s3:smbd: move sconn->smb1.negprot.* to xconn->smb1.negprot.*

This prepares the structures for multi-channel support.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index 4d18308fe9e747c8b3afe286d8878c19b4916e77..625bff690b93e71b3cc835ec844f9be206542724 100644 (file)
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -353,6 +353,19 @@ struct smbXsrv_connection {
                } nbt;
        } transport;
 
+       struct {
+               struct {
+                       bool encrypted_passwords;
+                       bool spnego;
+                       struct auth4_context *auth_context;
+                       bool done;
+                       /*
+                        * Size of the data we can receive. Set by us.
+                        * Can be modified by the max xmit parameter.
+                        */
+                       int max_recv;
+               } negprot;
+       } smb1;
        struct {
                struct {
                        uint32_t capabilities;
@@ -734,18 +747,6 @@ struct smbd_server_connection {
                        int ref_count;
                } echo_handler;
 
-               struct {
-                       bool encrypted_passwords;
-                       bool spnego;
-                       struct auth4_context *auth_context;
-                       bool done;
-                       /*
-                        * Size of the data we can receive. Set by us.
-                        * Can be modified by the max xmit parameter.
-                        */
-                       int max_recv;
-               } negprot;
-
                struct {
                        uint16_t client_major;
                        uint16_t client_minor;

diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 225fe39156ee10c81d5b76d3048494888e41bb4a..4a109cd19460aa8985ae993f2d21c6bacbcd077d 100644 (file)
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -33,27 +33,28 @@ extern fstring remote_proto;
 
 static void get_challenge(struct smbd_server_connection *sconn, uint8 buff[8])
 {
+       struct smbXsrv_connection *xconn = sconn->conn;
        NTSTATUS nt_status;
 
        /* We might be called more than once, multiple negprots are
         * permitted */
-       if (sconn->smb1.negprot.auth_context) {
+       if (xconn->smb1.negprot.auth_context) {
                DEBUG(3, ("get challenge: is this a secondary negprot? "
                          "sconn->negprot.auth_context is non-NULL!\n"));
-                       TALLOC_FREE(sconn->smb1.negprot.auth_context);
+               TALLOC_FREE(xconn->smb1.negprot.auth_context);
        }
 
        DEBUG(10, ("get challenge: creating negprot_global_auth_context\n"));
        nt_status = make_auth4_context(
-               sconn, &sconn->smb1.negprot.auth_context);
+               xconn, &xconn->smb1.negprot.auth_context);
        if (!NT_STATUS_IS_OK(nt_status)) {
                DEBUG(0, ("make_auth_context_subsystem returned %s",
                          nt_errstr(nt_status)));
                smb_panic("cannot make_negprot_global_auth_context!");
        }
        DEBUG(10, ("get challenge: getting challenge\n"));
-       sconn->smb1.negprot.auth_context->get_ntlm_challenge(
-               sconn->smb1.negprot.auth_context, buff);
+       xconn->smb1.negprot.auth_context->get_ntlm_challenge(
+               xconn->smb1.negprot.auth_context, buff);
 }
 
 /****************************************************************************
@@ -65,6 +66,7 @@ static void reply_lanman1(struct smb_request *req, uint16 choice)
        int secword=0;
        time_t t = time(NULL);
        struct smbd_server_connection *sconn = req->sconn;
+       struct smbXsrv_connection *xconn = sconn->conn;
        uint16_t raw;
        if (lp_async_smb_echo_handler()) {
                raw = 0;
@@ -72,19 +74,19 @@ static void reply_lanman1(struct smb_request *req, uint16 choice)
                raw = (lp_read_raw()?1:0) | (lp_write_raw()?2:0);
        }
 
-       sconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
+       xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
 
        secword |= NEGOTIATE_SECURITY_USER_LEVEL;
-       if (sconn->smb1.negprot.encrypted_passwords) {
+       if (xconn->smb1.negprot.encrypted_passwords) {
                secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
        }
 
-       reply_outbuf(req, 13, sconn->smb1.negprot.encrypted_passwords?8:0);
+       reply_outbuf(req, 13, xconn->smb1.negprot.encrypted_passwords?8:0);
 
