s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd

We talloc_move() session_info to session->global->auth_session_info
which sets session_info to NULL.

This means security_session_user_level(NULL, NULL) will always return
SECURITY_ANONYMOUS so we never sign the session setup response.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Nov 13 14:22:46 CET 2018 on sn-devel-144

diff --git a/selftest/knownfail.d/samba3.smb2 b/selftest/knownfail.d/samba3.smb2
deleted file mode 100644 (file)
index 7e96e67..0000000
--- a/selftest/knownfail.d/samba3.smb2
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.smb2.session krb5.expire1n\(ad_member\)

diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index fe5835b83f34c070c69a563d9ac260907214e142..5420d4f09bbdab4f6a4cc4ca5734fca0279a940e 100644 (file)
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -525,6 +525,10 @@ static NTSTATUS smbd_smb2_reauth_generic_return(struct smbXsrv_session *session,
 
        reload_services(smb2req->sconn, conn_snum_used, true);
 
+       if (security_session_user_level(session_info, NULL) >= SECURITY_USER) {
+               smb2req->do_signing = true;
+       }
+
        session->status = NT_STATUS_OK;
        TALLOC_FREE(session->global->auth_session_info);
        session->global->auth_session_info = talloc_move(session->global,
@@ -551,10 +555,6 @@ static NTSTATUS smbd_smb2_reauth_generic_return(struct smbXsrv_session *session,
 
        conn_clear_vuid_caches(xconn->client->sconn, session->compat->vuid);
 
-       if (security_session_user_level(session_info, NULL) >= SECURITY_USER) {
-               smb2req->do_signing = true;
-       }
-
        *out_session_id = session->global->session_wire_id;
 
        return NT_STATUS_OK;