svn commit: samba r21922 - in branches/SAMBA_3_0/source: . lib libads libsmb

jra at samba.org jra at samba.org
Wed Mar 21 23:49:58 GMT 2007 

Author: jra
Date: 2007-03-21 23:49:57 +0000 (Wed, 21 Mar 2007)
New Revision: 21922

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21922

Log:
Fixed the build by rather horrid means. I really need
to restructure libsmb/smb_signing.c so it isn't in
the base libs path but lives in libsmb instead (like
smb_seal.c does).
Jeremy.

Modified:
   branches/SAMBA_3_0/source/Makefile.in
   branches/SAMBA_3_0/source/lib/util_sock.c
   branches/SAMBA_3_0/source/libads/ads_status.c
   branches/SAMBA_3_0/source/libsmb/cliconnect.c
   branches/SAMBA_3_0/source/libsmb/clientgen.c
   branches/SAMBA_3_0/source/libsmb/smb_seal.c
   branches/SAMBA_3_0/source/libsmb/smb_signing.c


Changeset:
Modified: branches/SAMBA_3_0/source/Makefile.in
===================================================================
--- branches/SAMBA_3_0/source/Makefile.in	2007-03-21 21:30:25 UTC (rev 21921)
+++ branches/SAMBA_3_0/source/Makefile.in	2007-03-21 23:49:57 UTC (rev 21922)
@@ -258,7 +258,7 @@
 	  lib/tallocmsg.o lib/dmallocmsg.o libsmb/smb_signing.o \
 	  lib/md5.o lib/hmacmd5.o lib/arc4.o lib/iconv.o \
 	  nsswitch/wb_client.o $(WBCOMMON_OBJ) \
-	  lib/pam_errors.o intl/lang_tdb.o libsmb/smb_seal.o \
+	  lib/pam_errors.o intl/lang_tdb.o \
 	  lib/adt_tree.o lib/gencache.o $(TDB_OBJ) \
 	  lib/module.o lib/events.o lib/ldap_escape.o @CHARSET_STATIC@ \
 	  lib/secdesc.o lib/util_seaccess.o lib/secace.o lib/secacl.o \
@@ -313,7 +313,7 @@
 	     libsmb/clistr.o libsmb/cliquota.o libsmb/clifsinfo.o libsmb/clidfs.o \
              libsmb/smberr.o libsmb/credentials.o libsmb/pwd_cache.o \
 	     libsmb/clioplock.o $(ERRORMAP_OBJ) libsmb/clirap2.o \
-	     $(DOSERR_OBJ) \
+	     libsmb/smb_seal.o $(DOSERR_OBJ) \
 	     $(RPC_PARSE_OBJ1) $(LIBSAMBA_OBJ) $(LIBNMB_OBJ)
 
 RPC_CLIENT_OBJ1 = rpc_client/cli_netlogon.o

Modified: branches/SAMBA_3_0/source/lib/util_sock.c
===================================================================
--- branches/SAMBA_3_0/source/lib/util_sock.c	2007-03-21 21:30:25 UTC (rev 21921)
+++ branches/SAMBA_3_0/source/lib/util_sock.c	2007-03-21 23:49:57 UTC (rev 21922)
@@ -732,32 +732,32 @@
 
 BOOL receive_smb(int fd, char *buffer, unsigned int timeout)
 {
-	NTSTATUS status;
-
 	if (!receive_smb_raw(fd, buffer, timeout)) {
 		return False;
 	}
 
-	status = srv_decrypt_buffer(buffer);
-	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(0, ("receive_smb: SMB decryption failed on incoming packet! Error %s\n",
-			nt_errstr(status) ));
-		if (smb_read_error == 0) {
-			smb_read_error = READ_BAD_DECRYPT;
+	if (srv_encryption_on()) {
+		NTSTATUS status = srv_decrypt_buffer(buffer);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0, ("receive_smb: SMB decryption failed on incoming packet! Error %s\n",
+				nt_errstr(status) ));
+			if (smb_read_error == 0) {
+				smb_read_error = READ_BAD_DECRYPT;
+			}
+			return False;
 		}
-		return False;
+	} else {
+		/* Check the incoming SMB signature. */
+		if (!srv_check_sign_mac(buffer, True)) {
+			DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n"));
+			if (smb_read_error == 0) {
+				smb_read_error = READ_BAD_SIG;
+			}
+			return False;
+		}
 	}
 
-	/* Check the incoming SMB signature. */
-	if (!srv_check_sign_mac(buffer, True)) {
-		DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n"));
-		if (smb_read_error == 0) {
-			smb_read_error = READ_BAD_SIG;
-		}
-		return False;
-	};
-
-	return(True);
+	return True;
 }
 
 /****************************************************************************
@@ -766,20 +766,21 @@
 
 BOOL send_smb(int fd, char *buffer)
 {
-	NTSTATUS status;
 	size_t len;
 	size_t nwritten=0;
 	ssize_t ret;
-	char *buf_out;
+	char *buf_out = buffer;
 
