Fix SMB 2.x signing key: use session_base_key directly (not KDF)
This commit is contained in:
11
vendor/smb-server/src/handlers/session_setup.rs
vendored
11
vendor/smb-server/src/handlers/session_setup.rs
vendored
@@ -168,7 +168,7 @@ pub async fn handle(
|
|||||||
.lock()
|
.lock()
|
||||||
.unwrap_or_else(|poisoned| poisoned.into_inner());
|
.unwrap_or_else(|poisoned| poisoned.into_inner());
|
||||||
let (acceptor, raw_form) = (&pair.0, pair.1);
|
let (acceptor, raw_form) = (&pair.0, pair.1);
|
||||||
let lookup = |u: &str, _d: &str| -> Option<UserCreds> { users.get(u).cloned() };
|
let lookup = |u: &str, _d: &str| -> Option<UserCreds> { users.get(&u.to_lowercase()).cloned() };
|
||||||
let outcome = match acceptor.authenticate(&inner_token, lookup) {
|
let outcome = match acceptor.authenticate(&inner_token, lookup) {
|
||||||
Ok(o) => o,
|
Ok(o) => o,
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
@@ -186,9 +186,14 @@ pub async fn handle(
|
|||||||
|
|
||||||
let session_base_key = outcome.session_key;
|
let session_base_key = outcome.session_key;
|
||||||
let dialect = *conn.dialect.read().await;
|
let dialect = *conn.dialect.read().await;
|
||||||
|
// Signing key derivation per MS-SMB2 §3.1.4.1:
|
||||||
|
// - SMB 2.0.2/2.1: signing_key = session_base_key (direct, HMAC-SHA256)
|
||||||
|
// - SMB 3.0/3.0.2: signing_key = SMB2_kdf(session_key, "SMB2AESCMAC", "SmbSign") (AES-CMAC)
|
||||||
|
// - SMB 3.1.1: signing_key derived later with preauth hash
|
||||||
let signing_key = match dialect {
|
let signing_key = match dialect {
|
||||||
Some(Dialect::Smb311) => [0u8; 16],
|
Some(Dialect::Smb311) => [0u8; 16], // Derived in dispatch with preauth hash
|
||||||
Some(_) => signing_key_30(&session_base_key),
|
Some(Dialect::Smb300) | Some(Dialect::Smb302) => signing_key_30(&session_base_key),
|
||||||
|
Some(Dialect::Smb202) | Some(Dialect::Smb210) | Some(Dialect::Smb2Wildcard) => session_base_key, // Direct for SMB 2.x
|
||||||
None => return HandlerResponse::err(ntstatus::STATUS_INVALID_PARAMETER),
|
None => return HandlerResponse::err(ntstatus::STATUS_INVALID_PARAMETER),
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user