[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Wed Mar 17 01:57:01 UTC 2021
The branch, master has been updated
via 8f43c15f627 smb2_sesssetup: validate that sign_algo and encryption_cipher match on a session bind
via 4ab1b29d5d3 smb2_sesssetup: a session bind with a different user results in ACCESS_DENIED
via 7733f98f691 smb2_sesssetup: a bind dialect mismatch should always result in INVALID_PARAMETER
via fd9191fb9c9 smb2_sesssetup: only set NT_STATUS_MORE_PROCESSING_REQUIRED if a reauth can start
via d95e90fe460 smb2_sesssetup: don't shutdown a session on failure when it's not valid yet on the connection
via b8ccd2391af smb2_server: fallback global session lookup if the session belongs to a different client
via 3242a0b0918 smbXsrv_session: split out smbXsrv_session_remove_channel()
via c4bec67f06e s3:selftest: pass alice credentials to the smb2.session tests for ad_dc
via 20450089951 s4:torture/smb2: add smb2.session.bind_{invalid_auth,different_user}
via 341ad1ae68b s4:torture: add a torture_user2_credentials() helper to pass additional credentials
via 457b9898816 s4:torture/smb2: add smb2.session.bind_negative_{smb202,smb210,smb2to3,smb3to2,smb3to3}
via 30fa5a45c2d s4:torture/smb2: improve smb2.notify.invalid-reauth
via 44e76fccf67 libcli/smb: make use of smb3_capabilities.encryption
via fe7fe76c31e s4:param: let lpcfg_smbcli_options() fill smb3_capabilities.ciphers
via 78549ea0b2e s3:libsmb: fill in smb3_capabilities.ciphers
via c0868882c71 libcli/smb: introduce struct smb3_encryption_capabilities
via c34b86a34e8 libcli/smb: pass smb3_capabilities to smbXcli_conn_create()
via 5b5140483ee s4:libcli/raw: add smb3_capabilities to struct smbcli_options
via a11dab16480 libcli/smb: introduce struct struct smb311_capabilities
via 452f0cd19b5 libcli/smb: don't copy the key to a stack variable in smb2_signing_{encrypt,decrypt}_pdu()
via f65e609fd16 libcli/smb: no longer pass protocol to smb2_signing_{encrypt,decrypt}_pdu()
via 7c8707613e7 libcli/smb: no longer pass protocol to smb2_signing_{sign,check}_pdu()
via 5d4c63d8387 libcli/smb: make smb2_signing_key_destructor static
via 2885fbfd764 smb2_server: use struct smb2_signing_key for first_enc_key and last_sign_key
via da7dcc443f4 smbd: make use of smb2_signing_key_{copy,sign_create,cipher_create}() helpers
via bba8d34a788 libcli/smb: make use of smb2_signing_key_{copy,sign_create,cipher_create}() in smbXcli_base.
via 5b648fe9602 libcli/smb: add smb2_signing_key_{copy,sign_create,cipher_create}() helpers
via 9da2f6727f2 smb2_negotiate: maintain xconn->smb2.server.sign_algo
via 3e43962f732 libcli/smb: maintain smbXcli_conn.smb2.server.sign_algo
via ead89447a92 smbXsrv_session: let smbXsrv_session_global_verify_record() use talloc_keep_secret() for keys
via d815b0fdf36 smb2_sesssetup: use smb2_signing_derivations_fill_const_stack()
via 8e2f3e6558d libcli/smb: make use of smb2_signing_derivations_fill_const_stack() smb2cli_session_set_session_key()
via e4c1a005950 libcli/smb: add smb2_signing_derivations_fill_const_stack()
via 17b99809b3f libcli/smb: make use of smb2_signing_calc_signature() in smb2_signing_sign_pdu()
via f54fb828903 libcli/smb: assert that smb2_signing_{sign,check}_pdu() gets 2-4 iovec elements
via 2a4ba7b6cdf libcli/smb: split out smb2_signing_calc_signature() from smb2_signing_check_pdu()
via 3066a02b5db libcli/smb: pass the length of the resulting key to smb2_key_derivation()
via a9e7d0be3f3 libcli/smb: prepare smb2_key_derivation() for keys larger than 16-bytes
from 78208c62c15 selftest: fix cleanup of test_printing_var_exp.sh
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8f43c15f627d25848622712f5d2e1bceeec72371
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 9 23:54:04 2021 +0100
smb2_sesssetup: validate that sign_algo and encryption_cipher match on a session bind
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Mar 17 01:56:37 UTC 2021 on sn-devel-184
commit 4ab1b29d5d361262f84ce3b915730148a188ad86
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 10 10:58:10 2021 +0100
