svn commit: samba r21880 - in branches/SAMBA_3_0/source: include lib libsmb

jra at samba.org jra at samba.org
Mon Mar 19 22:45:36 GMT 2007 

Author: jra
Date: 2007-03-19 22:45:35 +0000 (Mon, 19 Mar 2007)
New Revision: 21880

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21880

Log:
Make client and server calls into encryption code symetrical,
depending on encryption context pointer.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/include/client.h
   branches/SAMBA_3_0/source/lib/util_sock.c
   branches/SAMBA_3_0/source/libsmb/clientgen.c
   branches/SAMBA_3_0/source/libsmb/smb_seal.c


Changeset:
Modified: branches/SAMBA_3_0/source/include/client.h
===================================================================
--- branches/SAMBA_3_0/source/include/client.h	2007-03-19 21:52:27 UTC (rev 21879)
+++ branches/SAMBA_3_0/source/include/client.h	2007-03-19 22:45:35 UTC (rev 21880)
@@ -83,6 +83,7 @@
 
 struct smb_trans_enc_state {
 	enum smb_trans_enc_type smb_enc_type;
+	BOOL enc_on;
 	union {
 		NTLMSSP_STATE *ntlmssp_state;
 #if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)

Modified: branches/SAMBA_3_0/source/lib/util_sock.c
===================================================================
--- branches/SAMBA_3_0/source/lib/util_sock.c	2007-03-19 21:52:27 UTC (rev 21879)
+++ branches/SAMBA_3_0/source/lib/util_sock.c	2007-03-19 22:45:35 UTC (rev 21880)
@@ -789,13 +789,13 @@
 		if (ret <= 0) {
 			DEBUG(0,("Error writing %d bytes to client. %d. (%s)\n",
 				(int)len,(int)ret, strerror(errno) ));
-			srv_free_buffer(buf_out);
+			srv_free_enc_buffer(buf_out);
 			return False;
 		}
 		nwritten += ret;
 	}
 
-	srv_free_buffer(buf_out);
+	srv_free_enc_buffer(buf_out);
 	return True;
 }
 

Modified: branches/SAMBA_3_0/source/libsmb/clientgen.c
===================================================================
--- branches/SAMBA_3_0/source/libsmb/clientgen.c	2007-03-19 21:52:27 UTC (rev 21879)
+++ branches/SAMBA_3_0/source/libsmb/clientgen.c	2007-03-19 22:45:35 UTC (rev 21880)
@@ -164,6 +164,7 @@
 	size_t len;
 	size_t nwritten=0;
 	ssize_t ret;
+	char *buf_out;
 
 	/* fd == -1 causes segfaults -- Tom (tom at ninja.nl) */
 	if (cli->fd == -1) {
@@ -172,7 +173,7 @@
 
 	cli_calculate_sign_mac(cli);
 
-	status = cli_encrypt_message(cli);
+	status = cli_encrypt_message(cli, &buf_out);
 	if (!NT_STATUS_IS_OK(status)) {
 		close(cli->fd);
 		cli->fd = -1;
@@ -182,11 +183,12 @@
 		return False;
 	}
 
-	len = smb_len(cli->outbuf) + 4;
+	len = smb_len(buf_out) + 4;
 
 	while (nwritten < len) {
-		ret = write_socket(cli->fd,cli->outbuf+nwritten,len - nwritten);
+		ret = write_socket(cli->fd,buf_out+nwritten,len - nwritten);
 		if (ret <= 0) {
+			cli_free_enc_buffer(cli, buf_out);
 			close(cli->fd);
 			cli->fd = -1;
 			cli->smb_rw_error = WRITE_ERROR;
@@ -196,6 +198,9 @@
 		}
 		nwritten += ret;
 	}
+
+	cli_free_enc_buffer(cli, buf_out);
+
 	/* Increment the mid so we can tell between responses. */
 	cli->mid++;
 	if (!cli->mid) {
@@ -447,6 +452,8 @@
 	SAFE_FREE(cli->inbuf);
 
 	cli_free_signing_context(cli);
+	cli_free_encryption_context(cli);
+
 	data_blob_free(&cli->secblob);
 	data_blob_free(&cli->user_session_key);
 

Modified: branches/SAMBA_3_0/source/libsmb/smb_seal.c
===================================================================
--- branches/SAMBA_3_0/source/libsmb/smb_seal.c	2007-03-19 21:52:27 UTC (rev 21879)
+++ branches/SAMBA_3_0/source/libsmb/smb_seal.c	2007-03-19 22:45:35 UTC (rev 21880)
@@ -20,65 +20,22 @@
 
 #include "includes.h"
 
-NTSTATUS cli_decrypt_message(struct cli_state *cli)
-{
-	return NT_STATUS_OK;
-}
-
-NTSTATUS cli_encrypt_message(struct cli_state *cli)
-{
-	return NT_STATUS_OK;
-}
-
-/* Server state if we're encrypting SMBs. If NULL then enc is off. */
-
-static struct smb_trans_enc_state *srv_trans_enc_state;
-
 /******************************************************************************
- Is server encryption on ?
+ Generic code for client and server.
+ Is encryption turned on ?
 ******************************************************************************/
 
