summaryrefslogtreecommitdiffstats
path: root/source4/smb_server/sesssetup.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-08-13 00:16:57 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:57:57 -0500
commit7b088a8f654f34911928dcdf320ca3cf79592aed (patch)
tree953f8a4c5d41e44815a5969b4200909bf7ce6004 /source4/smb_server/sesssetup.c
parent14924a9fe708ef3c183bfbe733afb77fc2ed1274 (diff)
downloadsamba-7b088a8f654f34911928dcdf320ca3cf79592aed.tar.gz
samba-7b088a8f654f34911928dcdf320ca3cf79592aed.tar.xz
samba-7b088a8f654f34911928dcdf320ca3cf79592aed.zip
r1796: Enable server-side SPNEGO, now that I have fixed the server-side SMB
signing code to be able to cope. Andrew Bartlett (This used to be commit cb74d52b563730a50e33c92d868c45ee96a598e8)
Diffstat (limited to 'source4/smb_server/sesssetup.c')
-rw-r--r--source4/smb_server/sesssetup.c30
1 files changed, 22 insertions, 8 deletions
diff --git a/source4/smb_server/sesssetup.c b/source4/smb_server/sesssetup.c
index e1245748a0..a87db0ecc4 100644
--- a/source4/smb_server/sesssetup.c
+++ b/source4/smb_server/sesssetup.c
@@ -160,9 +160,18 @@ static NTSTATUS sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *s
&sess->nt1.out.domain);
req->session = smbsrv_session_find(req->smb_conn, sess->nt1.out.vuid);
- if (!session_info->server_info->guest) {
- srv_setup_signing(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2);
+ if (session_info->server_info->guest) {
+ return NT_STATUS_OK;
}
+ if (!srv_setup_signing(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2)) {
+ /* Already signing, or disabled */
+ return NT_STATUS_OK;
+ }
+
+ /* Force check of the request packet, now we know the session key */
+ req_signing_check_incoming(req);
+
+ srv_signing_restart(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2);
return NT_STATUS_OK;
}
@@ -227,7 +236,6 @@ static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup
if (NT_STATUS_IS_OK(status)) {
DATA_BLOB session_key;
- DATA_BLOB null_data_blob = data_blob(NULL, 0);
status = gensec_session_info(smb_sess->gensec_ctx, &smb_sess->session_info);
if (!NT_STATUS_IS_OK(status)) {
@@ -235,12 +243,18 @@ static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup
}
status = gensec_session_key(smb_sess->gensec_ctx,
- &session_key);
- if (NT_STATUS_IS_OK(status)) {
- srv_setup_signing(req->smb_conn, &session_key, &null_data_blob);
- req->seq_num = 0;
- req->smb_conn->signing.next_seq_num = 2;
+ &session_key);
+ if (NT_STATUS_IS_OK(status)
+ && !smb_sess->session_info->server_info->guest
+ && srv_setup_signing(req->smb_conn, &session_key, NULL)) {
+ /* Force check of the request packet, now we know the session key */
+ req_signing_check_incoming(req);
+
+ srv_signing_restart(req->smb_conn, &session_key, NULL);
+
}
+ } else {
+ status = nt_status_squash(status);
}
sess->spnego.out.action = 0;