s3:smbd: move sconn->smb1.negprot.* to xconn->smb1.negprot.*

This prepares the structures for multi-channel support.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

6 files changed, 53 insertions, 45 deletions

diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index 4d18308fe9..625bff690b 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -355,6 +355,19 @@ struct smbXsrv_connection {
 
 	struct {
 		struct {
+			bool encrypted_passwords;
+			bool spnego;
+			struct auth4_context *auth_context;
+			bool done;
+			/*
+			 * Size of the data we can receive. Set by us.
+			 * Can be modified by the max xmit parameter.
+			 */
+			int max_recv;
+		} negprot;
+	} smb1;
+	struct {
+		struct {
 			uint32_t capabilities;
 			struct GUID guid;
 			uint16_t security_mode;
@@ -735,18 +748,6 @@ struct smbd_server_connection {
 		} echo_handler;
 
 		struct {
-			bool encrypted_passwords;
-			bool spnego;
-			struct auth4_context *auth_context;
-			bool done;
-			/*
-			 * Size of the data we can receive. Set by us.
-			 * Can be modified by the max xmit parameter.
-			 */
-			int max_recv;
-		} negprot;
-
-		struct {
 			uint16_t client_major;
 			uint16_t client_minor;
 			uint32_t client_cap_low;
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 225fe39156..4a109cd194 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -33,27 +33,28 @@ extern fstring remote_proto;
 
 static void get_challenge(struct smbd_server_connection *sconn, uint8 buff[8])
 {
+	struct smbXsrv_connection *xconn = sconn->conn;
 	NTSTATUS nt_status;
 
 	/* We might be called more than once, multiple negprots are
 	 * permitted */
-	if (sconn->smb1.negprot.auth_context) {
+	if (xconn->smb1.negprot.auth_context) {
 		DEBUG(3, ("get challenge: is this a secondary negprot? "
 			  "sconn->negprot.auth_context is non-NULL!\n"));
-			TALLOC_FREE(sconn->smb1.negprot.auth_context);
+		TALLOC_FREE(xconn->smb1.negprot.auth_context);
 	}
 
 	DEBUG(10, ("get challenge: creating negprot_global_auth_context\n"));
 	nt_status = make_auth4_context(
-		sconn, &sconn->smb1.negprot.auth_context);
+		xconn, &xconn->smb1.negprot.auth_context);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(0, ("make_auth_context_subsystem returned %s",
 			  nt_errstr(nt_status)));
 		smb_panic("cannot make_negprot_global_auth_context!");
 	}
 	DEBUG(10, ("get challenge: getting challenge\n"));
-	sconn->smb1.negprot.auth_context->get_ntlm_challenge(
-		sconn->smb1.negprot.auth_context, buff);
+	xconn->smb1.negprot.auth_context->get_ntlm_challenge(
+		xconn->smb1.negprot.auth_context, buff);
 }
 
 /****************************************************************************
@@ -65,6 +66,7 @@ static void reply_lanman1(struct smb_request *req, uint16 choice)
 	int secword=0;
 	time_t t = time(NULL);
 	struct smbd_server_connection *sconn = req->sconn;
+	struct smbXsrv_connection *xconn = sconn->conn;
 	uint16_t raw;
 	if (lp_async_smb_echo_handler()) {
 		raw = 0;
@@ -72,19 +74,19 @@ static void reply_lanman1(struct smb_request *req, uint16 choice)
 		raw = (lp_read_raw()?1:0) | (lp_write_raw()?2:0);
 	}
 
-	sconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
+	xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
 
 	secword |= NEGOTIATE_SECURITY_USER_LEVEL;
-	if (sconn->smb1.negprot.encrypted_passwords) {
+	if (xconn->smb1.negprot.encrypted_passwords) {
 		secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
 	}
 
-	reply_outbuf(req, 13, sconn->smb1.negprot.encrypted_passwords?8:0);
+	reply_outbuf(req, 13, xconn->smb1.negprot.encrypted_passwords?8:0);
 
