/*
* Note: the SMB1 signing key is not truncated to 16 byte!
*/
- x->global->signing_key_blob =
- data_blob_dup_talloc(x->global,
+ x->global->signing_key =
+ talloc_zero(x->global, struct smb2_signing_key);
+ if (x->global->signing_key == NULL) {
+ data_blob_free(&out_blob);
+ TALLOC_FREE(session);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ return;
+ }
+ /* TODO: setup destructor once we cache the hmac handle */
+
+ x->global->signing_key->blob =
+ x->global->signing_key_blob =
+ data_blob_dup_talloc(x->global->signing_key,
session_info->session_key);
- if (x->global->signing_key_blob.data == NULL) {
+ if (!smb2_signing_key_valid(x->global->signing_key)) {
data_blob_free(&out_blob);
TALLOC_FREE(session);
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
+ talloc_keep_secret(x->global->signing_key->blob.data);
/*
* clear the session key
if (srv_is_signing_negotiated(xconn) &&
is_authenticated &&
- session->global->signing_key_blob.length > 0)
+ smb2_signing_key_valid(session->global->signing_key))
{
/*
* Try and turn on server signing on the first non-guest
* sessionsetup.
*/
srv_set_signing(xconn,
- session->global->signing_key_blob,
+ session->global->signing_key->blob,
data_blob_null);
}
/*
* Note: the SMB1 signing key is not truncated to 16 byte!
*/
- session->global->signing_key_blob =
- data_blob_dup_talloc(session->global,
+ session->global->signing_key =
+ talloc_zero(session->global, struct smb2_signing_key);
+ if (session->global->signing_key == NULL) {
+ TALLOC_FREE(session);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ END_PROFILE(SMBsesssetupX);
+ return;
+ }
+ /* TODO: setup destructor once we cache the hmac handle */
+
+ session->global->signing_key->blob =
+ session->global->signing_key_blob =
+ data_blob_dup_talloc(session->global->signing_key,
session_info->session_key);
- if (session->global->signing_key_blob.data == NULL) {
+ if (!smb2_signing_key_valid(session->global->signing_key)) {
TALLOC_FREE(session);
reply_nterror(req, NT_STATUS_NO_MEMORY);
END_PROFILE(SMBsesssetupX);
return;
}
+ talloc_keep_secret(session->global->signing_key->blob.data);
/*
* The application key is truncated/padded to 16 bytes
*/
ZERO_STRUCT(session_key);
- memcpy(session_key, session->global->signing_key_blob.data,
- MIN(session->global->signing_key_blob.length,
+ memcpy(session_key, session->global->signing_key->blob.data,
+ MIN(session->global->signing_key->blob.length,
sizeof(session_key)));
session->global->application_key =
data_blob_talloc(session->global,
if (srv_is_signing_negotiated(xconn) &&
is_authenticated &&
- session->global->signing_key_blob.length > 0)
+ smb2_signing_key_valid(session->global->signing_key))
{
/*
* Try and turn on server signing on the first non-guest
* sessionsetup.
