r21880: Make client and server calls into encryption code symetrical,

depending on encryption context pointer.
Jeremy.
(This used to be commit d3f3ced6c8a03d971143baf878158d671dfcbc3b)

diff --git a/source3/include/client.h b/source3/include/client.h
index 97922ba232a8bbbb717e68dba15c368802023edb..0f268834c68df0389cd0a93ca0659cd6b055257f 100644 (file)
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -83,6 +83,7 @@ enum smb_trans_enc_type { SMB_TRANS_ENC_NTLM, SMB_TRANS_ENC_KRB5 };
 
 struct smb_trans_enc_state {
        enum smb_trans_enc_type smb_enc_type;
+       BOOL enc_on;
        union {
                NTLMSSP_STATE *ntlmssp_state;
 #if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)

diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c
index 296405edd396b7a9661f0bcb5ba7f0c74ab05980..755ad3926177b4fdca3ab8c75a8d2af707c5c2f5 100644 (file)
--- a/source3/lib/util_sock.c
+++ b/source3/lib/util_sock.c
@@ -789,13 +789,13 @@ BOOL send_smb(int fd, char *buffer)
                if (ret <= 0) {
                        DEBUG(0,("Error writing %d bytes to client. %d. (%s)\n",
                                (int)len,(int)ret, strerror(errno) ));
-                       srv_free_buffer(buf_out);
+                       srv_free_enc_buffer(buf_out);
                        return False;
                }
                nwritten += ret;
        }
 
-       srv_free_buffer(buf_out);
+       srv_free_enc_buffer(buf_out);
        return True;
 }
 

diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index cdf36d9b9cc0805b26c6d34a48f0dd4913838a31..52ffdc24e794e3e9e6b3ba2b6dc546b248275bc9 100644 (file)
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -164,6 +164,7 @@ BOOL cli_send_smb(struct cli_state *cli)
        size_t len;
        size_t nwritten=0;
        ssize_t ret;
+       char *buf_out;
 
        /* fd == -1 causes segfaults -- Tom (tom@ninja.nl) */
        if (cli->fd == -1) {
@@ -172,7 +173,7 @@ BOOL cli_send_smb(struct cli_state *cli)
 
        cli_calculate_sign_mac(cli);
 
-       status = cli_encrypt_message(cli);
+       status = cli_encrypt_message(cli, &buf_out);
        if (!NT_STATUS_IS_OK(status)) {
                close(cli->fd);
                cli->fd = -1;
@@ -182,11 +183,12 @@ BOOL cli_send_smb(struct cli_state *cli)
                return False;
        }
 
-       len = smb_len(cli->outbuf) + 4;
+       len = smb_len(buf_out) + 4;
 
        while (nwritten < len) {
-               ret = write_socket(cli->fd,cli->outbuf+nwritten,len - nwritten);
+               ret = write_socket(cli->fd,buf_out+nwritten,len - nwritten);
                if (ret <= 0) {
+                       cli_free_enc_buffer(cli, buf_out);
                        close(cli->fd);
                        cli->fd = -1;
                        cli->smb_rw_error = WRITE_ERROR;
@@ -196,6 +198,9 @@ BOOL cli_send_smb(struct cli_state *cli)
                }
                nwritten += ret;
        }
+
+       cli_free_enc_buffer(cli, buf_out);
+
        /* Increment the mid so we can tell between responses. */
        cli->mid++;
        if (!cli->mid) {
@@ -447,6 +452,8 @@ void cli_shutdown(struct cli_state *cli)
        SAFE_FREE(cli->inbuf);
 
        cli_free_signing_context(cli);
+       cli_free_encryption_context(cli);
+
        data_blob_free(&cli->secblob);
        data_blob_free(&cli->user_session_key);
 

diff --git a/source3/libsmb/smb_seal.c b/source3/libsmb/smb_seal.c
index 90efa05f0b90004c45f487dc8f32f2871c4838a2..2d1201ae7ed8d5a517422531f4c9ddcd520a2d4e 100644 (file)
--- a/source3/libsmb/smb_seal.c
+++ b/source3/libsmb/smb_seal.c
@@ -20,65 +20,22 @@
 
 #include "includes.h"
 
-NTSTATUS cli_decrypt_message(struct cli_state *cli)
-{
-       return NT_STATUS_OK;
-}
-
-NTSTATUS cli_encrypt_message(struct cli_state *cli)
-{
-       return NT_STATUS_OK;
-}
-
-/* Server state if we're encrypting SMBs. If NULL then enc is off. */
-
-static struct smb_trans_enc_state *srv_trans_enc_state;
-
 /******************************************************************************
- Is server encryption on ?
+ Generic code for client and server.
+ Is encryption turned on ?
 ******************************************************************************/
 
-BOOL srv_encryption_on(void)
+static BOOL internal_encryption_on(struct smb_trans_enc_state *es)
 {
-       return srv_trans_enc_state != NULL;
+       return ((es != NULL) && es->enc_on);
 }
 
