auth_context->get_ntlm_challenge(auth_context,
chal);
- if (!make_user_info_guest(remote_address, &user_info)) {
+ if (!make_user_info_guest(talloc_tos(), remote_address, &user_info)) {
TALLOC_FREE(auth_context);
return NT_STATUS_NO_MEMORY;
}
nt_status = auth_check_password_session_info(auth_context,
mem_ctx, user_info, session_info);
- free_user_info(&user_info);
+ TALLOC_FREE(user_info);
TALLOC_FREE(auth_context);
return nt_status;
}
const char *native_os;
const char *native_lanman;
const char *primary_domain;
- const char *p2;
uint16 data_blob_len = SVAL(req->vwv+7, 0);
enum remote_arch_types ra_type = get_remote_arch();
uint64_t vuid = req->vuid;
NTSTATUS status = NT_STATUS_OK;
+ struct smbXsrv_connection *xconn = req->xconn;
struct smbd_server_connection *sconn = req->sconn;
uint16_t action = 0;
NTTIME now = timeval_to_nttime(&req->request_time);
DEBUG(3,("Doing spnego session setup\n"));
- if (!sconn->smb1.sessions.done_sesssetup) {
+ if (!xconn->smb1.sessions.done_sesssetup) {
global_client_caps = client_caps;
if (!(global_client_caps & CAP_STATUS32)) {
file_save("negotiate.dat", in_blob.data, in_blob.length);
#endif
- p2 = (const char *)req->buf + in_blob.length;
+ p = req->buf + in_blob.length;
- p2 += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p2,
+ p += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p,
STR_TERMINATE);
native_os = tmp ? tmp : "";
- p2 += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p2,
+ p += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p,
STR_TERMINATE);
native_lanman = tmp ? tmp : "";
- p2 += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p2,
+ p += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p,
STR_TERMINATE);
primary_domain = tmp ? tmp : "";
}
if (vuid != 0) {
- status = smb1srv_session_lookup(sconn->conn,
+ status = smb1srv_session_lookup(xconn,
vuid, now,
&session);
if (NT_STATUS_EQUAL(status, NT_STATUS_USER_SESSION_DELETED)) {
if (session == NULL) {
/* create a new session */
- status = smbXsrv_session_create(sconn->conn,
+ status = smbXsrv_session_create(xconn,
now, &session);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, nt_status_squash(status));
}
if (!session->gensec) {
- status = auth_generic_prepare(session, sconn->remote_address,
+ status = auth_generic_prepare(session, xconn->remote_address,
&session->gensec);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(session);
become_root();
status = gensec_update(session->gensec,
- talloc_tos(), NULL,
+ talloc_tos(),
in_blob, &out_blob);
unbecome_root();
if (!NT_STATUS_IS_OK(status) &&
register_homes_share(session_info->unix_info->unix_name);
}
- if (srv_is_signing_negotiated(sconn) &&
+ if (srv_is_signing_negotiated(xconn) &&
action == 0 &&
session->global->signing_key.length > 0)
{
* Try and turn on server signing on the first non-guest
* sessionsetup.
*/
- srv_set_signing(sconn,
+ srv_set_signing(xconn,
session->global->signing_key,
data_blob_null);
}
session->global->auth_session_info_seqnum += 1;
session->global->channels[0].auth_session_info_seqnum =
session->global->auth_session_info_seqnum;
+ session->global->auth_time = now;
if (client_caps & CAP_DYNAMIC_REAUTH) {
session->global->expiration_time =
gensec_expire_time(session->gensec);
return;
}
- if (!sconn->smb1.sessions.done_sesssetup) {
- sconn->smb1.sessions.max_send =
- MIN(sconn->smb1.sessions.max_send,smb_bufsize);
+ if (!xconn->smb1.sessions.done_sesssetup) {
+ if (smb_bufsize < SMB_BUFFER_SIZE_MIN) {
+ reply_force_doserror(req, ERRSRV, ERRerror);
+ return;
+ }
+ xconn->smb1.sessions.max_send = smb_bufsize;
+ xconn->smb1.sessions.done_sesssetup = true;
}
- sconn->smb1.sessions.done_sesssetup = true;
/* current_user_info is changed on new vuid */
reload_services(sconn, conn_snum_used, true);
session->global->auth_session_info_seqnum += 1;
session->global->channels[0].auth_session_info_seqnum =
session->global->auth_session_info_seqnum;
+ session->global->auth_time = now;
if (client_caps & CAP_DYNAMIC_REAUTH) {
session->global->expiration_time =
gensec_expire_time(session->gensec);
struct server_id self_pid = messaging_server_id(state->msg_ctx);
struct server_id pid = session->channels[0].server_id;
const char *addr = session->channels[0].remote_address;
+ struct server_id_buf tmp;
DEBUG(10, ("shutdown_other_smbds: %s, %s\n",
- server_id_str(talloc_tos(), &pid), addr));
+ server_id_str_buf(pid, &tmp), addr));
if (!process_exists(pid)) {
DEBUG(10, ("process does not exist\n"));
uint16_t action = 0;
NTTIME now = timeval_to_nttime(&req->request_time);
struct smbXsrv_session *session = NULL;
-
NTSTATUS nt_status;
+ struct smbXsrv_connection *xconn = req->xconn;
struct smbd_server_connection *sconn = req->sconn;
-
- bool doencrypt = sconn->smb1.negprot.encrypted_passwords;
+ bool doencrypt = xconn->smb1.negprot.encrypted_passwords;
bool signing_allowed = false;
bool signing_mandatory = false;
* It finds out when it needs to turn into a noop
* itself.
