diff options
author | Andrew Bartlett <abartlet@samba.org> | 2004-08-13 00:16:57 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:57:57 -0500 |
commit | 7b088a8f654f34911928dcdf320ca3cf79592aed (patch) | |
tree | 953f8a4c5d41e44815a5969b4200909bf7ce6004 /source4/smb_server/sesssetup.c | |
parent | 14924a9fe708ef3c183bfbe733afb77fc2ed1274 (diff) | |
download | samba-7b088a8f654f34911928dcdf320ca3cf79592aed.tar.gz samba-7b088a8f654f34911928dcdf320ca3cf79592aed.tar.xz samba-7b088a8f654f34911928dcdf320ca3cf79592aed.zip |
r1796: Enable server-side SPNEGO, now that I have fixed the server-side SMB
signing code to be able to cope.
Andrew Bartlett
(This used to be commit cb74d52b563730a50e33c92d868c45ee96a598e8)
Diffstat (limited to 'source4/smb_server/sesssetup.c')
-rw-r--r-- | source4/smb_server/sesssetup.c | 30 |
1 files changed, 22 insertions, 8 deletions
diff --git a/source4/smb_server/sesssetup.c b/source4/smb_server/sesssetup.c index e1245748a0..a87db0ecc4 100644 --- a/source4/smb_server/sesssetup.c +++ b/source4/smb_server/sesssetup.c @@ -160,9 +160,18 @@ static NTSTATUS sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *s &sess->nt1.out.domain); req->session = smbsrv_session_find(req->smb_conn, sess->nt1.out.vuid); - if (!session_info->server_info->guest) { - srv_setup_signing(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2); + if (session_info->server_info->guest) { + return NT_STATUS_OK; } + if (!srv_setup_signing(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2)) { + /* Already signing, or disabled */ + return NT_STATUS_OK; + } + + /* Force check of the request packet, now we know the session key */ + req_signing_check_incoming(req); + + srv_signing_restart(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2); return NT_STATUS_OK; } @@ -227,7 +236,6 @@ static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup if (NT_STATUS_IS_OK(status)) { DATA_BLOB session_key; - DATA_BLOB null_data_blob = data_blob(NULL, 0); status = gensec_session_info(smb_sess->gensec_ctx, &smb_sess->session_info); if (!NT_STATUS_IS_OK(status)) { @@ -235,12 +243,18 @@ static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup } status = gensec_session_key(smb_sess->gensec_ctx, - &session_key); - if (NT_STATUS_IS_OK(status)) { - srv_setup_signing(req->smb_conn, &session_key, &null_data_blob); - req->seq_num = 0; - req->smb_conn->signing.next_seq_num = 2; + &session_key); + if (NT_STATUS_IS_OK(status) + && !smb_sess->session_info->server_info->guest + && srv_setup_signing(req->smb_conn, &session_key, NULL)) { + /* Force check of the request packet, now we know the session key */ + req_signing_check_incoming(req); + + srv_signing_restart(req->smb_conn, &session_key, NULL); + } + } else { + status = nt_status_squash(status); } sess->spnego.out.action = 0; |