-BOOL srv_encryption_on(void)
+static BOOL internal_encryption_on(struct smb_trans_enc_state *es)
 {
-	return srv_trans_enc_state != NULL;
+	return ((es != NULL) && es->enc_on);
 }
 
 /******************************************************************************
- Free an encryption-allocated buffer.
-******************************************************************************/
-
-void srv_free_buffer(char *buf_out)
-{
-	if (!srv_trans_enc_state) {
-		return;
-	}
-
-	if (srv_trans_enc_state->smb_enc_type == SMB_TRANS_ENC_NTLM) {
-		SAFE_FREE(buf_out);
-		return;
-	}
-
-#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
-	/* gss-api free buffer.... */
-#endif
-}
-
-/******************************************************************************
- gss-api decrypt an incoming buffer.
-******************************************************************************/
-
-#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
-static NTSTATUS srv_gss_decrypt_buffer(gss_ctx_id_t context_handle, char *buf)
-{
-	return NT_STATUS_NOT_SUPPORTED;
-}
-#endif
-
-/******************************************************************************
+ Generic code for client and server.
  NTLM decrypt an incoming buffer.
 ******************************************************************************/
 
-static NTSTATUS srv_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf)
+static NTSTATUS internal_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf)
 {
 	NTSTATUS status;
 	size_t orig_len = smb_len(buf);
@@ -109,42 +66,11 @@
 }
 
 /******************************************************************************
- Decrypt an incoming buffer.
-******************************************************************************/
-
-NTSTATUS srv_decrypt_buffer(char *buf)
-{
-	if (!srv_trans_enc_state) {
-		/* Not decrypting. */
-		return NT_STATUS_OK;
-	}
-	if (srv_trans_enc_state->smb_enc_type == SMB_TRANS_ENC_NTLM) {
-		return srv_ntlm_decrypt_buffer(srv_trans_enc_state->ntlmssp_state, buf);
-	} else {
-#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
-		return srv_gss_decrypt_buffer(srv_trans_enc_state->context_handle, buf);
-#else
-		return NT_STATUS_NOT_SUPPORTED;
-#endif
-	}
-}
-
-/******************************************************************************
- gss-api encrypt an outgoing buffer. Return the encrypted pointer in buf_out.
-******************************************************************************/
-
-#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
-static NTSTATUS srv_gss_encrypt_buffer(gss_ctx_id_t context_handle, char *buf, char **buf_out)
-{
-	return NT_STATUS_NOT_SUPPORTED;
-}
-#endif
-
-/******************************************************************************
+ Generic code for client and server.
  NTLM encrypt an outgoing buffer. Return the encrypted pointer in ppbuf_out.
 ******************************************************************************/
 
-static NTSTATUS srv_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf, char **ppbuf_out)
+static NTSTATUS internal_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf, char **ppbuf_out)
 {
 	NTSTATUS status;
 	char *buf_out;
@@ -192,24 +118,221 @@
 }
 
 /******************************************************************************
- Encrypt an outgoing buffer. Return the encrypted pointer in buf_out.
+ Generic code for client and server.
+ gss-api decrypt an incoming buffer.
 ******************************************************************************/
 
-NTSTATUS srv_encrypt_buffer(char *buffer, char **buf_out)
+#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
+static NTSTATUS internal_gss_decrypt_buffer(gss_ctx_id_t context_handle, char *buf)
 {
-	if (!srv_trans_enc_state) {
+	return NT_STATUS_NOT_SUPPORTED;
+}
+#endif
+
+/******************************************************************************
+ Generic code for client and server.
+ gss-api encrypt an outgoing buffer. Return the alloced encrypted pointer in buf_out.
+******************************************************************************/
+
+#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
+static NTSTATUS srv_gss_encrypt_buffer(gss_ctx_id_t context_handle, char *buf, char **buf_out)
+{
+	return NT_STATUS_NOT_SUPPORTED;
+}
+#endif
+
+/******************************************************************************
+ Generic code for client and server.
+ Encrypt an outgoing buffer. Return the alloced encrypted pointer in buf_out.
+******************************************************************************/
+
+static NTSTATUS internal_encrypt_buffer(struct smb_trans_enc_state *es, char *buffer, char **buf_out)
+{
+	if (!internal_encryption_on(es)) {
 		/* Not encrypting. */
 		*buf_out = buffer;
 		return NT_STATUS_OK;
 	}
 
