source/libcli/raw/smb_signing.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    SMB Signing Code
   4    Copyright (C) Jeremy Allison 2002.
   5    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2002-2003
   6    Copyright (C) James J Myers <myersjj@samba.org> 2003
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 2 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program; if not, write to the Free Software
  20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  21 */
  22
  23 #include "includes.h"
  24
  25 /***********************************************************
  26  SMB signing - Common code before we set a new signing implementation
  27 ************************************************************/
  28 static BOOL set_smb_signing_common(struct smbcli_transport *transport)
  29 {
  30         if (!(transport->negotiate.sec_mode &
  31               (NEGOTIATE_SECURITY_SIGNATURES_REQUIRED|NEGOTIATE_SECURITY_SIGNATURES_ENABLED))) {
  32                 return False;
  33         }
  34
  35         if (transport->negotiate.sign_info.doing_signing) {
  36                 return False;
  37         }
  38
  39         if (!transport->negotiate.sign_info.allow_smb_signing) {
  40                 return False;
  41         }
  42
  43         if (transport->negotiate.sign_info.free_signing_context)
  44                 transport->negotiate.sign_info
  45                         .free_signing_context(&transport->negotiate.sign_info);
  46
  47         /* These calls are INCOMPATIBLE with SMB signing */
  48         transport->negotiate.readbraw_supported = False;
  49         transport->negotiate.writebraw_supported = False;
  50
  51         return True;
  52 }
  53
  54 static void mark_packet_signed(struct request_buffer *out)
  55 {
  56         uint16_t flags2;
  57         flags2 = SVAL(out->hdr, HDR_FLG2);
  58         flags2 |= FLAGS2_SMB_SECURITY_SIGNATURES;
  59         SSVAL(out->hdr, HDR_FLG2, flags2);
  60 }
  61
  62 static BOOL signing_good(struct smb_signing_context *sign_info,
  63                          unsigned int seq, BOOL good)
  64 {
  65         if (good) {
  66                 if (!sign_info->doing_signing) {
  67                         sign_info->doing_signing = True;
  68                 }
  69                 if (!sign_info->seen_valid) {
  70                         sign_info->seen_valid = True;
  71                 }
  72         } else {
  73                 if (!sign_info->seen_valid) {
  74                         /* If we have never seen a good packet, just turn it off */
  75                         DEBUG(5, ("signing_good: signing negotiated but not required and peer\n"
  76                                   "isn't sending correct signatures. Turning off.\n"));
  77                         sign_info->allow_smb_signing = False;
  78                         sign_info->doing_signing = False;
  79                         if (sign_info->free_signing_context)
  80                                 sign_info->free_signing_context(sign_info);
  81                         smbcli_null_set_signing(sign_info);
  82                         return True;
  83                 } else {
  84                         /* bad packet after signing started - fail and disconnect. */
  85                         DEBUG(0, ("signing_good: BAD SIG: seq %u\n", seq));
  86                         return False;
  87                 }
  88         }
  89         return True;
  90 }
  91
  92 void sign_outgoing_message(struct request_buffer *out, DATA_BLOB *mac_key, uint_t seq_num)
  93 {
  94         uint8_t calc_md5_mac[16];
  95         struct MD5Context md5_ctx;
  96         /*
  97          * Firstly put the sequence number into the first 4 bytes.
  98          * and zero out the next 4 bytes.
