#include "../libcli/security/security.h"
#include "auth/gensec/gensec.h"
#include "lib/conn_tdb.h"
+#include "../libcli/smb/smb_signing.h"
/****************************************************************************
Add the standard 'Samba' signature to the end of the session setup.
enum remote_arch_types ra_type = get_remote_arch();
uint64_t vuid = req->vuid;
NTSTATUS status = NT_STATUS_OK;
+ struct smbXsrv_connection *xconn = req->xconn;
struct smbd_server_connection *sconn = req->sconn;
- struct smbXsrv_connection *xconn = sconn->conn;
uint16_t action = 0;
NTTIME now = timeval_to_nttime(&req->request_time);
struct smbXsrv_session *session = NULL;
}
if (vuid != 0) {
- status = smb1srv_session_lookup(sconn->conn,
+ status = smb1srv_session_lookup(xconn,
vuid, now,
&session);
if (NT_STATUS_EQUAL(status, NT_STATUS_USER_SESSION_DELETED)) {
if (session == NULL) {
/* create a new session */
- status = smbXsrv_session_create(sconn->conn,
+ status = smbXsrv_session_create(xconn,
now, &session);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, nt_status_squash(status));
}
if (!session->gensec) {
- status = auth_generic_prepare(session, sconn->remote_address,
+ status = auth_generic_prepare(session, xconn->remote_address,
&session->gensec);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(session);
return;
}
- if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
- action = 1;
+ if (security_session_user_level(session_info, NULL) == SECURITY_GUEST) {
+ action |= SMB_SETUP_GUEST;
}
if (session_info->session_key.length > 0) {
session->global->auth_session_info_seqnum += 1;
session->global->channels[0].auth_session_info_seqnum =
session->global->auth_session_info_seqnum;
+ session->global->auth_time = now;
if (client_caps & CAP_DYNAMIC_REAUTH) {
session->global->expiration_time =
gensec_expire_time(session->gensec);
return;
}
- if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
- action = 1;
+ if (security_session_user_level(session_info, NULL) == SECURITY_GUEST) {
+ action |= SMB_SETUP_GUEST;
}
/*
session->global->auth_session_info_seqnum += 1;
session->global->channels[0].auth_session_info_seqnum =
session->global->auth_session_info_seqnum;
+ session->global->auth_time = now;
if (client_caps & CAP_DYNAMIC_REAUTH) {
session->global->expiration_time =
gensec_expire_time(session->gensec);
NTTIME now = timeval_to_nttime(&req->request_time);
struct smbXsrv_session *session = NULL;
NTSTATUS nt_status;
+ struct smbXsrv_connection *xconn = req->xconn;
struct smbd_server_connection *sconn = req->sconn;
- struct smbXsrv_connection *xconn = sconn->conn;
bool doencrypt = xconn->smb1.negprot.encrypted_passwords;
bool signing_allowed = false;
- bool signing_mandatory = false;
+ bool signing_mandatory = smb_signing_is_mandatory(
+ xconn->smb1.signing_state);
START_PROFILE(SMBsesssetupX);
/* perhaps grab OS version here?? */
}
- if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
- action = 1;
+ if (security_session_user_level(session_info, NULL) == SECURITY_GUEST) {
+ action |= SMB_SETUP_GUEST;
}
/* register the name and uid as being validated, so further connections
to a uid can get through without a password, on the same VC */
- nt_status = smbXsrv_session_create(sconn->conn,
+ nt_status = smbXsrv_session_create(xconn,
now, &session);
if (!NT_STATUS_IS_OK(nt_status)) {
data_blob_free(&nt_resp);
session->global->auth_session_info_seqnum += 1;
session->global->channels[0].auth_session_info_seqnum =
session->global->auth_session_info_seqnum;
+ session->global->auth_time = now;
session->global->expiration_time = GENSEC_EXPIRE_TIME_INFINITY;
nt_status = smbXsrv_session_update(session);