rpms / samba

Clone
Source Code
GIT

Blame SOURCES/0115-s3-smbd-Use-smb2_signing_key-structure-for-the-encry.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c7-sig-storage-samba-411 c8 c8-beta c8-sig-storage-samba-411 c8-sig-storage-samba-412 c8-sig-storage-samba-413 c8-sig-storage-samba-414 c8-sig-storage-samba-415 c8s c8s-sig-storage-samba-413 c8s-sig-storage-samba-414 c8s-sig-storage-samba-415 c8s-sig-storage-samba-416 c8s-sig-storage-samba-417 c8s-sig-storage-samba-418 c8s-sig-storage-samba-419 c8s-sig-storage-samba-420 c9 c9-beta c9s-sig-storage-samba-414 c9s-sig-storage-samba-415 c9s-sig-storage-samba-416 c9s-sig-storage-samba-417 c9s-sig-storage-samba-418 c9s-sig-storage-samba-419 c9s-sig-storage-samba-420
  1.   b6b438351cef67652d9aed43112618d18092527e
  2.   SOURCES
  3.   0115-s3-smbd-Use-smb2_signing_key-structure-for-the-encry.patch
Blob History Raw
b6b438 
From e644d8953c09ec4c73f1cc623f5b70fcdd65ccc1 Mon Sep 17 00:00:00 2001
b6b438 
From: Andreas Schneider <asn@samba.org>
b6b438 
Date: Thu, 14 Mar 2019 10:02:27 +0100
b6b438 
Subject: [PATCH 115/187] s3:smbd: Use smb2_signing_key structure for the
b6b438 
 encryption key
b6b438
b6b438 
Signed-off-by: Andreas Schneider <asn@samba.org>
b6b438 
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
b6b438 
(cherry picked from commit 95e1c85a47e925fdb9105b85f0e1dbea1ff09950)
b6b438 
---
b6b438 
 source3/librpc/idl/smbXsrv.idl |  1 +
b6b438 
 source3/smbd/smb2_server.c     | 17 ++++++++++-------
b6b438 
 source3/smbd/smb2_sesssetup.c  | 24 +++++++++++++++++-------
b6b438 
 3 files changed, 28 insertions(+), 14 deletions(-)
b6b438
b6b438 
diff --git a/source3/librpc/idl/smbXsrv.idl b/source3/librpc/idl/smbXsrv.idl
b6b438 
index 72017bc3e15..f7acb2198fb 100644
b6b438 
--- a/source3/librpc/idl/smbXsrv.idl
b6b438 
+++ b/source3/librpc/idl/smbXsrv.idl
b6b438 
@@ -229,6 +229,7 @@ interface smbXsrv
b6b438 
 		[noprint] DATA_BLOB			signing_key_blob;
b6b438 
 		[ignore] smb2_signing_key		*signing_key;
b6b438 
 		[noprint] DATA_BLOB			encryption_key_blob;
b6b438 
+		[ignore] smb2_signing_key		*encryption_key;
b6b438 
 		[noprint] DATA_BLOB			decryption_key_blob;
b6b438 
 		[noprint] DATA_BLOB			application_key;
b6b438 
 		[range(1, 1024)] uint32			num_channels;
b6b438 
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
b6b438 
index c0c4a0272d1..b708fdb90b9 100644
b6b438 
--- a/source3/smbd/smb2_server.c
b6b438 
+++ b/source3/smbd/smb2_server.c
b6b438 
@@ -1737,9 +1737,9 @@ static void smbd_smb2_request_pending_timer(struct tevent_context *ev,
b6b438
b6b438 
 	if (req->do_encryption) {
b6b438 
 		struct smbXsrv_session *x = req->session;
b6b438 
-		DATA_BLOB encryption_key = x->global->encryption_key_blob;
b6b438 
+		struct smb2_signing_key *encryption_key = x->global->encryption_key;
b6b438
b6b438 
-		status = smb2_signing_encrypt_pdu(encryption_key,
b6b438 
+		status = smb2_signing_encrypt_pdu(encryption_key->blob,
b6b438 
 					xconn->smb2.server.cipher,
b6b438 
 					&state->vector[1+SMBD_SMB2_TF_IOV_OFS],
b6b438 
 					SMBD_SMB2_NUM_IOV_PER_REQ);
b6b438 
@@ -2852,9 +2852,10 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
b6b438 
 	    (firsttf->iov_len == 0) &&
b6b438 
 	    (req->first_key.length == 0) &&
b6b438 
 	    (req->session != NULL) &&
b6b438 
-	    (req->session->global->encryption_key_blob.length != 0))
b6b438 
+	    smb2_signing_key_valid(req->session->global->encryption_key))
b6b438 
 	{
b6b438 
-		DATA_BLOB encryption_key = req->session->global->encryption_key_blob;
b6b438 
