smb_signing.c

samba-3.0.22.tar.gz 编译smb服务器的源码

	uint32 reply_seq_number;
	uint32 saved_seq;
	unsigned char calc_md5_mac[16];
	unsigned char *server_sent_mac;

	struct smb_basic_signing_context *data = si->signing_context;

	if (!si->doing_signing)
		return True;

	if (smb_len(inbuf) < (smb_ss_field + 8 - 4)) {
		DEBUG(1, ("client_check_incoming_message: Can't check signature on short packet! smb_len = %u\n", smb_len(inbuf)));
		return False;
	}

	if (data->trans_info) {
		reply_seq_number = data->trans_info->reply_seq_num;
	} else if (!get_sequence_for_reply(&data->outstanding_packet_list, 
				    SVAL(inbuf, smb_mid), &reply_seq_number)) {
		DEBUG(1, ("client_check_incoming_message: failed to get sequence number %u for reply.\n",
					(unsigned int) SVAL(inbuf, smb_mid) ));
		return False;
	}

	saved_seq = reply_seq_number;
	simple_packet_signature(data, (const unsigned char *)inbuf, reply_seq_number, calc_md5_mac);

	server_sent_mac = (unsigned char *)&inbuf[smb_ss_field];
	good = (memcmp(server_sent_mac, calc_md5_mac, 8) == 0);
	
	if (!good) {
		DEBUG(5, ("client_check_incoming_message: BAD SIG: wanted SMB signature of\n"));
		dump_data(5, (const char *)calc_md5_mac, 8);
		
		DEBUG(5, ("client_check_incoming_message: BAD SIG: got SMB signature of\n"));
		dump_data(5, (const char *)server_sent_mac, 8);
#if 1 /* JRATEST */
		{
			int i;
			reply_seq_number -= 5;
			for (i = 0; i < 10; i++, reply_seq_number++) {
				simple_packet_signature(data, (const unsigned char *)inbuf, reply_seq_number, calc_md5_mac);
				if (memcmp(server_sent_mac, calc_md5_mac, 8) == 0) {
					DEBUG(0,("client_check_incoming_message: out of seq. seq num %u matches. \
We were expecting seq %u\n", reply_seq_number, saved_seq ));
					break;
				}
			}
		}
#endif /* JRATEST */

	} else {
		DEBUG(10, ("client_check_incoming_message: seq %u: got good SMB signature of\n", (unsigned int)reply_seq_number));
		dump_data(10, (const char *)server_sent_mac, 8);
	}
	return signing_good(inbuf, si, good, saved_seq, must_be_ok);
}

/***********************************************************
 SMB signing - Simple implementation - free signing context
************************************************************/

static void simple_free_signing_context(struct smb_sign_info *si)
{
	struct smb_basic_signing_context *data = si->signing_context;
	struct outstanding_packet_lookup *list = data->outstanding_packet_list;
	
	while (list) {
		struct outstanding_packet_lookup *old_head = list;
		DLIST_REMOVE(list, list);
		SAFE_FREE(old_head);
	}

	data_blob_free(&data->mac_key);

	if (data->trans_info)
		SAFE_FREE(data->trans_info);

	SAFE_FREE(si->signing_context);

	return;
}

/***********************************************************
 SMB signing - Simple implementation - setup the MAC key.
************************************************************/

BOOL cli_simple_set_signing(struct cli_state *cli,
			    const DATA_BLOB user_session_key,
			    const DATA_BLOB response)
{
	struct smb_basic_signing_context *data;

	if (!user_session_key.length)
		return False;

	if (!cli_set_smb_signing_common(cli)) {
		return False;
	}

	if (!set_smb_signing_real_common(&cli->sign_info)) {
		return False;
	}

	data = SMB_XMALLOC_P(struct smb_basic_signing_context);
	memset(data, '\0', sizeof(*data));

	cli->sign_info.signing_context = data;
	
	data->mac_key = data_blob(NULL, response.length + user_session_key.length);

	memcpy(&data->mac_key.data[0], user_session_key.data, user_session_key.length);