*/
- srv_set_signing_negotiated(req->sconn,
+ srv_set_signing_negotiated(xconn,
signing_allowed,
signing_mandatory);
if (req->wct == 12 &&
(req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
- if (!sconn->smb1.negprot.spnego) {
+ if (!xconn->smb1.negprot.spnego) {
DEBUG(0,("reply_sesssetup_and_X: Rejecting attempt "
"at SPNEGO session setup when it was not "
"negotiated.\n"));
const uint8_t *save_p = req->buf;
uint16 byte_count;
- if (!sconn->smb1.sessions.done_sesssetup) {
+ if (!xconn->smb1.sessions.done_sesssetup) {
global_client_caps = IVAL(req->vwv+11, 0);
if (!(global_client_caps & CAP_STATUS32)) {
domain, user, get_remote_machine_name()));
if (*user) {
- if (sconn->smb1.negprot.spnego) {
+ if (xconn->smb1.negprot.spnego) {
/* This has to be here, because this is a perfectly
* valid behaviour for guest logons :-( */
} else if (doencrypt) {
struct auth4_context *negprot_auth_context = NULL;
- negprot_auth_context = sconn->smb1.negprot.auth_context;
+ negprot_auth_context = xconn->smb1.negprot.auth_context;
if (!negprot_auth_context) {
DEBUG(0, ("reply_sesssetup_and_X: Attempted encrypted "
"session setup without negprot denied!\n"));
END_PROFILE(SMBsesssetupX);
return;
}
- nt_status = make_user_info_for_reply_enc(&user_info, user,
- domain,
- sconn->remote_address,
- lm_resp, nt_resp);
+ nt_status = make_user_info_for_reply_enc(talloc_tos(),
+ &user_info, user,
+ domain,
+ sconn->remote_address,
+ lm_resp, nt_resp);
if (NT_STATUS_IS_OK(nt_status)) {
nt_status = auth_check_password_session_info(negprot_auth_context,
req, user_info, &session_info);
plaintext_auth_context->get_ntlm_challenge(
plaintext_auth_context, chal);
- if (!make_user_info_for_reply(&user_info,
+ if (!make_user_info_for_reply(talloc_tos(),
+ &user_info,
user, domain,
sconn->remote_address,
chal,
}
}
- free_user_info(&user_info);
+ TALLOC_FREE(user_info);
if (!NT_STATUS_IS_OK(nt_status)) {
data_blob_free(&nt_resp);
/* register the name and uid as being validated, so further connections
to a uid can get through without a password, on the same VC */
- nt_status = smbXsrv_session_create(sconn->conn,
+ nt_status = smbXsrv_session_create(xconn,
now, &session);
if (!NT_STATUS_IS_OK(nt_status)) {
data_blob_free(&nt_resp);
register_homes_share(session_info->unix_info->unix_name);
}
- if (srv_is_signing_negotiated(sconn) &&
+ if (srv_is_signing_negotiated(xconn) &&
action == 0 &&
session->global->signing_key.length > 0)
{
* Try and turn on server signing on the first non-guest
* sessionsetup.
*/
- srv_set_signing(sconn,
+ srv_set_signing(xconn,
session->global->signing_key,
nt_resp.data ? nt_resp : lm_resp);
}
session->global->auth_session_info_seqnum += 1;
session->global->channels[0].auth_session_info_seqnum =
session->global->auth_session_info_seqnum;
+ session->global->auth_time = now;
session->global->expiration_time = GENSEC_EXPIRE_TIME_INFINITY;
nt_status = smbXsrv_session_update(session);
SSVAL(discard_const_p(char, req->inbuf),smb_uid,sess_vuid);
req->vuid = sess_vuid;
- if (!sconn->smb1.sessions.done_sesssetup) {
- sconn->smb1.sessions.max_send =
- MIN(sconn->smb1.sessions.max_send,smb_bufsize);
+ if (!xconn->smb1.sessions.done_sesssetup) {
+ if (smb_bufsize < SMB_BUFFER_SIZE_MIN) {
+ reply_force_doserror(req, ERRSRV, ERRerror);
+ END_PROFILE(SMBsesssetupX);
+ return;
+ }
+ xconn->smb1.sessions.max_send = smb_bufsize;
+ xconn->smb1.sessions.done_sesssetup = true;
}
- sconn->smb1.sessions.done_sesssetup = true;
END_PROFILE(SMBsesssetupX);
}