More signing updates - start checking that the server isn't being spoofed.
authorAndrew Bartlett <abartlet@samba.org>
Sun, 2 Feb 2003 00:11:12 +0000 (00:11 +0000)
committerAndrew Bartlett <abartlet@samba.org>
Sun, 2 Feb 2003 00:11:12 +0000 (00:11 +0000)
Andrew Bartlett

source/client/smbmount.c
source/libsmb/clientgen.c
source/libsmb/smbencrypt.c

index f90c56859f2665ea34828fbb053d6c0ebe208215..573b2fe2f6f561eda3b31ff8e4f465367c83b2f8 100644 (file)
@@ -157,6 +157,9 @@ static struct cli_state *do_connection(char *the_service)
        /* SPNEGO doesn't work till we get NTSTATUS error support */
        c->use_spnego = False;
 
+       /* The kernel doesn't yet know how to sign it's packets */
+       c->sign_info->allow_smb_signing = False;
+
        if (!cli_session_request(c, &calling, &called)) {
                char *p;
                DEBUG(0,("%d: session request to %s failed (%s)\n", 
index 3d0bad6c99d896e6b72339bee5c4e1c18e6f0aa7..b35c7ea2eda52a7cd884b4f234a2a19a5088c1cd 100644 (file)
@@ -114,9 +114,12 @@ BOOL cli_receive_smb(struct cli_state *cli)
                cli->smb_rw_error = smb_read_error;
                close(cli->fd);
                cli->fd = -1;
+               return ret;
        }
 
-       return ret;
+       if (!cli_check_sign_mac(cli)) {
+               DEBUG(0, ("SMB Signiture verification failed on incoming packet!\n"));
+       };
 }
 
 /****************************************************************************
index 022a57ef6a5918a5dcf78dbe4d2a816f727572a4..a30a48a020c82d038443f77c98954514745bfbe9 100644 (file)
@@ -5,6 +5,7 @@
    Modified by Jeremy Allison 1995.
    Copyright (C) Jeremy Allison 1995-2000.
    Copyright (C) Luke Kennethc Casson Leighton 1996-2000.
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2002-2003
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -420,3 +421,40 @@ void cli_caclulate_sign_mac(struct cli_state *cli)
        cli->sign_info.reply_seq_num = cli->sign_info.send_seq_num;
        cli->sign_info.send_seq_num++;
 }
+
+/***********************************************************
+ SMB signing - check a MAC sent by server.
+************************************************************/
+
+BOOL cli_check_sign_mac(struct cli_state *cli)
+{
+       unsigned char calc_md5_mac[16];
+       unsigned char server_sent_mac[8];
+       struct MD5Context md5_ctx;
+
+       if (cli->sign_info.temp_smb_signing) {
+               return True;
+       }
+
+       if (!cli->sign_info.use_smb_signing) {
+               return True;
+       }
+
+       /*
+        * Firstly put the sequence number into the first 4 bytes.
+        * and zero out the next 4 bytes.
+        */
+
+       memcpy(server_sent_mac, &cli->inbuf[smb_ss_field], sizeof(server_sent_mac));
+
+       SIVAL(cli->inbuf, smb_ss_field, cli->sign_info.reply_seq_num);
+       SIVAL(cli->inbuf, smb_ss_field + 4, 0);
+
+       /* Calculate the 16 byte MAC and place first 8 bytes into the field. */
+       MD5Init(&md5_ctx);
+       MD5Update(&md5_ctx, cli->sign_info.mac_key, cli->sign_info.mac_key_len);
+       MD5Update(&md5_ctx, cli->inbuf + 4, smb_len(cli->inbuf));
+       MD5Final(calc_md5_mac, &md5_ctx);
+
+       return (memcmp(server_sent_mac, calc_md5_mac, 8) == 0);
+}