From: Andrew Tridgell Date: Sat, 7 Jun 2008 15:30:51 +0000 (-0700) Subject: make signing per session in the SMB2 client library X-Git-Url: http://git.samba.org/samba.git/?p=kai%2Fsamba.git;a=commitdiff_plain;h=1c33953ae21384f04de11539afaf9ead5e413b96 make signing per session in the SMB2 client library Thanks to Metze for spotting this (This used to be commit e9fd9b821c04d1cb7b574f539dd8169611e662aa) --- diff --git a/source4/libcli/smb2/session.c b/source4/libcli/smb2/session.c index 42fd4840a1b..91616319d59 100644 --- a/source4/libcli/smb2/session.c +++ b/source4/libcli/smb2/session.c @@ -164,7 +164,7 @@ static void session_request_handler(struct smb2_request *req) session_key_err = gensec_session_key(session->gensec, &session_key); if (NT_STATUS_IS_OK(session_key_err)) { - session->transport->signing.session_key = session_key; + session->session_key = session_key; } } @@ -188,9 +188,9 @@ static void session_request_handler(struct smb2_request *req) } if (session->transport->signing.doing_signing) { - if (session->transport->signing.session_key.length != 16) { + if (session->session_key.length != 16) { DEBUG(2,("Wrong session key length %u for SMB2 signing\n", - (unsigned)session->transport->signing.session_key.length)); + (unsigned)session->session_key.length)); composite_error(c, NT_STATUS_ACCESS_DENIED); return; } diff --git a/source4/libcli/smb2/smb2.h b/source4/libcli/smb2/smb2.h index 09035095287..2b468d3dc98 100644 --- a/source4/libcli/smb2/smb2.h +++ b/source4/libcli/smb2/smb2.h @@ -30,7 +30,6 @@ struct smb2_handle; struct smb2_signing_context { bool doing_signing; bool signing_started; - DATA_BLOB session_key; }; /* @@ -98,6 +97,7 @@ struct smb2_session { struct smb2_transport *transport; struct gensec_security *gensec; uint64_t uid; + DATA_BLOB session_key; }; diff --git a/source4/libcli/smb2/tcon.c b/source4/libcli/smb2/tcon.c index db35669d419..ec7152b264e 100644 --- a/source4/libcli/smb2/tcon.c +++ b/source4/libcli/smb2/tcon.c @@ -57,6 +57,7 @@ struct smb2_request *smb2_tree_connect_send(struct smb2_tree *tree, if (req == NULL) return NULL; SBVAL(req->out.hdr, SMB2_HDR_SESSION_ID, tree->session->uid); + req->session = tree->session; SSVAL(req->out.body, 0x02, io->in.reserved); status = smb2_push_o16s16_string(&req->out, 0x04, io->in.path); diff --git a/source4/libcli/smb2/transport.c b/source4/libcli/smb2/transport.c index a9a9efb3aac..6e0d523e211 100644 --- a/source4/libcli/smb2/transport.c +++ b/source4/libcli/smb2/transport.c @@ -235,10 +235,9 @@ static NTSTATUS smb2_transport_finish_recv(void *private, DATA_BLOB blob) req->in.body_size = req->in.size - (SMB2_HDR_BODY+NBT_HDR_SIZE); req->status = NT_STATUS(IVAL(hdr, SMB2_HDR_STATUS)); - if (transport->signing.signing_started && - transport->signing.doing_signing) { + if (req->session && transport->signing.doing_signing) { status = smb2_check_signature(&req->in, - transport->signing.session_key); + req->session->session_key); if (!NT_STATUS_IS_OK(status)) { /* the spec says to ignore packets with a bad signature */ talloc_free(buffer); @@ -353,9 +352,10 @@ void smb2_transport_send(struct smb2_request *req) } /* possibly sign the message */ - if (req->transport->signing.doing_signing && - req->transport->signing.signing_started) { - status = smb2_sign_message(&req->out, req->transport->signing.session_key); + if (req->transport->signing.doing_signing && + req->transport->signing.signing_started && + req->session) { + status = smb2_sign_message(&req->out, req->session->session_key); if (!NT_STATUS_IS_OK(status)) { req->state = SMB2_REQUEST_ERROR; req->status = status;