diff options
Diffstat (limited to 'source3/libsmb')
-rw-r--r-- | source3/libsmb/clientgen.c | 15 | ||||
-rw-r--r-- | source3/libsmb/clierror.c | 12 | ||||
-rw-r--r-- | source3/libsmb/ntlmssp.c | 2 | ||||
-rw-r--r-- | source3/libsmb/ntlmssp_sign.c | 26 | ||||
-rw-r--r-- | source3/libsmb/smb_signing.c | 15 |
5 files changed, 50 insertions, 20 deletions
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index 81b3bbcab55..81cb61d757c 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -118,7 +118,10 @@ BOOL cli_receive_smb(struct cli_state *cli) } if (!cli_check_sign_mac(cli)) { - DEBUG(0, ("SMB Signiture verification failed on incoming packet!\n")); + DEBUG(0, ("SMB Signature verification failed on incoming packet!\n")); + cli->smb_rw_error = READ_BAD_SIG; + close(cli->fd); + cli->fd = -1; return False; }; return True; @@ -259,9 +262,6 @@ struct cli_state *cli_initialise(struct cli_state *cli) if (getenv("CLI_FORCE_DOSERR")) cli->force_dos_errors = True; - /* initialise signing */ - cli_null_set_signing(cli); - if (lp_client_signing()) cli->sign_info.allow_smb_signing = True; @@ -274,6 +274,13 @@ struct cli_state *cli_initialise(struct cli_state *cli) memset(cli->outbuf, 0, cli->bufsize); memset(cli->inbuf, 0, cli->bufsize); + /* just becouse we over-allocate, doesn't mean it's right to use it */ + clobber_region(FUNCTION_MACRO, __LINE__, cli->outbuf+cli->bufsize, SAFETY_MARGIN); + clobber_region(FUNCTION_MACRO, __LINE__, cli->inbuf+cli->bufsize, SAFETY_MARGIN); + + /* initialise signing */ + cli_null_set_signing(cli); + cli->nt_pipe_fnum = 0; cli->saved_netlogon_pipe_fnum = 0; diff --git a/source3/libsmb/clierror.c b/source3/libsmb/clierror.c index cea736ef180..9ee181a90f9 100644 --- a/source3/libsmb/clierror.c +++ b/source3/libsmb/clierror.c @@ -96,17 +96,21 @@ const char *cli_errstr(struct cli_state *cli) break; case READ_EOF: slprintf(cli_error_message, sizeof(cli_error_message) - 1, - "Call returned zero bytes (EOF)\n" ); + "Call returned zero bytes (EOF)" ); break; case READ_ERROR: slprintf(cli_error_message, sizeof(cli_error_message) - 1, - "Read error: %s\n", strerror(errno) ); + "Read error: %s", strerror(errno) ); break; case WRITE_ERROR: slprintf(cli_error_message, sizeof(cli_error_message) - 1, - "Write error: %s\n", strerror(errno) ); + "Write error: %s", strerror(errno) ); break; - default: + case READ_BAD_SIG: + slprintf(cli_error_message, sizeof(cli_error_message) - 1, + "Server packet had invalid SMB signiture!"); + break; + default: slprintf(cli_error_message, sizeof(cli_error_message) - 1, "Unknown error code %d\n", cli->smb_rw_error ); break; diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index c179b98abff..d54655d17f7 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -385,7 +385,7 @@ NTSTATUS ntlmssp_server_update(NTLMSSP_STATE *ntlmssp_state, } else if (ntlmssp_command == NTLMSSP_AUTH) { return ntlmssp_server_auth(ntlmssp_state, request, reply); } else { - DEBUG(1, ("unknown NTLMSSP command %u expected %u\n", ntlmssp_command, ntlmssp_state->expected_state)); + DEBUG(1, ("unknown NTLMSSP command %u, expected %u\n", ntlmssp_command, ntlmssp_state->expected_state)); return NT_STATUS_INVALID_PARAMETER; } } diff --git a/source3/libsmb/ntlmssp_sign.c b/source3/libsmb/ntlmssp_sign.c index 8f6bd0c6914..86faf1f5e65 100644 --- a/source3/libsmb/ntlmssp_sign.c +++ b/source3/libsmb/ntlmssp_sign.c @@ -92,8 +92,14 @@ static void calc_ntlmv2_hash(unsigned char hash[16], char digest[16], calc_hash(hash, digest, 16); } +enum ntlmssp_direction { + NTLMSSP_SEND, + NTLMSSP_RECEIVE +}; + static NTSTATUS ntlmssp_make_packet_signiture(NTLMSSP_CLIENT_STATE *ntlmssp_state, const uchar *data, size_t length, + enum ntlmssp_direction direction, DATA_BLOB *sig) { if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { @@ -110,8 +116,14 @@ static NTSTATUS ntlmssp_make_packet_signiture(NTLMSSP_CLIENT_STATE *ntlmssp_stat if (!msrpc_gen(sig, "Bd", digest, sizeof(digest), ntlmssp_state->ntlmssp_seq_num)) { return NT_STATUS_NO_MEMORY; } - - NTLMSSPcalc_ap(ntlmssp_state->cli_seal_hash, sig->data, sig->length); + switch (direction) { + case NTLMSSP_SEND: + NTLMSSPcalc_ap(ntlmssp_state->cli_sign_hash, sig->data, sig->length); + break; + case NTLMSSP_RECEIVE: + NTLMSSPcalc_ap(ntlmssp_state->srv_sign_hash, sig->data, sig->length); + break; + } } else { uint32 crc; crc = crc32_calc_buffer(data, length); @@ -129,7 +141,7 @@ NTSTATUS ntlmssp_client_sign_packet(NTLMSSP_CLIENT_STATE *ntlmssp_state, DATA_BLOB *sig) { ntlmssp_state->ntlmssp_seq_num++; - return ntlmssp_make_packet_signiture(ntlmssp_state, data, length, sig); + return ntlmssp_make_packet_signiture(ntlmssp_state, data, length, NTLMSSP_SEND, sig); } /** @@ -151,7 +163,7 @@ NTSTATUS ntlmssp_client_check_packet(NTLMSSP_CLIENT_STATE *ntlmssp_state, } nt_status = ntlmssp_make_packet_signiture(ntlmssp_state, data, - length, &local_sig); + length, NTLMSSP_RECEIVE, &local_sig); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("NTLMSSP packet check failed with %s\n", nt_errstr(nt_status))); @@ -161,6 +173,12 @@ NTSTATUS ntlmssp_client_check_packet(NTLMSSP_CLIENT_STATE *ntlmssp_state, if (memcmp(sig->data, local_sig.data, MIN(sig->length, local_sig.length)) == 0) { return NT_STATUS_OK; } else { + DEBUG(5, ("BAD SIG: wanted signature of\n")); + dump_data(5, local_sig.data, local_sig.length); + + DEBUG(5, ("BAD SIG: got signature of\n")); + dump_data(5, sig->data, sig->length); + DEBUG(0, ("NTLMSSP packet check failed due to invalid signiture!\n")); return NT_STATUS_ACCESS_DENIED; } diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c index 9b473fa7361..4e9b895a1b3 100644 --- a/source3/libsmb/smb_signing.c +++ b/source3/libsmb/smb_signing.c @@ -160,11 +160,6 @@ static BOOL cli_simple_check_incoming_message(struct cli_state *cli) SIVAL(sequence_buf, 0, data->reply_seq_num); SIVAL(sequence_buf, 4, 0); - if (smb_len(cli->inbuf) < (offset_end_of_sig - 4)) { - DEBUG(1, ("Can't check signature on short packet! smb_len = %u\n", smb_len(cli->inbuf))); - return False; - } - /* get a copy of the server-sent mac */ memcpy(server_sent_mac, &cli->inbuf[smb_ss_field], sizeof(server_sent_mac)); @@ -460,8 +455,14 @@ void cli_caclulate_sign_mac(struct cli_state *cli) BOOL cli_check_sign_mac(struct cli_state *cli) { BOOL good; - good = cli->sign_info.check_incoming_message(cli); - + + if (smb_len(cli->inbuf) < (smb_ss_field + 8 - 4)) { + DEBUG(cli->sign_info.doing_signing ? 1 : 10, ("Can't check signature on short packet! smb_len = %u\n", smb_len(cli->inbuf))); + good = False; + } else { + good = cli->sign_info.check_incoming_message(cli); + } + if (!good) { if (cli->sign_info.doing_signing) { return False; |