4 files changed, 20 insertions, 22 deletions

diff --git a/source3/include/async_smb.h b/source3/include/async_smb.h
index 7fc4ff7d27..2ac1101a1e 100644
--- a/source3/include/async_smb.h
+++ b/source3/include/async_smb.h
@@ -63,6 +63,8 @@ struct cli_request {
 	 */
 	uint16_t mid;
 
+	uint32_t seqnum;
+
 	/**
 	 * The bytes we have to ship to the server
 	 */
diff --git a/source3/include/client.h b/source3/include/client.h
index 320a90e66b..db19f34a9d 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -166,6 +166,13 @@ struct smb_trans_enc_state {
         } s;
 };
 
+struct cli_state_seqnum {
+	struct cli_state_seqnum *prev, *next;
+	uint16_t mid;
+	uint32_t seqnum;
+	bool persistent;
+};
+
 struct cli_state {
 	/**
 	 * A list of subsidiary connections for DFS.
@@ -217,6 +224,7 @@ struct cli_state {
 	size_t max_xmit;
 	size_t max_mux;
 	char *outbuf;
+	struct cli_state_seqnum *seqnum;
 	char *inbuf;
 	unsigned int bufsize;
 	int initialised;
@@ -231,7 +239,7 @@ struct cli_state {
 	TALLOC_CTX *call_mem_ctx;
 #endif
 
-	smb_sign_info sign_info;
+	struct smb_signing_state *signing_state;
 
 	struct smb_trans_enc_state *trans_enc_state; /* Setup if we're encrypting SMB's. */
 
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 356eb4935f..d93c4a5125 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -2410,6 +2410,10 @@ bool receive_getdc_response(TALLOC_CTX *mem_ctx,
 int cli_set_message(char *buf,int num_words,int num_bytes,bool zero);
 unsigned int cli_set_timeout(struct cli_state *cli, unsigned int timeout);
 void cli_set_port(struct cli_state *cli, int port);
+bool cli_state_seqnum_persistent(struct cli_state *cli,
+				 uint16_t mid);
+bool cli_state_seqnum_remove(struct cli_state *cli,
+			     uint16_t mid);
 bool cli_receive_smb(struct cli_state *cli);
 ssize_t cli_receive_smb_data(struct cli_state *cli, char *buffer, size_t len);
 bool cli_receive_smb_readX_header(struct cli_state *cli);
@@ -3186,14 +3190,13 @@ NTSTATUS cli_encrypt_message(struct cli_state *cli, char *buf, char **buf_out);
 bool cli_simple_set_signing(struct cli_state *cli,
 			    const DATA_BLOB user_session_key,
 			    const DATA_BLOB response);
-bool cli_null_set_signing(struct cli_state *cli);
 bool cli_temp_set_signing(struct cli_state *cli);
-void cli_free_signing_context(struct cli_state *cli);
-void cli_calculate_sign_mac(struct cli_state *cli, char *buf);
-bool cli_check_sign_mac(struct cli_state *cli, char *buf);
-bool client_set_trans_sign_state_on(struct cli_state *cli, uint16 mid);
-bool client_set_trans_sign_state_off(struct cli_state *cli, uint16 mid);
+void cli_calculate_sign_mac(struct cli_state *cli, char *buf, uint32_t *seqnum);
+bool cli_check_sign_mac(struct cli_state *cli, const char *buf, uint32_t seqnum);
 bool client_is_signing_on(struct cli_state *cli);
+bool client_is_signing_allowed(struct cli_state *cli);
+bool client_is_signing_mandatory(struct cli_state *cli);
+void cli_set_signing_negotiated(struct cli_state *cli);
 
 /* The following definitions come from smbd/signing.c  */
 
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 215adba1b4..84aa36a364 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1849,21 +1849,6 @@ struct ip_service {
 /* Special name type used to cause a _kerberos DNS lookup. */
 #define KDC_NAME_TYPE 0xDCDC
 
-/* Used by the SMB signing functions. */
-
-typedef struct smb_sign_info {
-	void (*sign_outgoing_message)(char *outbuf, struct smb_sign_info *si);
-	bool (*check_incoming_message)(const char *inbuf, struct smb_sign_info *si, bool must_be_ok);
-	void (*free_signing_context)(struct smb_sign_info *si);
-	void *signing_context;
-
-	bool negotiated_smb_signing;
-	bool allow_smb_signing;
-	bool doing_signing;
-	bool mandatory_signing;
-	bool seen_valid; /* Have I ever seen a validly signed packet? */
-} smb_sign_info;
-
 struct ea_struct {
 	uint8 flags;
 	char *name;