	DEBUG(10, ("cli_simple_set_signing: user_session_key\n"));
	dump_data(10, (const char *)user_session_key.data, user_session_key.length);

	if (response.length) {
		memcpy(&data->mac_key.data[user_session_key.length],response.data, response.length);
		DEBUG(10, ("cli_simple_set_signing: response_data\n"));
		dump_data(10, (const char *)response.data, response.length);
	} else {
		DEBUG(10, ("cli_simple_set_signing: NULL response_data\n"));
	}

	dump_data_pw("MAC ssession key is:\n", data->mac_key.data, data->mac_key.length);

	/* Initialise the sequence number */
	data->send_seq_num = 0;

	/* Initialise the list of outstanding packets */
	data->outstanding_packet_list = NULL;

	cli->sign_info.sign_outgoing_message = client_sign_outgoing_message;
	cli->sign_info.check_incoming_message = client_check_incoming_message;
	cli->sign_info.free_signing_context = simple_free_signing_context;

	return True;
}

/***********************************************************
 Tell client code we are in a multiple trans reply state.
 We call this after the last outgoing trans2 packet (which
 has incremented the sequence numbers), so we must save the
 current mid and sequence number -2.
************************************************************/

void cli_signing_trans_start(struct cli_state *cli, uint16 mid)
{
	struct smb_basic_signing_context *data = cli->sign_info.signing_context;
	uint32 reply_seq_num;

	if (!cli->sign_info.doing_signing || !data)
		return;

	data->trans_info = SMB_XMALLOC_P(struct trans_info_context);
	ZERO_STRUCTP(data->trans_info);

	/* This ensures the sequence is pulled off the outstanding packet list */
	if (!get_sequence_for_reply(&data->outstanding_packet_list, 
				    mid, &reply_seq_num)) {
		DEBUG(1, ("get_sequence_for_reply failed - did we enter the trans signing state without sending a packet?\n")); 
	    return;
	}

	data->trans_info->send_seq_num = reply_seq_num - 1;
	data->trans_info->mid = mid;
	data->trans_info->reply_seq_num = reply_seq_num;

	DEBUG(10,("cli_signing_trans_start: storing mid = %u, reply_seq_num = %u, send_seq_num = %u \
data->send_seq_num = %u\n",
			(unsigned int)data->trans_info->mid,
			(unsigned int)data->trans_info->reply_seq_num,
			(unsigned int)data->trans_info->send_seq_num,
			(unsigned int)data->send_seq_num ));
}

/***********************************************************
 Tell client code we are out of a multiple trans reply state.
************************************************************/

void cli_signing_trans_stop(struct cli_state *cli)
{
	struct smb_basic_signing_context *data = cli->sign_info.signing_context;

	if (!cli->sign_info.doing_signing || !data)
		return;

	DEBUG(10,("cli_signing_trans_stop: freeing mid = %u, reply_seq_num = %u, send_seq_num = %u \
data->send_seq_num = %u\n",
			(unsigned int)data->trans_info->mid,
			(unsigned int)data->trans_info->reply_seq_num,
			(unsigned int)data->trans_info->send_seq_num,
			(unsigned int)data->send_seq_num ));

	SAFE_FREE(data->trans_info);
	data->trans_info = NULL;
}

/***********************************************************
 SMB signing - TEMP implementation - calculate a MAC to send.
************************************************************/

static void temp_sign_outgoing_message(char *outbuf, struct smb_sign_info *si)
{
	/* mark the packet as signed - BEFORE we sign it...*/
	mark_packet_signed(outbuf);

	/* I wonder what BSRSPYL stands for - but this is what MS 
	   actually sends! */
	memcpy(&outbuf[smb_ss_field], "BSRSPYL ", 8);
	return;
}

/***********************************************************
 SMB signing - TEMP implementation - check a MAC sent by server.
************************************************************/

static BOOL temp_check_incoming_message(char *inbuf, struct smb_sign_info *si, BOOL foo)
{
	return True;
}

/***********************************************************
 SMB signing - TEMP implementation - free signing context
************************************************************/

static void temp_free_signing_context(struct smb_sign_info *si)
{
	return;
}

/***********************************************************
 SMB signing - NULL implementation - setup the MAC key.
************************************************************/