 	/* Sign the outgoing packet if required. */
-	srv_calculate_sign_mac(buffer);
-
-	status = srv_encrypt_buffer(buffer, &buf_out);
-	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(0, ("send_smb: SMB encryption failed on outgoing packet! Error %s\n",
-			nt_errstr(status) ));
-		return False;
+	if (!srv_encryption_on()) {
+		srv_calculate_sign_mac(buf_out);
+	} else {
+		NTSTATUS status = srv_encrypt_buffer(buffer, &buf_out);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0, ("send_smb: SMB encryption failed on outgoing packet! Error %s\n",
+				nt_errstr(status) ));
+			return False;
+		}
 	}
 
 	len = smb_len(buf_out) + 4;

Modified: branches/SAMBA_3_0/source/libads/ads_status.c
===================================================================
--- branches/SAMBA_3_0/source/libads/ads_status.c	2007-03-21 21:30:25 UTC (rev 21921)
+++ branches/SAMBA_3_0/source/libads/ads_status.c	2007-03-21 23:49:57 UTC (rev 21922)
@@ -85,6 +85,10 @@
 	case ENUM_ADS_ERROR_KRB5:
 		return krb5_to_nt_status(status.err.rc);
 #endif
+#ifdef HAVE_GSSAPI
+	case ENUM_ADS_ERROR_GSS:
+		return NT_STATUS_UNSUCCESSFUL;
+#endif
 	default:
 		break;
 	}
@@ -143,5 +147,3 @@
 	}
 
 }
-
-

Modified: branches/SAMBA_3_0/source/libsmb/cliconnect.c
===================================================================
--- branches/SAMBA_3_0/source/libsmb/cliconnect.c	2007-03-21 21:30:25 UTC (rev 21921)
+++ branches/SAMBA_3_0/source/libsmb/cliconnect.c	2007-03-21 23:49:57 UTC (rev 21922)
@@ -742,25 +742,25 @@
 		DATA_BLOB key = data_blob(ntlmssp_state->session_key.data,
 					  ntlmssp_state->session_key.length);
 		DATA_BLOB null_blob = data_blob(NULL, 0);
-		BOOL res;
 
 		fstrcpy(cli->server_domain, ntlmssp_state->server_domain);
 		cli_set_session_key(cli, ntlmssp_state->session_key);
 
-		res = cli_simple_set_signing(cli, key, null_blob);
+		if (!cli_encryption_on(cli)) {
+			BOOL res = cli_simple_set_signing(cli, key, null_blob);
 
-		data_blob_free(&key);
-
-		if (res) {
+			if (res) {
 			
-			/* 'resign' the last message, so we get the right sequence numbers
-			   for checking the first reply from the server */
-			cli_calculate_sign_mac(cli);
+				/* 'resign' the last message, so we get the right sequence numbers
+				   for checking the first reply from the server */
+				cli_calculate_sign_mac(cli);
 			
-			if (!cli_check_sign_mac(cli)) {
-				nt_status = NT_STATUS_ACCESS_DENIED;
+				if (!cli_check_sign_mac(cli)) {
+					nt_status = NT_STATUS_ACCESS_DENIED;
+				}
 			}
 		}
+		data_blob_free(&key);
 	}
 
 	/* we have a reference counter on ntlmssp_state, if we are signing

Modified: branches/SAMBA_3_0/source/libsmb/clientgen.c
===================================================================
--- branches/SAMBA_3_0/source/libsmb/clientgen.c	2007-03-21 21:30:25 UTC (rev 21921)
+++ branches/SAMBA_3_0/source/libsmb/clientgen.c	2007-03-21 23:49:57 UTC (rev 21922)
@@ -57,7 +57,6 @@
 static BOOL client_receive_smb(struct cli_state *cli)
 {
 	BOOL ret;
-	NTSTATUS status;
 	int fd = cli->fd;
 	char *buffer = cli->inbuf;
 	unsigned int timeout = cli->timeout;
@@ -75,14 +74,16 @@
 		if(CVAL(buffer,0) != SMBkeepalive)
 			break;
 	}
-	status = cli_decrypt_message(cli);
-	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(0, ("SMB decryption failed on incoming packet! Error %s\n",
-			nt_errstr(status)));
-		cli->smb_rw_error = READ_BAD_DECRYPT;
-		close(cli->fd);
-		cli->fd = -1;
-		return False;
+	if (cli_encryption_on(cli)) {
+		NTSTATUS status = cli_decrypt_message(cli);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0, ("SMB decryption failed on incoming packet! Error %s\n",
+				nt_errstr(status)));
+			cli->smb_rw_error = READ_BAD_DECRYPT;
+			close(cli->fd);
+			cli->fd = -1;
+			return False;
+		}
 	}
 	show_msg(buffer);
 	return ret;
@@ -129,13 +130,15 @@
 		return ret;
 	}
 