 	SSVAL(req->outbuf,smb_vwv0,choice);
 	SSVAL(req->outbuf,smb_vwv1,secword);
 	/* Create a token value and add it to the outgoing packet. */
-	if (sconn->smb1.negprot.encrypted_passwords) {
+	if (xconn->smb1.negprot.encrypted_passwords) {
 		get_challenge(sconn, (uint8 *)smb_buf(req->outbuf));
 		SSVAL(req->outbuf,smb_vwv11, 8);
 	}
@@ -93,7 +95,7 @@ static void reply_lanman1(struct smb_request *req, uint16 choice)
 
 	/* Reply, SMBlockread, SMBwritelock supported. */
 	SCVAL(req->outbuf,smb_flg, FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
-	SSVAL(req->outbuf,smb_vwv2, sconn->smb1.negprot.max_recv);
+	SSVAL(req->outbuf,smb_vwv2, xconn->smb1.negprot.max_recv);
 	SSVAL(req->outbuf,smb_vwv3, lp_max_mux()); /* maxmux */
 	SSVAL(req->outbuf,smb_vwv4, 1);
 	SSVAL(req->outbuf,smb_vwv5, raw); /* tell redirector we support
@@ -115,6 +117,7 @@ static void reply_lanman2(struct smb_request *req, uint16 choice)
 	int secword=0;
 	time_t t = time(NULL);
 	struct smbd_server_connection *sconn = req->sconn;
+	struct smbXsrv_connection *xconn = sconn->conn;
 	uint16_t raw;
 	if (lp_async_smb_echo_handler()) {
 		raw = 0;
@@ -122,21 +125,21 @@ static void reply_lanman2(struct smb_request *req, uint16 choice)
 		raw = (lp_read_raw()?1:0) | (lp_write_raw()?2:0);
 	}
 
-	sconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
+	xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
 
 	secword |= NEGOTIATE_SECURITY_USER_LEVEL;
-	if (sconn->smb1.negprot.encrypted_passwords) {
+	if (xconn->smb1.negprot.encrypted_passwords) {
 		secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
 	}
 
-	reply_outbuf(req, 13, sconn->smb1.negprot.encrypted_passwords?8:0);
+	reply_outbuf(req, 13, xconn->smb1.negprot.encrypted_passwords?8:0);
 
 	SSVAL(req->outbuf,smb_vwv0, choice);
 	SSVAL(req->outbuf,smb_vwv1, secword);
 	SIVAL(req->outbuf,smb_vwv6, getpid());
 
 	/* Create a token value and add it to the outgoing packet. */
-	if (sconn->smb1.negprot.encrypted_passwords) {
+	if (xconn->smb1.negprot.encrypted_passwords) {
 		get_challenge(sconn, (uint8 *)smb_buf(req->outbuf));
 		SSVAL(req->outbuf,smb_vwv11, 8);
 	}
@@ -145,7 +148,7 @@ static void reply_lanman2(struct smb_request *req, uint16 choice)
 
 	/* Reply, SMBlockread, SMBwritelock supported. */
 	SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
-	SSVAL(req->outbuf,smb_vwv2,sconn->smb1.negprot.max_recv);
+	SSVAL(req->outbuf,smb_vwv2,xconn->smb1.negprot.max_recv);
 	SSVAL(req->outbuf,smb_vwv3,lp_max_mux());
 	SSVAL(req->outbuf,smb_vwv4,1);
 	SSVAL(req->outbuf,smb_vwv5,raw); /* readbraw and/or writebraw */
@@ -159,6 +162,7 @@ static void reply_lanman2(struct smb_request *req, uint16 choice)
 
 DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
 {
+	struct smbXsrv_connection *xconn = sconn->conn;
 	DATA_BLOB blob = data_blob_null;
 	DATA_BLOB blob_out = data_blob_null;
 	nstring dos_name;
@@ -188,7 +192,7 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
 		TALLOC_FREE(gensec_security);
 	}
 
-	sconn->smb1.negprot.spnego = true;
+	xconn->smb1.negprot.spnego = true;
 
