s3:smbd: remember the time of the session setup auth_time

This is the time of the last reauth.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

diff --git a/source3/librpc/idl/smbXsrv.idl b/source3/librpc/idl/smbXsrv.idl
index 36710dddd57f1164e8e476835a6d5cf26f064722..ca5c3f3fde984242d02271bf6bf66e39f3caee7a 100644 (file)
--- a/source3/librpc/idl/smbXsrv.idl
+++ b/source3/librpc/idl/smbXsrv.idl
@@ -98,6 +98,7 @@ interface smbXsrv
                 * auth_session is NULL until the
                 * session is valid for the first time.
                 */
+               NTTIME                                  auth_time;
                uint32                                  auth_session_info_seqnum;
                auth_session_info                       *auth_session_info;
                uint16                                  connection_dialect;

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index b5e8d878d8ad7c6fe69ead62e09262e5a6cdc552..f00a55c2dfaa5563cb96288006301a35217dd619 100644 (file)
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -354,6 +354,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
                session->global->auth_session_info_seqnum += 1;
                session->global->channels[0].auth_session_info_seqnum =
                        session->global->auth_session_info_seqnum;
+               session->global->auth_time = now;
                if (client_caps & CAP_DYNAMIC_REAUTH) {
                        session->global->expiration_time =
                                gensec_expire_time(session->gensec);
@@ -441,6 +442,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
                session->global->auth_session_info_seqnum += 1;
                session->global->channels[0].auth_session_info_seqnum =
                        session->global->auth_session_info_seqnum;
+               session->global->auth_time = now;
                if (client_caps & CAP_DYNAMIC_REAUTH) {
                        session->global->expiration_time =
                                gensec_expire_time(session->gensec);
@@ -1052,6 +1054,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
        session->global->auth_session_info_seqnum += 1;
        session->global->channels[0].auth_session_info_seqnum =
                session->global->auth_session_info_seqnum;
+       session->global->auth_time = now;
        session->global->expiration_time = GENSEC_EXPIRE_TIME_INFINITY;
 
        nt_status = smbXsrv_session_update(session);

diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 9004e691bb524d249c8cd1abba34ac35a8dfec1c..b31df84dbed642f2adedf51fd1646f385993a28b 100644 (file)
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -341,6 +341,7 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
        session->global->auth_session_info_seqnum += 1;
        session->global->channels[0].auth_session_info_seqnum =
                session->global->auth_session_info_seqnum;
+       session->global->auth_time = timeval_to_nttime(&smb2req->request_time);
        session->global->expiration_time = gensec_expire_time(session->gensec);
 
        if (!session_claim(session)) {
@@ -409,6 +410,7 @@ static NTSTATUS smbd_smb2_reauth_generic_return(struct smbXsrv_session *session,
        session->global->auth_session_info_seqnum += 1;
        session->global->channels[0].auth_session_info_seqnum =
                session->global->auth_session_info_seqnum;
+       session->global->auth_time = timeval_to_nttime(&smb2req->request_time);
        session->global->expiration_time = gensec_expire_time(session->gensec);
 
        status = smbXsrv_session_update(session);