 /******************************************************************************
- Free an encryption-allocated buffer.
-******************************************************************************/
-
-void srv_free_buffer(char *buf_out)
-{
-       if (!srv_trans_enc_state) {
-               return;
-       }
-
-       if (srv_trans_enc_state->smb_enc_type == SMB_TRANS_ENC_NTLM) {
-               SAFE_FREE(buf_out);
-               return;
-       }
-
-#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
-       /* gss-api free buffer.... */
-#endif
-}
-
-/******************************************************************************
- gss-api decrypt an incoming buffer.
-******************************************************************************/
-
-#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
-static NTSTATUS srv_gss_decrypt_buffer(gss_ctx_id_t context_handle, char *buf)
-{
-       return NT_STATUS_NOT_SUPPORTED;
-}
-#endif
-
-/******************************************************************************
+ Generic code for client and server.
  NTLM decrypt an incoming buffer.
 ******************************************************************************/
 
-static NTSTATUS srv_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf)
+static NTSTATUS internal_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf)
 {
        NTSTATUS status;
        size_t orig_len = smb_len(buf);
@@ -109,42 +66,11 @@ static NTSTATUS srv_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf)
 }
 
 /******************************************************************************
- Decrypt an incoming buffer.
-******************************************************************************/
-
-NTSTATUS srv_decrypt_buffer(char *buf)
-{
-       if (!srv_trans_enc_state) {
-               /* Not decrypting. */
-               return NT_STATUS_OK;
-       }
-       if (srv_trans_enc_state->smb_enc_type == SMB_TRANS_ENC_NTLM) {
-               return srv_ntlm_decrypt_buffer(srv_trans_enc_state->ntlmssp_state, buf);
-       } else {
-#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
-               return srv_gss_decrypt_buffer(srv_trans_enc_state->context_handle, buf);
-#else
-               return NT_STATUS_NOT_SUPPORTED;
-#endif
-       }
-}
-
-/******************************************************************************
- gss-api encrypt an outgoing buffer. Return the encrypted pointer in buf_out.
-******************************************************************************/
-
-#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
-static NTSTATUS srv_gss_encrypt_buffer(gss_ctx_id_t context_handle, char *buf, char **buf_out)
-{
-       return NT_STATUS_NOT_SUPPORTED;
-}
-#endif
-
-/******************************************************************************
+ Generic code for client and server.
  NTLM encrypt an outgoing buffer. Return the encrypted pointer in ppbuf_out.
 ******************************************************************************/
 
-static NTSTATUS srv_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf, char **ppbuf_out)
+static NTSTATUS internal_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf, char **ppbuf_out)
 {
        NTSTATUS status;
        char *buf_out;
@@ -192,24 +118,221 @@ static NTSTATUS srv_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf,
 }
 
 /******************************************************************************
- Encrypt an outgoing buffer. Return the encrypted pointer in buf_out.
+ Generic code for client and server.
+ gss-api decrypt an incoming buffer.
 ******************************************************************************/
 
-NTSTATUS srv_encrypt_buffer(char *buffer, char **buf_out)
+#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
+static NTSTATUS internal_gss_decrypt_buffer(gss_ctx_id_t context_handle, char *buf)
+{
+       return NT_STATUS_NOT_SUPPORTED;
+}
+#endif
+
+/******************************************************************************
+ Generic code for client and server.
+ gss-api encrypt an outgoing buffer. Return the alloced encrypted pointer in buf_out.
+******************************************************************************/
+
+#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
+static NTSTATUS srv_gss_encrypt_buffer(gss_ctx_id_t context_handle, char *buf, char **buf_out)
 {
-       if (!srv_trans_enc_state) {
+       return NT_STATUS_NOT_SUPPORTED;
+}
+#endif
+
+/******************************************************************************
+ Generic code for client and server.
+ Encrypt an outgoing buffer. Return the alloced encrypted pointer in buf_out.
+******************************************************************************/
+
+static NTSTATUS internal_encrypt_buffer(struct smb_trans_enc_state *es, char *buffer, char **buf_out)
+{
+       if (!internal_encryption_on(es)) {
                /* Not encrypting. */
                *buf_out = buffer;
                return NT_STATUS_OK;
        }
 
