From 7b088a8f654f34911928dcdf320ca3cf79592aed Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 13 Aug 2004 00:16:57 +0000
Subject: r1796: Enable server-side SPNEGO, now that I have fixed the
 server-side SMB signing code to be able to cope.

Andrew Bartlett
(This used to be commit cb74d52b563730a50e33c92d868c45ee96a598e8)
---
 source4/smb_server/sesssetup.c | 30 ++++++++++++++++++++++--------
 1 file changed, 22 insertions(+), 8 deletions(-)

(limited to 'source4/smb_server/sesssetup.c')

diff --git a/source4/smb_server/sesssetup.c b/source4/smb_server/sesssetup.c
index e1245748a0..a87db0ecc4 100644
--- a/source4/smb_server/sesssetup.c
+++ b/source4/smb_server/sesssetup.c
@@ -160,9 +160,18 @@ static NTSTATUS sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *s
 				 &sess->nt1.out.domain);
 	
 	req->session = smbsrv_session_find(req->smb_conn, sess->nt1.out.vuid);
-	if (!session_info->server_info->guest) {
-		srv_setup_signing(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2);
+	if (session_info->server_info->guest) {
+		return NT_STATUS_OK;
 	}
+	if (!srv_setup_signing(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2)) {
+		/* Already signing, or disabled */
+		return NT_STATUS_OK;
+	}
+		
+	/* Force check of the request packet, now we know the session key */
+	req_signing_check_incoming(req);
+
+	srv_signing_restart(req->smb_conn,  &session_info->session_key, &sess->nt1.in.password2);
 
 	return NT_STATUS_OK;
 }
@@ -227,7 +236,6 @@ static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup
 
 	if (NT_STATUS_IS_OK(status)) {
 		DATA_BLOB session_key;
-		DATA_BLOB null_data_blob = data_blob(NULL, 0);
 		
 		status = gensec_session_info(smb_sess->gensec_ctx, &smb_sess->session_info);
 		if (!NT_STATUS_IS_OK(status)) {
@@ -235,12 +243,18 @@ static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup
 		}
 		
 		status = gensec_session_key(smb_sess->gensec_ctx, 
-						       &session_key);
-		if (NT_STATUS_IS_OK(status)) {
-			srv_setup_signing(req->smb_conn, &session_key, &null_data_blob);
-			req->seq_num = 0;
-			req->smb_conn->signing.next_seq_num = 2;
+					    &session_key);
+		if (NT_STATUS_IS_OK(status) 
+		    && !smb_sess->session_info->server_info->guest
+		    && srv_setup_signing(req->smb_conn, &session_key, NULL)) {
+			/* Force check of the request packet, now we know the session key */
+			req_signing_check_incoming(req);
+
+			srv_signing_restart(req->smb_conn, &session_key, NULL);
+
 		}
+	} else {
+		status = nt_status_squash(status);
 	}
 
 	sess->spnego.out.action = 0;
-- 
cgit