lib/tallocmsg.o lib/dmallocmsg.o libsmb/smb_signing.o \
lib/md5.o lib/hmacmd5.o lib/arc4.o lib/iconv.o \
nsswitch/wb_client.o $(WBCOMMON_OBJ) \
- lib/pam_errors.o intl/lang_tdb.o libsmb/smb_seal.o \
+ lib/pam_errors.o intl/lang_tdb.o \
lib/adt_tree.o lib/gencache.o $(TDB_OBJ) \
lib/module.o lib/events.o lib/ldap_escape.o @CHARSET_STATIC@ \
lib/secdesc.o lib/util_seaccess.o lib/secace.o lib/secacl.o \
libsmb/clistr.o libsmb/cliquota.o libsmb/clifsinfo.o libsmb/clidfs.o \
libsmb/smberr.o libsmb/credentials.o libsmb/pwd_cache.o \
libsmb/clioplock.o $(ERRORMAP_OBJ) libsmb/clirap2.o \
- $(DOSERR_OBJ) \
+ libsmb/smb_seal.o $(DOSERR_OBJ) \
$(RPC_PARSE_OBJ1) $(LIBSAMBA_OBJ) $(LIBNMB_OBJ)
RPC_CLIENT_OBJ1 = rpc_client/cli_netlogon.o
BOOL receive_smb(int fd, char *buffer, unsigned int timeout)
{
- NTSTATUS status;
-
if (!receive_smb_raw(fd, buffer, timeout)) {
return False;
}
- status = srv_decrypt_buffer(buffer);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("receive_smb: SMB decryption failed on incoming packet! Error %s\n",
- nt_errstr(status) ));
- if (smb_read_error == 0) {
- smb_read_error = READ_BAD_DECRYPT;
+ if (srv_encryption_on()) {
+ NTSTATUS status = srv_decrypt_buffer(buffer);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("receive_smb: SMB decryption failed on incoming packet! Error %s\n",
+ nt_errstr(status) ));
+ if (smb_read_error == 0) {
+ smb_read_error = READ_BAD_DECRYPT;
+ }
+ return False;
}
- return False;
- }
-
- /* Check the incoming SMB signature. */
- if (!srv_check_sign_mac(buffer, True)) {
- DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n"));
- if (smb_read_error == 0) {
- smb_read_error = READ_BAD_SIG;
+ } else {
+ /* Check the incoming SMB signature. */
+ if (!srv_check_sign_mac(buffer, True)) {
+ DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n"));
+ if (smb_read_error == 0) {
+ smb_read_error = READ_BAD_SIG;
+ }
+ return False;
}
- return False;
- };
+ }
- return(True);
+ return True;
}
/****************************************************************************
BOOL send_smb(int fd, char *buffer)
{
- NTSTATUS status;
size_t len;
size_t nwritten=0;
ssize_t ret;
- char *buf_out;
+ char *buf_out = buffer;
/* Sign the outgoing packet if required. */
- srv_calculate_sign_mac(buffer);
-
- status = srv_encrypt_buffer(buffer, &buf_out);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("send_smb: SMB encryption failed on outgoing packet! Error %s\n",
- nt_errstr(status) ));
- return False;
+ if (!srv_encryption_on()) {
+ srv_calculate_sign_mac(buf_out);
+ } else {
+ NTSTATUS status = srv_encrypt_buffer(buffer, &buf_out);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("send_smb: SMB encryption failed on outgoing packet! Error %s\n",
+ nt_errstr(status) ));
+ return False;
+ }
}
len = smb_len(buf_out) + 4;
#ifdef HAVE_KRB5
case ENUM_ADS_ERROR_KRB5:
return krb5_to_nt_status(status.err.rc);
+#endif
+#ifdef HAVE_GSSAPI
+ case ENUM_ADS_ERROR_GSS:
+ return NT_STATUS_UNSUCCESSFUL;
#endif
default:
break;
}
}
-
-
DATA_BLOB key = data_blob(ntlmssp_state->session_key.data,
ntlmssp_state->session_key.length);
DATA_BLOB null_blob = data_blob(NULL, 0);
- BOOL res;
fstrcpy(cli->server_domain, ntlmssp_state->server_domain);
cli_set_session_key(cli, ntlmssp_state->session_key);
- res = cli_simple_set_signing(cli, key, null_blob);
+ if (!cli_encryption_on(cli)) {
+ BOOL res = cli_simple_set_signing(cli, key, null_blob);
- data_blob_free(&key);
-
- if (res) {
+ if (res) {
- /* 'resign' the last message, so we get the right sequence numbers
- for checking the first reply from the server */
- cli_calculate_sign_mac(cli);
+ /* 'resign' the last message, so we get the right sequence numbers
+ for checking the first reply from the server */
+ cli_calculate_sign_mac(cli);
- if (!cli_check_sign_mac(cli)) {
- nt_status = NT_STATUS_ACCESS_DENIED;
+ if (!cli_check_sign_mac(cli)) {
