server prepare...

diff --git a/source/smb_server/smb/receive.c b/source/smb_server/smb/receive.c
index 0afa3a652d5d02486fe4da10490c237b8325fa55..fd2810e54a3810cbc98bce3b704e654075b0c5c4 100644 (file)
--- a/source/smb_server/smb/receive.c
+++ b/source/smb_server/smb/receive.c
@@ -442,11 +442,6 @@ NTSTATUS smbsrv_recv_smb_request(void *private, DATA_BLOB blob)
        /* fix the bufinfo */
        smbsrv_setup_bufinfo(req);
 
-       if (!smbsrv_signing_check_incoming(req)) {
-               smbsrv_send_error(req, NT_STATUS_ACCESS_DENIED);
-               return NT_STATUS_OK;
-       }
-
        command = CVAL(req->in.hdr, HDR_COM);
        switch_message(command, req);
        return NT_STATUS_OK;
@@ -483,14 +478,19 @@ static void switch_message(int type, struct smbsrv_request *req)
 
        errno = 0;
 
+       flags = smb_messages[type].flags;
+
+       if (!smbsrv_signing_check_incoming(req, (flags & SIGNING_NO_REPLY))) {
+               smbsrv_send_error(req, NT_STATUS_ACCESS_DENIED);
+               return;
+       }
+
        if (smb_messages[type].fn == NULL) {
                DEBUG(0,("Unknown message type %d!\n",type));
                smbsrv_reply_unknown(req);
                return;
        }
 
-       flags = smb_messages[type].flags;
-
        req->tcon = smbsrv_smb_tcon_find(smb_conn, SVAL(req->in.hdr,HDR_TID), req->request_time);
 
        if (!req->session) {
@@ -511,11 +511,6 @@ static void switch_message(int type, struct smbsrv_request *req)
        DEBUG(5,("switch message %s (task_id %u)\n",
                 smb_fn_name(type), (unsigned)req->smb_conn->connection->server_id.id));
 
-       /* this must be called before we do any reply */
-       if (flags & SIGNING_NO_REPLY) {
-               smbsrv_signing_no_reply(req);
-       }
-
        /* see if the vuid is valid */
        if ((flags & NEED_SESS) && !req->session) {
                status = NT_STATUS_DOS(ERRSRV, ERRbaduid);

diff --git a/source/smb_server/smb/sesssetup.c b/source/smb_server/smb/sesssetup.c
index c6e4055b62046eaaadbc32b6d3220157db5b9d44..45dabf349f58ca595a16ac9963e9551fe249d3e5 100644 (file)
--- a/source/smb_server/smb/sesssetup.c
+++ b/source/smb_server/smb/sesssetup.c
@@ -194,7 +194,7 @@ static void sesssetup_nt1_send(struct auth_check_password_request *areq,
        }
 
        /* Force check of the request packet, now we know the session key */
-       if (!smbsrv_signing_check_incoming(req)) {
+       if (!smbsrv_signing_check_incoming(req, false)) {
                status = NT_STATUS_ACCESS_DENIED;
                goto failed;
        }
@@ -326,7 +326,7 @@ static void sesssetup_spnego_send(struct gensec_update_request *greq, void *priv
        if (NT_STATUS_IS_OK(skey_status) &&
            smbsrv_setup_signing(req->smb_conn, &session_key, NULL)) {
                /* Force check of the request packet, now we know the session key */
-               if (!smbsrv_signing_check_incoming(req)) {
+               if (!smbsrv_signing_check_incoming(req, false)) {
                        status = NT_STATUS_ACCESS_DENIED;
                        goto failed;
                }

diff --git a/source/smb_server/smb/signing.c b/source/smb_server/smb/signing.c
index 77f40abc9f4cb79987a8bacb7e2809d80326b1b9..b103bbcd60530fd1f4996c9a06c3ac8ca00727f4 100644 (file)
--- a/source/smb_server/smb/signing.c
+++ b/source/smb_server/smb/signing.c
@@ -159,11 +159,15 @@ void smbsrv_signing_no_reply(struct smbsrv_request *req)
  * @return false if we had an established signing connection
  *         which had a back checksum, true otherwise
  */
-bool smbsrv_signing_check_incoming(struct smbsrv_request *req)
+bool smbsrv_signing_check_incoming(struct smbsrv_request *req,
+                                  bool single_increment)
 {
        bool good;
 
        req_signing_alloc_seq_num(req);
+       if (single_increment) {
+               smbsrv_signing_no_reply(req);
+       }
 
        switch (req->smb_conn->signing.signing_state) 
        {