smb2_sesssetup: a session bind with a different user results in ACCESS_DENIED
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7733f98f69106a8efdceed9603174cf335db700c
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 9 17:03:27 2021 +0100
smb2_sesssetup: a bind dialect mismatch should always result in INVALID_PARAMETER
The ACCESS_DENIED errors happened as we didn't expected to signing
algo is attached to the session key. So our client calculated the
wrong signature.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit fd9191fb9c9781b10512048decad0bc8604f7124
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 9 17:11:04 2021 +0100
smb2_sesssetup: only set NT_STATUS_MORE_PROCESSING_REQUIRED if a reauth can start
When the session is not valid on the current connection it should not be
possible to start a reauth.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d95e90fe4604e095161c0db8d925f3fc3c766070
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 9 16:15:49 2021 +0100
smb2_sesssetup: don't shutdown a session on failure when it's not valid yet on the connection
If someone tries to operate on a session that is not yet valid on the
current connection and the current session setup fails, then we should
not shutdown the session.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b8ccd2391afcc50ca109e328a523b233fcb91a90
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 25 17:58:48 2021 +0100
smb2_server: fallback global session lookup if the session belongs to a different client
The key is that we need to have the signing key in order to pass the
signing checks and give the correct session bind error status.
This should fix the MultipleChannel_Negative_SMB2002 testcase
of the Windows Protocol Test Suite (FileServer).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reported-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3242a0b091899068943072b9c509452931042542
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 9 16:00:55 2021 +0100
smbXsrv_session: split out smbXsrv_session_remove_channel()
It will be needed in other places and makes the logic in
smbXsrv_session_disconnect_xconn_callback() much simpler.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14532
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c4bec67f06eeb05efb7c398ba3a377998249dc47
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 10 13:06:00 2021 +0100
s3:selftest: pass alice credentials to the smb2.session tests for ad_dc
This allows us to test session binds with different users.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2045008995135adbc83fc2365be3e92104eab446
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 9 14:26:46 2021 +0100
s4:torture/smb2: add smb2.session.bind_{invalid_auth,different_user}
These demonstrate that a failing bind does not destroy
the existing session and binding with a different user results
in ACCESS_DENIED.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 341ad1ae68b71489e4729ec11a9b3efb7d9b98ea
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 10 12:55:14 2021 +0100
s4:torture: add a torture_user2_credentials() helper to pass additional credentials
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 457b989881634bfe073cf47a4184f95823a558be
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 24 17:43:40 2021 +0100
s4:torture/smb2: add smb2.session.bind_negative_{smb202,smb210,smb2to3,smb3to2,smb3to3}
'smb2.session.bind_negative_smb202' is similar to the MultipleChannel_Negative_SMB2002 test
from the Windows Protocol Test Suite.
It demonstrates that the server needs to do lookup
in the global session table in order to get the signing
and error code of invalid session setups correct.
In order to work out the details I've added more similar tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 30fa5a45c2df42cc5c28a912cb4f11f514a89390
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 9 13:53:36 2021 +0100
s4:torture/smb2: improve smb2.notify.invalid-reauth
This demonstrates that the session is gone after a failed reauth.
