}
if (!cli_check_sign_mac(cli)) {
- DEBUG(0, ("SMB Signiture verification failed on incoming packet!\n"));
+ DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
+ cli->smb_rw_error = READ_BAD_SIG;
+ close(cli->fd);
+ cli->fd = -1;
return False;
};
return True;
if (getenv("CLI_FORCE_DOSERR"))
cli->force_dos_errors = True;
- /* initialise signing */
- cli_null_set_signing(cli);
-
if (lp_client_signing())
cli->sign_info.allow_smb_signing = True;
memset(cli->outbuf, 0, cli->bufsize);
memset(cli->inbuf, 0, cli->bufsize);
+ /* just becouse we over-allocate, doesn't mean it's right to use it */
+ clobber_region(FUNCTION_MACRO, __LINE__, cli->outbuf+cli->bufsize, SAFETY_MARGIN);
+ clobber_region(FUNCTION_MACRO, __LINE__, cli->inbuf+cli->bufsize, SAFETY_MARGIN);
+
+ /* initialise signing */
+ cli_null_set_signing(cli);
+
cli->nt_pipe_fnum = 0;
cli->saved_netlogon_pipe_fnum = 0;
break;
case READ_EOF:
slprintf(cli_error_message, sizeof(cli_error_message) - 1,
- "Call returned zero bytes (EOF)\n" );
+ "Call returned zero bytes (EOF)" );
break;
case READ_ERROR:
slprintf(cli_error_message, sizeof(cli_error_message) - 1,
- "Read error: %s\n", strerror(errno) );
+ "Read error: %s", strerror(errno) );
break;
case WRITE_ERROR:
slprintf(cli_error_message, sizeof(cli_error_message) - 1,
- "Write error: %s\n", strerror(errno) );
+ "Write error: %s", strerror(errno) );
break;
- default:
+ case READ_BAD_SIG:
+ slprintf(cli_error_message, sizeof(cli_error_message) - 1,
+ "Server packet had invalid SMB signiture!");
+ break;
+ default:
slprintf(cli_error_message, sizeof(cli_error_message) - 1,
"Unknown error code %d\n", cli->smb_rw_error );
break;
} else if (ntlmssp_command == NTLMSSP_AUTH) {
return ntlmssp_server_auth(ntlmssp_state, request, reply);
} else {
- DEBUG(1, ("unknown NTLMSSP command %u expected %u\n", ntlmssp_command, ntlmssp_state->expected_state));
+ DEBUG(1, ("unknown NTLMSSP command %u, expected %u\n", ntlmssp_command, ntlmssp_state->expected_state));
return NT_STATUS_INVALID_PARAMETER;
}
}
calc_hash(hash, digest, 16);
}
+enum ntlmssp_direction {
+ NTLMSSP_SEND,
+ NTLMSSP_RECEIVE
+};
+
static NTSTATUS ntlmssp_make_packet_signiture(NTLMSSP_CLIENT_STATE *ntlmssp_state,
const uchar *data, size_t length,
+ enum ntlmssp_direction direction,
DATA_BLOB *sig)
{
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
if (!msrpc_gen(sig, "Bd", digest, sizeof(digest), ntlmssp_state->ntlmssp_seq_num)) {
return NT_STATUS_NO_MEMORY;
}
-
- NTLMSSPcalc_ap(ntlmssp_state->cli_seal_hash, sig->data, sig->length);
+ switch (direction) {
+ case NTLMSSP_SEND:
+ NTLMSSPcalc_ap(ntlmssp_state->cli_sign_hash, sig->data, sig->length);
+ break;
+ case NTLMSSP_RECEIVE:
+ NTLMSSPcalc_ap(ntlmssp_state->srv_sign_hash, sig->data, sig->length);
+ break;
+ }
} else {
uint32 crc;
crc = crc32_calc_buffer(data, length);
DATA_BLOB *sig)
{
ntlmssp_state->ntlmssp_seq_num++;
- return ntlmssp_make_packet_signiture(ntlmssp_state, data, length, sig);
+ return ntlmssp_make_packet_signiture(ntlmssp_state, data, length, NTLMSSP_SEND, sig);
}
/**
}
nt_status = ntlmssp_make_packet_signiture(ntlmssp_state, data,
- length, &local_sig);
+ length, NTLMSSP_RECEIVE, &local_sig);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("NTLMSSP packet check failed with %s\n", nt_errstr(nt_status)));
if (memcmp(sig->data, local_sig.data, MIN(sig->length, local_sig.length)) == 0) {
return NT_STATUS_OK;
} else {
+ DEBUG(5, ("BAD SIG: wanted signature of\n"));
+ dump_data(5, local_sig.data, local_sig.length);
+
+ DEBUG(5, ("BAD SIG: got signature of\n"));
+ dump_data(5, sig->data, sig->length);
+
DEBUG(0, ("NTLMSSP packet check failed due to invalid signiture!\n"));
return NT_STATUS_ACCESS_DENIED;
}
SIVAL(sequence_buf, 0, data->reply_seq_num);
SIVAL(sequence_buf, 4, 0);
- if (smb_len(cli->inbuf) < (offset_end_of_sig - 4)) {
- DEBUG(1, ("Can't check signature on short packet! smb_len = %u\n", smb_len(cli->inbuf)));
- return False;
- }
-
/* get a copy of the server-sent mac */
memcpy(server_sent_mac, &cli->inbuf[smb_ss_field], sizeof(server_sent_mac));
BOOL cli_check_sign_mac(struct cli_state *cli)
{
BOOL good;
- good = cli->sign_info.check_incoming_message(cli);
-
+
+ if (smb_len(cli->inbuf) < (smb_ss_field + 8 - 4)) {
+ DEBUG(cli->sign_info.doing_signing ? 1 : 10, ("Can't check signature on short packet! smb_len = %u\n", smb_len(cli->inbuf)));
+ good = False;
+ } else {
+ good = cli->sign_info.check_incoming_message(cli);
+ }
+
if (!good) {
if (cli->sign_info.doing_signing) {
return False;
git.samba.org / ira / wip.git / commitdiff