diff options
| author | Stefan Metzmacher <metze@samba.org> | 2012-02-27 08:48:55 +0100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2012-02-27 12:51:33 +0100 |
| commit | aa4331be9e6e3db3bd14c9abd024e95f6aec8bdb (patch) | |
| tree | 7468dba78b8dd1167eb2938bcad2969a427aacf2 /source3 | |
| parent | b93f6ac79c431e4effb3905824bcaef5cbe5e85a (diff) | |
| download | samba-aa4331be9e6e3db3bd14c9abd024e95f6aec8bdb.tar.gz samba-aa4331be9e6e3db3bd14c9abd024e95f6aec8bdb.tar.bz2 samba-aa4331be9e6e3db3bd14c9abd024e95f6aec8bdb.zip | |
libcli/smb/smbXcli: maintain smb2 channel_signing_key separate from the signing_key
The signing_key is fix across all channels and is used for session setups
on a channel binding.
Note:
- the last session setup response is signed with the new channel signing key.
- the reauth session setups are signed with the channel signing key.
It's also not needed to remember the main session key.
metze
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/libsmb/cliconnect.c | 4 | ||||
| -rw-r--r-- | source3/torture/test_smb2.c | 20 |
2 files changed, 12 insertions, 12 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 146fc3d3b4..79b9496f8b 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1519,7 +1519,7 @@ static void cli_session_setup_kerberos_done(struct tevent_req *subreq) if (cli_state_protocol(state->cli) >= PROTOCOL_SMB2_02) { struct smbXcli_session *session = state->cli->smb2.session; - status = smb2cli_session_update_session_key(session, + status = smb2cli_session_set_session_key(session, state->session_key_krb5, recv_iov); if (tevent_req_nterror(req, status)) { @@ -1710,7 +1710,7 @@ static void cli_session_setup_ntlmssp_done(struct tevent_req *subreq) if (cli_state_protocol(state->cli) >= PROTOCOL_SMB2_02) { struct smbXcli_session *session = state->cli->smb2.session; - status = smb2cli_session_update_session_key(session, + status = smb2cli_session_set_session_key(session, state->ntlmssp_state->session_key, recv_iov); if (tevent_req_nterror(req, status)) { diff --git a/source3/torture/test_smb2.c b/source3/torture/test_smb2.c index 3cd90bfe81..d75ab32d23 100644 --- a/source3/torture/test_smb2.c +++ b/source3/torture/test_smb2.c @@ -548,11 +548,11 @@ bool run_smb2_session_reconnect(int dummy) /* now grab the session key and try with signing */ - status = smb2cli_session_update_session_key(cli2->smb2.session, - session_key, - recv_iov); + status = smb2cli_session_set_session_key(cli2->smb2.session, + session_key, + recv_iov); if (!NT_STATUS_IS_OK(status)) { - printf("smb2cli_session_update_session_key %s\n", nt_errstr(status)); + printf("smb2cli_session_set_session_key %s\n", nt_errstr(status)); return false; } @@ -772,7 +772,7 @@ bool run_smb2_multi_channel(int dummy) struct tevent_req *subreq; DATA_BLOB in_blob = data_blob_null; DATA_BLOB out_blob; - DATA_BLOB session_key; + DATA_BLOB channel_session_key; struct auth_generic_state *auth_generic_state; struct iovec *recv_iov; const char *hello = "Hello, world\n"; @@ -937,18 +937,18 @@ bool run_smb2_multi_channel(int dummy) } status = gensec_session_key(auth_generic_state->gensec_security, talloc_tos(), - &session_key); + &channel_session_key); if (!NT_STATUS_IS_OK(status)) { printf("gensec_session_key returned %s\n", nt_errstr(status)); return false; } - status = smb2cli_session_update_session_key(cli2->smb2.session, - session_key, - recv_iov); + status = smb2cli_session_set_channel_key(cli2->smb2.session, + channel_session_key, + recv_iov); if (!NT_STATUS_IS_OK(status)) { - printf("smb2cli_session_update_session_key %s\n", nt_errstr(status)); + printf("smb2cli_session_set_channel_key %s\n", nt_errstr(status)); return false; } |