-       if (srv_trans_enc_state->smb_enc_type == SMB_TRANS_ENC_NTLM) {
-               return srv_ntlm_encrypt_buffer(srv_trans_enc_state->ntlmssp_state, buffer, buf_out);
+       if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) {
+               return internal_ntlm_encrypt_buffer(es->ntlmssp_state, buffer, buf_out);
        } else {
 #if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
-               return srv_gss_encrypt_buffer(srv_trans_enc_state->context_handle, buffer, buf_out);
+               return internal_gss_encrypt_buffer(es->context_handle, buffer, buf_out);
 #else
                return NT_STATUS_NOT_SUPPORTED;
 #endif
        }
 }
+
+/******************************************************************************
+ Generic code for client and server.
+ Decrypt an incoming SMB buffer. Replaces the data within it.
+ New data must be less than or equal to the current length.
+******************************************************************************/
+
+static NTSTATUS internal_decrypt_buffer(struct smb_trans_enc_state *es, char *buf)
+{
+       if (!internal_encryption_on(es)) {
+               /* Not decrypting. */
+               return NT_STATUS_OK;
+       }
+       if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) {
+               return internal_ntlm_decrypt_buffer(es->ntlmssp_state, buf);
+       } else {
+#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
+               return internal_gss_decrypt_buffer(es->context_handle, buf);
+#else
+               return NT_STATUS_NOT_SUPPORTED;
+#endif
+       }
+}
+
+/******************************************************************************
+ Shutdown an encryption state.
+******************************************************************************/
+
+static void internal_free_encryption_context(struct smb_trans_enc_state **pp_es)
+{
+       struct smb_trans_enc_state *es = *pp_es;
+
+       if (es == NULL) {
+               return;
+       }
+
+       if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) {
+               ntlmssp_end(&es->ntlmssp_state);
+       }
+#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
+       if (es->smb_enc_type == SMB_TRANS_ENC_GSS) {
+               /* Free the gss context handle. */
+       }
+#endif
+       SAFE_FREE(es);
+       *pp_es = NULL;
+}
+
+/******************************************************************************
+ Free an encryption-allocated buffer.
+******************************************************************************/
+
+static void internal_free_enc_buffer(struct smb_trans_enc_state *es, char *buf)
+{
+       if (!internal_encryption_on(es)) {
+               return;
+       }
+
+       if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) {
+               SAFE_FREE(buf);
+               return;
+       }
+
+#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
+       /* gss-api free buffer.... */
+#endif
+}
+
+/******************************************************************************
+ Client side encryption.
+******************************************************************************/
+
+/******************************************************************************
+ Is client encryption on ?
+******************************************************************************/
+
+BOOL cli_encryption_on(struct cli_state *cli)
+{
+       return internal_encryption_on(cli->trans_enc_state);
+}
+
+/******************************************************************************
+ Shutdown a client encryption state.
+******************************************************************************/
+
+void cli_free_encryption_context(struct cli_state *cli)
+{
+       return internal_free_encryption_context(&cli->trans_enc_state);
+}
+
+/******************************************************************************
+ Free an encryption-allocated buffer.
+******************************************************************************/
+
+void cli_free_enc_buffer(struct cli_state *cli, char *buf)
+{
+       return internal_free_enc_buffer(cli->trans_enc_state, buf);
+}
+
+/******************************************************************************
+ Decrypt an incoming buffer.
+******************************************************************************/
+
+NTSTATUS cli_decrypt_message(struct cli_state *cli)
+{
+       return internal_decrypt_buffer(cli->trans_enc_state, cli->inbuf);
+}
+
+/******************************************************************************
+ Encrypt an outgoing buffer. Return the encrypted pointer in buf_out.
+******************************************************************************/
+
+NTSTATUS cli_encrypt_message(struct cli_state *cli, char **buf_out)
+{
+       return internal_encrypt_buffer(cli->trans_enc_state, cli->outbuf, buf_out);
+}
+
+/******************************************************************************
+ Server side encryption.
+******************************************************************************/
+
+/******************************************************************************
+ Global server state.
+******************************************************************************/
+
+static struct smb_trans_enc_state *partial_srv_trans_enc_state;
+static struct smb_trans_enc_state *srv_trans_enc_state;
+
+/******************************************************************************
+ Is server encryption on ?
+******************************************************************************/
+
+BOOL srv_encryption_on(void)
+{
+       return internal_encryption_on(srv_trans_enc_state);
+}
+
+/******************************************************************************
+ Shutdown a server encryption state.
+******************************************************************************/
+
+void srv_free_encryption_context(void)
+{
+       return internal_free_encryption_context(&srv_trans_enc_state);
+}
+
+/******************************************************************************
+ Free an encryption-allocated buffer.
+******************************************************************************/
+
+void srv_free_enc_buffer(char *buf)
+{
+       return internal_free_enc_buffer(srv_trans_enc_state, buf);
+}
+
+/******************************************************************************
+ Decrypt an incoming buffer.
+******************************************************************************/
+
+NTSTATUS srv_decrypt_buffer(char *buf)
+{
+       return internal_decrypt_buffer(srv_trans_enc_state, buf);
+}
+
+/******************************************************************************
+ Encrypt an outgoing buffer. Return the encrypted pointer in buf_out.
+******************************************************************************/
+
+NTSTATUS srv_encrypt_buffer(char *buffer, char **buf_out)
+{
+       return internal_encrypt_buffer(srv_trans_enc_state, buffer, buf_out);
+}