This prepares the structures for multi-channel support.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
*/
int max_send;
} sessions;
+ struct smb_signing_state *signing_state;
} smb1;
struct {
struct {
uint32_t client_cap_high;
} unix_info;
- struct smb_signing_state *signing_state;
-
struct notify_mid_map *notify_mid_maps;
struct {
secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
}
- signing_desired = smb_signing_is_desired(req->sconn->smb1.signing_state);
- signing_required = smb_signing_is_mandatory(req->sconn->smb1.signing_state);
+ signing_desired = smb_signing_is_desired(xconn->smb1.signing_state);
+ signing_required = smb_signing_is_mandatory(xconn->smb1.signing_state);
if (signing_desired) {
secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
void reply_ntcancel(struct smb_request *req)
{
+ struct smbXsrv_connection *xconn = req->sconn->conn;
+
/*
* Go through and cancel any pending change notifies.
*/
START_PROFILE(SMBntcancel);
- srv_cancel_sign_response(req->sconn);
+ srv_cancel_sign_response(xconn);
remove_pending_change_notify_requests_by_mid(req->sconn, req->mid);
remove_pending_lock_requests_by_mid_smb1(req->sconn, req->mid);
if (do_signing) {
/* Sign the outgoing packet if required. */
- srv_calculate_sign_mac(sconn, buf_out, seqnum);
+ srv_calculate_sign_mac(xconn, buf_out, seqnum);
}
if (do_encrypt) {
char **buffer, unsigned int timeout,
size_t *p_unread, size_t *plen)
{
+ struct smbXsrv_connection *xconn = sconn->conn;
char lenbuf[4];
size_t len;
int min_recv_size = lp_min_receive_file_size();
if (CVAL(lenbuf,0) == 0 && min_recv_size &&
(smb_len_large(lenbuf) > /* Could be a UNIX large writeX. */
(min_recv_size + STANDARD_WRITE_AND_X_HEADER_SIZE)) &&
- !srv_is_signing_active(sconn) &&
+ !srv_is_signing_active(xconn) &&
sconn->smb1.echo_handler.trusted_fde == NULL) {
return receive_smb_raw_talloc_partial_read(
uint32_t *seqnum,
bool trusted_channel)
{
+ struct smbXsrv_connection *xconn = sconn->conn;
size_t len = 0;
NTSTATUS status;
}
/* Check the incoming SMB signature. */
- if (!srv_check_sign_mac(sconn, *buffer, seqnum, trusted_channel)) {
+ if (!srv_check_sign_mac(xconn, *buffer, seqnum, trusted_channel)) {
DEBUG(0, ("receive_smb: SMB Signature verification failed on "
"incoming packet!\n"));
return NT_STATUS_INVALID_NETWORK_RESPONSE;
DEBUG(0,("Changed root to %s\n", lp_root_directory(talloc_tos())));
}
- if (!srv_init_signing(sconn)) {
+ if (!srv_init_signing(conn)) {
exit_server("Failed to init smb_signing");
}
/* The following definitions come from smbd/signing.c */
-bool srv_check_sign_mac(struct smbd_server_connection *conn,
+struct smbXsrv_connection;
+
+bool srv_check_sign_mac(struct smbXsrv_connection *conn,
const char *inbuf, uint32_t *seqnum, bool trusted_channel);
-void srv_calculate_sign_mac(struct smbd_server_connection *conn,
+void srv_calculate_sign_mac(struct smbXsrv_connection *conn,
char *outbuf, uint32_t seqnum);
-void srv_cancel_sign_response(struct smbd_server_connection *conn);
-bool srv_init_signing(struct smbd_server_connection *conn);
-void srv_set_signing_negotiated(struct smbd_server_connection *conn,
+void srv_cancel_sign_response(struct smbXsrv_connection *conn);
+bool srv_init_signing(struct smbXsrv_connection *conn);
+void srv_set_signing_negotiated(struct smbXsrv_connection *conn,
bool allowed, bool mandatory);
-bool srv_is_signing_active(struct smbd_server_connection *conn);
-bool srv_is_signing_negotiated(struct smbd_server_connection *conn);
-void srv_set_signing(struct smbd_server_connection *conn,
+bool srv_is_signing_active(struct smbXsrv_connection *conn);
+bool srv_is_signing_negotiated(struct smbXsrv_connection *conn);
+void srv_set_signing(struct smbXsrv_connection *conn,
const DATA_BLOB user_session_key,
const DATA_BLOB response);
if ( !req_is_in_chain(req) && (nread > 0) && (fsp->base_fsp == NULL) &&
(fsp->wcp == NULL) &&
- lp_use_sendfile(SNUM(conn), req->sconn->smb1.signing_state) ) {
+ lp_use_sendfile(SNUM(conn), xconn->smb1.signing_state) ) {
ssize_t sendfile_read = -1;
char header[4];
DATA_BLOB header_blob;
{
connection_struct *conn = req->conn;
struct smbd_server_connection *sconn = req->sconn;
+ struct smbXsrv_connection *xconn = sconn->conn;
ssize_t maxcount,mincount;
size_t nread = 0;
off_t startpos;
START_PROFILE(SMBreadbraw);
- if (srv_is_signing_active(sconn) || req->encrypted) {
+ if (srv_is_signing_active(xconn) || req->encrypted) {
exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
"raw reads/writes are disallowed.");
}
!req->encrypted &&
(fsp->base_fsp == NULL) &&
(fsp->wcp == NULL) &&
- lp_use_sendfile(SNUM(conn), req->sconn->smb1.signing_state) ) {
+ lp_use_sendfile(SNUM(conn), xconn->smb1.signing_state) ) {
