diff options
| author | Jeremy Allison <jra@samba.org> | 2008-01-04 12:56:23 -0800 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2008-01-04 12:56:23 -0800 |
| commit | c4e5a505043965eec77b5bb9bc60957e8f3b97c8 (patch) | |
| tree | 83a3a31f447e5fabe3433c3ca5791c881f7aea26 /source/smbd/seal.c | |
| parent | a4ef828102417f04af1e9823c89404e77e4fd5c1 (diff) | |
| download | samba-c4e5a505043965eec77b5bb9bc60957e8f3b97c8.tar.gz samba-c4e5a505043965eec77b5bb9bc60957e8f3b97c8.tar.xz samba-c4e5a505043965eec77b5bb9bc60957e8f3b97c8.zip | |
Refactor the crypto code after a very helpful conversation
with Volker. Mostly making sure we have data on the incoming
packet type, not stored in the smb header.
Jeremy.
Diffstat (limited to 'source/smbd/seal.c')
| -rw-r--r-- | source/smbd/seal.c | 44 |
1 files changed, 29 insertions, 15 deletions
diff --git a/source/smbd/seal.c b/source/smbd/seal.c index 24ecb77fd59..21fca73feae 100644 --- a/source/smbd/seal.c +++ b/source/smbd/seal.c @@ -36,24 +36,37 @@ static struct smb_srv_trans_enc_ctx *partial_srv_trans_enc_ctx; static struct smb_srv_trans_enc_ctx *srv_trans_enc_ctx; /****************************************************************************** - Is server encryption on ? + Return global enc context - this must change if we ever do multiple contexts. ******************************************************************************/ -bool srv_encryption_on(void) +uint16_t srv_enc_ctx(void) { - if (srv_trans_enc_ctx) { - return common_encryption_on(srv_trans_enc_ctx->es); - } - return false; + return srv_trans_enc_ctx->es->enc_ctx_num; } /****************************************************************************** - Return global enc context - this must change if we ever do multiple contexts. + Is this an incoming encrypted packet ? ******************************************************************************/ -uint16 srv_enc_ctx(void) +bool is_encrypted_packet(const uint8_t *inbuf) { - return srv_trans_enc_ctx->es->enc_ctx_num; + NTSTATUS status; + uint16_t enc_num; + + /* Ignore non-session messages. */ + if(CVAL(inbuf,0)) { + return false; + } + + status = get_enc_ctx_num(inbuf, &enc_num); + if (!NT_STATUS_IS_OK(status)) { + return false; + } + + if (srv_trans_enc_ctx && enc_num == srv_enc_ctx()) { + return true; + } + return false; } /****************************************************************************** @@ -292,9 +305,9 @@ void srv_free_enc_buffer(char *buf) { /* We know this is an smb buffer, and we * didn't malloc, only copy, for a keepalive, - * so ignore session keepalives. */ + * so ignore non-session messages. */ - if(CVAL(buf,0) == SMBkeepalive) { + if(CVAL(buf,0)) { return; } @@ -309,8 +322,8 @@ void srv_free_enc_buffer(char *buf) NTSTATUS srv_decrypt_buffer(char *buf) { - /* Ignore session keepalives. */ - if(CVAL(buf,0) == SMBkeepalive) { + /* Ignore non-session messages. */ + if(CVAL(buf,0)) { return NT_STATUS_OK; } @@ -329,8 +342,8 @@ NTSTATUS srv_encrypt_buffer(char *buf, char **buf_out) { *buf_out = buf; - /* Ignore session keepalives. */ - if(CVAL(buf,0) == SMBkeepalive) { + /* Ignore non-session messages. */ + if(CVAL(buf,0)) { return NT_STATUS_OK; } @@ -698,6 +711,7 @@ NTSTATUS srv_encryption_start(connection_struct *conn) srv_trans_enc_ctx->es->enc_on = true; partial_srv_trans_enc_ctx = NULL; + return NT_STATUS_OK; } |