From d02f790724109f04b5ecd711e060e0b468d3042f Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 13 Mar 2019 16:44:53 +0100
Subject: [PATCH] s3:librpc: Rename the data blobs for keys in smbXsrv.idl

The original names will be used with a new structure to cache mac and
cipher handles for gnutls later.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source3/librpc/idl/smbXsrv.idl |  8 +++---
 source3/smbd/reply.c           |  6 ++---
 source3/smbd/sesssetup.c       | 20 +++++++-------
 source3/smbd/smb2_server.c     | 14 +++++-----
 source3/smbd/smb2_sesssetup.c  | 49 +++++++++++++++++-----------------
 5 files changed, 49 insertions(+), 48 deletions(-)

diff --git a/source3/librpc/idl/smbXsrv.idl b/source3/librpc/idl/smbXsrv.idl
index 935c4084252..a261dc72981 100644
--- a/source3/librpc/idl/smbXsrv.idl
+++ b/source3/librpc/idl/smbXsrv.idl
@@ -203,7 +203,7 @@ interface smbXsrv
 		[charset(UTF8),string] char		local_address[];
 		[charset(UTF8),string] char		remote_address[];
 		[charset(UTF8),string] char		remote_name[];
-		[noprint] DATA_BLOB			signing_key;
+		[noprint] DATA_BLOB			signing_key_blob;
 		uint32					auth_session_info_seqnum;
 		[ignore] smbXsrv_connection		*connection;
 		uint16					encryption_cipher;
@@ -225,9 +225,9 @@ interface smbXsrv
 		uint16					connection_dialect;
 		smbXsrv_signing_flags			signing_flags;
 		smbXsrv_encrpytion_flags		encryption_flags;
-		[noprint] DATA_BLOB			signing_key;
-		[noprint] DATA_BLOB			encryption_key;
-		[noprint] DATA_BLOB			decryption_key;
+		[noprint] DATA_BLOB			signing_key_blob;
+		[noprint] DATA_BLOB			encryption_key_blob;
+		[noprint] DATA_BLOB			decryption_key_blob;
 		[noprint] DATA_BLOB			application_key;
 		[range(1, 1024)] uint32			num_channels;
 		smbXsrv_channel_global0			channels[num_channels];
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 405bd6ce004..86be7313524 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -1013,7 +1013,7 @@ void reply_tcon_and_X(struct smb_request *req)
 	 * change any more.
 	 */
 	if (session->global->application_key.length == 0 &&
-	    session->global->signing_key.length > 0)
+	    session->global->signing_key_blob.length > 0)
 	{
 		struct smbXsrv_session *x = session;
 		struct auth_session_info *session_info =
@@ -1021,8 +1021,8 @@ void reply_tcon_and_X(struct smb_request *req)
 		uint8_t session_key[16];
 
 		ZERO_STRUCT(session_key);
-		memcpy(session_key, x->global->signing_key.data,
-		       MIN(x->global->signing_key.length, sizeof(session_key)));
+		memcpy(session_key, x->global->signing_key_blob.data,
+		       MIN(x->global->signing_key_blob.length, sizeof(session_key)));
 
 		/*
 		 * The application key is truncated/padded to 16 bytes
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 906378a841c..e66e5d31bbc 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -273,10 +273,10 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
 			/*
 			 * Note: the SMB1 signing key is not truncated to 16 byte!
 			 */
-			x->global->signing_key =
+			x->global->signing_key_blob =
 				data_blob_dup_talloc(x->global,
 						     session_info->session_key);
-			if (x->global->signing_key.data == NULL) {
+			if (x->global->signing_key_blob.data == NULL) {
 				data_blob_free(&out_blob);
 				TALLOC_FREE(session);
 				reply_nterror(req, NT_STATUS_NO_MEMORY);
@@ -313,14 +313,14 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
 
 		if (srv_is_signing_negotiated(xconn) &&
 		    is_authenticated &&
-		    session->global->signing_key.length > 0)
+		    session->global->signing_key_blob.length > 0)
 		{
 			/*
 			 * Try and turn on server signing on the first non-guest
 			 * sessionsetup.
 			 */
 			srv_set_signing(xconn,
-				session->global->signing_key,
+				session->global->signing_key_blob,
 				data_blob_null);
 		}
 