  99          */
 100         SIVAL(out->hdr, HDR_SS_FIELD, seq_num);
 101         SIVAL(out->hdr, HDR_SS_FIELD + 4, 0);
 102
 103         /* mark the packet as signed - BEFORE we sign it...*/
 104         mark_packet_signed(out);
 105
 106         /* Calculate the 16 byte MAC and place first 8 bytes into the field. */
 107         MD5Init(&md5_ctx);
 108         MD5Update(&md5_ctx, mac_key->data,
 109                   mac_key->length);
 110         MD5Update(&md5_ctx,
 111                   out->buffer + NBT_HDR_SIZE,
 112                   out->size - NBT_HDR_SIZE);
 113         MD5Final(calc_md5_mac, &md5_ctx);
 114
 115         memcpy(&out->hdr[HDR_SS_FIELD], calc_md5_mac, 8);
 116
 117         DEBUG(5, ("sign_outgoing_message: SENT SIG (seq: %d): sent SMB signature of\n",
 118                   seq_num));
 119         dump_data(5, calc_md5_mac, 8);
 120 /*      req->out.hdr[HDR_SS_FIELD+2]=0;
 121         Uncomment this to test if the remote server actually verifies signitures...*/
 122 }
 123
 124 BOOL check_signed_incoming_message(struct request_buffer *in, DATA_BLOB *mac_key, uint_t seq_num)
 125 {
 126         BOOL good;
 127         uint8_t calc_md5_mac[16];
 128         uint8_t *server_sent_mac;
 129         uint8_t sequence_buf[8];
 130         struct MD5Context md5_ctx;
 131         const size_t offset_end_of_sig = (HDR_SS_FIELD + 8);
 132         int i;
 133         const int sign_range = 0;
 134
 135         /* room enough for the signature? */
 136         if (in->size < NBT_HDR_SIZE + HDR_SS_FIELD + 8) {
 137                 return False;
 138         }
 139
 140         /* its quite bogus to be guessing sequence numbers, but very useful
 141            when debugging signing implementations */
 142         for (i = 0-sign_range; i <= 0+sign_range; i++) {
 143                 /*
 144                  * Firstly put the sequence number into the first 4 bytes.
 145                  * and zero out the next 4 bytes.
 146                  */
 147                 SIVAL(sequence_buf, 0, seq_num + i);
 148                 SIVAL(sequence_buf, 4, 0);
 149
 150                 /* get a copy of the server-sent mac */
 151                 server_sent_mac = &in->hdr[HDR_SS_FIELD];
 152
 153                 /* Calculate the 16 byte MAC and place first 8 bytes into the field. */
 154                 MD5Init(&md5_ctx);
 155                 MD5Update(&md5_ctx, mac_key->data,
 156                           mac_key->length);
 157                 MD5Update(&md5_ctx, in->hdr, HDR_SS_FIELD);
 158                 MD5Update(&md5_ctx, sequence_buf, sizeof(sequence_buf));
 159
 160                 MD5Update(&md5_ctx, in->hdr + offset_end_of_sig,
 161                           in->size - NBT_HDR_SIZE - (offset_end_of_sig));
 162                 MD5Final(calc_md5_mac, &md5_ctx);
 163
 164                 good = (memcmp(server_sent_mac, calc_md5_mac, 8) == 0);
 165
 166                 if (i == 0) {
 167                         if (!good) {
 168                                 DEBUG(5, ("check_signed_incoming_message: BAD SIG (seq: %d): wanted SMB signature of\n", seq_num + i));
 169                                 dump_data(5, calc_md5_mac, 8);
 170
 171                                 DEBUG(5, ("check_signed_incoming_message: BAD SIG (seq: %d): got SMB signature of\n", seq_num + i));
 172                                 dump_data(5, server_sent_mac, 8);
 173                         } else {
 174                                 DEBUG(15, ("check_signed_incoming_message: GOOD SIG (seq: %d): got SMB signature of\n", seq_num + i));
 175                                 dump_data(5, server_sent_mac, 8);
 176                         }
 177                 }
 178
 179                 if (good) break;
 180         }
 181
 182         if (good && i != 0) {
 183                 DEBUG(0,("SIGNING OFFSET %d (should be %d)\n", i, seq_num));
 184         }
 185         return good;
 186 }
 187
 188 /***********************************************************
 189  SMB signing - Simple implementation - calculate a MAC to send.
 190 ************************************************************/
 191 static void smbcli_request_simple_sign_outgoing_message(struct smbcli_request *req)
 192 {
 193 #if 0
 194         /* enable this when packet signing is preventing you working out why valgrind
 195            says that data is uninitialised */
 196         file_save("pkt.dat", req->out.buffer, req->out.size);
 197 #endif
 198
 199         req->seq_num = req->transport->negotiate.sign_info.next_seq_num;
 200
 201         /* some requests (eg. NTcancel) are one way, and the sequence number
 202            should be increased by 1 not 2 */
 203         if (req->sign_single_increment) {
 204                 req->transport->negotiate.sign_info.next_seq_num += 1;
 205         } else {
 206                 req->transport->negotiate.sign_info.next_seq_num += 2;
 207         }
 208
 209         sign_outgoing_message(&req->out,
 210                               &req->transport->negotiate.sign_info.mac_key,
 211                               req->seq_num);
