summaryrefslogtreecommitdiff
path: root/source4/smb_server
diff options
context:
space:
mode:
Diffstat (limited to 'source4/smb_server')
-rw-r--r--source4/smb_server/smb/config.mk2
-rw-r--r--source4/smb_server/smb/negprot.c36
-rw-r--r--source4/smb_server/smb/sesssetup.c16
-rw-r--r--source4/smb_server/smb2/config.mk2
-rw-r--r--source4/smb_server/smb2/negprot.c25
-rw-r--r--source4/smb_server/smb2/sesssetup.c16
6 files changed, 49 insertions, 48 deletions
diff --git a/source4/smb_server/smb/config.mk b/source4/smb_server/smb/config.mk
index 9adf334850..eadc122831 100644
--- a/source4/smb_server/smb/config.mk
+++ b/source4/smb_server/smb/config.mk
@@ -2,7 +2,7 @@
# Start SUBSYSTEM SMB_PROTOCOL
[SUBSYSTEM::SMB_PROTOCOL]
PUBLIC_DEPENDENCIES = \
- ntvfs LIBPACKET CREDENTIALS
+ ntvfs LIBPACKET CREDENTIALS samba_server_gensec
# End SUBSYSTEM SMB_PROTOCOL
#######################
diff --git a/source4/smb_server/smb/negprot.c b/source4/smb_server/smb/negprot.c
index 71ee82d162..c3399fdd48 100644
--- a/source4/smb_server/smb/negprot.c
+++ b/source4/smb_server/smb/negprot.c
@@ -350,23 +350,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
DATA_BLOB blob;
const char *oid;
NTSTATUS nt_status;
-
- nt_status = gensec_server_start(req->smb_conn,
- req->smb_conn->connection->event.ctx,
- lp_gensec_settings(req->smb_conn, req->smb_conn->lp_ctx),
- req->smb_conn->connection->msg_ctx,
- &gensec_security);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status)));
- smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n");
- return;
- }
-
- if (req->smb_conn->negotiate.auth_context) {
- smbsrv_terminate_connection(req->smb_conn, "reply_nt1: is this a secondary negprot? auth_context is non-NULL!\n");
- return;
- }
-
+
server_credentials
= cli_credentials_init(req);
if (!server_credentials) {
@@ -382,6 +366,24 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
server_credentials = NULL;
}
+ nt_status = samba_server_gensec_start(req,
+ req->smb_conn->connection->event.ctx,
+ req->smb_conn->connection->msg_ctx,
+ req->smb_conn->lp_ctx,
+ server_credentials,
+ "cifs",
+ &gensec_security);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status)));
+ smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n");
+ return;
+ }
+
+ if (req->smb_conn->negotiate.auth_context) {
+ smbsrv_terminate_connection(req->smb_conn, "reply_nt1: is this a secondary negprot? auth_context is non-NULL!\n");
+ return;
+ }
req->smb_conn->negotiate.server_credentials = talloc_steal(req->smb_conn, server_credentials);
gensec_set_target_service(gensec_security, "cifs");
diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c
index 0767a187e5..e38447703b 100644
--- a/source4/smb_server/smb/sesssetup.c
+++ b/source4/smb_server/smb/sesssetup.c
@@ -363,20 +363,18 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se
if (!smb_sess) {
struct gensec_security *gensec_ctx;
- status = gensec_server_start(req,
- req->smb_conn->connection->event.ctx,
- lp_gensec_settings(req, req->smb_conn->lp_ctx),
- req->smb_conn->connection->msg_ctx,
- &gensec_ctx);
+ status = samba_server_gensec_start(req,
+ req->smb_conn->connection->event.ctx,
+ req->smb_conn->connection->msg_ctx,
+ req->smb_conn->lp_ctx,
+ req->smb_conn->negotiate.server_credentials,
+ "cifs",
+ &gensec_ctx);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
goto failed;
}
- gensec_set_credentials(gensec_ctx, req->smb_conn->negotiate.server_credentials);