 	/* strangely enough, NT does not sent the single OID NTLMSSP when
 	   not a ADS member, it sends no OIDs at all
@@ -250,10 +254,11 @@ static void reply_nt1(struct smb_request *req, uint16 choice)
 	struct timespec ts;
 	ssize_t ret;
 	struct smbd_server_connection *sconn = req->sconn;
+	struct smbXsrv_connection *xconn = sconn->conn;
 	bool signing_desired = false;
 	bool signing_required = false;
 
-	sconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
+	xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
 
 	/* Check the flags field to see if this is Vista.
 	   WinXP sets it and Vista does not. But we have to 
@@ -273,7 +278,7 @@ static void reply_nt1(struct smb_request *req, uint16 choice)
 	/* do spnego in user level security if the client
 	   supports it and we can do encrypted passwords */
 
-	if (sconn->smb1.negprot.encrypted_passwords &&
+	if (xconn->smb1.negprot.encrypted_passwords &&
 	    lp_use_spnego() &&
 	    (req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
 		negotiate_spnego = True;
@@ -310,7 +315,7 @@ static void reply_nt1(struct smb_request *req, uint16 choice)
 		capabilities |= CAP_DFS;
 
 	secword |= NEGOTIATE_SECURITY_USER_LEVEL;
-	if (sconn->smb1.negprot.encrypted_passwords) {
+	if (xconn->smb1.negprot.encrypted_passwords) {
 		secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
 	}
 
@@ -334,7 +339,7 @@ static void reply_nt1(struct smb_request *req, uint16 choice)
 	SSVAL(req->outbuf,smb_vwv1+1, lp_max_mux()); /* maxmpx */
 	SSVAL(req->outbuf,smb_vwv2+1, 1); /* num vcs */
 	SIVAL(req->outbuf,smb_vwv3+1,
-	      sconn->smb1.negprot.max_recv); /* max buffer. LOTS! */
+	      xconn->smb1.negprot.max_recv); /* max buffer. LOTS! */
 	SIVAL(req->outbuf,smb_vwv5+1, 0x10000); /* raw size. full 64k */
 	SIVAL(req->outbuf,smb_vwv7+1, getpid()); /* session key */
 	SIVAL(req->outbuf,smb_vwv9+1, capabilities); /* capabilities */
@@ -344,7 +349,7 @@ static void reply_nt1(struct smb_request *req, uint16 choice)
 
 	if (!negotiate_spnego) {
 		/* Create a token value and add it to the outgoing packet. */
-		if (sconn->smb1.negprot.encrypted_passwords) {
+		if (xconn->smb1.negprot.encrypted_passwords) {
 			uint8 chal[8];
 			/* note that we do not send a challenge at all if
 			   we are using plaintext */
@@ -517,14 +522,15 @@ void reply_negprot(struct smb_request *req)
 	int i;
 	size_t converted_size;
 	struct smbd_server_connection *sconn = req->sconn;
+	struct smbXsrv_connection *xconn = sconn->conn;
 
 	START_PROFILE(SMBnegprot);
 
-	if (sconn->smb1.negprot.done) {
+	if (xconn->smb1.negprot.done) {
 		END_PROFILE(SMBnegprot);
 		exit_server_cleanly("multiple negprot's are not permitted");
 	}
-	sconn->smb1.negprot.done = true;
+	xconn->smb1.negprot.done = true;
 
 	if (req->buflen == 0) {
 		DEBUG(0, ("negprot got no protocols\n"));
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 3fc92a0e62..3c5d025704 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -3828,7 +3828,7 @@ void smbd_process(struct tevent_context *ev_ctx,
 	tmp = MAX(tmp, SMB_BUFFER_SIZE_MIN);
 	tmp = MIN(tmp, SMB_BUFFER_SIZE_MAX);
 
