Author: jra Date: 2007-03-21 23:49:57 +0000 (Wed, 21 Mar 2007) New Revision: 21922
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21922 Log: Fixed the build by rather horrid means. I really need to restructure libsmb/smb_signing.c so it isn't in the base libs path but lives in libsmb instead (like smb_seal.c does). Jeremy. Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/lib/util_sock.c branches/SAMBA_3_0/source/libads/ads_status.c branches/SAMBA_3_0/source/libsmb/cliconnect.c branches/SAMBA_3_0/source/libsmb/clientgen.c branches/SAMBA_3_0/source/libsmb/smb_seal.c branches/SAMBA_3_0/source/libsmb/smb_signing.c Changeset: Modified: branches/SAMBA_3_0/source/Makefile.in =================================================================== --- branches/SAMBA_3_0/source/Makefile.in 2007-03-21 21:30:25 UTC (rev 21921) +++ branches/SAMBA_3_0/source/Makefile.in 2007-03-21 23:49:57 UTC (rev 21922) @@ -258,7 +258,7 @@ lib/tallocmsg.o lib/dmallocmsg.o libsmb/smb_signing.o \ lib/md5.o lib/hmacmd5.o lib/arc4.o lib/iconv.o \ nsswitch/wb_client.o $(WBCOMMON_OBJ) \ - lib/pam_errors.o intl/lang_tdb.o libsmb/smb_seal.o \ + lib/pam_errors.o intl/lang_tdb.o \ lib/adt_tree.o lib/gencache.o $(TDB_OBJ) \ lib/module.o lib/events.o lib/ldap_escape.o @CHARSET_STATIC@ \ lib/secdesc.o lib/util_seaccess.o lib/secace.o lib/secacl.o \ @@ -313,7 +313,7 @@ libsmb/clistr.o libsmb/cliquota.o libsmb/clifsinfo.o libsmb/clidfs.o \ libsmb/smberr.o libsmb/credentials.o libsmb/pwd_cache.o \ libsmb/clioplock.o $(ERRORMAP_OBJ) libsmb/clirap2.o \ - $(DOSERR_OBJ) \ + libsmb/smb_seal.o $(DOSERR_OBJ) \ $(RPC_PARSE_OBJ1) $(LIBSAMBA_OBJ) $(LIBNMB_OBJ) RPC_CLIENT_OBJ1 = rpc_client/cli_netlogon.o Modified: branches/SAMBA_3_0/source/lib/util_sock.c =================================================================== --- branches/SAMBA_3_0/source/lib/util_sock.c 2007-03-21 21:30:25 UTC (rev 21921) +++ branches/SAMBA_3_0/source/lib/util_sock.c 2007-03-21 23:49:57 UTC (rev 21922) @@ -732,32 +732,32 @@ BOOL receive_smb(int fd, char *buffer, unsigned int timeout) { - NTSTATUS status; - if (!receive_smb_raw(fd, buffer, timeout)) { return False; } - status = srv_decrypt_buffer(buffer); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("receive_smb: SMB decryption failed on incoming packet! Error %s\n", - nt_errstr(status) )); - if (smb_read_error == 0) { - smb_read_error = READ_BAD_DECRYPT; + if (srv_encryption_on()) { + NTSTATUS status = srv_decrypt_buffer(buffer); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("receive_smb: SMB decryption failed on incoming packet! Error %s\n", + nt_errstr(status) )); + if (smb_read_error == 0) { + smb_read_error = READ_BAD_DECRYPT; + } + return False; } - return False; + } else { + /* Check the incoming SMB signature. */ + if (!srv_check_sign_mac(buffer, True)) { + DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n")); + if (smb_read_error == 0) { + smb_read_error = READ_BAD_SIG; + } + return False; + } } - /* Check the incoming SMB signature. */ - if (!srv_check_sign_mac(buffer, True)) { - DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n")); - if (smb_read_error == 0) { - smb_read_error = READ_BAD_SIG; - } - return False; - }; - - return(True); + return True; } /**************************************************************************** @@ -766,20 +766,21 @@ BOOL send_smb(int fd, char *buffer) { - NTSTATUS status; size_t len; size_t nwritten=0; ssize_t ret; - char *buf_out; + char *buf_out = buffer; /* Sign the outgoing packet if required. */ - srv_calculate_sign_mac(buffer); - - status = srv_encrypt_buffer(buffer, &buf_out); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("send_smb: SMB encryption failed on outgoing packet! Error %s\n", - nt_errstr(status) )); - return False; + if (!srv_encryption_on()) { + srv_calculate_sign_mac(buf_out); + } else { + NTSTATUS status = srv_encrypt_buffer(buffer, &buf_out); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("send_smb: SMB encryption failed on outgoing packet! Error %s\n", + nt_errstr(status) )); + return False; + } } len = smb_len(buf_out) + 4; Modified: branches/SAMBA_3_0/source/libads/ads_status.c =================================================================== --- branches/SAMBA_3_0/source/libads/ads_status.c 2007-03-21 21:30:25 UTC (rev 21921) +++ branches/SAMBA_3_0/source/libads/ads_status.c 2007-03-21 23:49:57 UTC (rev 21922) @@ -85,6 +85,10 @@ case ENUM_ADS_ERROR_KRB5: return krb5_to_nt_status(status.err.rc); #endif +#ifdef HAVE_GSSAPI + case ENUM_ADS_ERROR_GSS: + return NT_STATUS_UNSUCCESSFUL; +#endif default: break; } @@ -143,5 +147,3 @@ } } - - Modified: branches/SAMBA_3_0/source/libsmb/cliconnect.c =================================================================== --- branches/SAMBA_3_0/source/libsmb/cliconnect.c 2007-03-21 21:30:25 UTC (rev 21921) +++ branches/SAMBA_3_0/source/libsmb/cliconnect.c 2007-03-21 23:49:57 UTC (rev 21922) @@ -742,25 +742,25 @@ DATA_BLOB key = data_blob(ntlmssp_state->session_key.data, ntlmssp_state->session_key.length); DATA_BLOB null_blob = data_blob(NULL, 0); - BOOL res; fstrcpy(cli->server_domain, ntlmssp_state->server_domain); cli_set_session_key(cli, ntlmssp_state->session_key); - res = cli_simple_set_signing(cli, key, null_blob); + if (!cli_encryption_on(cli)) { + BOOL res = cli_simple_set_signing(cli, key, null_blob); - data_blob_free(&key); - - if (res) { + if (res) { - /* 'resign' the last message, so we get the right sequence numbers - for checking the first reply from the server */ - cli_calculate_sign_mac(cli); + /* 'resign' the last message, so we get the right sequence numbers + for checking the first reply from the server */ + cli_calculate_sign_mac(cli); - if (!cli_check_sign_mac(cli)) { - nt_status = NT_STATUS_ACCESS_DENIED; + if (!cli_check_sign_mac(cli)) { + nt_status = NT_STATUS_ACCESS_DENIED; + } } } + data_blob_free(&key); } /* we have a reference counter on ntlmssp_state, if we are signing Modified: branches/SAMBA_3_0/source/libsmb/clientgen.c =================================================================== --- branches/SAMBA_3_0/source/libsmb/clientgen.c 2007-03-21 21:30:25 UTC (rev 21921) +++ branches/SAMBA_3_0/source/libsmb/clientgen.c 2007-03-21 23:49:57 UTC (rev 21922) @@ -57,7 +57,6 @@ static BOOL client_receive_smb(struct cli_state *cli) { BOOL ret; - NTSTATUS status; int fd = cli->fd; char *buffer = cli->inbuf; unsigned int timeout = cli->timeout; @@ -75,14 +74,16 @@ if(CVAL(buffer,0) != SMBkeepalive) break; } - status = cli_decrypt_message(cli); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("SMB decryption failed on incoming packet! Error %s\n", - nt_errstr(status))); - cli->smb_rw_error = READ_BAD_DECRYPT; - close(cli->fd); - cli->fd = -1; - return False; + if (cli_encryption_on(cli)) { + NTSTATUS status = cli_decrypt_message(cli); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("SMB decryption failed on incoming packet! Error %s\n", + nt_errstr(status))); + cli->smb_rw_error = READ_BAD_DECRYPT; + close(cli->fd); + cli->fd = -1; + return False; + } } show_msg(buffer); return ret; @@ -129,13 +130,15 @@ return ret; } - if (!cli_check_sign_mac(cli)) { - DEBUG(0, ("SMB Signature verification failed on incoming packet!