        SSVAL(req->outbuf,smb_vwv0,choice);
        SSVAL(req->outbuf,smb_vwv1,secword);
        /* Create a token value and add it to the outgoing packet. */
-       if (sconn->smb1.negprot.encrypted_passwords) {
+       if (xconn->smb1.negprot.encrypted_passwords) {
                get_challenge(sconn, (uint8 *)smb_buf(req->outbuf));
                SSVAL(req->outbuf,smb_vwv11, 8);
        }
@@ -93,7 +95,7 @@ static void reply_lanman1(struct smb_request *req, uint16 choice)
 
        /* Reply, SMBlockread, SMBwritelock supported. */
        SCVAL(req->outbuf,smb_flg, FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
-       SSVAL(req->outbuf,smb_vwv2, sconn->smb1.negprot.max_recv);
+       SSVAL(req->outbuf,smb_vwv2, xconn->smb1.negprot.max_recv);
        SSVAL(req->outbuf,smb_vwv3, lp_max_mux()); /* maxmux */
        SSVAL(req->outbuf,smb_vwv4, 1);
        SSVAL(req->outbuf,smb_vwv5, raw); /* tell redirector we support
@@ -115,6 +117,7 @@ static void reply_lanman2(struct smb_request *req, uint16 choice)
        int secword=0;
        time_t t = time(NULL);
        struct smbd_server_connection *sconn = req->sconn;
+       struct smbXsrv_connection *xconn = sconn->conn;
        uint16_t raw;
        if (lp_async_smb_echo_handler()) {
                raw = 0;
@@ -122,21 +125,21 @@ static void reply_lanman2(struct smb_request *req, uint16 choice)
                raw = (lp_read_raw()?1:0) | (lp_write_raw()?2:0);
        }
 
-       sconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
+       xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
 
        secword |= NEGOTIATE_SECURITY_USER_LEVEL;
-       if (sconn->smb1.negprot.encrypted_passwords) {
+       if (xconn->smb1.negprot.encrypted_passwords) {
                secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
        }
 
-       reply_outbuf(req, 13, sconn->smb1.negprot.encrypted_passwords?8:0);
+       reply_outbuf(req, 13, xconn->smb1.negprot.encrypted_passwords?8:0);
 
        SSVAL(req->outbuf,smb_vwv0, choice);
        SSVAL(req->outbuf,smb_vwv1, secword);
        SIVAL(req->outbuf,smb_vwv6, getpid());
 
        /* Create a token value and add it to the outgoing packet. */
-       if (sconn->smb1.negprot.encrypted_passwords) {
+       if (xconn->smb1.negprot.encrypted_passwords) {
                get_challenge(sconn, (uint8 *)smb_buf(req->outbuf));
                SSVAL(req->outbuf,smb_vwv11, 8);
        }
@@ -145,7 +148,7 @@ static void reply_lanman2(struct smb_request *req, uint16 choice)
 
        /* Reply, SMBlockread, SMBwritelock supported. */
        SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
-       SSVAL(req->outbuf,smb_vwv2,sconn->smb1.negprot.max_recv);
+       SSVAL(req->outbuf,smb_vwv2,xconn->smb1.negprot.max_recv);
        SSVAL(req->outbuf,smb_vwv3,lp_max_mux());
        SSVAL(req->outbuf,smb_vwv4,1);
        SSVAL(req->outbuf,smb_vwv5,raw); /* readbraw and/or writebraw */
@@ -159,6 +162,7 @@ static void reply_lanman2(struct smb_request *req, uint16 choice)
 
 DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
 {
+       struct smbXsrv_connection *xconn = sconn->conn;
        DATA_BLOB blob = data_blob_null;
        DATA_BLOB blob_out = data_blob_null;
        nstring dos_name;
@@ -188,7 +192,7 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
                TALLOC_FREE(gensec_security);
        }
 
-       sconn->smb1.negprot.spnego = true;
+       xconn->smb1.negprot.spnego = true;
 