This is different compared to a failing session bind.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 44e76fccf6790c7b6f71dc1b9fbf0f953b26444f
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 9 23:38:51 2021 +0100
libcli/smb: make use of smb3_capabilities.encryption
This avoids a hardcoded list of possible ciphers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit fe7fe76c31e562f3ce36f5483b0bbbf7e920ab4d
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 11 14:39:32 2021 +0100
s4:param: let lpcfg_smbcli_options() fill smb3_capabilities.ciphers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 78549ea0b2eb07e883ee05c0d1baa6f5776c95d7
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 11 14:38:33 2021 +0100
s3:libsmb: fill in smb3_capabilities.ciphers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c0868882c71eaa0e1a7609a1b0dad47887dda29f
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 9 23:38:51 2021 +0100
libcli/smb: introduce struct smb3_encryption_capabilities
This will allow us to control the offered ciphers from the callers
later.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c34b86a34e8ead6d52994b9b5b32f5553a8f90fd
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 9 23:49:19 2021 +0100
libcli/smb: pass smb3_capabilities to smbXcli_conn_create()
Passing NULL means use none.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 5b5140483ee463f341734b7783f08f2b95b14264
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 9 23:40:40 2021 +0100
s4:libcli/raw: add smb3_capabilities to struct smbcli_options
Currently this will be zeroed in lpcfg_smbcli_options(),
but will later allow advanced callers to pass values to
smbXcli_conn_create().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit a11dab1648094982a21dbf2d306deb0e31e444fd
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 9 23:38:51 2021 +0100
libcli/smb: introduce struct struct smb311_capabilities
This will be filled later with supported ciphers and other
things that can be negotiated in SMB >= 3.1.1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 452f0cd19b5274e12e8f54b88e377aee7d8ff8e6
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 10 16:12:12 2021 +0100
libcli/smb: don't copy the key to a stack variable in smb2_signing_{encrypt,decrypt}_pdu()
The key size should always match now.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f65e609fd165b2639d5ae25d59c2e0fb7496c7df
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 10 14:03:50 2021 +0100
libcli/smb: no longer pass protocol to smb2_signing_{encrypt,decrypt}_pdu()
The cipher algorithm is already passed via
smb2_signing_key->chipher_algo_id.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7c8707613e76777daa95494e5bca66380b9f59b1
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 11 13:18:24 2020 +0100
libcli/smb: no longer pass protocol to smb2_signing_{sign,check}_pdu()
The signing algorithm is already passed via
smb2_signing_key->sign_algo_id.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 5d4c63d83879eba86d3fe8d834553a0a7b35217f
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 5 18:01:01 2021 +0100
libcli/smb: make smb2_signing_key_destructor static
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2885fbfd764fddd34f6d4491aff8709e2163bb31
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 5 23:14:21 2021 +0100
smb2_server: use struct smb2_signing_key for first_enc_key and last_sign_key
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit da7dcc443f45d07d9963df9daae458fbdd991a47
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 5 22:40:43 2021 +0100
smbd: make use of smb2_signing_key_{copy,sign_create,cipher_create}() helpers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit bba8d34a788f2db6e70a2c721aa7f7e0569bed4e
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 5 16:43:29 2021 +0100
libcli/smb: make use of smb2_signing_key_{copy,sign_create,cipher_create}() in smbXcli_base.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 5b648fe96027543503e9ad800370bcfee5ca5ff6
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 5 16:19:08 2021 +0100
libcli/smb: add smb2_signing_key_{copy,sign_create,cipher_create}() helpers
These will simplify the callers a lot.
In important part is to also remember the sign and cipher algo ids.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9da2f6727f28281abf83b1426857d5e19d7824ff
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 11 13:18:24 2020 +0100
smb2_negotiate: maintain xconn->smb2.server.sign_algo
This prepares the negotiation of signing algorithms in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3e43962f732ab0006f039a76be3b486f695d4c24
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 11 13:18:24 2020 +0100
libcli/smb: maintain smbXcli_conn.smb2.server.sign_algo
This prepares the negotiation of signing algorithms in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ead89447a92dcc78de9d6cacbaf7ab0c3b57fbb8
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 5 17:50:47 2021 +0100
smbXsrv_session: let smbXsrv_session_global_verify_record() use talloc_keep_secret() for keys
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d815b0fdf36d88b01c54a17968b2b8ffcfb971b3
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 5 18:24:27 2021 +0100
smb2_sesssetup: use smb2_signing_derivations_fill_const_stack()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8e2f3e6558d086427709ad96694346297cccd73e
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 5 16:14:35 2021 +0100
libcli/smb: make use of smb2_signing_derivations_fill_const_stack() smb2cli_session_set_session_key()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit e4c1a0059504085d2b226b871de568d8a51c2dcd
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 5 16:10:07 2021 +0100
libcli/smb: add smb2_signing_derivations_fill_const_stack()
This will allow us to have the logic in one place only
in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 17b99809b3f19dddef6b780decbbace48e76e12e
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 11 13:05:27 2020 +0100
libcli/smb: make use of smb2_signing_calc_signature() in smb2_signing_sign_pdu()
We only need to logic to calculate the signature once...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f54fb828903a69b9703124b9ecd2514ea0992c45
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 9 09:35:53 2021 +0100
libcli/smb: assert that smb2_signing_{sign,check}_pdu() gets 2-4 iovec elements
We expect the following:
* SMB2 HDR
* SMB2 BODY FIXED
* (optional) SMB2 BODY DYN
* (optional) PADDING
Everything else is a bug.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2a4ba7b6cdfe417fa05479517b755a2f67416def
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 11 13:00:34 2020 +0100
libcli/smb: split out smb2_signing_calc_signature() from smb2_signing_check_pdu()
We only need one function to calculate the signature of an SMB2 packet.
