From: Ralph Boehme <slow@samba.org>
Date: Sat, 19 Jul 2025 12:26:50 +0000 (+0200)
Subject: libcli/smb: make smbXcli_session_dump_keys() usable for the server side
X-Git-Tag: tdb-1.4.14~100
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=0d517a065c48c6bac02de173f29039a81055e694;p=thirdparty%2Fsamba.git

libcli/smb: make smbXcli_session_dump_keys() usable for the server side

By passing the individual keys directly instead of passing the wrapping state
objects, smbXcli_session_dump_keys() can later also be used by the server code.

No change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
---

diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 7a9dd81108c..f6f60a1f78f 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -7600,54 +7600,27 @@ NTSTATUS smb2cli_parse_dyn_buffer(uint32_t dyn_offset,
 	return NT_STATUS_OK;
 }
 
-void smbXcli_session_dump_keys(TALLOC_CTX *mem_ctx,
-			       struct smbXcli_session *session,
-			       DATA_BLOB session_key)
+void smbXcli_session_dump_keys(uint64_t session_id,
+			       DATA_BLOB *session_key,
+			       DATA_BLOB *signing_key,
+			       DATA_BLOB *application_key,
+			       DATA_BLOB *encryption_key,
+			       DATA_BLOB *decryption_key)
 {
-	NTSTATUS status;
-	DATA_BLOB sig = data_blob_null;
-	DATA_BLOB app = data_blob_null;
-	DATA_BLOB enc = data_blob_null;
-	DATA_BLOB dec = data_blob_null;
-	uint64_t sid = smb2cli_session_current_id(session);
-
-	status = smb2cli_session_signing_key(session, mem_ctx, &sig);
-	if (!NT_STATUS_IS_OK(status)) {
-		goto out;
-	}
-	status = smbXcli_session_application_key(session, mem_ctx, &app);
-	if (!NT_STATUS_IS_OK(status)) {
-		goto out;
-	}
-	status = smb2cli_session_encryption_key(session, mem_ctx, &enc);
-	if (!NT_STATUS_IS_OK(status)) {
-		goto out;
-	}
-	status = smb2cli_session_decryption_key(session, mem_ctx, &dec);
-	if (!NT_STATUS_IS_OK(status)) {
-		goto out;
-	}
-
 	DEBUG(0, ("debug encryption: dumping generated session keys\n"));
 	DEBUGADD(0, ("Session Id    "));
-	dump_data(0, (uint8_t*)&sid, sizeof(sid));
+	dump_data(0, (uint8_t*)&session_id, sizeof(session_id));
 	DEBUGADD(0, ("Session Key   "));
-	dump_data(0, session_key.data, session_key.length);
+	dump_data(0, session_key->data, session_key->length);
 	DEBUGADD(0, ("Signing Key   "));
-	dump_data(0, sig.data, sig.length);
+	dump_data(0, signing_key->data, signing_key->length);
 	DEBUGADD(0, ("App Key       "));
-	dump_data(0, app.data, app.length);
+	dump_data(0, application_key->data, application_key->length);
 
 	/* In client code, ServerIn is the encryption key */
 
 	DEBUGADD(0, ("ServerIn Key  "));
-	dump_data(0, enc.data, enc.length);
+	dump_data(0, encryption_key->data, encryption_key->length);
 	DEBUGADD(0, ("ServerOut Key "));
-	dump_data(0, dec.data, dec.length);
-
-out:
-	data_blob_clear_free(&sig);
-	data_blob_clear_free(&app);
-	data_blob_clear_free(&enc);
-	data_blob_clear_free(&dec);
+	dump_data(0, decryption_key->data, decryption_key->length);
 }
diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h
index d13f9643313..fb486a69ddf 100644
--- a/libcli/smb/smbXcli_base.h
+++ b/libcli/smb/smbXcli_base.h
@@ -530,9 +530,12 @@ struct smbXcli_session *smbXcli_session_shallow_copy(TALLOC_CTX *mem_ctx,
 					       struct smbXcli_session *src);
 bool smbXcli_session_is_guest(struct smbXcli_session *session);
 bool smbXcli_session_is_authenticated(struct smbXcli_session *session);
-void smbXcli_session_dump_keys(TALLOC_CTX *mem_ctx,
-			       struct smbXcli_session *session,
-			       DATA_BLOB session_key);
+void smbXcli_session_dump_keys(uint64_t session_id,
+			       DATA_BLOB *session_key,
+			       DATA_BLOB *signing_key,
+			       DATA_BLOB *application_key,
+			       DATA_BLOB *encryption_key,
+			       DATA_BLOB *decryption_key);
 NTSTATUS smb2cli_session_signing_key(struct smbXcli_session *session,
 				     TALLOC_CTX *mem_ctx,
 				     DATA_BLOB *key);
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 385fbfc9d25..c24f39aee13 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1063,9 +1063,31 @@ static void cli_session_setup_gensec_ready(struct tevent_req *req)
 		if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB3_00
 		    && lp_debug_encryption())
 		{
-			smbXcli_session_dump_keys(state,
-						  session,
-						  state->session_key);
+			DATA_BLOB sig, app, enc, dec;
+
+			status = smb2cli_session_signing_key(session, state, &sig);
+			if (tevent_req_nterror(req, status)) {
+				return;
+			}
+			status = smbXcli_session_application_key(session, state, &app);
+			if (tevent_req_nterror(req, status)) {
+				return;
+			}
+			status = smb2cli_session_encryption_key(session, state, &enc);
+			if (tevent_req_nterror(req, status)) {
+				return;
+			}
+			status = smb2cli_session_decryption_key(session, state, &dec);
+			if (tevent_req_nterror(req, status)) {
+				return;
+			}
+
+			smbXcli_session_dump_keys(smb2cli_session_current_id(session),
+						  &state->session_key,
+						  &sig,
+						  &app,
+						  &enc,
+						  &dec);
 		}
 	} else {
 		struct smbXcli_session *session = state->cli->smb1.session;