        /* strangely enough, NT does not sent the single OID NTLMSSP when
           not a ADS member, it sends no OIDs at all
@@ -250,10 +254,11 @@ static void reply_nt1(struct smb_request *req, uint16 choice)
        struct timespec ts;
        ssize_t ret;
        struct smbd_server_connection *sconn = req->sconn;
+       struct smbXsrv_connection *xconn = sconn->conn;
        bool signing_desired = false;
        bool signing_required = false;
 
-       sconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
+       xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
 
        /* Check the flags field to see if this is Vista.
           WinXP sets it and Vista does not. But we have to 
@@ -273,7 +278,7 @@ static void reply_nt1(struct smb_request *req, uint16 choice)
        /* do spnego in user level security if the client
           supports it and we can do encrypted passwords */
 
-       if (sconn->smb1.negprot.encrypted_passwords &&
+       if (xconn->smb1.negprot.encrypted_passwords &&
            lp_use_spnego() &&
            (req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
                negotiate_spnego = True;
@@ -310,7 +315,7 @@ static void reply_nt1(struct smb_request *req, uint16 choice)
                capabilities |= CAP_DFS;
 
        secword |= NEGOTIATE_SECURITY_USER_LEVEL;
-       if (sconn->smb1.negprot.encrypted_passwords) {
+       if (xconn->smb1.negprot.encrypted_passwords) {
                secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
        }
 
@@ -334,7 +339,7 @@ static void reply_nt1(struct smb_request *req, uint16 choice)
        SSVAL(req->outbuf,smb_vwv1+1, lp_max_mux()); /* maxmpx */
        SSVAL(req->outbuf,smb_vwv2+1, 1); /* num vcs */
        SIVAL(req->outbuf,smb_vwv3+1,
-             sconn->smb1.negprot.max_recv); /* max buffer. LOTS! */
+             xconn->smb1.negprot.max_recv); /* max buffer. LOTS! */
        SIVAL(req->outbuf,smb_vwv5+1, 0x10000); /* raw size. full 64k */
        SIVAL(req->outbuf,smb_vwv7+1, getpid()); /* session key */
        SIVAL(req->outbuf,smb_vwv9+1, capabilities); /* capabilities */
@@ -344,7 +349,7 @@ static void reply_nt1(struct smb_request *req, uint16 choice)
 
        if (!negotiate_spnego) {
                /* Create a token value and add it to the outgoing packet. */
-               if (sconn->smb1.negprot.encrypted_passwords) {
+               if (xconn->smb1.negprot.encrypted_passwords) {
                        uint8 chal[8];
                        /* note that we do not send a challenge at all if
                           we are using plaintext */
@@ -517,14 +522,15 @@ void reply_negprot(struct smb_request *req)
        int i;
        size_t converted_size;
        struct smbd_server_connection *sconn = req->sconn;
+       struct smbXsrv_connection *xconn = sconn->conn;
 
        START_PROFILE(SMBnegprot);
 
-       if (sconn->smb1.negprot.done) {
+       if (xconn->smb1.negprot.done) {
                END_PROFILE(SMBnegprot);
                exit_server_cleanly("multiple negprot's are not permitted");
        }
-       sconn->smb1.negprot.done = true;
+       xconn->smb1.negprot.done = true;
 
        if (req->buflen == 0) {
                DEBUG(0, ("negprot got no protocols\n"));

diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 3fc92a0e62251ad4fb53351801d34009c33d395e..3c5d025704fe18ff1f628d0d6e0b5a704755a76f 100644 (file)
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -3828,7 +3828,7 @@ void smbd_process(struct tevent_context *ev_ctx,
        tmp = MAX(tmp, SMB_BUFFER_SIZE_MIN);
        tmp = MIN(tmp, SMB_BUFFER_SIZE_MAX);
 
-       sconn->smb1.negprot.max_recv = tmp;
+       conn->smb1.negprot.max_recv = tmp;
 
        sconn->smb1.sessions.done_sesssetup = false;
        sconn->smb1.sessions.max_send = SMB_BUFFER_SIZE_MAX;

