libcli/smb2: fix per session signing state

metze
(This used to be commit 8bc12dc77a59e792830d96e84a4e8d1b2c651505)

4 files changed, 12 insertions, 17 deletions

diff --git a/source4/libcli/smb2/connect.c b/source4/libcli/smb2/connect.c
index cdb5e3b5d4..c89c109b72 100644
--- a/source4/libcli/smb2/connect.c
+++ b/source4/libcli/smb2/connect.c
@@ -112,19 +112,19 @@ static void continue_negprot(struct smb2_request *req)
 			composite_error(c, NT_STATUS_ACCESS_DENIED);
 			return;
 		}
-		transport->signing.doing_signing = false;
+		transport->signing_required = false;
 		break;
 	case SMB_SIGNING_SUPPORTED:
 	case SMB_SIGNING_AUTO:
 		if (transport->negotiate.security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) {
-			transport->signing.doing_signing = true;
+			transport->signing_required = true;
 		} else {
-			transport->signing.doing_signing = false;
+			transport->signing_required = false;
 		}
 		break;
 	case SMB_SIGNING_REQUIRED:
 		if (transport->negotiate.security_mode & SMB2_NEGOTIATE_SIGNING_ENABLED) {
-			transport->signing.doing_signing = true;
+			transport->signing_required = true;
 		} else {
 			composite_error(c, NT_STATUS_ACCESS_DENIED);
 			return;
diff --git a/source4/libcli/smb2/session.c b/source4/libcli/smb2/session.c
index 91616319d5..6c573bf6d5 100644
--- a/source4/libcli/smb2/session.c
+++ b/source4/libcli/smb2/session.c
@@ -187,14 +187,14 @@ static void session_request_handler(struct smb2_request *req)
 		return;
 	}
 
-	if (session->transport->signing.doing_signing) {
+	if (session->transport->signing_required) {
 		if (session->session_key.length != 16) {
 			DEBUG(2,("Wrong session key length %u for SMB2 signing\n",
 				 (unsigned)session->session_key.length));
 			composite_error(c, NT_STATUS_ACCESS_DENIED);
 			return;
 		}
-		session->transport->signing.signing_started = true;
+		session->signing_active = true;
 	}
 
 	composite_done(c);
@@ -218,7 +218,7 @@ struct composite_context *smb2_session_setup_spnego_send(struct smb2_session *se
 
 	ZERO_STRUCT(state->io);
 	state->io.in.vc_number          = 0;
-	if (session->transport->signing.doing_signing) {
+	if (session->transport->signing_required) {
 		state->io.in.security_mode = 
 			SMB2_NEGOTIATE_SIGNING_ENABLED | SMB2_NEGOTIATE_SIGNING_REQUIRED;
 	}
diff --git a/source4/libcli/smb2/smb2.h b/source4/libcli/smb2/smb2.h
index 2b468d3dc9..5d6341a15b 100644
--- a/source4/libcli/smb2/smb2.h
+++ b/source4/libcli/smb2/smb2.h
@@ -27,11 +27,6 @@
 
 struct smb2_handle;
 
-struct smb2_signing_context {
-	bool doing_signing;
-	bool signing_started;
-};
-
 /*
   information returned from the negotiate process
 */
@@ -78,7 +73,8 @@ struct smb2_transport {
 	} oplock;
 
 	struct smbcli_options options;
-	struct smb2_signing_context signing;
+
+	bool signing_required;
 };
 
 
@@ -98,6 +94,7 @@ struct smb2_session {
 	struct gensec_security *gensec;
 	uint64_t uid;
 	DATA_BLOB session_key;
+	bool signing_active;
 };
 
 
diff --git a/source4/libcli/smb2/transport.c b/source4/libcli/smb2/transport.c
index 6e0d523e21..d9691bec7c 100644
--- a/source4/libcli/smb2/transport.c
+++ b/source4/libcli/smb2/transport.c
@@ -235,7 +235,7 @@ static NTSTATUS smb2_transport_finish_recv(void *private, DATA_BLOB blob)
 	req->in.body_size = req->in.size - (SMB2_HDR_BODY+NBT_HDR_SIZE);
 	req->status       = NT_STATUS(IVAL(hdr, SMB2_HDR_STATUS));
 
-	if (req->session && transport->signing.doing_signing) {
+	if (req->session && req->session->signing_active) {
 		status = smb2_check_signature(&req->in, 
 					      req->session->session_key);
 		if (!NT_STATUS_IS_OK(status)) {
@@ -352,9 +352,7 @@ void smb2_transport_send(struct smb2_request *req)
 	}
 
 	/* possibly sign the message */
-	if (req->transport->signing.doing_signing && 
-	    req->transport->signing.signing_started &&
-	    req->session) {
+	if (req->session && req->session->signing_active) {
 		status = smb2_sign_message(&req->out, req->session->session_key);
 		if (!NT_STATUS_IS_OK(status)) {
 			req->state = SMB2_REQUEST_ERROR;