s3-auth rename auth_ntlmssp_state -> auth_generic_state

[mat/samba.git] / source3 / smbd / negprot.c

diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index a0ed52d659072e1889bebb019075936277551ca6..f7d277be3a8b8e861bb911199d9442de0544f1db 100644 (file)
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -28,6 +28,7 @@
 #include "messages.h"
 #include "smbprofile.h"
 #include "auth/gensec/gensec.h"
+#include "../libcli/smb/smb_signing.h"
 
 extern fstring remote_proto;
 
@@ -198,7 +199,7 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
                                   OID_NTLMSSP,
                                   NULL};
        const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
-       struct auth_ntlmssp_state *auth_ntlmssp_state;
+       struct auth_generic_state *auth_ntlmssp_state;
 
        sconn->use_gensec_hook = false;
 
@@ -307,6 +308,8 @@ static void reply_nt1(struct smb_request *req, uint16 choice)
        struct timespec ts;
        ssize_t ret;
        struct smbd_server_connection *sconn = req->sconn;
+       bool signing_enabled = false;
+       bool signing_required = false;
 
        sconn->smb1.negprot.encrypted_passwords = lp_encrypted_passwords();
 
@@ -368,16 +371,20 @@ static void reply_nt1(struct smb_request *req, uint16 choice)
                secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
        }
 
-       if (lp_server_signing()) {
+       signing_enabled = smb_signing_is_allowed(req->sconn->smb1.signing_state);
+       signing_required = smb_signing_is_mandatory(req->sconn->smb1.signing_state);
+
+       if (signing_enabled) {
                if (lp_security() >= SEC_USER) {
                        secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
                        /* No raw mode with smb signing. */
                        capabilities &= ~CAP_RAW_MODE;
-                       if (lp_server_signing() == Required)
+                       if (signing_required) {
                                secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
+                       }
                } else {
                        DEBUG(0,("reply_nt1: smb signing is incompatible with share level security !\n"));
-                       if (lp_server_signing() == Required) {
+                       if (signing_required) {
                                exit_server_cleanly("reply_nt1: smb signing required and share level security selected.");
                        }
                }
@@ -423,6 +430,14 @@ static void reply_nt1(struct smb_request *req, uint16 choice)
                        reply_nterror(req, NT_STATUS_NO_MEMORY);
                        return;
                }
+               ret = message_push_string(&req->outbuf, lp_netbios_name(),
+                                         STR_UNICODE|STR_TERMINATE
+                                         |STR_NOALIGN);
+               if (ret == -1) {
+                       DEBUG(0, ("Could not push netbios name string\n"));
+                       reply_nterror(req, NT_STATUS_NO_MEMORY);
+                       return;
+               }
                DEBUG(3,("not using SPNEGO\n"));
        } else {
                DATA_BLOB spnego_blob = negprot_spnego(req, req->sconn);
@@ -699,13 +714,13 @@ void reply_negprot(struct smb_request *req)
        }
 
        /* possibly reload - change of architecture */
-       reload_services(sconn->msg_ctx, sconn->sock, True);
+       reload_services(sconn, conn_snum_used, true);
 
        /* moved from the netbios session setup code since we don't have that 
           when the client connects to port 445.  Of course there is a small
           window where we are listening to messages   -- jerry */
 
-       serverid_register(sconn_server_id(sconn),
+       serverid_register(messaging_server_id(sconn->msg_ctx),
                          FLAG_MSG_GENERAL|FLAG_MSG_SMBD
                          |FLAG_MSG_PRINT_GENERAL);
 
@@ -725,7 +740,7 @@ void reply_negprot(struct smb_request *req)
 
        if(choice != -1) {
                fstrcpy(remote_proto,supported_protocols[protocol].short_name);
-               reload_services(sconn->msg_ctx, sconn->sock, True);
+               reload_services(sconn, conn_snum_used, true);
                supported_protocols[protocol].proto_reply_fn(req, choice);
                DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name));
        } else {
@@ -736,7 +751,8 @@ void reply_negprot(struct smb_request *req)
 
        DEBUG( 5, ( "negprot index=%d\n", choice ) );
 
-       if ((lp_server_signing() == Required) && (get_Protocol() < PROTOCOL_NT1)) {
+       if ((lp_server_signing() == SMB_SIGNING_REQUIRED)
+           && (get_Protocol() < PROTOCOL_NT1)) {
                exit_server_cleanly("SMB signing is required and "
                        "client negotiated a downlevel protocol");
        }