search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:smb_server: change the default for "server signing" to "default"
[Samba/gebeck_regimport.git] / source4 / smb_server / smb / signing.c
bloba3c91f66390c9f6fdd7afeca3a3bd86e4fdb4a54
1 /*
2 Unix SMB/CIFS implementation.
3
4 Copyright (C) Andrew Tridgell 2004
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "smb_server/smb_server.h"
22 #include "libcli/raw/libcliraw.h"
23 #include "libcli/raw/raw_proto.h"
24 #include "param/param.h"
25
26
27 /*
28 sign an outgoing packet
29 */
30 void smbsrv_sign_packet(struct smbsrv_request *req)
31 {
32 #if 0
33 /* enable this when packet signing is preventing you working out why valgrind
34 says that data is uninitialised */
35 file_save("pkt.dat", req->out.buffer, req->out.size);
36 #endif
37
38 switch (req->smb_conn->signing.signing_state) {
39 case SMB_SIGNING_ENGINE_OFF:
40 break;
41
42 case SMB_SIGNING_ENGINE_BSRSPYL:
43 /* mark the packet as signed - BEFORE we sign it...*/
44 mark_packet_signed(&req->out);
45
46 /* I wonder what BSRSPYL stands for - but this is what MS
47 actually sends! */
48 memcpy((req->out.hdr + HDR_SS_FIELD), "BSRSPYL ", 8);
49 break;
50
51 case SMB_SIGNING_ENGINE_ON:
52
53 sign_outgoing_message(&req->out,
54 &req->smb_conn->signing.mac_key,
55 req->seq_num+1);
56 break;
57 }
58 return;
59 }
60
61
62
63 /*
64 setup the signing key for a connection. Called after authentication succeeds
65 in a session setup
66 */
67 bool smbsrv_setup_signing(struct smbsrv_connection *smb_conn,
68 DATA_BLOB *session_key,
69 DATA_BLOB *response)
70 {
71 if (!set_smb_signing_common(&smb_conn->signing)) {
72 return false;
73 }
74 return smbcli_simple_set_signing(smb_conn,
75 &smb_conn->signing, session_key, response);
76 }
77
78 bool smbsrv_init_signing(struct smbsrv_connection *smb_conn)
79 {
80 enum smb_signing_setting signing_setting;
81
82 smb_conn->signing.mac_key = data_blob(NULL, 0);
83 if (!smbcli_set_signing_off(&smb_conn->signing)) {
84 return false;
85 }
86
87 signing_setting = lpcfg_server_signing(smb_conn->lp_ctx);
88 if (signing_setting == SMB_SIGNING_DEFAULT) {
89 /*
90 * If we are a domain controller, SMB signing is
91 * really important, as it can prevent a number of
92 * attacks on communications between us and the
93 * clients
94 *
95 * However, it really sucks (no sendfile, CPU
96 * overhead) performance-wise when used on a
97 * file server, so disable it by default
98 * on non-DCs
99 */
100
101 if (lpcfg_server_role(smb_conn->lp_ctx) >= ROLE_DOMAIN_CONTROLLER) {
102 signing_setting = SMB_SIGNING_REQUIRED;
103 } else {
104 signing_setting = SMB_SIGNING_OFF;
105 }
106 }
107
108 switch (signing_setting) {
109 case SMB_SIGNING_DEFAULT:
110 smb_panic(__location__);
111 break;
112 case SMB_SIGNING_OFF:
113 smb_conn->signing.allow_smb_signing = false;
114 break;
115 case SMB_SIGNING_SUPPORTED:
116 smb_conn->signing.allow_smb_signing = true;
117 break;
118 case SMB_SIGNING_REQUIRED:
119 smb_conn->signing.allow_smb_signing = true;
120 smb_conn->signing.mandatory_signing = true;
121 break;
122 }
123 return true;
124 }
125
126 /*
127 allocate a sequence number to a request
128 */
129 static void req_signing_alloc_seq_num(struct smbsrv_request *req)
130 {
131 req->seq_num = req->smb_conn->signing.next_seq_num;
132
133 if (req->smb_conn->signing.signing_state != SMB_SIGNING_ENGINE_OFF) {
134 req->smb_conn->signing.next_seq_num += 2;
135 }
136 }
137
138 /*
139 called for requests that do not produce a reply of their own
140 */
141 void smbsrv_signing_no_reply(struct smbsrv_request *req)
142 {
143 if (req->smb_conn->signing.signing_state != SMB_SIGNING_ENGINE_OFF) {
144 req->smb_conn->signing.next_seq_num--;
145 }
146 }
147
148 /***********************************************************
149 SMB signing - Simple implementation - check a MAC sent by client
150 ************************************************************/
151 /**
152 * Check a packet supplied by the server.
153 * @return false if we had an established signing connection
154 * which had a back checksum, true otherwise
155 */
156 bool smbsrv_signing_check_incoming(struct smbsrv_request *req)
157 {
158 bool good;
159
160 req_signing_alloc_seq_num(req);
161
162 switch (req->smb_conn->signing.signing_state)
163 {
164 case SMB_SIGNING_ENGINE_OFF:
165 return true;
166 case SMB_SIGNING_ENGINE_BSRSPYL:
167 case SMB_SIGNING_ENGINE_ON:
168 {
169 if (req->in.size < (HDR_SS_FIELD + 8)) {
170 return false;
171 } else {
172 good = check_signed_incoming_message(&req->in,
173 &req->smb_conn->signing.mac_key,
174 req->seq_num);
175
176 return signing_good(&req->smb_conn->signing,
177 req->seq_num+1, good);
178 }
179 }
180 }
181 return false;
182 }
reg import