Print this page
NEX-16824 SMB client connection setup rework
NEX-17232 SMB client reconnect failures
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
and: (improve debug)
*** 30,39 ****
--- 30,40 ----
* SUCH DAMAGE.
*/
/*
* Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2018 Nexenta Systems, Inc. All rights reserved.
*/
/*
* Kerberos V Security Support Provider
*
*** 266,278 ****
if ((err = mb_init_sz(out_mb, gtoklen)) != 0)
goto out;
if ((err = mb_put_mem(out_mb, gtok, gtoklen, MB_MSYSTEM)) != 0)
goto out;
- if (ctx->ct_vcflags & SMBV_WILL_SIGN)
- ctx->ct_hflags2 |= SMB_FLAGS2_SECURITY_SIGNATURE;
-
out:
if (gtok)
free(gtok);
if (tkt)
free(tkt);
--- 267,276 ----
*** 381,391 ****
krb5ssp_final(struct ssp_ctx *sp)
{
struct smb_ctx *ctx = sp->smb_ctx;
krb5ssp_state_t *ss = sp->sp_private;
krb5_keyblock *ssn_key = NULL;
! int err, len;
/*
* Save the session key, used for SMB signing
* and possibly other consumers (RPC).
*/
--- 379,389 ----
krb5ssp_final(struct ssp_ctx *sp)
{
struct smb_ctx *ctx = sp->smb_ctx;
krb5ssp_state_t *ss = sp->sp_private;
krb5_keyblock *ssn_key = NULL;
! int err;
/*
* Save the session key, used for SMB signing
* and possibly other consumers (RPC).
*/
*** 396,434 ****
err, error_message(err));
if (err <= 0 || err > ESTALE)
err = EAUTH;
goto out;
}
- memset(ctx->ct_ssn_key, 0, SMBIOC_HASH_SZ);
- if ((len = ssn_key->length) > SMBIOC_HASH_SZ)
- len = SMBIOC_HASH_SZ;
- memcpy(ctx->ct_ssn_key, ssn_key->contents, len);
! /*
! * Set the MAC key on the first successful auth.
! */
! if ((ctx->ct_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE) &&
! (ctx->ct_mackey == NULL)) {
! ctx->ct_mackeylen = ssn_key->length;
! ctx->ct_mackey = malloc(ctx->ct_mackeylen);
! if (ctx->ct_mackey == NULL) {
! ctx->ct_mackeylen = 0;
! err = ENOMEM;
goto out;
}
! memcpy(ctx->ct_mackey, ssn_key->contents,
! ctx->ct_mackeylen);
/*
! * Apparently, the server used seq. no. zero
! * for our previous message, so next is two.
*/
! ctx->ct_mac_seqno = 2;
}
err = 0;
out:
! if (ssn_key)
krb5_free_keyblock(ss->ss_krb5ctx, ssn_key);
return (err);
}
--- 394,429 ----
err, error_message(err));
if (err <= 0 || err > ESTALE)
err = EAUTH;
goto out;
}
! /* Sanity check the length */
! if (ssn_key->length > 1024) {
! DPRINT("session key too long");
! err = EAUTH;
goto out;
}
!
/*
! * Update/save the session key.
*/
! if (ctx->ct_ssnkey_buf != NULL) {
! free(ctx->ct_ssnkey_buf);
! ctx->ct_ssnkey_buf = NULL;
}
+ ctx->ct_ssnkey_buf = malloc(ssn_key->length);
+ if (ctx->ct_ssnkey_buf == NULL) {
+ err = ENOMEM;
+ goto out;
+ }
+ ctx->ct_ssnkey_len = ssn_key->length;
+ memcpy(ctx->ct_ssnkey_buf, ssn_key->contents, ctx->ct_ssnkey_len);
err = 0;
out:
! if (ssn_key != NULL)
krb5_free_keyblock(ss->ss_krb5ctx, ssn_key);
return (err);
}