 212 }
 213
 214
 215 /***********************************************************
 216  SMB signing - Simple implementation - check a MAC sent by server.
 217 ************************************************************/
 218 static BOOL smbcli_request_simple_check_incoming_message(struct smbcli_request *req)
 219 {
 220         BOOL good = check_signed_incoming_message(&req->in,
 221                                                   &req->transport->negotiate.sign_info.mac_key,
 222                                                   req->seq_num+1);
 223
 224         return signing_good(&req->transport->negotiate.sign_info,
 225                             req->seq_num+1, good);
 226 }
 227
 228
 229 /***********************************************************
 230  SMB signing - Simple implementation - free signing context
 231 ************************************************************/
 232 static void smbcli_transport_simple_free_signing_context(struct smb_signing_context *sign_info)
 233 {
 234         data_blob_free(&sign_info->mac_key);
 235         return;
 236 }
 237
 238 /***********************************************************
 239  SMB signing - Simple implementation - setup the MAC key.
 240 ************************************************************/
 241 BOOL smbcli_simple_set_signing(struct smb_signing_context *sign_info,
 242                                const DATA_BLOB user_session_key,
 243                                const DATA_BLOB response)
 244 {
 245         if (sign_info->mandatory_signing) {
 246                 DEBUG(5, ("Mandatory SMB signing enabled!\n"));
 247         }
 248
 249         DEBUG(5, ("SMB signing enabled!\n"));
 250
 251         sign_info->mac_key = data_blob(NULL, response.length + user_session_key.length);
 252
 253         memcpy(&sign_info->mac_key.data[0], user_session_key.data, user_session_key.length);
 254
 255         if (response.length) {
 256                 memcpy(&sign_info->mac_key.data[user_session_key.length],response.data, response.length);
 257         }
 258
 259         dump_data_pw("Started Signing with key:\n", sign_info->mac_key.data, sign_info->mac_key.length);
 260
 261         /* Initialise the sequence number */
 262         sign_info->next_seq_num = 0;
 263
 264         sign_info->sign_outgoing_message = smbcli_request_simple_sign_outgoing_message;
 265         sign_info->check_incoming_message = smbcli_request_simple_check_incoming_message;
 266         sign_info->free_signing_context = smbcli_transport_simple_free_signing_context;
 267
 268         return True;
 269 }
 270
 271
 272 /***********************************************************
 273  SMB signing - Simple implementation - setup the MAC key.
 274 ************************************************************/
 275 BOOL smbcli_transport_simple_set_signing(struct smbcli_transport *transport,
 276                                       const DATA_BLOB user_session_key,
 277                                       const DATA_BLOB response)
 278 {
 279         if (!set_smb_signing_common(transport)) {
 280                 return False;
 281         }
 282
 283         return smbcli_simple_set_signing(&transport->negotiate.sign_info,
 284                                          user_session_key,
 285                                          response);
 286 }
 287
 288
 289 /***********************************************************
 290  SMB signing - NULL implementation - calculate a MAC to send.
 291 ************************************************************/
 292 static void smbcli_request_null_sign_outgoing_message(struct smbcli_request *req)
 293 {
 294         /* we can't zero out the sig, as we might be trying to send a
 295            transport request - which is NBT-level, not SMB level and doesn't
 296            have the field */
 297 }
 298
 299
 300 /***********************************************************
 301  SMB signing - NULL implementation - check a MAC sent by server.
 302 ************************************************************/
 303 static BOOL smbcli_request_null_check_incoming_message(struct smbcli_request *req)
 304 {
 305         return True;
 306 }
 307
 308
 309 /***********************************************************
 310  SMB signing - NULL implementation - free signing context
 311 ************************************************************/
 312 static void smbcli_null_free_signing_context(struct smb_signing_context *sign_info)