And that only need the logic based on a gnutls_mac_algorithm_t once.
The next step will convert smb2_signing_sign_pdu() to also use
smb2_signing_calc_signature(). Doing that in a separate commit
should make sure we don't introduce a symetric bug.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3066a02b5db57f958f0f8395a63dda5acaa88607
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 9 14:22:24 2020 +0100
libcli/smb: pass the length of the resulting key to smb2_key_derivation()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit a9e7d0be3f36a04d8c51f59fafbcf8bc743f950f
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 9 14:10:27 2020 +0100
libcli/smb: prepare smb2_key_derivation() for keys larger than 16-bytes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
libcli/smb/smb2_constants.h | 7 +
libcli/smb/smb2_negotiate_context.h | 10 +
libcli/smb/smb2_signing.c | 610 ++++++++++++++++-------
libcli/smb/smb2_signing.h | 42 +-
libcli/smb/smbXcli_base.c | 342 ++++++-------
libcli/smb/smbXcli_base.h | 4 +-
source3/librpc/idl/smbXsrv.idl | 6 +-
source3/libsmb/clientgen.c | 13 +-
source3/selftest/tests.py | 5 +-
source3/smbd/globals.h | 11 +-
source3/smbd/reply.c | 20 +-
source3/smbd/sesssetup.c | 84 ++--
source3/smbd/smb2_negprot.c | 6 +
source3/smbd/smb2_server.c | 108 ++--
source3/smbd/smb2_sesssetup.c | 393 +++++----------
source3/smbd/smbXsrv_session.c | 225 +++++++--
source3/torture/torture.c | 2 +-
source4/libcli/raw/clitransport.c | 3 +-
source4/libcli/raw/libcliraw.h | 2 +
source4/libcli/smb2/transport.c | 3 +-
source4/libcli/smb_composite/connect_nego.c | 3 +-
source4/param/loadparm.c | 9 +
source4/torture/smb2/notify.c | 5 +
source4/torture/smb2/session.c | 736 ++++++++++++++++++++++++++++
source4/torture/util.h | 10 +
source4/torture/util_smb.c | 50 ++
26 files changed, 1888 insertions(+), 821 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/smb/smb2_constants.h b/libcli/smb/smb2_constants.h
index ea1a21c84e8..7d48ad4bb13 100644
--- a/libcli/smb/smb2_constants.h
+++ b/libcli/smb/smb2_constants.h
@@ -137,7 +137,14 @@
/* Values for the SMB2_PREAUTH_INTEGRITY_CAPABILITIES Context (>= 0x310) */
#define SMB2_PREAUTH_INTEGRITY_SHA512 0x0001
+#define SMB2_SIGNING_INVALID_ALGO 0xffff /* only used internally */
+#define SMB2_SIGNING_MD5_SMB1 0xfffe /* internally for SMB1 */
+#define SMB2_SIGNING_HMAC_SHA256 0x0000 /* default <= 0x210 */
+#define SMB2_SIGNING_AES128_CMAC 0x0001 /* default >= 0x224 */
+
/* Values for the SMB2_ENCRYPTION_CAPABILITIES Context (>= 0x310) */
+#define SMB2_ENCRYPTION_INVALID_ALGO 0xffff /* only used internally */
+#define SMB2_ENCRYPTION_NONE 0x0000 /* only used internally */
#define SMB2_ENCRYPTION_AES128_CCM 0x0001 /* only in dialect >= 0x224 */
#define SMB2_ENCRYPTION_AES128_GCM 0x0002 /* only in dialect >= 0x310 */
#define SMB2_NONCE_HIGH_MAX(nonce_len_bytes) ((uint64_t)(\
diff --git a/libcli/smb/smb2_negotiate_context.h b/libcli/smb/smb2_negotiate_context.h
index 998cf90f5b8..1e2e3e8f17d 100644
--- a/libcli/smb/smb2_negotiate_context.h
