93 lines
3.6 KiB
Diff
93 lines
3.6 KiB
Diff
From 4dc911798e6e5a534c194cb2519c955a0589bf66 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Thu, 14 Mar 2019 10:10:34 +0100
|
|
Subject: [PATCH 116/187] s3:smbd: Use smb2_signing_key structure for the
|
|
decryption key
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit b51c4293f7430b5ce6a81599fb0c7be5dc444c46)
|
|
---
|
|
source3/librpc/idl/smbXsrv.idl | 1 +
|
|
source3/smbd/smb2_server.c | 2 +-
|
|
source3/smbd/smb2_sesssetup.c | 24 +++++++++++++++++-------
|
|
3 files changed, 19 insertions(+), 8 deletions(-)
|
|
|
|
diff --git a/source3/librpc/idl/smbXsrv.idl b/source3/librpc/idl/smbXsrv.idl
|
|
index f7acb2198fb..330c6896114 100644
|
|
--- a/source3/librpc/idl/smbXsrv.idl
|
|
+++ b/source3/librpc/idl/smbXsrv.idl
|
|
@@ -231,6 +231,7 @@ interface smbXsrv
|
|
[noprint] DATA_BLOB encryption_key_blob;
|
|
[ignore] smb2_signing_key *encryption_key;
|
|
[noprint] DATA_BLOB decryption_key_blob;
|
|
+ [ignore] smb2_signing_key *decryption_key;
|
|
[noprint] DATA_BLOB application_key;
|
|
[range(1, 1024)] uint32 num_channels;
|
|
smbXsrv_channel_global0 channels[num_channels];
|
|
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
|
|
index b708fdb90b9..56e7b70696b 100644
|
|
--- a/source3/smbd/smb2_server.c
|
|
+++ b/source3/smbd/smb2_server.c
|
|
@@ -432,7 +432,7 @@ static NTSTATUS smbd_smb2_inbuf_parse_compound(struct smbXsrv_connection *xconn,
|
|
tf_iov[1].iov_base = (void *)hdr;
|
|
tf_iov[1].iov_len = enc_len;
|
|
|
|
- status = smb2_signing_decrypt_pdu(s->global->decryption_key_blob,
|
|
+ status = smb2_signing_decrypt_pdu(s->global->decryption_key->blob,
|
|
xconn->smb2.server.cipher,
|
|
tf_iov, 2);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
|
|
index c2725825d7a..d6900665a95 100644
|
|
--- a/source3/smbd/smb2_sesssetup.c
|
|
+++ b/source3/smbd/smb2_sesssetup.c
|
|
@@ -373,18 +373,28 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
|
|
if (xconn->protocol >= PROTOCOL_SMB2_24) {
|
|
struct _derivation *d = &derivation.decryption;
|
|
|
|
- x->global->decryption_key_blob = data_blob_talloc(x->global,
|
|
- session_key,
|
|
- sizeof(session_key));
|
|
- if (x->global->decryption_key_blob.data == NULL) {
|
|
+ x->global->decryption_key =
|
|
+ talloc_zero(x->global, struct smb2_signing_key);
|
|
+ if (x->global->decryption_key == NULL) {
|
|
+ ZERO_STRUCT(session_key);
|
|
+ return NT_STATUS_NO_MEMORY;
|
|
+ }
|
|
+
|
|
+ x->global->decryption_key->blob =
|
|
+ x->global->decryption_key_blob =
|
|
+ data_blob_talloc(x->global->decryption_key,
|
|
+ session_key,
|
|
+ sizeof(session_key));
|
|
+ if (!smb2_signing_key_valid(x->global->decryption_key)) {
|
|
ZERO_STRUCT(session_key);
|
|
return NT_STATUS_NO_MEMORY;
|
|
}
|
|
+ talloc_keep_secret(x->global->decryption_key->blob.data);
|
|
|
|
status = smb2_key_derivation(session_key, sizeof(session_key),
|
|
d->label.data, d->label.length,
|
|
d->context.data, d->context.length,
|
|
- x->global->decryption_key_blob.data);
|
|
+ x->global->decryption_key->blob.data);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
return status;
|
|
}
|
|
@@ -484,8 +494,8 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
|
|
/* In server code, ServerIn is the decryption key */
|
|
|
|
DEBUGADD(0, ("ServerIn Key "));
|
|
- dump_data(0, x->global->decryption_key_blob.data,
|
|
- x->global->decryption_key_blob.length);
|
|
+ dump_data(0, x->global->decryption_key->blob.data,
|
|
+ x->global->decryption_key->blob.length);
|
|
DEBUGADD(0, ("ServerOut Key "));
|
|
dump_data(0, x->global->encryption_key->blob.data,
|
|
x->global->encryption_key->blob.length);
|
|
--
|
|
2.23.0
|
|
|