-	sconn->smb1.negprot.max_recv = tmp;
+	conn->smb1.negprot.max_recv = tmp;
 
 	sconn->smb1.sessions.done_sesssetup = false;
 	sconn->smb1.sessions.max_send = SMB_BUFFER_SIZE_MAX;
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 784f10ccbf..72f493194a 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -694,6 +694,7 @@ void reply_tcon(struct smb_request *req)
 	const char *p2;
 	TALLOC_CTX *ctx = talloc_tos();
 	struct smbd_server_connection *sconn = req->sconn;
+	struct smbXsrv_connection *xconn = sconn->conn;
 	NTTIME now = timeval_to_nttime(&req->request_time);
 
 	START_PROFILE(SMBtcon);
@@ -735,7 +736,7 @@ void reply_tcon(struct smb_request *req)
 	}
 
 	reply_outbuf(req, 2, 0);
-	SSVAL(req->outbuf,smb_vwv0,sconn->smb1.negprot.max_recv);
+	SSVAL(req->outbuf,smb_vwv0,xconn->smb1.negprot.max_recv);
 	SSVAL(req->outbuf,smb_vwv1,conn->cnum);
 	SSVAL(req->outbuf,smb_tid,conn->cnum);
 
@@ -771,6 +772,7 @@ void reply_tcon_and_X(struct smb_request *req)
 	bool session_key_updated = false;
 	uint16_t optional_support = 0;
 	struct smbd_server_connection *sconn = req->sconn;
+	struct smbXsrv_connection *xconn = sconn->conn;
 
 	START_PROFILE(SMBtconX);
 
@@ -818,7 +820,7 @@ void reply_tcon_and_X(struct smb_request *req)
 		return;
 	}
 
-	if (sconn->smb1.negprot.encrypted_passwords) {
+	if (xconn->smb1.negprot.encrypted_passwords) {
 		p = req->buf + passlen;
 	} else {
 		p = req->buf + passlen + 1;
diff --git a/source3/smbd/server_exit.c b/source3/smbd/server_exit.c
index 4c91bfbdfd..077b81a117 100644
--- a/source3/smbd/server_exit.c
+++ b/source3/smbd/server_exit.c
@@ -113,7 +113,7 @@ static void exit_server_common(enum server_exit_reason how,
 			}
 		}
 
-		TALLOC_FREE(sconn->smb1.negprot.auth_context);
+		TALLOC_FREE(conn->smb1.negprot.auth_context);
 
 		if (lp_log_writeable_files_on_exit()) {
 			bool found = false;
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 1a0cb5e29d..a908f69c78 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -590,11 +590,10 @@ void reply_sesssetup_and_X(struct smb_request *req)
 	uint16_t action = 0;
 	NTTIME now = timeval_to_nttime(&req->request_time);
 	struct smbXsrv_session *session = NULL;
-
 	NTSTATUS nt_status;
 	struct smbd_server_connection *sconn = req->sconn;
-
-	bool doencrypt = sconn->smb1.negprot.encrypted_passwords;
+	struct smbXsrv_connection *xconn = sconn->conn;
+	bool doencrypt = xconn->smb1.negprot.encrypted_passwords;
 	bool signing_allowed = false;
 	bool signing_mandatory = false;
 
@@ -627,7 +626,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
 	if (req->wct == 12 &&
 	    (req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
 
-		if (!sconn->smb1.negprot.spnego) {
+		if (!xconn->smb1.negprot.spnego) {
 			DEBUG(0,("reply_sesssetup_and_X:  Rejecting attempt "
 				 "at SPNEGO session setup when it was not "
 				 "negotiated.\n"));
@@ -837,7 +836,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
 				domain, user, get_remote_machine_name()));
 
 	if (*user) {
-		if (sconn->smb1.negprot.spnego) {
+		if (xconn->smb1.negprot.spnego) {
 
 			/* This has to be here, because this is a perfectly
 			 * valid behaviour for guest logons :-( */
@@ -865,7 +864,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
 
 	} else if (doencrypt) {
 		struct auth4_context *negprot_auth_context = NULL;
-		negprot_auth_context = sconn->smb1.negprot.auth_context;
+		negprot_auth_context = xconn->smb1.negprot.auth_context;
 		if (!negprot_auth_context) {
 			DEBUG(0, ("reply_sesssetup_and_X:  Attempted encrypted "
 				"session setup without negprot denied!\n"));