+++ b/libcli/smb/smb2_negotiate_context.h
@@ -55,4 +55,14 @@ struct smb2_negotiate_context *smb2_negotiate_context_find(const struct smb2_neg
uint16_t type);
#define WINDOWS_CLIENT_PURE_SMB2_NEGPROT_INITIAL_CREDIT_ASK 31
+struct smb3_encryption_capabilities {
+#define SMB3_ENCRYTION_CAPABILITIES_MAX_ALGOS 2
+ uint16_t num_algos;
+ uint16_t algos[SMB3_ENCRYTION_CAPABILITIES_MAX_ALGOS];
+};
+
+struct smb311_capabilities {
+ struct smb3_encryption_capabilities encryption;
+};
+
#endif /* _LIBCLI_SMB_SMB2_NEGOTIATE_BLOB_H_ */
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index d036fd95918..bfcd6ea233a 100644
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -34,7 +34,63 @@
#include "lib/crypto/gnutls_helpers.h"
-int smb2_signing_key_destructor(struct smb2_signing_key *key)
+void smb2_signing_derivations_fill_const_stack(struct smb2_signing_derivations *ds,
+ enum protocol_types protocol,
+ const DATA_BLOB preauth_hash)
+{
+ *ds = (struct smb2_signing_derivations) { .signing = NULL, };
+
+ if (protocol >= PROTOCOL_SMB3_10) {
+ struct smb2_signing_derivation *d = NULL;
+
+ SMB_ASSERT(preauth_hash.length != 0);
+
+ d = &ds->__signing;
+ ds->signing = d;
+ d->label = data_blob_string_const_null("SMBSigningKey");
+ d->context = preauth_hash;
+
+ d = &ds->__cipher_c2s;
+ ds->cipher_c2s = d;
+ d->label = data_blob_string_const_null("SMBC2SCipherKey");
+ d->context = preauth_hash;
+
+ d = &ds->__cipher_s2c;
+ ds->cipher_s2c = d;
+ d->label = data_blob_string_const_null("SMBS2CCipherKey");
+ d->context = preauth_hash;
+
+ d = &ds->__application;
+ ds->application = d;
+ d->label = data_blob_string_const_null("SMBAppKey");
+ d->context = preauth_hash;
+
+ } else if (protocol >= PROTOCOL_SMB2_24) {
+ struct smb2_signing_derivation *d = NULL;
+
+ d = &ds->__signing;
+ ds->signing = d;
+ d->label = data_blob_string_const_null("SMB2AESCMAC");
+ d->context = data_blob_string_const_null("SmbSign");
+
+ d = &ds->__cipher_c2s;
+ ds->cipher_c2s = d;
+ d->label = data_blob_string_const_null("SMB2AESCCM");
+ d->context = data_blob_string_const_null("ServerIn ");
+
+ d = &ds->__cipher_s2c;
+ ds->cipher_s2c = d;
+ d->label = data_blob_string_const_null("SMB2AESCCM");
+ d->context = data_blob_string_const_null("ServerOut");
+
+ d = &ds->__application;
+ ds->application = d;
+ d->label = data_blob_string_const_null("SMB2APP");
+ d->context = data_blob_string_const_null("SmbRpc");
+ }
+}
+
+static int smb2_signing_key_destructor(struct smb2_signing_key *key)
{
if (key->hmac_hnd != NULL) {
gnutls_hmac_deinit(key->hmac_hnd, NULL);
@@ -49,85 +105,233 @@ int smb2_signing_key_destructor(struct smb2_signing_key *key)
return 0;
}
-bool smb2_signing_key_valid(const struct smb2_signing_key *key)
+NTSTATUS smb2_signing_key_copy(TALLOC_CTX *mem_ctx,
+ const struct smb2_signing_key *src,
+ struct smb2_signing_key **_dst)
{
- if (key == NULL) {
- return false;
+ struct smb2_signing_key *dst = NULL;
+
+ dst = talloc_zero(mem_ctx, struct smb2_signing_key);
+ if (dst == NULL) {
+ return NT_STATUS_NO_MEMORY;
}
