signing_key;
- bool should_sign;
- bool should_encrypt;
- DATA_BLOB encryption_key;
- DATA_BLOB decryption_key;
- uint64_t channel_nonce;
- uint64_t channel_next;
- DATA_BLOB channel_signing_key;
- } smb2;
+ } smb2_channel;
};
struct smbXcli_tcon {
state->tcon = tcon;
if (session) {
- uid = session->smb2.session_id;
+ uid = session->smb2->session_id;
- state->smb2.should_sign = session->smb2.should_sign;
- state->smb2.should_encrypt = session->smb2.should_encrypt;
+ state->smb2.should_sign = session->smb2->should_sign;
+ state->smb2.should_encrypt = session->smb2->should_encrypt;
if (cmd == SMB2_OP_SESSSETUP &&
- session->smb2.signing_key.length != 0) {
+ session->smb2->signing_key.length != 0) {
state->smb2.should_sign = true;
}
if (cmd == SMB2_OP_SESSSETUP &&
- session->smb2.channel_signing_key.length == 0) {
+ session->smb2_channel.signing_key.length == 0) {
state->smb2.should_encrypt = false;
}
}
* already there.
*/
if (state->smb2.should_sign) {
- signing_key = &state->session->smb2.channel_signing_key;
+ signing_key = &state->session->smb2_channel.signing_key;
}
/*
* signing key and try that one.
*/
if (signing_key && signing_key->length == 0) {
- signing_key = &state->session->smb2.signing_key;
+ signing_key = &state->session->smb2->signing_key;
}
/*
}
if (state->smb2.should_encrypt) {
- encryption_key = &state->session->smb2.encryption_key;
+ encryption_key = &state->session->smb2->encryption_key;
}
}
uint8_t *buf;
int vi;
- SBVAL(state->smb2.transform, SMB2_TF_NONCE, mid);
+ SBVAL(state->smb2.transform, SMB2_TF_NONCE,
+ state->session->smb2->nonce_low);
SBVAL(state->smb2.transform, SMB2_TF_NONCE+8,
- state->session->smb2.channel_nonce);
+ state->session->smb2->nonce_high);
+
+ state->session->smb2->nonce_low += 1;
+ if (state->session->smb2->nonce_low == 0) {
+ state->session->smb2->nonce_high += 1;
+ state->session->smb2->nonce_low += 1;
+ }
+
SBVAL(state->smb2.transform, SMB2_TF_MSG_SIZE,
reqlen);
s = conn->sessions;
for (; s; s = s->next) {
- if (s->smb2.session_id != uid) {
+ if (s->smb2->session_id != uid) {
continue;
}
break;
tf_iov[1].iov_base = (void *)hdr;
tf_iov[1].iov_len = len;
- status = smb2_signing_decrypt_pdu(s->smb2.decryption_key,
+ status = smb2_signing_decrypt_pdu(s->smb2->decryption_key,
conn->protocol,
tf_iov, 2);
if (!NT_STATUS_IS_OK(status)) {
s = state->conn->sessions;
for (; s; s = s->next) {
- if (s->smb2.session_id != uid) {
+ if (s->smb2->session_id != uid) {
continue;
}
}
last_session = session;
- signing_key = &session->smb2.channel_signing_key;
+ signing_key = &session->smb2_channel.signing_key;
}
if (opcode == SMB2_OP_SESSSETUP) {
*/
if (signing_key && signing_key->length == 0 &&
!NT_STATUS_IS_OK(status)) {
- signing_key = &session->smb2.signing_key;
+ signing_key = &session->smb2->signing_key;
}
if (signing_key && signing_key->length == 0) {
if (session == NULL) {
return NULL;
}
+ session->smb2 = talloc_zero(session, struct smb2cli_session);
+ if (session->smb2 == NULL) {
+ talloc_free(session);
+ return NULL;
+ }
talloc_set_destructor(session, smbXcli_session_destructor);
DLIST_ADD_END(conn->sessions, session, struct smbXcli_session *);
uint64_t smb2cli_session_current_id(struct smbXcli_session *session)
{
- return session->smb2.session_id;
+ return session->smb2->session_id;
}
uint16_t smb2cli_session_get_flags(struct smbXcli_session *session)
{
- return session->smb2.session_flags;
+ return session->smb2->session_flags;
}
NTSTATUS smb2cli_session_application_key(struct smbXcli_session *session,
{
*key = data_blob_null;
- if (session->smb2.application_key.length == 0) {
+ if (session->smb2->application_key.length == 0) {
return NT_STATUS_NO_USER_SESSION_KEY;
}
- *key = data_blob_dup_talloc(mem_ctx, session->smb2.application_key);
+ *key = data_blob_dup_talloc(mem_ctx, session->smb2->application_key);
