GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
+#include "smbd/globals.h"
+#include "../libcli/auth/spnego.h"
/******************************************************************************
Server side encryption.
AUTH_NTLMSSP_STATE *auth_ntlmssp_state; /* Must be kept in sync with pointer in ec->ntlmssp_state. */
};
-static struct smb_srv_trans_enc_ctx *partial_srv_trans_enc_ctx;
-static struct smb_srv_trans_enc_ctx *srv_trans_enc_ctx;
+/******************************************************************************
+ Return global enc context - this must change if we ever do multiple contexts.
+******************************************************************************/
+
+uint16_t srv_enc_ctx(void)
+{
+ return srv_trans_enc_ctx->es->enc_ctx_num;
+}
/******************************************************************************
- Is server encryption on ?
+ Is this an incoming encrypted packet ?
******************************************************************************/
-BOOL srv_encryption_on(void)
+bool is_encrypted_packet(const uint8_t *inbuf)
{
- if (srv_trans_enc_ctx) {
- return common_encryption_on(srv_trans_enc_ctx->es);
+ NTSTATUS status;
+ uint16_t enc_num;
+
+ /* Ignore non-session messages or non 0xFF'E' messages. */
+ if(CVAL(inbuf,0) || !(inbuf[4] == 0xFF && inbuf[5] == 'E')) {
+ return false;
+ }
+
+ status = get_enc_ctx_num(inbuf, &enc_num);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
+
+ /* Encrypted messages are 0xFF'E'<ctx> */
+ if (srv_trans_enc_ctx && enc_num == srv_enc_ctx()) {
+ return true;
}
- return False;
+ return false;
}
/******************************************************************************
gss_OID_desc nt_hostbased_service =
{10, CONST_DISCARD(char *,"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04")};
- asprintf(&host_princ_s, "%s@%s", service, name);
- if (host_princ_s == NULL) {
+ if (asprintf(&host_princ_s, "%s@%s", service, name) == -1) {
return NT_STATUS_NO_MEMORY;
}
{
/* We know this is an smb buffer, and we
* didn't malloc, only copy, for a keepalive,
- * so ignore session keepalives. */
+ * so ignore non-session messages. */
- if(CVAL(buf,0) == SMBkeepalive) {
+ if(CVAL(buf,0)) {
return;
}
NTSTATUS srv_decrypt_buffer(char *buf)
{
- /* Ignore session keepalives. */
- if(CVAL(buf,0) == SMBkeepalive) {
+ /* Ignore non-session messages. */
+ if(CVAL(buf,0)) {
return NT_STATUS_OK;
}
{
*buf_out = buf;
- /* Ignore session keepalives. */
- if(CVAL(buf,0) == SMBkeepalive) {
+ /* Ignore non-session messages. */
+ if(CVAL(buf,0)) {
return NT_STATUS_OK;
}
data_blob_free(&auth_reply);
SAFE_FREE(*ppdata);
- *ppdata = response.data;
+ *ppdata = (unsigned char *)memdup(response.data, response.length);
+ if ((*ppdata) == NULL && response.length > 0) {
+ status = NT_STATUS_NO_MEMORY;
+ }
*p_data_size = response.length;
+ data_blob_free(&response);
+
return status;
}
#endif
Until success we do everything on the partial enc ctx.
******************************************************************************/
-static NTSTATUS srv_enc_ntlm_negotiate(unsigned char **ppdata, size_t *p_data_size, DATA_BLOB secblob, BOOL spnego_wrap)
+static NTSTATUS srv_enc_ntlm_negotiate(unsigned char **ppdata, size_t *p_data_size, DATA_BLOB secblob, bool spnego_wrap)
{
NTSTATUS status;
DATA_BLOB chal = data_blob_null;
}
SAFE_FREE(*ppdata);
- *ppdata = response.data;
+ *ppdata = (unsigned char *)memdup(response.data, response.length);
+ if ((*ppdata) == NULL && response.length > 0) {
+ status = NT_STATUS_NO_MEMORY;
+ }
*p_data_size = response.length;
+ data_blob_free(&response);
+
return status;
}
NTSTATUS status;
DATA_BLOB blob = data_blob_null;
DATA_BLOB secblob = data_blob_null;
- BOOL got_kerberos_mechanism = False;
+ char *kerb_mech = NULL;
blob = data_blob_const(*ppdata, *p_data_size);
- status = parse_spnego_mechanisms(blob, &secblob, &got_kerberos_mechanism);
+ status = parse_spnego_mechanisms(blob, &secblob, &kerb_mech);
if (!NT_STATUS_IS_OK(status)) {
return nt_status_squash(status);
}
srv_free_encryption_context(&partial_srv_trans_enc_ctx);
+ if (kerb_mech) {
+ SAFE_FREE(kerb_mech);
+
#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
- if (got_kerberos_mechanism && lp_use_kerberos_keytab() ) {
status = srv_enc_spnego_gss_negotiate(ppdata, p_data_size, secblob);
- } else
+#else
+ /* Currently we don't SPNEGO negotiate
+ * back to NTLMSSP as we do in sessionsetupX. We should... */
+ return NT_STATUS_LOGON_FAILURE;
#endif
- {
- status = srv_enc_ntlm_negotiate(ppdata, p_data_size, secblob, True);
+ } else {
+ status = srv_enc_ntlm_negotiate(ppdata, p_data_size, secblob, true);
}
data_blob_free(&secblob);
status = auth_ntlmssp_update(ec->auth_ntlmssp_state, auth, &auth_reply);
data_blob_free(&auth);
- response = spnego_gen_auth_response(&auth_reply, status, OID_NTLMSSP);
+ /* From RFC4178.
+ *
+ * supportedMech
+ *
+ * This field SHALL only be present in the first reply from the
+ * target.
+ * So set mechOID to NULL here.
+ */
+
+ response = spnego_gen_auth_response(&auth_reply, status, NULL);
data_blob_free(&auth_reply);
if (NT_STATUS_IS_OK(status)) {
}
SAFE_FREE(*ppdata);
- *ppdata = response.data;
+ *ppdata = (unsigned char *)memdup(response.data, response.length);
+ if ((*ppdata) == NULL && response.length > 0)
+ return NT_STATUS_NO_MEMORY;
*p_data_size = response.length;
+ data_blob_free(&response);
return status;
}
if (!partial_srv_trans_enc_ctx) {
/* This is the initial step. */
- status = srv_enc_ntlm_negotiate(ppdata, p_data_size, blob, False);
+ status = srv_enc_ntlm_negotiate(ppdata, p_data_size, blob, false);
if (!NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED) && !NT_STATUS_IS_OK(status)) {
srv_free_encryption_context(&partial_srv_trans_enc_ctx);
return nt_status_squash(status);
/* Return the raw blob. */
SAFE_FREE(*ppdata);
- *ppdata = response.data;
+ *ppdata = (unsigned char *)memdup(response.data, response.length);
+ if ((*ppdata) == NULL && response.length > 0)
+ return NT_STATUS_NO_MEMORY;
*p_data_size = response.length;
+ data_blob_free(&response);
return status;
}
/* Steal the partial pointer. Deliberate shallow copy. */
srv_trans_enc_ctx = partial_srv_trans_enc_ctx;
- srv_trans_enc_ctx->es->enc_on = True;
+ srv_trans_enc_ctx->es->enc_on = true;
partial_srv_trans_enc_ctx = NULL;
+
+ DEBUG(1,("srv_encryption_start: context negotiated\n"));
return NT_STATUS_OK;
}