@@ -997,10 +997,10 @@ void reply_sesssetup_and_X(struct smb_request *req)
 		/*
 		 * Note: the SMB1 signing key is not truncated to 16 byte!
 		 */
-		session->global->signing_key =
+		session->global->signing_key_blob =
 			data_blob_dup_talloc(session->global,
 					     session_info->session_key);
-		if (session->global->signing_key.data == NULL) {
+		if (session->global->signing_key_blob.data == NULL) {
 			TALLOC_FREE(session);
 			reply_nterror(req, NT_STATUS_NO_MEMORY);
 			END_PROFILE(SMBsesssetupX);
@@ -1011,8 +1011,8 @@ void reply_sesssetup_and_X(struct smb_request *req)
 		 * The application key is truncated/padded to 16 bytes
 		 */
 		ZERO_STRUCT(session_key);
-		memcpy(session_key, session->global->signing_key.data,
-		       MIN(session->global->signing_key.length,
+		memcpy(session_key, session->global->signing_key_blob.data,
+		       MIN(session->global->signing_key_blob.length,
 			   sizeof(session_key)));
 		session->global->application_key =
 			data_blob_talloc(session->global,
@@ -1063,14 +1063,14 @@ void reply_sesssetup_and_X(struct smb_request *req)
 
 	if (srv_is_signing_negotiated(xconn) &&
 	    is_authenticated &&
-	    session->global->signing_key.length > 0)
+	    session->global->signing_key_blob.length > 0)
 	{
 		/*
 		 * Try and turn on server signing on the first non-guest
 		 * sessionsetup.
 		 */
 		srv_set_signing(xconn,
-			session->global->signing_key,
+			session->global->signing_key_blob,
 			state->nt_resp.data ? state->nt_resp : state->lm_resp);
 	}
 
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 956c5f0ca09..7e225fa2b67 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -428,7 +428,7 @@ static NTSTATUS smbd_smb2_inbuf_parse_compound(struct smbXsrv_connection *xconn,
 			tf_iov[1].iov_base = (void *)hdr;
 			tf_iov[1].iov_len = enc_len;
 
-			status = smb2_signing_decrypt_pdu(s->global->decryption_key,
+			status = smb2_signing_decrypt_pdu(s->global->decryption_key_blob,
 							  xconn->smb2.server.cipher,
 							  tf_iov, 2);
 			if (!NT_STATUS_IS_OK(status)) {
@@ -1517,11 +1517,11 @@ static DATA_BLOB smbd_smb2_signing_key(struct smbXsrv_session *session,
 
 	status = smbXsrv_session_find_channel(session, xconn, &c);
 	if (NT_STATUS_IS_OK(status)) {
-		key = c->signing_key;
+		key = c->signing_key_blob;
 	}
 
 	if (key.length == 0) {
-		key = session->global->signing_key;
+		key = session->global->signing_key_blob;
 	}
 
 	return key;
@@ -1716,7 +1716,7 @@ static void smbd_smb2_request_pending_timer(struct tevent_context *ev,
 
 	if (req->do_encryption) {
 		struct smbXsrv_session *x = req->session;
-		DATA_BLOB encryption_key = x->global->encryption_key;
+		DATA_BLOB encryption_key = x->global->encryption_key_blob;
 
 		status = smb2_signing_encrypt_pdu(encryption_key,
 					xconn->smb2.server.cipher,
@@ -2830,9 +2830,9 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
 	    (firsttf->iov_len == 0) &&
 	    (req->first_key.length == 0) &&
 	    (req->session != NULL) &&
-	    (req->session->global->encryption_key.length != 0))
+	    (req->session->global->encryption_key_blob.length != 0))
 	{
-		DATA_BLOB encryption_key = req->session->global->encryption_key;
+		DATA_BLOB encryption_key = req->session->global->encryption_key_blob;
 		uint8_t *tf;
 		uint64_t session_id = req->session->global->session_wire_id;
 		uint64_t nonce_high;
@@ -3359,7 +3359,7 @@ static NTSTATUS smbd_smb2_send_break(struct smbXsrv_connection *xconn,
 	}
 
 	if (do_encryption) {
-		DATA_BLOB encryption_key = session->global->encryption_key;
+		DATA_BLOB encryption_key = session->global->encryption_key_blob;
 
 		status = smb2_signing_encrypt_pdu(encryption_key,
 					xconn->smb2.server.cipher,
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 9591a8823dd..9e5e8c59322 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -323,10 +323,10 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
 	memcpy(session_key, session_info->session_key.data,
 	       MIN(session_info->session_key.length, sizeof(session_key)));
 
-	x->global->signing_key = data_blob_talloc(x->global,
+	x->global->signing_key_blob = data_blob_talloc(x->global,
 						  session_key,
 						  sizeof(session_key));
-	if (x->global->signing_key.data == NULL) {
+	if (x->global->signing_key_blob.data == NULL) {
 		ZERO_STRUCT(session_key);
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -337,16 +337,16 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
 		smb2_key_derivation(session_key, sizeof(session_key),
 				    d->label.data, d->label.length,
 				    d->context.data, d->context.length,
-				    x->global->signing_key.data);
+				    x->global->signing_key_blob.data);
 	}
 
 	if (xconn->protocol >= PROTOCOL_SMB2_24) {
 		struct _derivation *d = &derivation.decryption;
 