+ talloc_set_destructor(dst, smb2_signing_key_destructor);
- if (key->blob.length == 0 || key->blob.data == NULL) {
- return false;
+ dst->sign_algo_id = src->sign_algo_id;
+ dst->cipher_algo_id = src->cipher_algo_id;
+
+ if (src->blob.length == 0) {
+ *_dst = dst;
+ return NT_STATUS_OK;
}
- return true;
+ dst->blob = data_blob_talloc_zero(dst, src->blob.length);
+ if (dst->blob.length == 0) {
+ TALLOC_FREE(dst);
+ return NT_STATUS_NO_MEMORY;
+ }
+ talloc_keep_secret(dst->blob.data);
+ memcpy(dst->blob.data, src->blob.data, dst->blob.length);
+
+ *_dst = dst;
+ return NT_STATUS_OK;
}
-NTSTATUS smb2_signing_sign_pdu(struct smb2_signing_key *signing_key,
- enum protocol_types protocol,
- struct iovec *vector,
- int count)
+static NTSTATUS smb2_signing_key_create(TALLOC_CTX *mem_ctx,
+ uint16_t sign_algo_id,
+ uint16_t cipher_algo_id,
+ const DATA_BLOB *master_key,
+ const struct smb2_signing_derivation *d,
+ struct smb2_signing_key **_key)
{
- uint8_t *hdr;
- uint64_t session_id;
- uint8_t res[16];
- int i;
+ struct smb2_signing_key *key = NULL;
+ size_t in_key_length = 16;
+ size_t out_key_length = 16;
+ NTSTATUS status;
- if (count < 2) {
- return NT_STATUS_INVALID_PARAMETER;
+ if (sign_algo_id != SMB2_SIGNING_INVALID_ALGO) {
+ SMB_ASSERT(cipher_algo_id == SMB2_ENCRYPTION_INVALID_ALGO);
+ }
+ if (cipher_algo_id != SMB2_ENCRYPTION_INVALID_ALGO) {
+ SMB_ASSERT(sign_algo_id == SMB2_SIGNING_INVALID_ALGO);
}
- if (vector[0].iov_len != SMB2_HDR_BODY) {
- return NT_STATUS_INVALID_PARAMETER;
+ key = talloc_zero(mem_ctx, struct smb2_signing_key);
+ if (key == NULL) {
+ return NT_STATUS_NO_MEMORY;
}
+ talloc_set_destructor(key, smb2_signing_key_destructor);
- hdr = (uint8_t *)vector[0].iov_base;
+ key->sign_algo_id = sign_algo_id;
+ key->cipher_algo_id = cipher_algo_id;
- session_id = BVAL(hdr, SMB2_HDR_SESSION_ID);
- if (session_id == 0) {
+ if (master_key == NULL) {
+ SMB_ASSERT(d == NULL);
+
+ *_key = key;
+ return NT_STATUS_OK;
+ }
+
+ /*
+ * Per default use the full key.
+ */
+ in_key_length = out_key_length = master_key->length;
+ switch (sign_algo_id) {
+ case SMB2_SIGNING_INVALID_ALGO:
/*
- * do not sign messages with a zero session_id.
- * See MS-SMB2 3.2.4.1.1
+ * This means we're processing cipher_algo_id below
+ */
+ break;
+ case SMB2_SIGNING_MD5_SMB1:
+ SMB_ASSERT(d == NULL);
+ break;
+ case SMB2_SIGNING_HMAC_SHA256:
+ case SMB2_SIGNING_AES128_CMAC:
+ /*
+ * signing keys are padded or truncated to
+ * 16 bytes.
+ *
+ * Even with master_key->length = 0,
+ * we need to use 16 zeros.
+ */
+ in_key_length = out_key_length = 16;
+ break;
+ default:
+ DBG_ERR("sign_algo_id[%u] not supported\n", sign_algo_id);
+ return NT_STATUS_HMAC_NOT_SUPPORTED;
+ }
+ switch (cipher_algo_id) {
+ case SMB2_ENCRYPTION_INVALID_ALGO:
+ /*
+ * This means we're processing sign_algo_id above
+ */
+ break;
+ case SMB2_ENCRYPTION_NONE:
+ /*
+ * No encryption negotiated.
+ */
+ break;
+ case SMB2_ENCRYPTION_AES128_CCM:
+ case SMB2_ENCRYPTION_AES128_GCM:
+ /*
+ * encryption keys are padded or truncated to
+ * 16 bytes.
