From 54dfd08cb2970fcf2ad915f1ac0caec626cdd44e Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 22 Aug 2012 10:30:52 +0200
Subject: s3:smb2_server: use smbXsrv_session->nonce_*

metze
---
 source3/smbd/smb2_server.c    | 49 +++++++++++++++++++++----------------------
 source3/smbd/smb2_sesssetup.c |  3 +++
 2 files changed, 27 insertions(+), 25 deletions(-)

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 8106a688fd..ad5b70e928 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1431,8 +1431,8 @@ static void smbd_smb2_request_pending_timer(struct tevent_context *ev,
 	uint32_t flags = 0;
 	uint64_t session_id = 0;
 	uint64_t message_id = 0;
-	uint64_t nonce_high;
-	uint64_t nonce_low;
+	uint64_t nonce_high = 0;
+	uint64_t nonce_low = 0;
 	uint64_t async_id = 0;
 	struct tevent_req *subreq = NULL;
 
@@ -1476,15 +1476,18 @@ static void smbd_smb2_request_pending_timer(struct tevent_context *ev,
 	body = hdr + SMB2_HDR_BODY;
 	dyn = body + 8;
 
-	/*
-	 * We may have 2 responses (PENDING, FINAL),
-	 * so alter the nonce.
-	 *
-	 * The PENDING response has the SMB2_HDR_FLAG_ASYNC bit
-	 * set.
-	 */
-	nonce_high = session_id | SMB2_HDR_FLAG_ASYNC;
-	nonce_low = message_id;
+	if (req->do_encryption) {
+		struct smbXsrv_session *x = req->session;
+
+		nonce_high = x->nonce_high;
+		nonce_low = x->nonce_low;
+
+		x->nonce_low += 1;
+		if (x->nonce_low == 0) {
+			x->nonce_low += 1;
+			x->nonce_high += 1;
+		}
+	}
 
 	SIVAL(tf, SMB2_TF_PROTOCOL_ID, SMB2_TF_MAGIC);
 	SBVAL(tf, SMB2_TF_NONCE+0, nonce_low);
@@ -2310,22 +2313,18 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
 	{
 		DATA_BLOB encryption_key = req->session->global->encryption_key;
 		uint8_t *tf;
-		const uint8_t *inhdr = SMBD_SMB2_IN_HDR_PTR(req);
 		uint64_t session_id = req->session->global->session_wire_id;
-		uint64_t message_id = BVAL(inhdr, SMB2_HDR_MESSAGE_ID);
-		uint64_t async_id = BVAL(inhdr, SMB2_HDR_ASYNC_ID);
-		/*
-		 * We may have 2 responses (PENDING, FINAL),
-		 * so alter the nonce.
-		 *
-		 * The FINAL response has the SMB2_HDR_FLAG_ASYNC bit
-		 * cleared.
-		 */
-		uint64_t nonce_high = session_id & ~SMB2_HDR_FLAG_ASYNC;
-		uint64_t nonce_low = message_id;
+		struct smbXsrv_session *x = req->session;
+		uint64_t nonce_high;
+		uint64_t nonce_low;
+
+		nonce_high = x->nonce_high;
+		nonce_low = x->nonce_low;
 
-		if (nonce_low == 0) {
-			nonce_low = async_id;
+		x->nonce_low += 1;
+		if (x->nonce_low == 0) {
+			x->nonce_low += 1;
+			x->nonce_high += 1;
 		}
 
 		/*
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 12a9d22f16..a03abf73aa 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -277,6 +277,9 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
 				    label.data, label.length,
 				    context.data, context.length,
 				    x->global->encryption_key.data);
+
+		generate_random_buffer((uint8_t *)&x->nonce_high, sizeof(x->nonce_high));
+		x->nonce_low = 1;
 	}
 
 	x->global->application_key = data_blob_dup_talloc(x->global,
-- 
cgit