From: Andreas Schneider Date: Thu, 14 Mar 2019 09:10:34 +0000 (+0100) Subject: s3:smbd: Use smb2_signing_key structure for the decryption key X-Git-Tag: tevent-0.10.1~244 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b51c4293f7430b5ce6a81599fb0c7be5dc444c46;p=thirdparty%2Fsamba.git s3:smbd: Use smb2_signing_key structure for the decryption key Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett --- diff --git a/source3/librpc/idl/smbXsrv.idl b/source3/librpc/idl/smbXsrv.idl index f7acb2198fb..330c6896114 100644 --- a/source3/librpc/idl/smbXsrv.idl +++ b/source3/librpc/idl/smbXsrv.idl @@ -231,6 +231,7 @@ interface smbXsrv [noprint] DATA_BLOB encryption_key_blob; [ignore] smb2_signing_key *encryption_key; [noprint] DATA_BLOB decryption_key_blob; + [ignore] smb2_signing_key *decryption_key; [noprint] DATA_BLOB application_key; [range(1, 1024)] uint32 num_channels; smbXsrv_channel_global0 channels[num_channels]; diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index b708fdb90b9..56e7b70696b 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -432,7 +432,7 @@ static NTSTATUS smbd_smb2_inbuf_parse_compound(struct smbXsrv_connection *xconn, tf_iov[1].iov_base = (void *)hdr; tf_iov[1].iov_len = enc_len; - status = smb2_signing_decrypt_pdu(s->global->decryption_key_blob, + status = smb2_signing_decrypt_pdu(s->global->decryption_key->blob, xconn->smb2.server.cipher, tf_iov, 2); if (!NT_STATUS_IS_OK(status)) { diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index c2725825d7a..d6900665a95 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -373,18 +373,28 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session, if (xconn->protocol >= PROTOCOL_SMB2_24) { struct _derivation *d = &derivation.decryption; - x->global->decryption_key_blob = data_blob_talloc(x->global, - session_key, - sizeof(session_key)); - if (x->global->decryption_key_blob.data == NULL) { + x->global->decryption_key = + talloc_zero(x->global, struct smb2_signing_key); + if (x->global->decryption_key == NULL) { + ZERO_STRUCT(session_key); + return NT_STATUS_NO_MEMORY; + } + + x->global->decryption_key->blob = + x->global->decryption_key_blob = + data_blob_talloc(x->global->decryption_key, + session_key, + sizeof(session_key)); + if (!smb2_signing_key_valid(x->global->decryption_key)) { ZERO_STRUCT(session_key); return NT_STATUS_NO_MEMORY; } + talloc_keep_secret(x->global->decryption_key->blob.data); status = smb2_key_derivation(session_key, sizeof(session_key), d->label.data, d->label.length, d->context.data, d->context.length, - x->global->decryption_key_blob.data); + x->global->decryption_key->blob.data); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -484,8 +494,8 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session, /* In server code, ServerIn is the decryption key */ DEBUGADD(0, ("ServerIn Key ")); - dump_data(0, x->global->decryption_key_blob.data, - x->global->decryption_key_blob.length); + dump_data(0, x->global->decryption_key->blob.data, + x->global->decryption_key->blob.length); DEBUGADD(0, ("ServerOut Key ")); dump_data(0, x->global->encryption_key->blob.data, x->global->encryption_key->blob.length);