uint8 headerbuf[smb_size + 12 * 2];
DATA_BLOB header;
return xconn->smb1.sessions.max_send;
}
- if (srv_is_signing_active(req->sconn)) {
+ if (srv_is_signing_active(xconn)) {
return 0x1FFFF;
}
*/
SCVAL(discard_const_p(uint8_t, req->inbuf),smb_com,SMBwritec);
- if (srv_is_signing_active(req->sconn)) {
+ if (srv_is_signing_active(xconn)) {
END_PROFILE(SMBwritebraw);
exit_server_cleanly("reply_writebraw: SMB signing is active - "
"raw reads/writes are disallowed.");
int snum, struct user_struct *vuser,
const char *pdev)
{
+ struct smbXsrv_connection *xconn = sconn->conn;
struct smb_filename *smb_fname_cpath = NULL;
fstring dev;
int ret;
dbgtext( "%s (%s) ", get_remote_machine_name(),
tsocket_address_string(conn->sconn->remote_address,
talloc_tos()) );
- dbgtext( "%s", srv_is_signing_active(sconn) ? "signed " : "");
+ dbgtext( "%s", srv_is_signing_active(xconn) ? "signed " : "");
dbgtext( "connect to service %s ",
lp_servicename(talloc_tos(), snum) );
dbgtext( "initially as user %s ",
register_homes_share(session_info->unix_info->unix_name);
}
- if (srv_is_signing_negotiated(sconn) &&
+ if (srv_is_signing_negotiated(xconn) &&
action == 0 &&
session->global->signing_key.length > 0)
{
* Try and turn on server signing on the first non-guest
* sessionsetup.
*/
- srv_set_signing(sconn,
+ srv_set_signing(xconn,
session->global->signing_key,
data_blob_null);
}
* It finds out when it needs to turn into a noop
* itself.
*/
- srv_set_signing_negotiated(req->sconn,
+ srv_set_signing_negotiated(xconn,
signing_allowed,
signing_mandatory);
register_homes_share(session_info->unix_info->unix_name);
}
- if (srv_is_signing_negotiated(sconn) &&
+ if (srv_is_signing_negotiated(xconn) &&
action == 0 &&
session->global->signing_key.length > 0)
{
* Try and turn on server signing on the first non-guest
* sessionsetup.
*/
- srv_set_signing(sconn,
+ srv_set_signing(xconn,
session->global->signing_key,
nt_resp.data ? nt_resp : lm_resp);
}
Called to validate an incoming packet from the client.
************************************************************/
-bool srv_check_sign_mac(struct smbd_server_connection *conn,
+bool srv_check_sign_mac(struct smbXsrv_connection *conn,
const char *inbuf, uint32_t *seqnum,
bool trusted_channel)
{
Called to sign an outgoing packet to the client.
************************************************************/
-void srv_calculate_sign_mac(struct smbd_server_connection *conn,
+void srv_calculate_sign_mac(struct smbXsrv_connection *conn,
char *outbuf, uint32_t seqnum)
{
uint8_t *outhdr;
/***********************************************************
Called to indicate a oneway request
************************************************************/
-void srv_cancel_sign_response(struct smbd_server_connection *conn)
+void srv_cancel_sign_response(struct smbXsrv_connection *conn)
{
smb_signing_cancel_reply(conn->smb1.signing_state, true);
}
Called by server negprot when signing has been negotiated.
************************************************************/
-bool srv_init_signing(struct smbd_server_connection *conn)
+bool srv_init_signing(struct smbXsrv_connection *conn)
{
bool allowed = true;
bool desired;
return true;
}
-void srv_set_signing_negotiated(struct smbd_server_connection *conn,
+void srv_set_signing_negotiated(struct smbXsrv_connection *conn,
bool allowed, bool mandatory)
{
smb_signing_set_negotiated(conn->smb1.signing_state,
reads/writes if it is.
************************************************************/
-bool srv_is_signing_active(struct smbd_server_connection *conn)
+bool srv_is_signing_active(struct smbXsrv_connection *conn)
{
return smb_signing_is_active(conn->smb1.signing_state);
}
in the negprot.
************************************************************/
-bool srv_is_signing_negotiated(struct smbd_server_connection *conn)
+bool srv_is_signing_negotiated(struct smbXsrv_connection *conn)
{
return smb_signing_is_negotiated(conn->smb1.signing_state);
}
Turn on signing from this packet onwards.
************************************************************/
-void srv_set_signing(struct smbd_server_connection *conn,
+void srv_set_signing(struct smbXsrv_connection *conn,
const DATA_BLOB user_session_key,
const DATA_BLOB response)
{
char **ppdata,
int *ret_data_len)
{
+ struct smbXsrv_connection *xconn = conn->sconn->conn;
char *pdata, *end_data;
int data_len = 0, len;
const char *vname = volume_label(talloc_tos(), SNUM(conn));
case SMB_QUERY_CIFS_UNIX_INFO:
{
bool large_write = lp_min_receive_file_size() &&
- !srv_is_signing_active(conn->sconn);
- bool large_read = !srv_is_signing_active(conn->sconn);
+ !srv_is_signing_active(xconn);
+ bool large_read = !srv_is_signing_active(xconn);
int encrypt_caps = 0;
if (!lp_unix_extensions()) {