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 784f10ccbfbdea3542b788a85b6bc2e34af166c0..72f493194a022c230057d0f03b44b33c53caa8da 100644 (file)
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -694,6 +694,7 @@ void reply_tcon(struct smb_request *req)
        const char *p2;
        TALLOC_CTX *ctx = talloc_tos();
        struct smbd_server_connection *sconn = req->sconn;
+       struct smbXsrv_connection *xconn = sconn->conn;
        NTTIME now = timeval_to_nttime(&req->request_time);
 
        START_PROFILE(SMBtcon);
@@ -735,7 +736,7 @@ void reply_tcon(struct smb_request *req)
        }
 
        reply_outbuf(req, 2, 0);
-       SSVAL(req->outbuf,smb_vwv0,sconn->smb1.negprot.max_recv);
+       SSVAL(req->outbuf,smb_vwv0,xconn->smb1.negprot.max_recv);
        SSVAL(req->outbuf,smb_vwv1,conn->cnum);
        SSVAL(req->outbuf,smb_tid,conn->cnum);
 
@@ -771,6 +772,7 @@ void reply_tcon_and_X(struct smb_request *req)
        bool session_key_updated = false;
        uint16_t optional_support = 0;
        struct smbd_server_connection *sconn = req->sconn;
+       struct smbXsrv_connection *xconn = sconn->conn;
 
        START_PROFILE(SMBtconX);
 
@@ -818,7 +820,7 @@ void reply_tcon_and_X(struct smb_request *req)
                return;
        }
 
-       if (sconn->smb1.negprot.encrypted_passwords) {
+       if (xconn->smb1.negprot.encrypted_passwords) {
                p = req->buf + passlen;
        } else {
                p = req->buf + passlen + 1;

diff --git a/source3/smbd/server_exit.c b/source3/smbd/server_exit.c
index 4c91bfbdfd40fd3b8fbe05bd3cc19d4ed801989e..077b81a1173306a7a87eaa2ef0ba4eed982388a1 100644 (file)
--- a/source3/smbd/server_exit.c
+++ b/source3/smbd/server_exit.c
@@ -113,7 +113,7 @@ static void exit_server_common(enum server_exit_reason how,
                        }
                }
 
-               TALLOC_FREE(sconn->smb1.negprot.auth_context);
+               TALLOC_FREE(conn->smb1.negprot.auth_context);
 
                if (lp_log_writeable_files_on_exit()) {
                        bool found = false;

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 1a0cb5e29d53104b91d390aad0d5ef00d43a77ec..a908f69c78a05fc4b25460516b77b2983c8c1b5c 100644 (file)
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -590,11 +590,10 @@ void reply_sesssetup_and_X(struct smb_request *req)
        uint16_t action = 0;
        NTTIME now = timeval_to_nttime(&req->request_time);
        struct smbXsrv_session *session = NULL;
-
        NTSTATUS nt_status;
        struct smbd_server_connection *sconn = req->sconn;
-
-       bool doencrypt = sconn->smb1.negprot.encrypted_passwords;
+       struct smbXsrv_connection *xconn = sconn->conn;
+       bool doencrypt = xconn->smb1.negprot.encrypted_passwords;
        bool signing_allowed = false;
        bool signing_mandatory = false;
 
@@ -627,7 +626,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
        if (req->wct == 12 &&
            (req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
 
-               if (!sconn->smb1.negprot.spnego) {
+               if (!xconn->smb1.negprot.spnego) {
                        DEBUG(0,("reply_sesssetup_and_X:  Rejecting attempt "
                                 "at SPNEGO session setup when it was not "
                                 "negotiated.\n"));
@@ -837,7 +836,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
                                domain, user, get_remote_machine_name()));
 
        if (*user) {
-               if (sconn->smb1.negprot.spnego) {
+               if (xconn->smb1.negprot.spnego) {
 
                        /* This has to be here, because this is a perfectly
                         * valid behaviour for guest logons :-( */
@@ -865,7 +864,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
 
        } else if (doencrypt) {
                struct auth4_context *negprot_auth_context = NULL;
-               negprot_auth_context = sconn->smb1.negprot.auth_context;
+               negprot_auth_context = xconn->smb1.negprot.auth_context;
                if (!negprot_auth_context) {
                        DEBUG(0, ("reply_sesssetup_and_X:  Attempted encrypted "
                                "session setup without negprot denied!\n"));