search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3: smbd - Prevent file truncation on an open that fails with share mode violation.
[Samba.git] / source3 / smbd / seal.c
blob7122bf24e050d628aca4a332df6cb2d3a624310a
1 /*
2 Unix SMB/CIFS implementation.
3 SMB Transport encryption (sealing) code - server code.
4 Copyright (C) Jeremy Allison 2007.
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "smbd/smbd.h"
22 #include "smbd/globals.h"
23 #include "../libcli/auth/spnego.h"
24 #include "../libcli/smb/smb_seal.h"
25 #include "../lib/util/asn1.h"
26 #include "auth.h"
27 #include "libsmb/libsmb.h"
28 #include "../lib/tsocket/tsocket.h"
29 #include "auth/gensec/gensec.h"
30
31 /******************************************************************************
32 Server side encryption.
33 ******************************************************************************/
34
35 /******************************************************************************
36 Return global enc context - this must change if we ever do multiple contexts.
37 ******************************************************************************/
38
39 static uint16_t srv_enc_ctx(const struct smb_trans_enc_state *es)
40 {
41 return es->enc_ctx_num;
42 }
43
44 /******************************************************************************
45 Is this an incoming encrypted packet ?
46 ******************************************************************************/
47
48 bool is_encrypted_packet(struct smbd_server_connection *sconn,
49 const uint8_t *inbuf)
50 {
51 NTSTATUS status;
52 uint16_t enc_num;
53
54 /* Ignore non-session messages or non 0xFF'E' messages. */
55 if(CVAL(inbuf,0)
56 || (smb_len(inbuf) < 8)
57 || !(inbuf[4] == 0xFF && inbuf[5] == 'E')) {
58 return false;
59 }
60
61 status = get_enc_ctx_num(inbuf, &enc_num);
62 if (!NT_STATUS_IS_OK(status)) {
63 return false;
64 }
65
66 /* Encrypted messages are 0xFF'E'<ctx> */
67 if (srv_trans_enc_ctx && enc_num == srv_enc_ctx(srv_trans_enc_ctx)) {
68 return true;
69 }
70 return false;
71 }
72
73 /******************************************************************************
74 Create an gensec_security and ensure pointer copy is correct.
75 ******************************************************************************/
76
77 static NTSTATUS make_auth_gensec(const struct tsocket_address *remote_address,
78 struct smb_trans_enc_state *es)
79 {
80 NTSTATUS status;
81
82 status = auth_generic_prepare(es, remote_address,
83 &es->gensec_security);
84 if (!NT_STATUS_IS_OK(status)) {
85 return nt_status_squash(status);
86 }
87
88 gensec_want_feature(es->gensec_security, GENSEC_FEATURE_SEAL);
89
90 /*
91 * We could be accessing the secrets.tdb or krb5.keytab file here.
92 * ensure we have permissions to do so.
93 */
94 become_root();
95
96 status = gensec_start_mech_by_oid(es->gensec_security, GENSEC_OID_SPNEGO);
97
98 unbecome_root();
99
100 if (!NT_STATUS_IS_OK(status)) {
101 return nt_status_squash(status);
102 }
103
104 return status;
105 }
106
107 /******************************************************************************
108 Create a server encryption context.
109 ******************************************************************************/
110
111 static NTSTATUS make_srv_encryption_context(const struct tsocket_address *remote_address,
112 struct smb_trans_enc_state **pp_es)
113 {
114 NTSTATUS status;
115 struct smb_trans_enc_state *es;
116
117 *pp_es = NULL;
118
119 ZERO_STRUCTP(partial_srv_trans_enc_ctx);
120 es = talloc_zero(NULL, struct smb_trans_enc_state);
121 if (!es) {
122 return NT_STATUS_NO_MEMORY;
123 }
124 status = make_auth_gensec(remote_address,
125 es);
126 if (!NT_STATUS_IS_OK(status)) {
127 TALLOC_FREE(es);
128 return status;
129 }
130 *pp_es = es;
131 return NT_STATUS_OK;
132 }
133
134 /******************************************************************************
135 Free an encryption-allocated buffer.
136 ******************************************************************************/
137
138 void srv_free_enc_buffer(struct smbd_server_connection *sconn, char *buf)
139 {
140 /* We know this is an smb buffer, and we
141 * didn't malloc, only copy, for a keepalive,
142 * so ignore non-session messages. */
143
144 if(CVAL(buf,0)) {
145 return;
146 }
147
148 if (srv_trans_enc_ctx) {
149 common_free_enc_buffer(srv_trans_enc_ctx, buf);
150 }
151 }
152
153 /******************************************************************************
154 Decrypt an incoming buffer.
155 ******************************************************************************/
156
157 NTSTATUS srv_decrypt_buffer(struct smbd_server_connection *sconn, char *buf)
158 {
159 /* Ignore non-session messages. */
160 if(CVAL(buf,0)) {
161 return NT_STATUS_OK;
162 }
163
164 if (srv_trans_enc_ctx) {
165 return common_decrypt_buffer(srv_trans_enc_ctx, buf);
166 }
167
168 return NT_STATUS_OK;
169 }
170
171 /******************************************************************************