-	if (srv_trans_enc_state->smb_enc_type == SMB_TRANS_ENC_NTLM) {
-		return srv_ntlm_encrypt_buffer(srv_trans_enc_state->ntlmssp_state, buffer, buf_out);
+	if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) {
+		return internal_ntlm_encrypt_buffer(es->ntlmssp_state, buffer, buf_out);
 	} else {
 #if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
-		return srv_gss_encrypt_buffer(srv_trans_enc_state->context_handle, buffer, buf_out);
+		return internal_gss_encrypt_buffer(es->context_handle, buffer, buf_out);
 #else
 		return NT_STATUS_NOT_SUPPORTED;
 #endif
 	}
 }
+
+/******************************************************************************
+ Generic code for client and server.
+ Decrypt an incoming SMB buffer. Replaces the data within it.
+ New data must be less than or equal to the current length.
+******************************************************************************/
+
+static NTSTATUS internal_decrypt_buffer(struct smb_trans_enc_state *es, char *buf)
+{
+	if (!internal_encryption_on(es)) {
+		/* Not decrypting. */
+		return NT_STATUS_OK;
+	}
+	if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) {
+		return internal_ntlm_decrypt_buffer(es->ntlmssp_state, buf);
+	} else {
+#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
+		return internal_gss_decrypt_buffer(es->context_handle, buf);
+#else
+		return NT_STATUS_NOT_SUPPORTED;
+#endif
+	}
+}
+
+/******************************************************************************
+ Shutdown an encryption state.
+******************************************************************************/
+
+static void internal_free_encryption_context(struct smb_trans_enc_state **pp_es)
+{
+	struct smb_trans_enc_state *es = *pp_es;
+
+	if (es == NULL) {
+		return;
+	}
+
+	if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) {
+		ntlmssp_end(&es->ntlmssp_state);
+	}
+#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
+	if (es->smb_enc_type == SMB_TRANS_ENC_GSS) {
+		/* Free the gss context handle. */
+	}
+#endif
+	SAFE_FREE(es);
+	*pp_es = NULL;
+}
+
+/******************************************************************************
+ Free an encryption-allocated buffer.
+******************************************************************************/
+
+static void internal_free_enc_buffer(struct smb_trans_enc_state *es, char *buf)
+{
+	if (!internal_encryption_on(es)) {
+		return;
+	}
+
+	if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) {
+		SAFE_FREE(buf);
+		return;
+	}
+
+#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5)
+	/* gss-api free buffer.... */
+#endif
+}
+
+/******************************************************************************
+ Client side encryption.
+******************************************************************************/
+
+/******************************************************************************
+ Is client encryption on ?
+******************************************************************************/
+
+BOOL cli_encryption_on(struct cli_state *cli)
+{
+	return internal_encryption_on(cli->trans_enc_state);
+}
+
+/******************************************************************************
+ Shutdown a client encryption state.
+******************************************************************************/
+
+void cli_free_encryption_context(struct cli_state *cli)
+{
+	return internal_free_encryption_context(&cli->trans_enc_state);
+}
+
+/******************************************************************************
+ Free an encryption-allocated buffer.
+******************************************************************************/
+
+void cli_free_enc_buffer(struct cli_state *cli, char *buf)
+{
+	return internal_free_enc_buffer(cli->trans_enc_state, buf);
+}
+
+/******************************************************************************
+ Decrypt an incoming buffer.
+******************************************************************************/
+
+NTSTATUS cli_decrypt_message(struct cli_state *cli)
+{
+	return internal_decrypt_buffer(cli->trans_enc_state, cli->inbuf);
+}
+
+/******************************************************************************
+ Encrypt an outgoing buffer. Return the encrypted pointer in buf_out.
+******************************************************************************/
+
+NTSTATUS cli_encrypt_message(struct cli_state *cli, char **buf_out)
+{
+	return internal_encrypt_buffer(cli->trans_enc_state, cli->outbuf, buf_out);
+}
+
+/******************************************************************************
+ Server side encryption.
+******************************************************************************/
+
+/******************************************************************************
+ Global server state.
+******************************************************************************/
+
+static struct smb_trans_enc_state *partial_srv_trans_enc_state;
+static struct smb_trans_enc_state *srv_trans_enc_state;
+
+/******************************************************************************
+ Is server encryption on ?
+******************************************************************************/
+
+BOOL srv_encryption_on(void)
+{
+	return internal_encryption_on(srv_trans_enc_state);
+}
+
+/******************************************************************************
+ Shutdown a server encryption state.
+******************************************************************************/
+
+void srv_free_encryption_context(void)
+{
+	return internal_free_encryption_context(&srv_trans_enc_state);
+}
+
+/******************************************************************************
+ Free an encryption-allocated buffer.
+******************************************************************************/
+
+void srv_free_enc_buffer(char *buf)
+{
+	return internal_free_enc_buffer(srv_trans_enc_state, buf);
+}
+
+/******************************************************************************
+ Decrypt an incoming buffer.
+******************************************************************************/
+
+NTSTATUS srv_decrypt_buffer(char *buf)
+{
+	return internal_decrypt_buffer(srv_trans_enc_state, buf);
+}
+
+/******************************************************************************
+ Encrypt an outgoing buffer. Return the encrypted pointer in buf_out.
+******************************************************************************/
+
+NTSTATUS srv_encrypt_buffer(char *buffer, char **buf_out)
+{
+	return internal_encrypt_buffer(srv_trans_enc_state, buffer, buf_out);
+}

More information about the samba-cvs mailing list