BOOL cli_null_set_signing(struct cli_state *cli)
{
	return null_set_signing(&cli->sign_info);
}

/***********************************************************
 SMB signing - temp implementation - setup the MAC key.
************************************************************/

BOOL cli_temp_set_signing(struct cli_state *cli)
{
	if (!cli_set_smb_signing_common(cli)) {
		return False;
	}

	cli->sign_info.signing_context = NULL;
	
	cli->sign_info.sign_outgoing_message = temp_sign_outgoing_message;
	cli->sign_info.check_incoming_message = temp_check_incoming_message;
	cli->sign_info.free_signing_context = temp_free_signing_context;

	return True;
}

void cli_free_signing_context(struct cli_state *cli)
{
	free_signing_context(&cli->sign_info);
}

/**
 * Sign a packet with the current mechanism
 */
 
void cli_calculate_sign_mac(struct cli_state *cli)
{
	cli->sign_info.sign_outgoing_message(cli->outbuf, &cli->sign_info);
}

/**
 * Check a packet with the current mechanism
 * @return False if we had an established signing connection
 *         which had a bad checksum, True otherwise.
 */
 
BOOL cli_check_sign_mac(struct cli_state *cli) 
{
	if (!cli->sign_info.check_incoming_message(cli->inbuf, &cli->sign_info, True)) {
		free_signing_context(&cli->sign_info);	
		return False;
	}
	return True;
}

/***********************************************************
 SMB signing - Server implementation - send the MAC.
************************************************************/

static void srv_sign_outgoing_message(char *outbuf, struct smb_sign_info *si)
{
	unsigned char calc_md5_mac[16];
	struct smb_basic_signing_context *data = si->signing_context;
	uint32 send_seq_number = data->send_seq_num;
	BOOL was_deferred_packet = False;
	uint16 mid;

	if (!si->doing_signing) {
		return;
	}

	/* JRA Paranioa test - we should be able to get rid of this... */
	if (smb_len(outbuf) < (smb_ss_field + 8 - 4)) {
		DEBUG(1, ("srv_sign_outgoing_message: Logic error. Can't send signature on short packet! smb_len = %u\n",
					smb_len(outbuf) ));
		abort();
	}

	/* mark the packet as signed - BEFORE we sign it...*/
	mark_packet_signed(outbuf);

	mid = SVAL(outbuf, smb_mid);

	/* See if this is a reply for a deferred packet. */
	was_deferred_packet = get_sequence_for_reply(&data->outstanding_packet_list, mid, &send_seq_number);

	if (data->trans_info && (data->trans_info->mid == mid)) {
		/* This is a reply in a trans stream. Use the sequence
		 * number associated with the stream mid. */
		send_seq_number = data->trans_info->send_seq_num;
	}

	simple_packet_signature(data, (const unsigned char *)outbuf, send_seq_number, calc_md5_mac);

	DEBUG(10, ("srv_sign_outgoing_message: seq %u: sent SMB signature of\n", (unsigned int)send_seq_number));
	dump_data(10, (const char *)calc_md5_mac, 8);

	memcpy(&outbuf[smb_ss_field], calc_md5_mac, 8);

/*	cli->outbuf[smb_ss_field+2]=0; 
	Uncomment this to test if the remote client actually verifies signatures...*/

	/* Don't mess with the sequence number for a deferred packet. */
	if (was_deferred_packet) {
		return;
	}

	if (!data->trans_info) {
		/* Always increment if not in a trans stream. */
		data->send_seq_num++;
	} else if ((data->trans_info->send_seq_num == data->send_seq_num) || (data->trans_info->mid != mid)) {
		/* Increment if this is the first reply in a trans stream or a
		 * packet that doesn't belong to this stream (different mid). */
		data->send_seq_num++;
	}
}

/***********************************************************
 Is an incoming packet an oplock break reply ?
************************************************************/

static BOOL is_oplock_break(char *inbuf)
{
	if (CVAL(inbuf,smb_com) != SMBlockingX)
		return False;

	if (!(CVAL(inbuf,smb_vwv3) & LOCKING_ANDX_OPLOCK_RELEASE))
		return False;

	DEBUG(10,("is_oplock_break: Packet is oplock break\n"));