big-one Udiff usr/src/lib/libsmbfs/smb/krb5ssp.c

Print this page

NEX-16824 SMB client connection setup rework
NEX-17232 SMB client reconnect failures
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
and: (improve debug)

@@ -30,10 +30,11 @@
  * SUCH DAMAGE.
  */
 
 /*
  * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
  */
 
 /*
  * Kerberos V Security Support Provider
  *

@@ -266,13 +267,10 @@
         if ((err = mb_init_sz(out_mb, gtoklen)) != 0)
                 goto out;
         if ((err = mb_put_mem(out_mb, gtok, gtoklen, MB_MSYSTEM)) != 0)
                 goto out;
 
-        if (ctx->ct_vcflags & SMBV_WILL_SIGN)
-                ctx->ct_hflags2 |= SMB_FLAGS2_SECURITY_SIGNATURE;
-
 out:
         if (gtok)
                 free(gtok);
         if (tkt)
                 free(tkt);

@@ -381,11 +379,11 @@
 krb5ssp_final(struct ssp_ctx *sp)
 {
         struct smb_ctx *ctx = sp->smb_ctx;
         krb5ssp_state_t *ss = sp->sp_private;
         krb5_keyblock   *ssn_key = NULL;
-        int err, len;
+        int err;
 
         /*
          * Save the session key, used for SMB signing
          * and possibly other consumers (RPC).
          */

@@ -396,39 +394,36 @@
                     err, error_message(err));
                 if (err <= 0 || err > ESTALE)
                         err = EAUTH;
                 goto out;
         }
-        memset(ctx->ct_ssn_key, 0, SMBIOC_HASH_SZ);
-        if ((len = ssn_key->length) > SMBIOC_HASH_SZ)
-                len = SMBIOC_HASH_SZ;
-        memcpy(ctx->ct_ssn_key, ssn_key->contents, len);
 
-        /*
-         * Set the MAC key on the first successful auth.
-         */
-        if ((ctx->ct_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE) &&
-            (ctx->ct_mackey == NULL)) {
-                ctx->ct_mackeylen = ssn_key->length;
-                ctx->ct_mackey = malloc(ctx->ct_mackeylen);
-                if (ctx->ct_mackey == NULL) {
-                        ctx->ct_mackeylen = 0;
-                        err = ENOMEM;
+        /* Sanity check the length */
+        if (ssn_key->length > 1024) {
+                DPRINT("session key too long");
+                err = EAUTH;
                         goto out;
                 }
-                memcpy(ctx->ct_mackey, ssn_key->contents,
-                    ctx->ct_mackeylen);
+
                 /*
-                 * Apparently, the server used seq. no. zero
-                 * for our previous message, so next is two.
+         * Update/save the session key.
                  */
-                ctx->ct_mac_seqno = 2;
+        if (ctx->ct_ssnkey_buf != NULL) {
+                free(ctx->ct_ssnkey_buf);
+                ctx->ct_ssnkey_buf = NULL;
         }
+        ctx->ct_ssnkey_buf = malloc(ssn_key->length);
+        if (ctx->ct_ssnkey_buf == NULL) {
+                err = ENOMEM;
+                goto out;
+        }
+        ctx->ct_ssnkey_len = ssn_key->length;
+        memcpy(ctx->ct_ssnkey_buf, ssn_key->contents, ctx->ct_ssnkey_len);
         err = 0;
 
 out:
-        if (ssn_key)
+        if (ssn_key != NULL)
                 krb5_free_keyblock(ss->ss_krb5ctx, ssn_key);
 
         return (err);
 }