-		x->global->decryption_key = data_blob_talloc(x->global,
+		x->global->decryption_key_blob = data_blob_talloc(x->global,
 							     session_key,
 							     sizeof(session_key));
-		if (x->global->decryption_key.data == NULL) {
+		if (x->global->decryption_key_blob.data == NULL) {
 			ZERO_STRUCT(session_key);
 			return NT_STATUS_NO_MEMORY;
 		}
@@ -354,17 +354,17 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
 		smb2_key_derivation(session_key, sizeof(session_key),
 				    d->label.data, d->label.length,
 				    d->context.data, d->context.length,
-				    x->global->decryption_key.data);
+				    x->global->decryption_key_blob.data);
 	}
 
 	if (xconn->protocol >= PROTOCOL_SMB2_24) {
 		struct _derivation *d = &derivation.encryption;
 		size_t nonce_size;
 
-		x->global->encryption_key = data_blob_talloc(x->global,
+		x->global->encryption_key_blob = data_blob_talloc(x->global,
 							     session_key,
 							     sizeof(session_key));
-		if (x->global->encryption_key.data == NULL) {
+		if (x->global->encryption_key_blob.data == NULL) {
 			ZERO_STRUCT(session_key);
 			return NT_STATUS_NO_MEMORY;
 		}
@@ -372,7 +372,7 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
 		smb2_key_derivation(session_key, sizeof(session_key),
 				    d->label.data, d->label.length,
 				    d->context.data, d->context.length,
-				    x->global->encryption_key.data);
+				    x->global->encryption_key_blob.data);
 
 		/*
 		 * CCM and GCM algorithms must never have their
@@ -401,8 +401,8 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
 		x->nonce_low = 0;
 	}
 
-	x->global->application_key = data_blob_dup_talloc(x->global,
-						x->global->signing_key);
+	x->global->application_key =
+		data_blob_dup_talloc(x->global, x->global->signing_key_blob);
 	if (x->global->application_key.data == NULL) {
 		ZERO_STRUCT(session_key);
 		return NT_STATUS_NO_MEMORY;
@@ -425,8 +425,8 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
 		DEBUGADD(0, ("Session Key   "));
 		dump_data(0, session_key, sizeof(session_key));
 		DEBUGADD(0, ("Signing Key   "));
-		dump_data(0, x->global->signing_key.data,
-			  x->global->signing_key.length);
+		dump_data(0, x->global->signing_key_blob.data,
+			  x->global->signing_key_blob.length);
 		DEBUGADD(0, ("App Key       "));
 		dump_data(0, x->global->application_key.data,
 			  x->global->application_key.length);
@@ -434,18 +434,19 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
 		/* In server code, ServerIn is the decryption key */
 
 		DEBUGADD(0, ("ServerIn Key  "));
-		dump_data(0, x->global->decryption_key.data,
-			  x->global->decryption_key.length);
+		dump_data(0, x->global->decryption_key_blob.data,
+			  x->global->decryption_key_blob.length);
 		DEBUGADD(0, ("ServerOut Key "));
-		dump_data(0, x->global->encryption_key.data,
-			  x->global->encryption_key.length);
+		dump_data(0, x->global->encryption_key_blob.data,
+			  x->global->encryption_key_blob.length);
 	}
 
 	ZERO_STRUCT(session_key);
 
-	x->global->channels[0].signing_key = data_blob_dup_talloc(x->global->channels,
-						x->global->signing_key);
-	if (x->global->channels[0].signing_key.data == NULL) {
+	x->global->channels[0].signing_key_blob =
+		data_blob_dup_talloc(x->global->channels,
+				     x->global->signing_key_blob);
+	if (x->global->channels[0].signing_key_blob.data == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
 
@@ -672,10 +673,10 @@ static NTSTATUS smbd_smb2_bind_auth_return(struct smbXsrv_session *session,
 	memcpy(session_key, session_info->session_key.data,
 	       MIN(session_info->session_key.length, sizeof(session_key)));
 
-	c->signing_key = data_blob_talloc(x->global,
+	c->signing_key_blob = data_blob_talloc(x->global,
 					  session_key,
 					  sizeof(session_key));
-	if (c->signing_key.data == NULL) {
+	if (c->signing_key_blob.data == NULL) {
 		ZERO_STRUCT(session_key);
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -686,7 +687,7 @@ static NTSTATUS smbd_smb2_bind_auth_return(struct smbXsrv_session *session,
 		smb2_key_derivation(session_key, sizeof(session_key),
 				    d->label.data, d->label.length,
 				    d->context.data, d->context.length,
-				    c->signing_key.data);
+				    c->signing_key_blob.data);
 	}
 	ZERO_STRUCT(session_key);
 
@@ -784,7 +785,7 @@ static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
 						      smb2req->xconn,
 						      &c);
 		if (NT_STATUS_IS_OK(status)) {
-			if (c->signing_key.length == 0) {
+			if (c->signing_key_blob.length == 0) {
 				goto auth;
 			}
 			tevent_req_nterror(req, NT_STATUS_REQUEST_NOT_ACCEPTED);
-- 
2.47.3