From 49d0432efd84ef2e4bcaa85d4aad11c18d947db1 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 2 Aug 2012 18:47:48 +0200
Subject: [PATCH] s3:smbd: setup session->global->signing_/application_key
 during SPNEGO SMB1 session setups

metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Aug  4 11:09:42 CEST 2012 on sn-devel-104
---
 source3/smbd/sesssetup.c | 59 ++++++++++++++++++++++++++++++++++++++--
 1 file changed, 57 insertions(+), 2 deletions(-)

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 003e4952f2d..cf9c2e73dd5 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -283,6 +283,58 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
 			action = 1;
 		}
 
+		if (session_info->session_key.length > 0) {
+			struct smbXsrv_session *x = session;
+			uint8_t session_key[16];
+
+			/*
+			 * Note: the SMB1 signing key is not truncated to 16 byte!
+			 */
+			x->global->signing_key =
+				data_blob_dup_talloc(x->global,
+						     session_info->session_key);
+			if (x->global->signing_key.data == NULL) {
+				data_blob_free(&out_blob);
+				TALLOC_FREE(session);
+				reply_nterror(req, NT_STATUS_NO_MEMORY);
+				return;
+			}
+
+			/*
+			 * The application key is truncated/padded to 16 bytes
+			 */
+			ZERO_STRUCT(session_key);
+			memcpy(session_key, x->global->signing_key.data,
+			       MIN(x->global->signing_key.length,
+				   sizeof(session_key)));
+			x->global->application_key =
+				data_blob_talloc(x->global,
+						 session_key,
+						 sizeof(session_key));
+			ZERO_STRUCT(session_key);
+			if (x->global->application_key.data == NULL) {
+				data_blob_free(&out_blob);
+				TALLOC_FREE(session);
+				reply_nterror(req, NT_STATUS_NO_MEMORY);
+				return;
+			}
+
+			/*
+			 * Place the application key into the session_info
+			 */
+			data_blob_clear_free(&session_info->session_key);
+			session_info->session_key =
+				data_blob_dup_talloc(session_info,
+						     x->global->application_key);
+			if (session_info->session_key.data == NULL) {
+				data_blob_clear_free(&x->global->application_key);
+				data_blob_free(&out_blob);
+				TALLOC_FREE(session);
+				reply_nterror(req, NT_STATUS_NO_MEMORY);
+				return;
+			}
+		}
+
 		session->compat = talloc_zero(session, struct user_struct);
 		if (session->compat == NULL) {
 			data_blob_free(&out_blob);
@@ -312,13 +364,16 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
 			return;
 		}
 
-		if (srv_is_signing_negotiated(sconn) && action == 0) {
+		if (srv_is_signing_negotiated(sconn) &&
+		    action == 0 &&
+		    session->global->signing_key.length > 0)
+		{
 			/*
 			 * Try and turn on server signing on the first non-guest
 			 * sessionsetup.
 			 */
 			srv_set_signing(sconn,
-				session_info->session_key,
+				session->global->signing_key,
 				data_blob_null);
 		}
 
-- 
2.34.1