struct {
struct {
+ uint32_t capabilities;
uint16_t security_mode;
struct GUID guid;
} client;
DLIST_REMOVE(conn->sessions, conn->sessions);
}
+<<<<<<< HEAD
if (conn->smb1.trans_enc) {
TALLOC_FREE(conn->smb1.trans_enc);
}
+=======
+>>>>>>> 7efc635... s3-libsmb: Convert struct smb_trans_enc_state to talloc
return 0;
}
const char *remote_name,
enum smb_signing_setting signing_state,
uint32_t smb1_capabilities,
- struct GUID *client_guid)
+ struct GUID *client_guid,
+ uint32_t smb2_capabilities)
{
struct smbXcli_conn *conn = NULL;
void *ss = NULL;
if (client_guid) {
conn->smb2.client.guid = *client_guid;
}
+ conn->smb2.client.capabilities = smb2_capabilities;
conn->smb2.cur_credits = 1;
conn->smb2.max_credits = 0;
}
void smb1cli_conn_set_encryption(struct smbXcli_conn *conn,
- struct smb_trans_enc_state *es)
+ struct smb_trans_enc_state **es)
{
/* Replace the old state, if any. */
+<<<<<<< HEAD
if (conn->smb1.trans_enc) {
TALLOC_FREE(conn->smb1.trans_enc);
}
conn->smb1.trans_enc = es;
+=======
+ TALLOC_FREE(conn->smb1.trans_enc);
+ conn->smb1.trans_enc = talloc_move(conn, es);
+>>>>>>> 7efc635... s3-libsmb: Convert struct smb_trans_enc_state to talloc
}
bool smb1cli_conn_encryption_on(struct smbXcli_conn *conn)
* No NULL check here, we're shrinking by sizeof(void *), and
* talloc_realloc just adjusts the size for this.
*/
- conn->pending = talloc_realloc(NULL, conn->pending, struct tevent_req *,
+ conn->pending = talloc_realloc(conn, conn->pending, struct tevent_req *,
num_pending - 1);
return;
}
NTSTATUS status;
status = smb2_signing_sign_pdu(*signing_key,
+ state->session->conn->protocol,
&iov[hdr_iov], num_iov - hdr_iov);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
if (signing_key) {
- status = smb2_signing_check_pdu(*signing_key, cur, 3);
+ status = smb2_signing_check_pdu(*signing_key,
+ state->conn->protocol,
+ cur, 3);
if (!NT_STATUS_IS_OK(status)) {
/*
* If the signing check fails, we disconnect
{PROTOCOL_SMB2_10, SMB2_DIALECT_REVISION_210},
{PROTOCOL_SMB2_22, SMB2_DIALECT_REVISION_222},
{PROTOCOL_SMB2_24, SMB2_DIALECT_REVISION_224},
+ {PROTOCOL_SMB3_00, SMB3_DIALECT_REVISION_300},
};
struct smbXcli_negprot_state {
SSVAL(buf, 2, dialect_count);
SSVAL(buf, 4, state->conn->smb2.client.security_mode);
SSVAL(buf, 6, 0); /* Reserved */
- SSVAL(buf, 8, 0); /* Capabilities */
+ if (state->max_protocol >= PROTOCOL_SMB2_22) {
+ SIVAL(buf, 8, state->conn->smb2.client.capabilities);
+ } else {
+ SIVAL(buf, 8, 0); /* Capabilities */
+ }
if (state->max_protocol >= PROTOCOL_SMB2_10) {
NTSTATUS status;
DATA_BLOB blob;
return session->smb2.session_id;
}
+uint16_t smb2cli_session_get_flags(struct smbXcli_session *session)
+{
+ return session->smb2.session_flags;
+}
+
NTSTATUS smb2cli_session_application_key(struct smbXcli_session *session,
TALLOC_CTX *mem_ctx,
DATA_BLOB *key)
return NT_STATUS_INVALID_PARAMETER_MIX;
}
- if (session->smb2.signing_key.length != 0) {
- return NT_STATUS_INVALID_PARAMETER_MIX;
- }
-
no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST | SMB2_SESSION_FLAG_IS_NULL;
if (session->smb2.session_flags & no_sign_flags) {
return NT_STATUS_OK;
}
+ if (session->smb2.signing_key.length != 0) {
+ return NT_STATUS_INVALID_PARAMETER_MIX;
+ }
+
ZERO_STRUCT(session_key);
memcpy(session_key, _session_key.data,
MIN(_session_key.length, sizeof(session_key)));
session->smb2.signing_key = data_blob_talloc(session,
session_key,
sizeof(session_key));
- ZERO_STRUCT(session_key);
if (session->smb2.signing_key.data == NULL) {
+ ZERO_STRUCT(session_key);
return NT_STATUS_NO_MEMORY;
}
+ if (conn->protocol >= PROTOCOL_SMB2_24) {
+ const DATA_BLOB label = data_blob_string_const_null("SMB2AESCMAC");
+ const DATA_BLOB context = data_blob_string_const_null("SmbSign");
+
+ smb2_key_derivation(session_key, sizeof(session_key),
+ label.data, label.length,
+ context.data, context.length,
+ session->smb2.signing_key.data);
+ }
+
session->smb2.application_key = data_blob_dup_talloc(session,
session->smb2.signing_key);
if (session->smb2.application_key.data == NULL) {
+ ZERO_STRUCT(session_key);
return NT_STATUS_NO_MEMORY;
}
+ if (conn->protocol >= PROTOCOL_SMB2_24) {
+ const DATA_BLOB label = data_blob_string_const_null("SMB2APP");
+ const DATA_BLOB context = data_blob_string_const_null("SmbRpc");
+
+ smb2_key_derivation(session_key, sizeof(session_key),
+ label.data, label.length,
+ context.data, context.length,
+ session->smb2.application_key.data);
+ }
+ ZERO_STRUCT(session_key);
+
session->smb2.channel_signing_key = data_blob_dup_talloc(session,
session->smb2.signing_key);
if (session->smb2.channel_signing_key.data == NULL) {
}
status = smb2_signing_check_pdu(session->smb2.channel_signing_key,
+ session->conn->protocol,
recv_iov, 3);
if (!NT_STATUS_IS_OK(status)) {
return status;
session->smb2.channel_signing_key = data_blob_talloc(session,
channel_key,
sizeof(channel_key));
- ZERO_STRUCT(channel_key);
if (session->smb2.channel_signing_key.data == NULL) {
+ ZERO_STRUCT(channel_key);
return NT_STATUS_NO_MEMORY;
}
+ if (conn->protocol >= PROTOCOL_SMB2_24) {
+ const DATA_BLOB label = data_blob_string_const_null("SMB2AESCMAC");
+ const DATA_BLOB context = data_blob_string_const_null("SmbSign");
+
+ smb2_key_derivation(channel_key, sizeof(channel_key),
+ label.data, label.length,
+ context.data, context.length,
+ session->smb2.channel_signing_key.data);
+ }
+ ZERO_STRUCT(channel_key);
+
status = smb2_signing_check_pdu(session->smb2.channel_signing_key,
+ session->conn->protocol,
recv_iov, 3);
if (!NT_STATUS_IS_OK(status)) {
return status;