if (key->data == NULL) {
return NT_STATUS_NO_MEMORY;
}
uint64_t session_id,
uint16_t session_flags)
{
- session->smb2.session_id = session_id;
- session->smb2.session_flags = session_flags;
+ session->smb2->session_id = session_id;
+ session->smb2->session_flags = session_flags;
}
NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST | SMB2_SESSION_FLAG_IS_NULL;
- if (session->smb2.session_flags & no_sign_flags) {
- session->smb2.should_sign = false;
+ if (session->smb2->session_flags & no_sign_flags) {
+ session->smb2->should_sign = false;
return NT_STATUS_OK;
}
- if (session->smb2.signing_key.length != 0) {
+ if (session->smb2->signing_key.length != 0) {
return NT_STATUS_INVALID_PARAMETER_MIX;
}
memcpy(session_key, _session_key.data,
MIN(_session_key.length, sizeof(session_key)));
- session->smb2.signing_key = data_blob_talloc(session,
+ session->smb2->signing_key = data_blob_talloc(session,
session_key,
sizeof(session_key));
- if (session->smb2.signing_key.data == NULL) {
+ if (session->smb2->signing_key.data == NULL) {
ZERO_STRUCT(session_key);
return NT_STATUS_NO_MEMORY;
}
smb2_key_derivation(session_key, sizeof(session_key),
label.data, label.length,
context.data, context.length,
- session->smb2.signing_key.data);
+ session->smb2->signing_key.data);
}
- session->smb2.encryption_key = data_blob_dup_talloc(session,
- session->smb2.signing_key);
- if (session->smb2.encryption_key.data == NULL) {
+ session->smb2->encryption_key = data_blob_dup_talloc(session,
+ session->smb2->signing_key);
+ if (session->smb2->encryption_key.data == NULL) {
ZERO_STRUCT(session_key);
return NT_STATUS_NO_MEMORY;
}
smb2_key_derivation(session_key, sizeof(session_key),
label.data, label.length,
context.data, context.length,
- session->smb2.encryption_key.data);
+ session->smb2->encryption_key.data);
}
- session->smb2.decryption_key = data_blob_dup_talloc(session,
- session->smb2.signing_key);
- if (session->smb2.decryption_key.data == NULL) {
+ session->smb2->decryption_key = data_blob_dup_talloc(session,
+ session->smb2->signing_key);
+ if (session->smb2->decryption_key.data == NULL) {
ZERO_STRUCT(session_key);
return NT_STATUS_NO_MEMORY;
}
smb2_key_derivation(session_key, sizeof(session_key),
label.data, label.length,
context.data, context.length,
- session->smb2.decryption_key.data);
+ session->smb2->decryption_key.data);
}
- session->smb2.application_key = data_blob_dup_talloc(session,
- session->smb2.signing_key);
- if (session->smb2.application_key.data == NULL) {
+ session->smb2->application_key = data_blob_dup_talloc(session,
+ session->smb2->signing_key);
+ if (session->smb2->application_key.data == NULL) {
ZERO_STRUCT(session_key);
return NT_STATUS_NO_MEMORY;
}
smb2_key_derivation(session_key, sizeof(session_key),
label.data, label.length,
context.data, context.length,
- session->smb2.application_key.data);
+ session->smb2->application_key.data);
}
ZERO_STRUCT(session_key);
- session->smb2.channel_signing_key = data_blob_dup_talloc(session,
- session->smb2.signing_key);
- if (session->smb2.channel_signing_key.data == NULL) {
+ session->smb2_channel.signing_key = data_blob_dup_talloc(session,
+ session->smb2->signing_key);
+ if (session->smb2_channel.signing_key.data == NULL) {
return NT_STATUS_NO_MEMORY;
}
- status = smb2_signing_check_pdu(session->smb2.channel_signing_key,
+ status = smb2_signing_check_pdu(session->smb2_channel.signing_key,
session->conn->protocol,
recv_iov, 3);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- session->smb2.should_sign = false;
- session->smb2.should_encrypt = false;
+ session->smb2->should_sign = false;
+ session->smb2->should_encrypt = false;
if (conn->desire_signing) {
- session->smb2.should_sign = true;
+ session->smb2->should_sign = true;
}
if (conn->smb2.server.security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) {