*/
+ if (master_key->length == 0) {
+ DBG_ERR("cipher_algo_id[%u] without key\n",
+ cipher_algo_id);
+ return NT_STATUS_NO_USER_SESSION_KEY;
+ }
+ in_key_length = out_key_length = 16;
+ break;
+ default:
+ DBG_ERR("cipher_algo_id[%u] not supported\n", cipher_algo_id);
+ return NT_STATUS_FWP_INCOMPATIBLE_CIPHER_CONFIG;
+ }
+
+ if (out_key_length == 0) {
+ *_key = key;
return NT_STATUS_OK;
}
- if (!smb2_signing_key_valid(signing_key)) {
- DBG_WARNING("No signing key for SMB2 signing\n");
- return NT_STATUS_ACCESS_DENIED;
+ key->blob = data_blob_talloc_zero(key, out_key_length);
+ if (key->blob.length == 0) {
+ TALLOC_FREE(key);
+ return NT_STATUS_NO_MEMORY;
}
+ talloc_keep_secret(key->blob.data);
+ memcpy(key->blob.data,
+ master_key->data,
+ MIN(key->blob.length, master_key->length));
- memset(hdr + SMB2_HDR_SIGNATURE, 0, 16);
+ if (d == NULL) {
+ *_key = key;
+ return NT_STATUS_OK;
+ }
- SIVAL(hdr, SMB2_HDR_FLAGS, IVAL(hdr, SMB2_HDR_FLAGS) | SMB2_HDR_FLAG_SIGNED);
+ status = smb2_key_derivation(key->blob.data, in_key_length,
+ d->label.data, d->label.length,
+ d->context.data, d->context.length,
+ key->blob.data, out_key_length);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(key);
+ return status;
+ }
- if (protocol >= PROTOCOL_SMB2_24) {
-#ifdef HAVE_GNUTLS_AES_CMAC
- gnutls_datum_t key = {
- .data = signing_key->blob.data,
- .size = MIN(signing_key->blob.length, 16),
- };
- int rc;
+ *_key = key;
+ return NT_STATUS_OK;
+}
- if (signing_key->hmac_hnd == NULL) {
- rc = gnutls_hmac_init(&signing_key->hmac_hnd,
- GNUTLS_MAC_AES_CMAC_128,
- key.data,
- key.size);
- if (rc < 0) {
- return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
- }
- }
+NTSTATUS smb2_signing_key_sign_create(TALLOC_CTX *mem_ctx,
+ uint16_t sign_algo_id,
+ const DATA_BLOB *master_key,
+ const struct smb2_signing_derivation *d,
+ struct smb2_signing_key **_key)
+{
+ return smb2_signing_key_create(mem_ctx,
+ sign_algo_id,
+ SMB2_ENCRYPTION_INVALID_ALGO,
+ master_key,
+ d,
+ _key);
+}
- for (i = 0; i < count; i++) {
- rc = gnutls_hmac(signing_key->hmac_hnd,
- vector[i].iov_base,
- vector[i].iov_len);
- if (rc < 0) {
- return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
- }
- }
- gnutls_hmac_output(signing_key->hmac_hnd, res);
+NTSTATUS smb2_signing_key_cipher_create(TALLOC_CTX *mem_ctx,
+ uint16_t cipher_algo_id,
+ const DATA_BLOB *master_key,
+ const struct smb2_signing_derivation *d,
+ struct smb2_signing_key **_key)
+{
+ return smb2_signing_key_create(mem_ctx,
+ SMB2_SIGNING_INVALID_ALGO,
+ cipher_algo_id,
+ master_key,
+ d,
+ _key);
+}
+
+bool smb2_signing_key_valid(const struct smb2_signing_key *key)
+{
+ if (key == NULL) {
+ return false;
+ }
+
+ if (key->blob.length == 0 || key->blob.data == NULL) {
+ return false;
+ }
+
+ return true;
+}
+
+static NTSTATUS smb2_signing_calc_signature(struct smb2_signing_key *signing_key,
+ uint16_t sign_algo_id,
+ const struct iovec *vector,
+ int count,
+ uint8_t signature[16])
+{
+ const uint8_t *hdr = (uint8_t *)vector[0].iov_base;
+ static const uint8_t zero_sig[16] = { 0, };
+ gnutls_mac_algorithm_t hmac_algo = GNUTLS_MAC_UNKNOWN;
+ int i;
+
+ /*