-
- gensec_set_target_service(gensec_ctx, "cifs");
-
gensec_want_feature(gensec_ctx, GENSEC_FEATURE_SESSION_KEY);
status = gensec_start_mech_by_oid(gensec_ctx, req->smb_conn->negotiate.oid);
diff --git a/source4/smb_server/smb2/config.mk b/source4/smb_server/smb2/config.mk
index 68ee6e58f6..f0c3739926 100644
--- a/source4/smb_server/smb2/config.mk
+++ b/source4/smb_server/smb2/config.mk
@@ -2,7 +2,7 @@
# Start SUBSYSTEM SMB2_PROTOCOL
[SUBSYSTEM::SMB2_PROTOCOL]
PUBLIC_DEPENDENCIES = \
- ntvfs LIBPACKET LIBCLI_SMB2
+ ntvfs LIBPACKET LIBCLI_SMB2 samba_server_gensec
# End SUBSYSTEM SMB2_PROTOCOL
#######################
diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c
index 03e5c9356d..0b65a19634 100644
--- a/source4/smb_server/smb2/negprot.c
+++ b/source4/smb_server/smb2/negprot.c
@@ -20,6 +20,7 @@
#include "includes.h"
#include "auth/credentials/credentials.h"
+#include "auth/auth.h"
#include "auth/gensec/gensec.h"
#include "libcli/raw/libcliraw.h"
#include "libcli/raw/raw_proto.h"
@@ -40,17 +41,6 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB *
NTSTATUS nt_status;
struct cli_credentials *server_credentials;
- nt_status = gensec_server_start(req,
- req->smb_conn->connection->event.ctx,
- lp_gensec_settings(req, req->smb_conn->lp_ctx),
- req->smb_conn->connection->msg_ctx,
- &gensec_security);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status)));
- smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n");
- return nt_status;
- }
-
server_credentials = cli_credentials_init(req);
if (!server_credentials) {
smbsrv_terminate_connection(req->smb_conn, "Failed to init server credentials\n");
@@ -67,6 +57,19 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB *
req->smb_conn->negotiate.server_credentials = talloc_steal(req->smb_conn, server_credentials);
+ nt_status = samba_server_gensec_start(req,
+ req->smb_conn->connection->event.ctx,
+ req->smb_conn->connection->msg_ctx,
+ req->smb_conn->lp_ctx,
+ server_credentials,
+ "cifs",
+ &gensec_security);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status)));
+ smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n");
+ return nt_status;
+ }
+
gensec_set_target_service(gensec_security, "cifs");
gensec_set_credentials(gensec_security, server_credentials);
diff --git a/source4/smb_server/smb2/sesssetup.c b/source4/smb_server/smb2/sesssetup.c
index 176be0b3ea..9a8c1bfaa9 100644
--- a/source4/smb_server/smb2/sesssetup.c
+++ b/source4/smb_server/smb2/sesssetup.c
@@ -124,20 +124,18 @@ static void smb2srv_sesssetup_backend(struct smb2srv_request *req, union smb_ses
if (vuid == 0) {
struct gensec_security *gensec_ctx;
- status = gensec_server_start(req,
- req->smb_conn->connection->event.ctx,
- lp_gensec_settings(req, req->smb_conn->lp_ctx),
- req->smb_conn->connection->msg_ctx,
- &gensec_ctx);
+ status = samba_server_gensec_start(req,
+ req->smb_conn->connection->event.ctx,
+ req->smb_conn->connection->msg_ctx,
+ req->smb_conn->lp_ctx,
+ req->smb_conn->negotiate.server_credentials,
+ "cifs",
+ &gensec_ctx);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
goto failed;
}
- gensec_set_credentials(gensec_ctx, req->smb_conn->negotiate.server_credentials);
-
- gensec_set_target_service(gensec_ctx, "cifs");
-
gensec_want_feature(gensec_ctx, GENSEC_FEATURE_SESSION_KEY);
status = gensec_start_mech_by_oid(gensec_ctx, GENSEC_OID_SPNEGO);
generated by cgit (git 2.34.1) at 2024-07-19 18:29:51 +0000