2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 2004
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "smb_server/smb_server.h"
22 #include "libcli/raw/libcliraw.h"
23 #include "libcli/raw/raw_proto.h"
24 #include "param/param.h"
28 sign an outgoing packet
30 void smbsrv_sign_packet(struct smbsrv_request *req)
32 smb_signing_create_signature(&req->smb_conn->signing,
33 &req->out, req->seq_num+1, &req->in);
37 setup the signing key for a connection. Called after authentication succeeds
40 bool smbsrv_setup_signing(struct smbsrv_connection *smb_conn,
41 DATA_BLOB *session_key,
44 if (!smb_signing_allow_state_change(&smb_conn->signing)) {
47 return smb_signing_set_mac_key(smb_conn, &smb_conn->signing,
48 session_key, response);
51 void smbsrv_signing_restart(struct smbsrv_connection *smb_conn,
52 DATA_BLOB *session_key,
54 bool authenticated_session)
58 if (!smb_signing_allow_state_change(&smb_conn->signing)) {
62 /* TODO: handle anon...*/
64 DEBUG(5, ("Client did not send a valid signature on "
65 "SPNEGO session setup - ignored, expect good next time\n"));
67 ok = smb_signing_set_mac_key(smb_conn, &smb_conn->signing,
68 session_key, response);
70 smb_signing_next_seq_num(&smb_conn->signing, false);
74 void smbsrv_init_signing(struct smbsrv_connection *smb_conn)
76 enum smb_signing_state signing = lp_server_signing(smb_conn->lp_ctx);
78 if (signing == SMB_SIGNING_AUTO) {
79 if (lp_server_role(smb_conn->lp_ctx) == ROLE_DOMAIN_CONTROLLER) {
80 signing = SMB_SIGNING_REQUIRED;
82 signing = SMB_SIGNING_SUPPORTED;
86 smb_signing_init_context(&smb_conn->signing, signing);
89 bool smbsrv_signing_check_incoming(struct smbsrv_request *req,
90 bool single_increment)
92 req->seq_num = smb_signing_next_seq_num(&req->smb_conn->signing,
95 return smb_signing_check_signature(&req->smb_conn->signing,
96 &req->in, req->seq_num);