 313 {
 314 }
 315
 316 /**
 317  SMB signing - NULL implementation - setup the MAC key.
 318
 319  @note Used as an initialisation only - it will not correctly
 320        shut down a real signing mechanism
 321 */
 322 BOOL smbcli_null_set_signing(struct smb_signing_context *sign_info)
 323 {
 324         sign_info->sign_outgoing_message = smbcli_request_null_sign_outgoing_message;
 325         sign_info->check_incoming_message = smbcli_request_null_check_incoming_message;
 326         sign_info->free_signing_context = smbcli_null_free_signing_context;
 327
 328         return True;
 329 }
 330
 331 /***********************************************************
 332  SMB signing - TEMP implementation (send BSRSPYL during SPNEGO) - calculate a MAC to send.
 333 ************************************************************/
 334 static void smbcli_request_temp_sign_outgoing_message(struct smbcli_request *req)
 335 {
 336         /* mark the packet as signed - BEFORE we sign it...*/
 337         mark_packet_signed(&req->out);
 338
 339         /* I wonder what BSRSPYL stands for - but this is what MS
 340            actually sends! */
 341         memcpy((req->out.hdr + HDR_SS_FIELD), "BSRSPYL ", 8);
 342
 343         return;
 344 }
 345
 346 /***********************************************************
 347  SMB signing - TEMP implementation - check a MAC sent by server.
 348 ************************************************************/
 349 static BOOL smbcli_request_temp_check_incoming_message(struct smbcli_request *req)
 350 {
 351         return True;
 352 }
 353
 354 /***********************************************************
 355  SMB signing - NULL implementation - free signing context
 356 ************************************************************/
 357 static void smbcli_temp_free_signing_context(struct smb_signing_context *sign_info)
 358 {
 359         return;
 360 }
 361
 362 /**
 363  SMB signing - TEMP implementation - setup the MAC key.
 364
 365  @note Used as an initialisation only - it will not correctly
 366        shut down a real signing mechanism
 367 */
 368 BOOL smbcli_temp_set_signing(struct smbcli_transport *transport)
 369 {
 370         if (!set_smb_signing_common(transport)) {
 371                 return False;
 372         }
 373
 374         transport->negotiate.sign_info.sign_outgoing_message = smbcli_request_temp_sign_outgoing_message;
 375         transport->negotiate.sign_info.check_incoming_message = smbcli_request_temp_check_incoming_message;
 376         transport->negotiate.sign_info.free_signing_context = smbcli_temp_free_signing_context;
 377
 378         return True;
 379 }
 380
 381 /**
 382  * Free the signing context
 383  */
 384 void smbcli_transport_free_signing_context(struct smb_signing_context *sign_info)
 385 {
 386         if (sign_info->free_signing_context) {
 387                 sign_info->free_signing_context(sign_info);
 388         }
 389
 390         smbcli_null_set_signing(sign_info);
 391 }
 392
 393
 394 /**
 395  * Sign a packet with the current mechanism
 396  */
 397 void smbcli_request_calculate_sign_mac(struct smbcli_request *req)
 398 {
 399         req->transport->negotiate.sign_info.sign_outgoing_message(req);
 400 }
 401
 402
 403 /**
 404  * Check a packet with the current mechanism
 405  * @return False if we had an established signing connection
 406  *         which had a back checksum, True otherwise
 407  */
 408 BOOL smbcli_request_check_sign_mac(struct smbcli_request *req)
 409 {
 410         BOOL good;
 411
 412         if (req->in.size < (HDR_SS_FIELD + 8)) {
 413                 good = False;
 414         } else {
 415                 good = req->transport->negotiate.sign_info.check_incoming_message(req);
 416         }
 417
 418         if (!good && req->transport->negotiate.sign_info.doing_signing) {
 419                 return False;
 420         }
 421
 422         return True;
 423 }
 424
 425
 426 BOOL smbcli_init_signing(struct smbcli_transport *transport)
 427 {
 428         if (!smbcli_null_set_signing(&transport->negotiate.sign_info)) {
 429                 return False;
 430         }
 431
 432         switch (lp_client_signing()) {
 433         case SMB_SIGNING_OFF:
 434         transport->negotiate.sign_info.allow_smb_signing = False;
 435                 break;
 436         case SMB_SIGNING_SUPPORTED:
 437                 transport->negotiate.sign_info.allow_smb_signing = True;
 438                 break;
 439         case SMB_SIGNING_REQUIRED:
 440                 transport->negotiate.sign_info.allow_smb_signing = True;
 441                 transport->negotiate.sign_info.mandatory_signing = True;
 442                 break;
 443         }
 444         return True;
 445 }