+ * We expect
+ * - SMB2 HDR
+ * - SMB2 BODY FIXED
+ * - (optional) SMB2 BODY DYN
+ * - (optional) PADDING
+ */
+ SMB_ASSERT(count >= 2);
+ SMB_ASSERT(vector[0].iov_len == SMB2_HDR_BODY);
+ SMB_ASSERT(count <= 4);
+
+ switch (sign_algo_id) {
+ case SMB2_SIGNING_AES128_CMAC:
+#ifdef HAVE_GNUTLS_AES_CMAC
+ hmac_algo = GNUTLS_MAC_AES_CMAC_128;
+ break;
#else /* NOT HAVE_GNUTLS_AES_CMAC */
+ {
struct aes_cmac_128_context ctx;
uint8_t key[AES_BLOCK_SIZE] = {0};
@@ -136,41 +340,132 @@ NTSTATUS smb2_signing_sign_pdu(struct smb2_signing_key *signing_key,
MIN(signing_key->blob.length, 16));
aes_cmac_128_init(&ctx, key);
- for (i=0; i < count; i++) {
+ aes_cmac_128_update(&ctx, hdr, SMB2_HDR_SIGNATURE);
+ aes_cmac_128_update(&ctx, zero_sig, 16);
+ for (i=1; i < count; i++) {
aes_cmac_128_update(&ctx,
(const uint8_t *)vector[i].iov_base,
vector[i].iov_len);
}
- aes_cmac_128_final(&ctx, res);
+ aes_cmac_128_final(&ctx, signature);
ZERO_ARRAY(key);
-#endif /* HAVE_GNUTLS_AES_CMAC */
- } else {
- uint8_t digest[gnutls_hmac_get_len(GNUTLS_MAC_SHA256)];
+
+ return NT_STATUS_OK;
+ } break;
+#endif
+ case SMB2_SIGNING_HMAC_SHA256:
+ hmac_algo = GNUTLS_MAC_SHA256;
+ break;
+
+ default:
+ return NT_STATUS_HMAC_NOT_SUPPORTED;
+ }
+
+ if (hmac_algo != GNUTLS_MAC_UNKNOWN) {
+ uint8_t digest[gnutls_hash_get_len(hmac_algo)];
+ gnutls_datum_t key = {
+ .data = signing_key->blob.data,
+ .size = MIN(signing_key->blob.length, 16),
+ };
int rc;
if (signing_key->hmac_hnd == NULL) {
rc = gnutls_hmac_init(&signing_key->hmac_hnd,
- GNUTLS_MAC_SHA256,
- signing_key->blob.data,
- MIN(signing_key->blob.length, 16));
+ hmac_algo,
+ key.data,
+ key.size);
if (rc < 0) {
- return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
+ return gnutls_error_to_ntstatus(rc,
+ NT_STATUS_HMAC_NOT_SUPPORTED);
}
}
- for (i = 0; i < count; i++) {
+ rc = gnutls_hmac(signing_key->hmac_hnd, hdr, SMB2_HDR_SIGNATURE);
+ if (rc < 0) {
+ return gnutls_error_to_ntstatus(rc,
+ NT_STATUS_HMAC_NOT_SUPPORTED);
+ }
+ rc = gnutls_hmac(signing_key->hmac_hnd, zero_sig, 16);
+ if (rc < 0) {
+ return gnutls_error_to_ntstatus(rc,
+ NT_STATUS_HMAC_NOT_SUPPORTED);
+ }
+
+ for (i = 1; i < count; i++) {
rc = gnutls_hmac(signing_key->hmac_hnd,
vector[i].iov_base,
vector[i].iov_len);
if (rc < 0) {
- return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
+ return gnutls_error_to_ntstatus(rc,
+ NT_STATUS_HMAC_NOT_SUPPORTED);
}
}
gnutls_hmac_output(signing_key->hmac_hnd, digest);
- memcpy(res, digest, sizeof(res));
+ memcpy(signature, digest, 16);
+ ZERO_ARRAY(digest);
+ return NT_STATUS_OK;
}
- DEBUG(5,("signed SMB2 message\n"));
+
+ return NT_STATUS_HMAC_NOT_SUPPORTED;
+}
+
+NTSTATUS smb2_signing_sign_pdu(struct smb2_signing_key *signing_key,
+ struct iovec *vector,
+ int count)
+{
+ uint16_t sign_algo_id;
+ uint8_t *hdr;
+ uint64_t session_id;
+ uint8_t res[16];
+ NTSTATUS status;
+
+ /*
+ * We expect
+ * - SMB2 HDR
+ * - SMB2 BODY FIXED
+ * - (optional) SMB2 BODY DYN
+ * - (optional) PADDING
+ */
+ SMB_ASSERT(count >= 2);
+ SMB_ASSERT(vector[0].iov_len == SMB2_HDR_BODY);
--
Samba Shared Repository
More information about the samba-cvs
mailing list