172 Encrypt an outgoing buffer. Return the encrypted pointer in buf_out.
173 ******************************************************************************/
174
175 NTSTATUS srv_encrypt_buffer(struct smbd_server_connection *sconn, char *buf,
176 char **buf_out)
177 {
178 *buf_out = buf;
179
180 /* Ignore non-session messages. */
181 if(CVAL(buf,0)) {
182 return NT_STATUS_OK;
183 }
184
185 if (srv_trans_enc_ctx) {
186 return common_encrypt_buffer(srv_trans_enc_ctx, buf, buf_out);
187 }
188 /* Not encrypting. */
189 return NT_STATUS_OK;
190 }
191
192 /******************************************************************************
193 Do the SPNEGO encryption negotiation. Parameters are in/out.
194 ******************************************************************************/
195
196 NTSTATUS srv_request_encryption_setup(connection_struct *conn,
197 unsigned char **ppdata,
198 size_t *p_data_size,
199 unsigned char **pparam,
200 size_t *p_param_size)
201 {
202 NTSTATUS status;
203 DATA_BLOB blob = data_blob_const(*ppdata, *p_data_size);
204 DATA_BLOB response = data_blob_null;
205 struct smb_trans_enc_state *es;
206
207 SAFE_FREE(*pparam);
208 *p_param_size = 0;
209
210 if (!partial_srv_trans_enc_ctx) {
211 /* This is the initial step. */
212 status = make_srv_encryption_context(conn->sconn->remote_address,
213 &partial_srv_trans_enc_ctx);
214 if (!NT_STATUS_IS_OK(status)) {
215 return status;
216 }
217 }
218
219 es = partial_srv_trans_enc_ctx;
220 if (!es || es->gensec_security == NULL) {
221 TALLOC_FREE(partial_srv_trans_enc_ctx);
222 return NT_STATUS_INVALID_PARAMETER;
223 }
224
225 /* Second step. */
226 become_root();
227 status = gensec_update(es->gensec_security,
228 talloc_tos(), NULL,
229 blob, &response);
230 unbecome_root();
231 if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) &&
232 !NT_STATUS_IS_OK(status)) {
233 TALLOC_FREE(partial_srv_trans_enc_ctx);
234 return nt_status_squash(status);
235 }
236
237 if (NT_STATUS_IS_OK(status)) {
238 /* Return the context we're using for this encryption state. */
239 if (!(*pparam = SMB_MALLOC_ARRAY(unsigned char, 2))) {
240 return NT_STATUS_NO_MEMORY;
241 }
242 SSVAL(*pparam, 0, es->enc_ctx_num);
243 *p_param_size = 2;
244 }
245
246 /* Return the raw blob. */
247 SAFE_FREE(*ppdata);
248 *ppdata = (unsigned char *)smb_memdup(response.data, response.length);
249 if ((*ppdata) == NULL && response.length > 0)
250 return NT_STATUS_NO_MEMORY;
251 *p_data_size = response.length;
252 data_blob_free(&response);
253 return status;
254 }
255
256 /******************************************************************************
257 Negotiation was successful - turn on server-side encryption.
258 ******************************************************************************/
259
260 static NTSTATUS check_enc_good(struct smb_trans_enc_state *es)
261 {
262 if (!es) {
263 return NT_STATUS_LOGON_FAILURE;
264 }
265
266 if (!gensec_have_feature(es->gensec_security, GENSEC_FEATURE_SIGN)) {
267 return NT_STATUS_INVALID_PARAMETER;
268 }
269
270 if (!gensec_have_feature(es->gensec_security, GENSEC_FEATURE_SEAL)) {
271 return NT_STATUS_INVALID_PARAMETER;
272 }
273 return NT_STATUS_OK;
274 }
275
276 /******************************************************************************
277 Negotiation was successful - turn on server-side encryption.
278 ******************************************************************************/
279
280 NTSTATUS srv_encryption_start(connection_struct *conn)
281 {
282 NTSTATUS status;
283
284 /* Check that we are really doing sign+seal. */
285 status = check_enc_good(partial_srv_trans_enc_ctx);
286 if (!NT_STATUS_IS_OK(status)) {
287 return status;
288 }
289 /* Throw away the context we're using currently (if any). */
290 TALLOC_FREE(srv_trans_enc_ctx);
291
292 /* Steal the partial pointer. Deliberate shallow copy. */
293 srv_trans_enc_ctx = partial_srv_trans_enc_ctx;
294 srv_trans_enc_ctx->enc_on = true;
295
296 partial_srv_trans_enc_ctx = NULL;
297
298 DEBUG(1,("srv_encryption_start: context negotiated\n"));
299 return NT_STATUS_OK;
300 }
301
302 /******************************************************************************
303 Shutdown all server contexts.
304 ******************************************************************************/
305
306 void server_encryption_shutdown(struct smbd_server_connection *sconn)
307 {
308 TALLOC_FREE(partial_srv_trans_enc_ctx);
309 TALLOC_FREE(srv_trans_enc_ctx);
310 }
Samba GIT mirror