diff options
author | Jeremy Allison <jra@samba.org> | 2003-08-02 03:06:07 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2003-08-02 03:06:07 +0000 |
commit | 760e58cf807e099b450c83fbdb8d393d53b9dca3 (patch) | |
tree | 5c0735dc3a69c9e789becdc6fcffc4a7161f3b97 /source3/libsmb | |
parent | 2443f7ffa20a683eabb792182cb0206402ad8059 (diff) | |
download | samba-760e58cf807e099b450c83fbdb8d393d53b9dca3.tar.gz samba-760e58cf807e099b450c83fbdb8d393d53b9dca3.tar.xz samba-760e58cf807e099b450c83fbdb8d393d53b9dca3.zip |
Add the same signing code to the server. Ensure we use identical session
numbers and MIDs when in trans/trans2/nttrans code.
Jeremy.
(This used to be commit 901544b29b4d815709b3dbad3012f1d2c419d904)
Diffstat (limited to 'source3/libsmb')
-rw-r--r-- | source3/libsmb/smb_signing.c | 76 |
1 files changed, 64 insertions, 12 deletions
diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c index 81e25cb67c8..d4c50a71f0f 100644 --- a/source3/libsmb/smb_signing.c +++ b/source3/libsmb/smb_signing.c @@ -477,8 +477,8 @@ void cli_signing_trans_stop(struct cli_state *cli) if (!cli->sign_info.doing_signing) return; - if (data->trans_info) - SAFE_FREE(data->trans_info); + SAFE_FREE(data->trans_info); + data->trans_info = NULL; data->send_seq_num += 2; } @@ -598,10 +598,11 @@ static void srv_sign_outgoing_message(char *outbuf, struct smb_sign_info *si) struct smb_basic_signing_context *data = si->signing_context; uint32 send_seq_number = data->send_seq_num; BOOL was_deferred_packet; + uint16 mid; if (!si->doing_signing) { if (si->allow_smb_signing && si->negotiated_smb_signing) { - uint16 mid = SVAL(outbuf, smb_mid); + mid = SVAL(outbuf, smb_mid); was_deferred_packet = get_sequence_for_reply(&data->outstanding_packet_list, mid, &send_seq_number); @@ -632,10 +633,13 @@ static void srv_sign_outgoing_message(char *outbuf, struct smb_sign_info *si) /* mark the packet as signed - BEFORE we sign it...*/ mark_packet_signed(outbuf); + mid = SVAL(outbuf, smb_mid); + /* See if this is a reply for a deferred packet. */ - was_deferred_packet = get_sequence_for_reply(&data->outstanding_packet_list, - SVAL(outbuf, smb_mid), - &send_seq_number); + was_deferred_packet = get_sequence_for_reply(&data->outstanding_packet_list, mid, &send_seq_number); + + if (data->trans_info && (data->trans_info->mid == mid)) + send_seq_number = data->trans_info->send_seq_num; simple_packet_signature(data, outbuf, send_seq_number, calc_md5_mac); @@ -647,7 +651,7 @@ static void srv_sign_outgoing_message(char *outbuf, struct smb_sign_info *si) /* cli->outbuf[smb_ss_field+2]=0; Uncomment this to test if the remote server actually verifies signatures...*/ - if (!was_deferred_packet) + if (!was_deferred_packet && !data->trans_info) data->send_seq_num++; } @@ -661,6 +665,7 @@ static BOOL srv_check_incoming_message(char *inbuf, struct smb_sign_info *si) uint32 reply_seq_number; unsigned char calc_md5_mac[16]; unsigned char *server_sent_mac; + uint mid; struct smb_basic_signing_context *data = si->signing_context; @@ -672,12 +677,16 @@ static BOOL srv_check_incoming_message(char *inbuf, struct smb_sign_info *si) return False; } + mid = SVAL(inbuf, smb_mid); + /* Oplock break requests store an outgoing mid in the packet list. */ - if (!get_sequence_for_reply(&data->outstanding_packet_list, - SVAL(inbuf, smb_mid), - &reply_seq_number)) { - reply_seq_number = data->send_seq_num; - data->send_seq_num++; + if (!get_sequence_for_reply(&data->outstanding_packet_list, mid, &reply_seq_number)) { + if (data->trans_info && (data->trans_info->mid == mid)) { + reply_seq_number = data->trans_info->reply_seq_num; + } else { + reply_seq_number = data->send_seq_num; + data->send_seq_num++; + } } simple_packet_signature(data, inbuf, reply_seq_number, calc_md5_mac); @@ -810,6 +819,49 @@ BOOL srv_is_signing_active(void) } /*********************************************************** + Tell server code we are in a multiple trans reply state. +************************************************************/ + +void srv_signing_trans_start(uint16 mid) +{ + struct smb_basic_signing_context *data; + + if (!srv_sign_info.doing_signing) + return; + + data = (struct smb_basic_signing_context *)srv_sign_info.signing_context; + + data->trans_info = smb_xmalloc(sizeof(struct trans_info_context)); + ZERO_STRUCTP(data->trans_info); + + data->trans_info->reply_seq_num = data->send_seq_num-1; + data->trans_info->mid = mid; + data->trans_info->send_seq_num = data->send_seq_num; + + /* Increment now in case we need to send a non-trans + * reply in the middle of the trans stream. */ + data->send_seq_num++; +} + +/*********************************************************** + Tell server code we are out of a multiple trans reply state. +************************************************************/ + +void srv_signing_trans_stop(void) +{ + struct smb_basic_signing_context *data; + + if (!srv_sign_info.doing_signing) + return; + + data = (struct smb_basic_signing_context *)srv_sign_info.signing_context; + + SAFE_FREE(data->trans_info); + data->trans_info = NULL; +} + + +/*********************************************************** Turn on signing from this packet onwards. ************************************************************/ |