From 35bd7a6378cc25ed6b24d153c3cf1557d6126788 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 9 Jun 2008 21:57:41 +0200 Subject: libcli/smb2: fix per session signing state metze (This used to be commit 8bc12dc77a59e792830d96e84a4e8d1b2c651505) --- source4/libcli/smb2/connect.c | 8 ++++---- source4/libcli/smb2/session.c | 6 +++--- source4/libcli/smb2/smb2.h | 9 +++------ source4/libcli/smb2/transport.c | 6 ++---- 4 files changed, 12 insertions(+), 17 deletions(-) (limited to 'source4/libcli') diff --git a/source4/libcli/smb2/connect.c b/source4/libcli/smb2/connect.c index cdb5e3b5d4..c89c109b72 100644 --- a/source4/libcli/smb2/connect.c +++ b/source4/libcli/smb2/connect.c @@ -112,19 +112,19 @@ static void continue_negprot(struct smb2_request *req) composite_error(c, NT_STATUS_ACCESS_DENIED); return; } - transport->signing.doing_signing = false; + transport->signing_required = false; break; case SMB_SIGNING_SUPPORTED: case SMB_SIGNING_AUTO: if (transport->negotiate.security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) { - transport->signing.doing_signing = true; + transport->signing_required = true; } else { - transport->signing.doing_signing = false; + transport->signing_required = false; } break; case SMB_SIGNING_REQUIRED: if (transport->negotiate.security_mode & SMB2_NEGOTIATE_SIGNING_ENABLED) { - transport->signing.doing_signing = true; + transport->signing_required = true; } else { composite_error(c, NT_STATUS_ACCESS_DENIED); return; diff --git a/source4/libcli/smb2/session.c b/source4/libcli/smb2/session.c index 91616319d5..6c573bf6d5 100644 --- a/source4/libcli/smb2/session.c +++ b/source4/libcli/smb2/session.c @@ -187,14 +187,14 @@ static void session_request_handler(struct smb2_request *req) return; } - if (session->transport->signing.doing_signing) { + if (session->transport->signing_required) { if (session->session_key.length != 16) { DEBUG(2,("Wrong session key length %u for SMB2 signing\n", (unsigned)session->session_key.length)); composite_error(c, NT_STATUS_ACCESS_DENIED); return; } - session->transport->signing.signing_started = true; + session->signing_active = true; } composite_done(c); @@ -218,7 +218,7 @@ struct composite_context *smb2_session_setup_spnego_send(struct smb2_session *se ZERO_STRUCT(state->io); state->io.in.vc_number = 0; - if (session->transport->signing.doing_signing) { + if (session->transport->signing_required) { state->io.in.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED | SMB2_NEGOTIATE_SIGNING_REQUIRED; } diff --git a/source4/libcli/smb2/smb2.h b/source4/libcli/smb2/smb2.h index 2b468d3dc9..5d6341a15b 100644 --- a/source4/libcli/smb2/smb2.h +++ b/source4/libcli/smb2/smb2.h @@ -27,11 +27,6 @@ struct smb2_handle; -struct smb2_signing_context { - bool doing_signing; - bool signing_started; -}; - /* information returned from the negotiate process */ @@ -78,7 +73,8 @@ struct smb2_transport { } oplock; struct smbcli_options options; - struct smb2_signing_context signing; + + bool signing_required; }; @@ -98,6 +94,7 @@ struct smb2_session { struct gensec_security *gensec; uint64_t uid; DATA_BLOB session_key; + bool signing_active; }; diff --git a/source4/libcli/smb2/transport.c b/source4/libcli/smb2/transport.c index 6e0d523e21..d9691bec7c 100644 --- a/source4/libcli/smb2/transport.c +++ b/source4/libcli/smb2/transport.c @@ -235,7 +235,7 @@ static NTSTATUS smb2_transport_finish_recv(void *private, DATA_BLOB blob) req->in.body_size = req->in.size - (SMB2_HDR_BODY+NBT_HDR_SIZE); req->status = NT_STATUS(IVAL(hdr, SMB2_HDR_STATUS)); - if (req->session && transport->signing.doing_signing) { + if (req->session && req->session->signing_active) { status = smb2_check_signature(&req->in, req->session->session_key); if (!NT_STATUS_IS_OK(status)) { @@ -352,9 +352,7 @@ void smb2_transport_send(struct smb2_request *req) } /* possibly sign the message */ - if (req->transport->signing.doing_signing && - req->transport->signing.signing_started && - req->session) { + if (req->session && req->session->signing_active) { status = smb2_sign_message(&req->out, req->session->session_key); if (!NT_STATUS_IS_OK(status)) { req->state = SMB2_REQUEST_ERROR; -- cgit