s4:smb_server: remove the bogus smbsrv_signing_restart()

Real signing always starts with seqnumber 2, and once signing
is on the session key never change anymore for the complete
smb connection.

metze

diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c
index f45cbf17562d411b2a461ee876b5224a90960a0c..a12bbd5cec29d46233f4d4a4c8d0ec67f22edf40 100644 (file)
--- a/source4/smb_server/smb/sesssetup.c
+++ b/source4/smb_server/smb/sesssetup.c
@@ -193,16 +193,6 @@ static void sesssetup_nt1_send(struct auth_check_password_request *areq,
                goto done;
        }
 
-       /* Force check of the request packet, now we know the session key */
-       smbsrv_signing_check_incoming(req);
-/* TODO: why don't we check the result here? */
-
-       /* Unfortunetly win2k3 as a client doesn't sign the request
-        * packet here, so we have to force signing to start again */
-
-       smbsrv_signing_restart(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2, 
-                              session_info->server_info->authenticated);
-
 done:
        status = NT_STATUS_OK;
 failed:
@@ -321,13 +311,8 @@ static void sesssetup_spnego_send(struct gensec_update_request *greq, void *priv
        if (!NT_STATUS_IS_OK(status)) goto failed;
 
        skey_status = gensec_session_key(smb_sess->gensec_ctx, &session_key);
-       if (NT_STATUS_IS_OK(skey_status) &&
-           smbsrv_setup_signing(req->smb_conn, &session_key, NULL)) {
-               /* Force check of the request packet, now we know the session key */
-               smbsrv_signing_check_incoming(req);
-
-               smbsrv_signing_restart(req->smb_conn, &session_key, NULL, 
-                                      session_info->server_info->authenticated);
+       if (NT_STATUS_IS_OK(skey_status)) {
+               smbsrv_setup_signing(req->smb_conn, &session_key, NULL);
        }
 
        /* Ensure this is marked as a 'real' vuid, not one

diff --git a/source4/smb_server/smb/signing.c b/source4/smb_server/smb/signing.c
index 21dc99b165187ef83838b83ec4d9201d94fdfe06..0b5cf56fdb87689f14a7f44a01bfc5686833f15b 100644 (file)
--- a/source4/smb_server/smb/signing.c
+++ b/source4/smb_server/smb/signing.c
@@ -75,30 +75,6 @@ bool smbsrv_setup_signing(struct smbsrv_connection *smb_conn,
                                         &smb_conn->signing, session_key, response);
 }
 
-void smbsrv_signing_restart(struct smbsrv_connection *smb_conn,
-                           DATA_BLOB *session_key,
-                           DATA_BLOB *response,
-                           bool authenticated_session) 
-{
-       if (!smb_conn->signing.seen_valid) {
-               DEBUG(5, ("Client did not send a valid signature on "
-                         "SPNEGO session setup - ignored, expect good next time\n"));
-               /* force things back on (most clients do not sign this packet)... */
-               smbsrv_setup_signing(smb_conn, session_key, response);
-               smb_conn->signing.next_seq_num = 2;
-
-               /* If mandetory_signing is set, and this was an authenticated logon, then force on */
-               if (smb_conn->signing.mandatory_signing && authenticated_session) {
-                       DEBUG(5, ("Configured for mandatory signing, 'good packet seen' forced on\n"));
-                       /* if this is mandatory, then
-                        * pretend we have seen a
-                        * valid packet, so we don't
-                        * turn it off */
-                       smb_conn->signing.seen_valid = true;
-               }
-       }
-}
-
 bool smbsrv_init_signing(struct smbsrv_connection *smb_conn)
 {
        smb_conn->signing.mac_key = data_blob(NULL, 0);