make signing per session in the SMB2 client library

Thanks to Metze for spotting this
(This used to be commit e9fd9b821c04d1cb7b574f539dd8169611e662aa)

4 files changed, 11 insertions, 10 deletions

diff --git a/source4/libcli/smb2/session.c b/source4/libcli/smb2/session.c
index 42fd4840a1..91616319d5 100644
--- a/source4/libcli/smb2/session.c
+++ b/source4/libcli/smb2/session.c
@@ -164,7 +164,7 @@ static void session_request_handler(struct smb2_request *req)
 
 		session_key_err = gensec_session_key(session->gensec, &session_key);
 		if (NT_STATUS_IS_OK(session_key_err)) {
-			session->transport->signing.session_key = session_key;
+			session->session_key = session_key;
 		}		
 	}
 
@@ -188,9 +188,9 @@ static void session_request_handler(struct smb2_request *req)
 	}
 
 	if (session->transport->signing.doing_signing) {
-		if (session->transport->signing.session_key.length != 16) {
+		if (session->session_key.length != 16) {
 			DEBUG(2,("Wrong session key length %u for SMB2 signing\n",
-				 (unsigned)session->transport->signing.session_key.length));
+				 (unsigned)session->session_key.length));
 			composite_error(c, NT_STATUS_ACCESS_DENIED);
 			return;
 		}
diff --git a/source4/libcli/smb2/smb2.h b/source4/libcli/smb2/smb2.h
index 0903509528..2b468d3dc9 100644
--- a/source4/libcli/smb2/smb2.h
+++ b/source4/libcli/smb2/smb2.h
@@ -30,7 +30,6 @@ struct smb2_handle;
 struct smb2_signing_context {
 	bool doing_signing;
 	bool signing_started;
-	DATA_BLOB session_key;
 };
 
 /*
@@ -98,6 +97,7 @@ struct smb2_session {
 	struct smb2_transport *transport;
 	struct gensec_security *gensec;
 	uint64_t uid;
+	DATA_BLOB session_key;
 };
 
 
diff --git a/source4/libcli/smb2/tcon.c b/source4/libcli/smb2/tcon.c
index db35669d41..ec7152b264 100644
--- a/source4/libcli/smb2/tcon.c
+++ b/source4/libcli/smb2/tcon.c
@@ -57,6 +57,7 @@ struct smb2_request *smb2_tree_connect_send(struct smb2_tree *tree,
 	if (req == NULL) return NULL;
 
 	SBVAL(req->out.hdr,  SMB2_HDR_SESSION_ID, tree->session->uid);
+	req->session = tree->session;
 
 	SSVAL(req->out.body, 0x02, io->in.reserved);
 	status = smb2_push_o16s16_string(&req->out, 0x04, io->in.path);
diff --git a/source4/libcli/smb2/transport.c b/source4/libcli/smb2/transport.c
index a9a9efb3aa..6e0d523e21 100644
--- a/source4/libcli/smb2/transport.c
+++ b/source4/libcli/smb2/transport.c
@@ -235,10 +235,9 @@ static NTSTATUS smb2_transport_finish_recv(void *private, DATA_BLOB blob)
 	req->in.body_size = req->in.size - (SMB2_HDR_BODY+NBT_HDR_SIZE);
 	req->status       = NT_STATUS(IVAL(hdr, SMB2_HDR_STATUS));
 
-	if (transport->signing.signing_started &&
-	    transport->signing.doing_signing) {
+	if (req->session && transport->signing.doing_signing) {
 		status = smb2_check_signature(&req->in, 
-					      transport->signing.session_key);
+					      req->session->session_key);
 		if (!NT_STATUS_IS_OK(status)) {
 			/* the spec says to ignore packets with a bad signature */
 			talloc_free(buffer);
@@ -353,9 +352,10 @@ void smb2_transport_send(struct smb2_request *req)
 	}
 
 	/* possibly sign the message */
-	if (req->transport->signing.doing_signing &&
-	    req->transport->signing.signing_started) {
-		status = smb2_sign_message(&req->out, req->transport->signing.session_key);
+	if (req->transport->signing.doing_signing && 
+	    req->transport->signing.signing_started &&
+	    req->session) {
+		status = smb2_sign_message(&req->out, req->session->session_key);
 		if (!NT_STATUS_IS_OK(status)) {
 			req->state = SMB2_REQUEST_ERROR;
 			req->status = status;