|
|
b6b438 |
From 225ae1ca2ea83fe0cb212b6675770d8053ff07ce Mon Sep 17 00:00:00 2001
|
|
|
b6b438 |
From: Andreas Schneider <asn@samba.org>
|
|
|
b6b438 |
Date: Thu, 14 Mar 2019 09:48:54 +0100
|
|
|
b6b438 |
Subject: [PATCH 114/187] libcli:smb: Use a smb2_signing_key for storing the
|
|
|
b6b438 |
decryption key
|
|
|
b6b438 |
|
|
|
b6b438 |
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
|
b6b438 |
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
b6b438 |
(cherry picked from commit 87832f6140aa5afb42983a1291ba6faa250c7ea3)
|
|
|
b6b438 |
---
|
|
|
b6b438 |
libcli/smb/smbXcli_base.c | 23 ++++++++++++++++-------
|
|
|
b6b438 |
1 file changed, 16 insertions(+), 7 deletions(-)
|
|
|
b6b438 |
|
|
|
b6b438 |
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
|
|
|
b6b438 |
index 52bc438c389..aa69c374d49 100644
|
|
|
b6b438 |
--- a/libcli/smb/smbXcli_base.c
|
|
|
b6b438 |
+++ b/libcli/smb/smbXcli_base.c
|
|
|
b6b438 |
@@ -155,7 +155,7 @@ struct smb2cli_session {
|
|
|
b6b438 |
bool should_sign;
|
|
|
b6b438 |
bool should_encrypt;
|
|
|
b6b438 |
struct smb2_signing_key *encryption_key;
|
|
|
b6b438 |
- DATA_BLOB decryption_key;
|
|
|
b6b438 |
+ struct smb2_signing_key *decryption_key;
|
|
|
b6b438 |
uint64_t nonce_high_random;
|
|
|
b6b438 |
uint64_t nonce_high_max;
|
|
|
b6b438 |
uint64_t nonce_high;
|
|
|
b6b438 |
@@ -3567,7 +3567,7 @@ static NTSTATUS smb2cli_inbuf_parse_compound(struct smbXcli_conn *conn,
|
|
|
b6b438 |
tf_iov[1].iov_base = (void *)hdr;
|
|
|
b6b438 |
tf_iov[1].iov_len = enc_len;
|
|
|
b6b438 |
|
|
|
b6b438 |
- status = smb2_signing_decrypt_pdu(s->smb2->decryption_key,
|
|
|
b6b438 |
+ status = smb2_signing_decrypt_pdu(s->smb2->decryption_key->blob,
|
|
|
b6b438 |
conn->smb2.server.cipher,
|
|
|
b6b438 |
tf_iov, 2);
|
|
|
b6b438 |
if (!NT_STATUS_IS_OK(status)) {
|
|
|
b6b438 |
@@ -5747,11 +5747,11 @@ NTSTATUS smb2cli_session_decryption_key(struct smbXcli_session *session,
|
|
|
b6b438 |
return NT_STATUS_NO_USER_SESSION_KEY;
|
|
|
b6b438 |
}
|
|
|
b6b438 |
|
|
|
b6b438 |
- if (session->smb2->decryption_key.length == 0) {
|
|
|
b6b438 |
+ if (!smb2_signing_key_valid(session->smb2->decryption_key)) {
|
|
|
b6b438 |
return NT_STATUS_NO_USER_SESSION_KEY;
|
|
|
b6b438 |
}
|
|
|
b6b438 |
|
|
|
b6b438 |
- *key = data_blob_dup_talloc(mem_ctx, session->smb2->decryption_key);
|
|
|
b6b438 |
+ *key = data_blob_dup_talloc(mem_ctx, session->smb2->decryption_key->blob);
|
|
|
b6b438 |
if (key->data == NULL) {
|
|
|
b6b438 |
return NT_STATUS_NO_MEMORY;
|
|
|
b6b438 |
}
|
|
|
b6b438 |
@@ -6150,9 +6150,18 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
|
|
|
b6b438 |
}
|
|
|
b6b438 |
|
|
|
b6b438 |
session->smb2->decryption_key =
|
|
|
b6b438 |
- data_blob_dup_talloc(session,
|
|
|
b6b438 |
+ talloc_zero(session, struct smb2_signing_key);
|
|
|
b6b438 |
+ if (session->smb2->decryption_key == NULL) {
|
|
|
b6b438 |
+ ZERO_STRUCT(session_key);
|
|
|
b6b438 |
+ return NT_STATUS_NO_MEMORY;
|
|
|
b6b438 |
+ }
|
|
|
b6b438 |
+ talloc_set_destructor(session->smb2->decryption_key,
|
|
|
b6b438 |
+ smb2_signing_key_destructor);
|
|
|
b6b438 |
+
|
|
|
b6b438 |
+ session->smb2->decryption_key->blob =
|
|
|
b6b438 |
+ data_blob_dup_talloc(session->smb2->decryption_key,
|
|
|
b6b438 |
session->smb2->signing_key->blob);
|
|
|
b6b438 |
- if (session->smb2->decryption_key.data == NULL) {
|
|
|
b6b438 |
+ if (!smb2_signing_key_valid(session->smb2->decryption_key)) {
|
|
|
b6b438 |
ZERO_STRUCT(session_key);
|
|
|
b6b438 |
return NT_STATUS_NO_MEMORY;
|
|
|
b6b438 |
}
|
|
|
b6b438 |
@@ -6163,7 +6172,7 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
|
|
|
b6b438 |
status = smb2_key_derivation(session_key, sizeof(session_key),
|
|
|
b6b438 |
d->label.data, d->label.length,
|
|
|
b6b438 |
d->context.data, d->context.length,
|
|
|
b6b438 |
- session->smb2->decryption_key.data);
|
|
|
b6b438 |
+ session->smb2->decryption_key->blob.data);
|
|
|
b6b438 |
if (!NT_STATUS_IS_OK(status)) {
|
|
|
b6b438 |
return status;
|
|
|
b6b438 |
}
|
|
|
b6b438 |
--
|
|
|
b6b438 |
2.23.0
|
|
|
b6b438 |
|