+		struct smb2_signing_key *encryption_key =
b6b438 
+			req->session->global->encryption_key;
b6b438 
 		uint8_t *tf;
b6b438 
 		uint64_t session_id = req->session->global->session_wire_id;
b6b438 
 		uint64_t nonce_high;
b6b438 
@@ -2878,7 +2879,8 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
b6b438 
 		 * we are sure that we do not change
b6b438 
 		 * the header again.
b6b438 
 		 */
b6b438 
-		req->first_key = data_blob_dup_talloc(req, encryption_key);
b6b438 
+		req->first_key = data_blob_dup_talloc(req,
b6b438 
+						      encryption_key->blob);
b6b438 
 		if (req->first_key.data == NULL) {
b6b438 
 			return NT_STATUS_NO_MEMORY;
b6b438 
 		}
b6b438 
@@ -3414,9 +3416,10 @@ static NTSTATUS smbd_smb2_send_break(struct smbXsrv_connection *xconn,
b6b438 
 	}
b6b438
b6b438 
 	if (do_encryption) {
b6b438 
-		DATA_BLOB encryption_key = session->global->encryption_key_blob;
b6b438 
+		struct smb2_signing_key *encryption_key =
b6b438 
+			session->global->encryption_key;
b6b438
b6b438 
-		status = smb2_signing_encrypt_pdu(encryption_key,
b6b438 
+		status = smb2_signing_encrypt_pdu(encryption_key->blob,
b6b438 
 					xconn->smb2.server.cipher,
b6b438 
 					&state->vector[1+SMBD_SMB2_TF_IOV_OFS],
b6b438 
 					SMBD_SMB2_NUM_IOV_PER_REQ);
b6b438 
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
b6b438 
index 591d5c37160..c2725825d7a 100644
b6b438 
--- a/source3/smbd/smb2_sesssetup.c
b6b438 
+++ b/source3/smbd/smb2_sesssetup.c
b6b438 
@@ -394,18 +394,28 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
b6b438 
 		struct _derivation *d = &derivation.encryption;
b6b438 
 		size_t nonce_size;
b6b438
b6b438 
-		x->global->encryption_key_blob = data_blob_talloc(x->global,
b6b438 
-							     session_key,
b6b438 
-							     sizeof(session_key));
b6b438 
-		if (x->global->encryption_key_blob.data == NULL) {
b6b438 
+		x->global->encryption_key =
b6b438 
+			talloc_zero(x->global, struct smb2_signing_key);
b6b438 
+		if (x->global->encryption_key == NULL) {
b6b438 
+			ZERO_STRUCT(session_key);
b6b438 
+			return NT_STATUS_NO_MEMORY;
b6b438 
+		}
b6b438 
+
b6b438 
+		x->global->encryption_key->blob =
b6b438 
+			x->global->encryption_key_blob =
b6b438 
+				data_blob_talloc(x->global->encryption_key,
b6b438 
+						 session_key,
b6b438 
+						 sizeof(session_key));
b6b438 
+		if (!smb2_signing_key_valid(x->global->encryption_key)) {
b6b438 
 			ZERO_STRUCT(session_key);
b6b438 
 			return NT_STATUS_NO_MEMORY;
b6b438 
 		}
b6b438 
+		talloc_keep_secret(x->global->encryption_key->blob.data);
b6b438
b6b438 
 		status = smb2_key_derivation(session_key, sizeof(session_key),
b6b438 
 					     d->label.data, d->label.length,
b6b438 
 					     d->context.data, d->context.length,
b6b438 
-					     x->global->encryption_key_blob.data);
b6b438 
+					     x->global->encryption_key->blob.data);
b6b438 
 		if (!NT_STATUS_IS_OK(status)) {
b6b438 
 			return status;
b6b438 
 		}
b6b438 
@@ -477,8 +487,8 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
b6b438 
 		dump_data(0, x->global->decryption_key_blob.data,
b6b438 
 			  x->global->decryption_key_blob.length);
b6b438 
 		DEBUGADD(0, ("ServerOut Key "));
b6b438 
-		dump_data(0, x->global->encryption_key_blob.data,
b6b438 
-			  x->global->encryption_key_blob.length);
b6b438 
+		dump_data(0, x->global->encryption_key->blob.data,
b6b438 
+			  x->global->encryption_key->blob.length);
b6b438 
 	}
b6b438
b6b438 
 	ZERO_STRUCT(session_key);
b6b438 
--
b6b438 
2.23.0
b6b438

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation