session_key_err = gensec_session_key(session->gensec, &session_key);
if (NT_STATUS_IS_OK(session_key_err)) {
- session->transport->signing.session_key = session_key;
+ session->session_key = session_key;
}
}
}
if (session->transport->signing.doing_signing) {
- if (session->transport->signing.session_key.length != 16) {
+ if (session->session_key.length != 16) {
DEBUG(2,("Wrong session key length %u for SMB2 signing\n",
- (unsigned)session->transport->signing.session_key.length));
+ (unsigned)session->session_key.length));
composite_error(c, NT_STATUS_ACCESS_DENIED);
return;
}
struct smb2_signing_context {
bool doing_signing;
bool signing_started;
- DATA_BLOB session_key;
};
/*
struct smb2_transport *transport;
struct gensec_security *gensec;
uint64_t uid;
+ DATA_BLOB session_key;
};
if (req == NULL) return NULL;
SBVAL(req->out.hdr, SMB2_HDR_SESSION_ID, tree->session->uid);
+ req->session = tree->session;
SSVAL(req->out.body, 0x02, io->in.reserved);
status = smb2_push_o16s16_string(&req->out, 0x04, io->in.path);
req->in.body_size = req->in.size - (SMB2_HDR_BODY+NBT_HDR_SIZE);
req->status = NT_STATUS(IVAL(hdr, SMB2_HDR_STATUS));
- if (transport->signing.signing_started &&
- transport->signing.doing_signing) {
+ if (req->session && transport->signing.doing_signing) {
status = smb2_check_signature(&req->in,
- transport->signing.session_key);
+ req->session->session_key);
if (!NT_STATUS_IS_OK(status)) {
/* the spec says to ignore packets with a bad signature */
talloc_free(buffer);
}
/* possibly sign the message */
- if (req->transport->signing.doing_signing &&
- req->transport->signing.signing_started) {
- status = smb2_sign_message(&req->out, req->transport->signing.session_key);
+ if (req->transport->signing.doing_signing &&
+ req->transport->signing.signing_started &&
+ req->session) {
+ status = smb2_sign_message(&req->out, req->session->session_key);
if (!NT_STATUS_IS_OK(status)) {
req->state = SMB2_REQUEST_ERROR;
req->status = status;