summaryrefslogtreecommitdiff
path: root/source3/smbd/negprot.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd/negprot.c')
-rw-r--r--source3/smbd/negprot.c69
1 files changed, 43 insertions, 26 deletions
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 6d15f486df..4e14ee8aad 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -27,22 +27,28 @@ extern enum protocol_types Protocol;
static void get_challenge(uint8 buff[8])
{
NTSTATUS nt_status;
+ struct smbd_server_connection *sconn = smbd_server_conn;
/* We might be called more than once, multiple negprots are
* permitted */
- if (negprot_global_auth_context) {
- DEBUG(3, ("get challenge: is this a secondary negprot? negprot_global_auth_context is non-NULL!\n"));
- (negprot_global_auth_context->free)(&negprot_global_auth_context);
+ if (sconn->smb1.negprot.auth_context) {
+ DEBUG(3, ("get challenge: is this a secondary negprot? "
+ "sconn->negprot.auth_context is non-NULL!\n"));
+ sconn->smb1.negprot.auth_context->free(
+ &sconn->smb1.negprot.auth_context);
}
DEBUG(10, ("get challenge: creating negprot_global_auth_context\n"));
- if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&negprot_global_auth_context))) {
- DEBUG(0, ("make_auth_context_subsystem returned %s", nt_errstr(nt_status)));
+ nt_status = make_auth_context_subsystem(
+ &sconn->smb1.negprot.auth_context);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(0, ("make_auth_context_subsystem returned %s",
+ nt_errstr(nt_status)));
smb_panic("cannot make_negprot_global_auth_context!");
}
DEBUG(10, ("get challenge: getting challenge\n"));
- negprot_global_auth_context->get_ntlm_challenge(
- negprot_global_auth_context, buff);
+ sconn->smb1.negprot.auth_context->get_ntlm_challenge(
+ sconn->smb1.negprot.auth_context, buff);
}
/****************************************************************************
@@ -86,20 +92,23 @@ static void reply_lanman1(struct smb_request *req, uint16 choice)
int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0);
int secword=0;
time_t t = time(NULL);
+ struct smbd_server_connection *sconn = smbd_server_conn;
- global_encrypted_passwords_negotiated = lp_encrypted_passwords();
+ sconn->smb1.negprot.encrypted_passwords = lp_encrypted_passwords();
- if (lp_security()>=SEC_USER)
+ if (lp_security()>=SEC_USER) {
secword |= NEGOTIATE_SECURITY_USER_LEVEL;
- if (global_encrypted_passwords_negotiated)
+ }
+ if (sconn->smb1.negprot.encrypted_passwords) {
secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
+ }
- reply_outbuf(req, 13, global_encrypted_passwords_negotiated?8:0);
+ reply_outbuf(req, 13, sconn->smb1.negprot.encrypted_passwords?8:0);
SSVAL(req->outbuf,smb_vwv0,choice);
SSVAL(req->outbuf,smb_vwv1,secword);
/* Create a token value and add it to the outgoing packet. */
- if (global_encrypted_passwords_negotiated) {
+ if (sconn->smb1.negprot.encrypted_passwords) {
get_challenge((uint8 *)smb_buf(req->outbuf));
SSVAL(req->outbuf,smb_vwv11, 8);
}
@@ -130,22 +139,25 @@ static void reply_lanman2(struct smb_request *req, uint16 choice)
int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0);
int secword=0;
time_t t = time(NULL);
+ struct smbd_server_connection *sconn = smbd_server_conn;
- global_encrypted_passwords_negotiated = lp_encrypted_passwords();
+ sconn->smb1.negprot.encrypted_passwords = lp_encrypted_passwords();
- if (lp_security()>=SEC_USER)
+ if (lp_security()>=SEC_USER) {
secword |= NEGOTIATE_SECURITY_USER_LEVEL;
- if (global_encrypted_passwords_negotiated)
+ }
+ if (sconn->smb1.negprot.encrypted_passwords) {
secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
+ }
- reply_outbuf(req, 13, global_encrypted_passwords_negotiated?8:0);
+ reply_outbuf(req, 13, sconn->smb1.negprot.encrypted_passwords?8:0);
SSVAL(req->outbuf,smb_vwv0,choice);
SSVAL(req->outbuf,smb_vwv1,secword);
SIVAL(req->outbuf,smb_vwv6,sys_getpid());
/* Create a token value and add it to the outgoing packet. */
- if (global_encrypted_passwords_negotiated) {
+ if (sconn->smb1.negprot.encrypted_passwords) {
get_challenge((uint8 *)smb_buf(req->outbuf));
SSVAL(req->outbuf,smb_vwv11, 8);
}
@@ -180,8 +192,9 @@ DATA_BLOB negprot_spnego(void)
OID_NTLMSSP,
NULL};
const char *OIDs_plain[] = {OID_NTLMSSP, NULL};
+ struct smbd_server_connection *sconn = smbd_server_conn;
- global_spnego_negotiated = True;
+ sconn->smb1.negprot.spnego = true;
memset(guid, '\0', sizeof(guid));
@@ -250,8 +263,9 @@ static void reply_nt1(struct smb_request *req, uint16 choice)
bool negotiate_spnego = False;
time_t t = time(NULL);
ssize_t ret;
+ struct smbd_server_connection *sconn = smbd_server_conn;
- global_encrypted_passwords_negotiated = lp_encrypted_passwords();
+ sconn->smb1.negprot.encrypted_passwords = lp_encrypted_passwords();
/* Check the flags field to see if this is Vista.
WinXP sets it and Vista does not. But we have to
@@ -270,7 +284,7 @@ static void reply_nt1(struct smb_request *req, uint16 choice)
/* do spnego in user level security if the client
supports it and we can do encrypted passwords */
- if (global_encrypted_passwords_negotiated &&
+ if (sconn->smb1.negprot.encrypted_passwords &&
(lp_security() != SEC_SHARE) &&
lp_use_spnego() &&
(req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
@@ -304,11 +318,13 @@ static void reply_nt1(struct smb_request *req, uint16 choice)
if (lp_host_msdfs())
capabilities |= CAP_DFS;
- if (lp_security() >= SEC_USER)
+ if (lp_security() >= SEC_USER) {
secword |= NEGOTIATE_SECURITY_USER_LEVEL;
- if (global_encrypted_passwords_negotiated)
+ }
+ if (sconn->smb1.negprot.encrypted_passwords) {
secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
-
+ }
+
if (lp_server_signing()) {
if (lp_security() >= SEC_USER) {
secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
@@ -342,7 +358,7 @@ static void reply_nt1(struct smb_request *req, uint16 choice)
p = q = smb_buf(req->outbuf);
if (!negotiate_spnego) {
/* Create a token value and add it to the outgoing packet. */
- if (global_encrypted_passwords_negotiated) {
+ if (sconn->smb1.negprot.encrypted_passwords) {
uint8 chal[8];
/* note that we do not send a challenge at all if
we are using plaintext */
@@ -511,14 +527,15 @@ void reply_negprot(struct smb_request *req)
char **cliprotos;
int i;
size_t converted_size;
+ struct smbd_server_connection *sconn = smbd_server_conn;
START_PROFILE(SMBnegprot);
- if (done_negprot) {
+ if (sconn->smb1.negprot.done) {
END_PROFILE(SMBnegprot);
exit_server_cleanly("multiple negprot's are not permitted");
}
- done_negprot = True;
+ sconn->smb1.negprot.done = true;
if (req->buflen == 0) {
DEBUG(0, ("negprot got no protocols\n"));
generated by cgit (git 2.34.1) at 2024-07-04 00:52:53 +0000