From e16e7146b378e8e89bf25adc66d806bac7feaeb6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 26 May 2009 12:48:58 +0200 Subject: s3:smbd: move negprot related globals to struct smbd_server_connection metze --- source3/smbd/negprot.c | 69 +++++++++++++++++++++++++++++++------------------- 1 file changed, 43 insertions(+), 26 deletions(-) (limited to 'source3/smbd/negprot.c') diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index 6d15f486df3..4e14ee8aad4 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -27,22 +27,28 @@ extern enum protocol_types Protocol; static void get_challenge(uint8 buff[8]) { NTSTATUS nt_status; + struct smbd_server_connection *sconn = smbd_server_conn; /* We might be called more than once, multiple negprots are * permitted */ - if (negprot_global_auth_context) { - DEBUG(3, ("get challenge: is this a secondary negprot? negprot_global_auth_context is non-NULL!\n")); - (negprot_global_auth_context->free)(&negprot_global_auth_context); + if (sconn->smb1.negprot.auth_context) { + DEBUG(3, ("get challenge: is this a secondary negprot? " + "sconn->negprot.auth_context is non-NULL!\n")); + sconn->smb1.negprot.auth_context->free( + &sconn->smb1.negprot.auth_context); } DEBUG(10, ("get challenge: creating negprot_global_auth_context\n")); - if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&negprot_global_auth_context))) { - DEBUG(0, ("make_auth_context_subsystem returned %s", nt_errstr(nt_status))); + nt_status = make_auth_context_subsystem( + &sconn->smb1.negprot.auth_context); + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(0, ("make_auth_context_subsystem returned %s", + nt_errstr(nt_status))); smb_panic("cannot make_negprot_global_auth_context!"); } DEBUG(10, ("get challenge: getting challenge\n")); - negprot_global_auth_context->get_ntlm_challenge( - negprot_global_auth_context, buff); + sconn->smb1.negprot.auth_context->get_ntlm_challenge( + sconn->smb1.negprot.auth_context, buff); } /**************************************************************************** @@ -86,20 +92,23 @@ static void reply_lanman1(struct smb_request *req, uint16 choice) int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0); int secword=0; time_t t = time(NULL); + struct smbd_server_connection *sconn = smbd_server_conn; - global_encrypted_passwords_negotiated = lp_encrypted_passwords(); + sconn->smb1.negprot.encrypted_passwords = lp_encrypted_passwords(); - if (lp_security()>=SEC_USER) + if (lp_security()>=SEC_USER) { secword |= NEGOTIATE_SECURITY_USER_LEVEL; - if (global_encrypted_passwords_negotiated) + } + if (sconn->smb1.negprot.encrypted_passwords) { secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE; + } - reply_outbuf(req, 13, global_encrypted_passwords_negotiated?8:0); + reply_outbuf(req, 13, sconn->smb1.negprot.encrypted_passwords?8:0); SSVAL(req->outbuf,smb_vwv0,choice); SSVAL(req->outbuf,smb_vwv1,secword); /* Create a token value and add it to the outgoing packet. */ - if (global_encrypted_passwords_negotiated) { + if (sconn->smb1.negprot.encrypted_passwords) { get_challenge((uint8 *)smb_buf(req->outbuf)); SSVAL(req->outbuf,smb_vwv11, 8); } @@ -130,22 +139,25 @@ static void reply_lanman2(struct smb_request *req, uint16 choice) int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0); int secword=0; time_t t = time(NULL); + struct smbd_server_connection *sconn = smbd_server_conn; - global_encrypted_passwords_negotiated = lp_encrypted_passwords(); + sconn->smb1.negprot.encrypted_passwords = lp_encrypted_passwords(); - if (lp_security()>=SEC_USER) + if (lp_security()>=SEC_USER) { secword |= NEGOTIATE_SECURITY_USER_LEVEL; - if (global_encrypted_passwords_negotiated) + } + if (sconn->smb1.negprot.encrypted_passwords) { secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE; + } - reply_outbuf(req, 13, global_encrypted_passwords_negotiated?8:0); + reply_outbuf(req, 13, sconn->smb1.negprot.encrypted_passwords?8:0); SSVAL(req->outbuf,smb_vwv0,choice); SSVAL(req->outbuf,smb_vwv1,secword); SIVAL(req->outbuf,smb_vwv6,sys_getpid()); /* Create a token value and add it to the outgoing packet. */ - if (global_encrypted_passwords_negotiated) { + if (sconn->smb1.negprot.encrypted_passwords) { get_challenge((uint8 *)smb_buf(req->outbuf)); SSVAL(req->outbuf,smb_vwv11, 8); } @@ -180,8 +192,9 @@ DATA_BLOB negprot_spnego(void) OID_NTLMSSP, NULL}; const char *OIDs_plain[] = {OID_NTLMSSP, NULL}; + struct smbd_server_connection *sconn = smbd_server_conn; - global_spnego_negotiated = True; + sconn->smb1.negprot.spnego = true; memset(guid, '\0', sizeof(guid)); @@ -250,8 +263,9 @@ static void reply_nt1(struct smb_request *req, uint16 choice) bool negotiate_spnego = False; time_t t = time(NULL); ssize_t ret; + struct smbd_server_connection *sconn = smbd_server_conn; - global_encrypted_passwords_negotiated = lp_encrypted_passwords(); + sconn->smb1.negprot.encrypted_passwords = lp_encrypted_passwords(); /* Check the flags field to see if this is Vista. WinXP sets it and Vista does not. But we have to @@ -270,7 +284,7 @@ static void reply_nt1(struct smb_request *req, uint16 choice) /* do spnego in user level security if the client supports it and we can do encrypted passwords */ - if (global_encrypted_passwords_negotiated && + if (sconn->smb1.negprot.encrypted_passwords && (lp_security() != SEC_SHARE) && lp_use_spnego() && (req->flags2 & FLAGS2_EXTENDED_SECURITY)) { @@ -304,11 +318,13 @@ static void reply_nt1(struct smb_request *req, uint16 choice) if (lp_host_msdfs()) capabilities |= CAP_DFS; - if (lp_security() >= SEC_USER) + if (lp_security() >= SEC_USER) { secword |= NEGOTIATE_SECURITY_USER_LEVEL; - if (global_encrypted_passwords_negotiated) + } + if (sconn->smb1.negprot.encrypted_passwords) { secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE; - + } + if (lp_server_signing()) { if (lp_security() >= SEC_USER) { secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED; @@ -342,7 +358,7 @@ static void reply_nt1(struct smb_request *req, uint16 choice) p = q = smb_buf(req->outbuf); if (!negotiate_spnego) { /* Create a token value and add it to the outgoing packet. */ - if (global_encrypted_passwords_negotiated) { + if (sconn->smb1.negprot.encrypted_passwords) { uint8 chal[8]; /* note that we do not send a challenge at all if we are using plaintext */ @@ -511,14 +527,15 @@ void reply_negprot(struct smb_request *req) char **cliprotos; int i; size_t converted_size; + struct smbd_server_connection *sconn = smbd_server_conn; START_PROFILE(SMBnegprot); - if (done_negprot) { + if (sconn->smb1.negprot.done) { END_PROFILE(SMBnegprot); exit_server_cleanly("multiple negprot's are not permitted"); } - done_negprot = True; + sconn->smb1.negprot.done = true; if (req->buflen == 0) { DEBUG(0, ("negprot got no protocols\n")); -- cgit