+ nt_status = NT_STATUS_ACCESS_DENIED;
+ }
}
}
+ data_blob_free(&key);
}
/* we have a reference counter on ntlmssp_state, if we are signing
static BOOL client_receive_smb(struct cli_state *cli)
{
BOOL ret;
- NTSTATUS status;
int fd = cli->fd;
char *buffer = cli->inbuf;
unsigned int timeout = cli->timeout;
if(CVAL(buffer,0) != SMBkeepalive)
break;
}
- status = cli_decrypt_message(cli);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("SMB decryption failed on incoming packet! Error %s\n",
- nt_errstr(status)));
- cli->smb_rw_error = READ_BAD_DECRYPT;
- close(cli->fd);
- cli->fd = -1;
- return False;
+ if (cli_encryption_on(cli)) {
+ NTSTATUS status = cli_decrypt_message(cli);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("SMB decryption failed on incoming packet! Error %s\n",
+ nt_errstr(status)));
+ cli->smb_rw_error = READ_BAD_DECRYPT;
+ close(cli->fd);
+ cli->fd = -1;
+ return False;
+ }
}
show_msg(buffer);
return ret;
return ret;
}
- if (!cli_check_sign_mac(cli)) {
- DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
- cli->smb_rw_error = READ_BAD_SIG;
- close(cli->fd);
- cli->fd = -1;
- return False;
- };
+ if (!cli_encryption_on(cli)) {
+ if (!cli_check_sign_mac(cli)) {
+ DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
+ cli->smb_rw_error = READ_BAD_SIG;
+ close(cli->fd);
+ cli->fd = -1;
+ return False;
+ }
+ }
return True;
}
BOOL cli_send_smb(struct cli_state *cli)
{
- NTSTATUS status;
size_t len;
size_t nwritten=0;
ssize_t ret;
return False;
}
- cli_calculate_sign_mac(cli);
-
- status = cli_encrypt_message(cli, &buf_out);
- if (!NT_STATUS_IS_OK(status)) {
- close(cli->fd);
- cli->fd = -1;
- cli->smb_rw_error = WRITE_ERROR;
- DEBUG(0,("Error in encrypting client message. Error %s\n",
- nt_errstr(status) ));
- return False;
+ if (cli_encryption_on(cli)) {
+ NTSTATUS status = cli_encrypt_message(cli, &buf_out);
+ if (!NT_STATUS_IS_OK(status)) {
+ close(cli->fd);
+ cli->fd = -1;
+ cli->smb_rw_error = WRITE_ERROR;
+ DEBUG(0,("Error in encrypting client message. Error %s\n",
+ nt_errstr(status) ));
+ return False;
+ }
+ } else {
+ cli_calculate_sign_mac(cli);
}
len = smb_len(buf_out) + 4;
&out_buf);
if (ret != GSS_S_COMPLETE) {
+ ADS_STATUS adss = ADS_ERROR_GSS(ret, minor);
+ DEBUG(0,("common_gss_encrypt_buffer: gss_wrap failed. Error %s\n",
+ ads_errstr(adss) ));
/* Um - no mapping for gss-errs to NTSTATUS yet. */
- return NT_STATUS_UNSUCCESSFUL;
+ return ads_ntstatus(adss);
}
if (!flags_got) {
void cli_calculate_sign_mac(struct cli_state *cli)
{
- if (!cli_encryption_on(cli)) {
- cli->sign_info.sign_outgoing_message(cli->outbuf, &cli->sign_info);
- }
+ cli->sign_info.sign_outgoing_message(cli->outbuf, &cli->sign_info);
}
/**
BOOL cli_check_sign_mac(struct cli_state *cli)
{
- if (cli_encryption_on(cli)) {
- return True;
- }
if (!cli->sign_info.check_incoming_message(cli->inbuf, &cli->sign_info, True)) {
free_signing_context(&cli->sign_info);
return False;
struct smb_sign_info *si = &cli->sign_info;
struct smb_basic_signing_context *data = (struct smb_basic_signing_context *)si->signing_context;
- if (cli_encryption_on(cli)) {
- return True;
- }
if (!si->doing_signing) {
return True;
}
struct smb_sign_info *si = &cli->sign_info;
struct smb_basic_signing_context *data = (struct smb_basic_signing_context *)si->signing_context;
- if (cli_encryption_on(cli)) {
- return True;
- }
if (!si->doing_signing) {
return True;
}
return True;
}
- /*
- * If we have an encrypted transport
- * don't sign - we're already doing that.
- */
-
- if (srv_encryption_on()) {
- return True;
- }
-
return srv_sign_info.check_incoming_message(inbuf, &srv_sign_info, must_be_ok);
}
return;
}
- /*
- * If we have an encrypted transport
- * don't check sign - we're already doing that.
- */
-
- if (srv_encryption_on()) {
- return;
- }
-
srv_sign_info.sign_outgoing_message(outbuf, &srv_sign_info);
}