*/
srv_set_signing(xconn,
- session->global->signing_key_blob,
+ session->global->signing_key->blob,
state->nt_resp.data ? state->nt_resp : state->lm_resp);
}
memcpy(session_key, session_info->session_key.data,
MIN(session_info->session_key.length, sizeof(session_key)));
- x->global->signing_key_blob = data_blob_talloc(x->global,
- session_key,
- sizeof(session_key));
- if (x->global->signing_key_blob.data == NULL) {
+ x->global->signing_key = talloc_zero(x->global,
+ struct smb2_signing_key);
+ if (x->global->signing_key == NULL) {
+ ZERO_STRUCT(session_key);
+ return NT_STATUS_NO_MEMORY;
+ }
+ /* TODO: setup destructor once we cache the hmac handle */
+
+ x->global->signing_key->blob =
+ x->global->signing_key_blob =
+ data_blob_talloc(x->global,
+ session_key,
+ sizeof(session_key));
+ if (!smb2_signing_key_valid(x->global->signing_key)) {
ZERO_STRUCT(session_key);
return NT_STATUS_NO_MEMORY;
}
smb2_key_derivation(session_key, sizeof(session_key),
d->label.data, d->label.length,
d->context.data, d->context.length,
- x->global->signing_key_blob.data);
+ x->global->signing_key->blob.data);
}
if (xconn->protocol >= PROTOCOL_SMB2_24) {
}
x->global->application_key =
- data_blob_dup_talloc(x->global, x->global->signing_key_blob);
+ data_blob_dup_talloc(x->global, x->global->signing_key->blob);
if (x->global->application_key.data == NULL) {
ZERO_STRUCT(session_key);
return NT_STATUS_NO_MEMORY;
}
+ talloc_keep_secret(x->global->application_key.data);
if (xconn->protocol >= PROTOCOL_SMB2_24) {
struct _derivation *d = &derivation.application;
DEBUGADD(0, ("Session Key "));
dump_data(0, session_key, sizeof(session_key));
DEBUGADD(0, ("Signing Key "));
- dump_data(0, x->global->signing_key_blob.data,
- x->global->signing_key_blob.length);
+ dump_data(0, x->global->signing_key->blob.data,
+ x->global->signing_key->blob.length);
DEBUGADD(0, ("App Key "));
dump_data(0, x->global->application_key.data,
x->global->application_key.length);
ZERO_STRUCT(session_key);
- x->global->channels[0].signing_key_blob =
- data_blob_dup_talloc(x->global->channels,
- x->global->signing_key_blob);
- if (x->global->channels[0].signing_key_blob.data == NULL) {
+ x->global->channels[0].signing_key =
+ talloc_zero(x->global->channels, struct smb2_signing_key);
+ if (x->global->channels[0].signing_key == NULL) {
return NT_STATUS_NO_MEMORY;
}
+ /* TODO: setup destructor once we cache the hmac handle */
+
+ x->global->channels[0].signing_key->blob =
+ x->global->channels[0].signing_key_blob =
+ data_blob_dup_talloc(x->global->channels[0].signing_key,
+ x->global->signing_key->blob);
+ if (!smb2_signing_key_valid(x->global->channels[0].signing_key)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ talloc_keep_secret(x->global->channels[0].signing_key->blob.data);
data_blob_clear_free(&session_info->session_key);
session_info->session_key = data_blob_dup_talloc(session_info,
if (session_info->session_key.data == NULL) {
return NT_STATUS_NO_MEMORY;
}
+ talloc_keep_secret(session_info->session_key.data);
session->compat = talloc_zero(session, struct user_struct);
if (session->compat == NULL) {
if (session_info->session_key.data == NULL) {
return NT_STATUS_NO_MEMORY;
}
+ talloc_keep_secret(session_info->session_key.data);
session->compat->session_info = session_info;
session->compat->vuid = session->global->session_wire_id;
memcpy(session_key, session_info->session_key.data,
MIN(session_info->session_key.length, sizeof(session_key)));
- c->signing_key_blob = data_blob_talloc(x->global,
- session_key,
- sizeof(session_key));
- if (c->signing_key_blob.data == NULL) {
+ c->signing_key = talloc_zero(x->global, struct smb2_signing_key);
+ if (c->signing_key == NULL) {
+ ZERO_STRUCT(session_key);
+ return NT_STATUS_NO_MEMORY;
+ }
+ /* TODO: setup destructor once we cache the hmac handle */
+
+ c->signing_key->blob =
+ c->signing_key_blob =
+ data_blob_talloc(c->signing_key,
+ session_key,
+ sizeof(session_key));
+ if (!smb2_signing_key_valid(c->signing_key)) {
ZERO_STRUCT(session_key);
return NT_STATUS_NO_MEMORY;
}
+ talloc_keep_secret(c->signing_key->blob.data);
if (xconn->protocol >= PROTOCOL_SMB2_24) {
struct _derivation *d = &derivation.signing;
smb2_key_derivation(session_key, sizeof(session_key),
d->label.data, d->label.length,
d->context.data, d->context.length,
- c->signing_key_blob.data);
+ c->signing_key->blob.data);
}
ZERO_STRUCT(session_key);
smb2req->xconn,
&c);
if (NT_STATUS_IS_OK(status)) {
- if (c->signing_key_blob.length == 0) {
+ if (!smb2_signing_key_valid(c->signing_key)) {
goto auth;
}
tevent_req_nterror(req, NT_STATUS_REQUEST_NOT_ACCEPTED);
projects / thirdparty / samba.git / commitdiff