\n")); - cli->smb_rw_error = READ_BAD_SIG; - close(cli->fd); - cli->fd = -1; - return False; - }; + if (!cli_encryption_on(cli)) { + if (!cli_check_sign_mac(cli)) { + DEBUG(0, ("SMB Signature verification failed on incoming packet!\n")); + cli->smb_rw_error = READ_BAD_SIG; + close(cli->fd); + cli->fd = -1; + return False; + } + } return True; } @@ -160,7 +163,6 @@ BOOL cli_send_smb(struct cli_state *cli) { - NTSTATUS status; size_t len; size_t nwritten=0; ssize_t ret; @@ -171,16 +173,18 @@ return False; } - cli_calculate_sign_mac(cli); - - status = cli_encrypt_message(cli, &buf_out); - if (!NT_STATUS_IS_OK(status)) { - close(cli->fd); - cli->fd = -1; - cli->smb_rw_error = WRITE_ERROR; - DEBUG(0,("Error in encrypting client message. Error %s\n", - nt_errstr(status) )); - return False; + if (cli_encryption_on(cli)) { + NTSTATUS status = cli_encrypt_message(cli, &buf_out); + if (!NT_STATUS_IS_OK(status)) { + close(cli->fd); + cli->fd = -1; + cli->smb_rw_error = WRITE_ERROR; + DEBUG(0,("Error in encrypting client message. Error %s\n", + nt_errstr(status) )); + return False; + } + } else { + cli_calculate_sign_mac(cli); } len = smb_len(buf_out) + 4; Modified: branches/SAMBA_3_0/source/libsmb/smb_seal.c =================================================================== --- branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-21 21:30:25 UTC (rev 21921) +++ branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-21 23:49:57 UTC (rev 21922) @@ -163,8 +163,11 @@ &out_buf); if (ret != GSS_S_COMPLETE) { + ADS_STATUS adss = ADS_ERROR_GSS(ret, minor); + DEBUG(0,("common_gss_encrypt_buffer: gss_wrap failed. Error %s\n", + ads_errstr(adss) )); /* Um - no mapping for gss-errs to NTSTATUS yet. */ - return NT_STATUS_UNSUCCESSFUL; + return ads_ntstatus(adss); } if (!flags_got) { Modified: branches/SAMBA_3_0/source/libsmb/smb_signing.c =================================================================== --- branches/SAMBA_3_0/source/libsmb/smb_signing.c 2007-03-21 21:30:25 UTC (rev 21921) +++ branches/SAMBA_3_0/source/libsmb/smb_signing.c 2007-03-21 23:49:57 UTC (rev 21922) @@ -585,9 +585,7 @@ void cli_calculate_sign_mac(struct cli_state *cli) { - if (!cli_encryption_on(cli)) { - cli->sign_info.sign_outgoing_message(cli->outbuf, &cli->sign_info); - } + cli->sign_info.sign_outgoing_message(cli->outbuf, &cli->sign_info); } /** @@ -598,9 +596,6 @@ BOOL cli_check_sign_mac(struct cli_state *cli) { - if (cli_encryption_on(cli)) { - return True; - } if (!cli->sign_info.check_incoming_message(cli->inbuf, &cli->sign_info, True)) { free_signing_context(&cli->sign_info); return False; @@ -617,9 +612,6 @@ struct smb_sign_info *si = &cli->sign_info; struct smb_basic_signing_context *data = (struct smb_basic_signing_context *)si->signing_context; - if (cli_encryption_on(cli)) { - return True; - } if (!si->doing_signing) { return True; } @@ -645,9 +637,6 @@ struct smb_sign_info *si = &cli->sign_info; struct smb_basic_signing_context *data = (struct smb_basic_signing_context *)si->signing_context; - if (cli_encryption_on(cli)) { - return True; - } if (!si->doing_signing) { return True; } @@ -813,15 +802,6 @@ return True; } - /* - * If we have an encrypted transport - * don't sign - we're already doing that. - */ - - if (srv_encryption_on()) { - return True; - } - return srv_sign_info.check_incoming_message(inbuf, &srv_sign_info, must_be_ok); } @@ -836,15 +816,6 @@ return; } - /* - * If we have an encrypted transport - * don't check sign - we're already doing that. - */ - - if (srv_encryption_on()) { - return; - } - srv_sign_info.sign_outgoing_message(outbuf, &srv_sign_info); }