s3-ntlmssp Remove auth_ntlmssp_update wrapper

[rusty/samba.git] / source3 / smbd / sesssetup.c

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 8b133b4a541e1c2df708c21a3b9e7d8ba4dfcb69..7729ff675b62de3e557e4e37e2b4a98f62dbd41f 100644 (file)
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -27,7 +27,7 @@
 #include "smbd/smbd.h"
 #include "smbd/globals.h"
 #include "../libcli/auth/spnego.h"
-#include "../libcli/auth/ntlmssp.h"
+#include "../auth/ntlmssp/ntlmssp.h"
 #include "ntlmssp_wrap.h"
 #include "../librpc/gen_ndr/krb5pac.h"
 #include "libads/kerberos_proto.h"
@@ -431,8 +431,9 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
        struct smbd_server_connection *sconn = req->sconn;
 
        if (NT_STATUS_IS_OK(nt_status)) {
-               nt_status = auth_ntlmssp_session_info(talloc_tos(),
-                                       (*auth_ntlmssp_state), &session_info);
+               nt_status = gensec_session_info((*auth_ntlmssp_state)->gensec_security,
+                                               talloc_tos(),
+                                               &session_info);
        }
 
        reply_outbuf(req, 4, 0);
@@ -643,8 +644,8 @@ static void reply_spnego_negotiate(struct smb_request *req,
                return;
        }
 
-       status = auth_ntlmssp_update(*auth_ntlmssp_state, talloc_tos(),
-                                       secblob, &chal);
+       status = gensec_update((*auth_ntlmssp_state)->gensec_security, talloc_tos(),
+                              NULL, secblob, &chal);
 
        data_blob_free(&secblob);
 
@@ -756,8 +757,8 @@ static void reply_spnego_auth(struct smb_request *req,
                }
        }
 
-       status = auth_ntlmssp_update(*auth_ntlmssp_state, talloc_tos(),
-                                    auth, &auth_reply);
+       status = gensec_update((*auth_ntlmssp_state)->gensec_security, talloc_tos(),
+                              NULL, auth, &auth_reply);
 
        data_blob_free(&auth);
 
@@ -1140,7 +1141,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
         * identical regardless.  In particular, both rely only on the
         * status code (not the contents of the packet) and do not
         * wrap the result */
-       if (sconn->use_gensec_hook || (blob1.length > 7 && strncmp((char *)(blob1.data), "NTLMSSP", 7) == 0)) {
+       if (sconn->use_gensec_hook || ntlmssp_blob_matches_magic(&blob1)) {
                DATA_BLOB chal;
 
                if (!vuser->auth_ntlmssp_state) {
@@ -1170,9 +1171,9 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
                        }
                }
 
-               status = auth_ntlmssp_update(vuser->auth_ntlmssp_state,
-                                            talloc_tos(),
-                                            blob1, &chal);
+               status = gensec_update(vuser->auth_ntlmssp_state->gensec_security,
+                                      talloc_tos(), NULL,
+                                      blob1, &chal);
 
                data_blob_free(&blob1);
 
@@ -1306,6 +1307,8 @@ void reply_sesssetup_and_X(struct smb_request *req)
        struct smbd_server_connection *sconn = req->sconn;
 
        bool doencrypt = sconn->smb1.negprot.encrypted_passwords;
+       bool signing_allowed = false;
+       bool signing_mandatory = false;
 
        START_PROFILE(SMBsesssetupX);
 
@@ -1315,6 +1318,22 @@ void reply_sesssetup_and_X(struct smb_request *req)
 
        DEBUG(3,("wct=%d flg2=0x%x\n", req->wct, req->flags2));
 
+       if (req->flags2 & FLAGS2_SMB_SECURITY_SIGNATURES) {
+               signing_allowed = true;
+       }
+       if (req->flags2 & FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED) {
+               signing_mandatory = true;
+       }
+
+       /*
+        * We can call srv_set_signing_negotiated() each time.
+        * It finds out when it needs to turn into a noop
+        * itself.
+        */
+       srv_set_signing_negotiated(req->sconn,
+                                  signing_allowed,
+                                  signing_mandatory);
+
        /* a SPNEGO session setup has 12 command words, whereas a normal
           NT1 session setup has 13. See the cifs spec. */
        if (req->wct == 12 &&