-	if (!cli_check_sign_mac(cli)) {
-		DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
-		cli->smb_rw_error = READ_BAD_SIG;
-		close(cli->fd);
-		cli->fd = -1;
-		return False;
-	};
+	if (!cli_encryption_on(cli)) {
+		if (!cli_check_sign_mac(cli)) {
+			DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
+			cli->smb_rw_error = READ_BAD_SIG;
+			close(cli->fd);
+			cli->fd = -1;
+			return False;
+		}
+	}
 	return True;
 }
 
@@ -160,7 +163,6 @@
 
 BOOL cli_send_smb(struct cli_state *cli)
 {
-	NTSTATUS status;
 	size_t len;
 	size_t nwritten=0;
 	ssize_t ret;
@@ -171,16 +173,18 @@
 		return False;
 	}
 
-	cli_calculate_sign_mac(cli);
-
-	status = cli_encrypt_message(cli, &buf_out);
-	if (!NT_STATUS_IS_OK(status)) {
-		close(cli->fd);
-		cli->fd = -1;
-		cli->smb_rw_error = WRITE_ERROR;
-		DEBUG(0,("Error in encrypting client message. Error %s\n",
-			nt_errstr(status) ));
-		return False;
+	if (cli_encryption_on(cli)) {
+		NTSTATUS status = cli_encrypt_message(cli, &buf_out);
+		if (!NT_STATUS_IS_OK(status)) {
+			close(cli->fd);
+			cli->fd = -1;
+			cli->smb_rw_error = WRITE_ERROR;
+			DEBUG(0,("Error in encrypting client message. Error %s\n",
+				nt_errstr(status) ));
+			return False;
+		}
+	} else {
+		cli_calculate_sign_mac(cli);
 	}
 
 	len = smb_len(buf_out) + 4;

Modified: branches/SAMBA_3_0/source/libsmb/smb_seal.c
===================================================================
--- branches/SAMBA_3_0/source/libsmb/smb_seal.c	2007-03-21 21:30:25 UTC (rev 21921)
+++ branches/SAMBA_3_0/source/libsmb/smb_seal.c	2007-03-21 23:49:57 UTC (rev 21922)
@@ -163,8 +163,11 @@
 			&out_buf);
 
 	if (ret != GSS_S_COMPLETE) {
+		ADS_STATUS adss = ADS_ERROR_GSS(ret, minor);
+		DEBUG(0,("common_gss_encrypt_buffer: gss_wrap failed. Error %s\n",
+			ads_errstr(adss) ));
 		/* Um - no mapping for gss-errs to NTSTATUS yet. */
-		return NT_STATUS_UNSUCCESSFUL;
+		return ads_ntstatus(adss);
 	}
 
 	if (!flags_got) {

Modified: branches/SAMBA_3_0/source/libsmb/smb_signing.c
===================================================================
--- branches/SAMBA_3_0/source/libsmb/smb_signing.c	2007-03-21 21:30:25 UTC (rev 21921)
+++ branches/SAMBA_3_0/source/libsmb/smb_signing.c	2007-03-21 23:49:57 UTC (rev 21922)
@@ -585,9 +585,7 @@
  
 void cli_calculate_sign_mac(struct cli_state *cli)
 {
-	if (!cli_encryption_on(cli)) {
-		cli->sign_info.sign_outgoing_message(cli->outbuf, &cli->sign_info);
-	}
+	cli->sign_info.sign_outgoing_message(cli->outbuf, &cli->sign_info);
 }
 
 /**
@@ -598,9 +596,6 @@
  
 BOOL cli_check_sign_mac(struct cli_state *cli) 
 {
-	if (cli_encryption_on(cli)) {
-		return True;
-	}
 	if (!cli->sign_info.check_incoming_message(cli->inbuf, &cli->sign_info, True)) {
 		free_signing_context(&cli->sign_info);	
 		return False;
@@ -617,9 +612,6 @@
 	struct smb_sign_info *si = &cli->sign_info;
 	struct smb_basic_signing_context *data = (struct smb_basic_signing_context *)si->signing_context;
 
-	if (cli_encryption_on(cli)) {
-		return True;
-	}
 	if (!si->doing_signing) {
 		return True;
 	}
@@ -645,9 +637,6 @@
 	struct smb_sign_info *si = &cli->sign_info;
 	struct smb_basic_signing_context *data = (struct smb_basic_signing_context *)si->signing_context;
 
-	if (cli_encryption_on(cli)) {
-		return True;
-	}
 	if (!si->doing_signing) {
 		return True;
 	}
@@ -813,15 +802,6 @@
 		return True;
 	}
 
-	/* 
-	 * If we have an encrypted transport
-	 * don't sign - we're already doing that.
-	 */
-
-	if (srv_encryption_on()) {
-		return True;
-	}
-
 	return srv_sign_info.check_incoming_message(inbuf, &srv_sign_info, must_be_ok);
 }
 
@@ -836,15 +816,6 @@
 		return;
 	}
 
-	/* 
-	 * If we have an encrypted transport
-	 * don't check sign - we're already doing that.
-	 */
-
-	if (srv_encryption_on()) {
-		return;
-	}
-
 	srv_sign_info.sign_outgoing_message(outbuf, &srv_sign_info);
 }

More information about the samba-cvs mailing list