- session->smb2.should_sign = true;
+ session->smb2->should_sign = true;
}
- if (session->smb2.session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) {
- session->smb2.should_encrypt = true;
+ if (session->smb2->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) {
+ session->smb2->should_encrypt = true;
}
if (conn->protocol < PROTOCOL_SMB2_24) {
- session->smb2.should_encrypt = false;
+ session->smb2->should_encrypt = false;
}
if (!(conn->smb2.server.capabilities & SMB2_CAP_ENCRYPTION)) {
- session->smb2.should_encrypt = false;
+ session->smb2->should_encrypt = false;
}
- generate_random_buffer((uint8_t *)&session->smb2.channel_nonce,
- sizeof(session->smb2.channel_nonce));
- session->smb2.channel_next = 1;
+ generate_random_buffer((uint8_t *)&session->smb2->nonce_high,
+ sizeof(session->smb2->nonce_high));
+ session->smb2->nonce_low = 1;
return NT_STATUS_OK;
}
{
struct smbXcli_session *session2;
- if (session1->smb2.signing_key.length == 0) {
- return NT_STATUS_INVALID_PARAMETER_MIX;
- }
-
- if (session1->smb2.channel_next == 0) {
+ if (session1->smb2->signing_key.length == 0) {
return NT_STATUS_INVALID_PARAMETER_MIX;
}
if (session2 == NULL) {
return NT_STATUS_NO_MEMORY;
}
- session2->smb2.session_id = session1->smb2.session_id;
- session2->smb2.session_flags = session1->smb2.session_flags;
-
- session2->smb2.signing_key = data_blob_dup_talloc(session2,
- session1->smb2.signing_key);
- if (session2->smb2.signing_key.data == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- session2->smb2.application_key = data_blob_dup_talloc(session2,
- session1->smb2.application_key);
- if (session2->smb2.application_key.data == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- session2->smb2.should_sign = session1->smb2.should_sign;
- session2->smb2.should_encrypt = session1->smb2.should_encrypt;
-
- session2->smb2.channel_nonce = session1->smb2.channel_nonce;
- session2->smb2.channel_nonce += session1->smb2.channel_next;
- session1->smb2.channel_next++;
-
- session2->smb2.encryption_key = data_blob_dup_talloc(session2,
- session1->smb2.encryption_key);
- if (session2->smb2.encryption_key.data == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- session2->smb2.decryption_key = data_blob_dup_talloc(session2,
- session1->smb2.decryption_key);
- if (session2->smb2.decryption_key.data == NULL) {
+ session2->smb2 = talloc_reference(session2, session1->smb2);
+ if (session2->smb2 == NULL) {
+ talloc_free(session2);
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_INVALID_PARAMETER_MIX;
}
- if (session->smb2.channel_signing_key.length != 0) {
+ if (session->smb2_channel.signing_key.length != 0) {
return NT_STATUS_INVALID_PARAMETER_MIX;
}
memcpy(channel_key, _channel_key.data,
MIN(_channel_key.length, sizeof(channel_key)));
- session->smb2.channel_signing_key = data_blob_talloc(session,
+ session->smb2_channel.signing_key = data_blob_talloc(session,
channel_key,
sizeof(channel_key));
- if (session->smb2.channel_signing_key.data == NULL) {
+ if (session->smb2_channel.signing_key.data == NULL) {
ZERO_STRUCT(channel_key);
return NT_STATUS_NO_MEMORY;
}
smb2_key_derivation(channel_key, sizeof(channel_key),
label.data, label.length,
context.data, context.length,
- session->smb2.channel_signing_key.data);
+ session->smb2_channel.signing_key.data);
}
ZERO_STRUCT(channel_key);
- status = smb2_signing_check_pdu(session->smb2.channel_signing_key,
+ status = smb2_signing_check_pdu(session->smb2_channel.signing_key,
session->conn->protocol,
recv_iov, 3);
if (!NT_STATUS_IS_OK(status)) {
return;
}
- tcon->smb2.should_encrypt = session->smb2.should_encrypt;
+ tcon->smb2.should_encrypt = session->smb2->should_encrypt;
if (flags & SMB2_SHAREFLAG_ENCRYPT_DATA) {
tcon->smb2.should_encrypt = true;
git.samba.org / kai / samba.git / commitdiff