From 3b3841f1725500176b740a971bc81ebb1e21706f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 25 Apr 2012 19:36:20 +0200 Subject: [PATCH] REAUTH smb1 reauth server --- source3/smbd/sesssetup.c | 65 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 62 insertions(+), 3 deletions(-) diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 7d773517623c..50fba7147f21 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -203,9 +203,13 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) reply_force_doserror(req, ERRSRV, ERRbaduid); return; } + if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED)) { + status = NT_STATUS_OK; + } if (NT_STATUS_IS_OK(status)) { - reply_nterror(req, NT_STATUS_REQUEST_NOT_ACCEPTED); - return; + session->status = NT_STATUS_MORE_PROCESSING_REQUIRED; + status = NT_STATUS_MORE_PROCESSING_REQUIRED; + TALLOC_FREE(session->gensec); } if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { reply_nterror(req, nt_status_squash(status)); @@ -257,7 +261,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) return; } - if (NT_STATUS_IS_OK(status)) { + if (NT_STATUS_IS_OK(status) && session->global->auth_session_info == NULL) { struct auth_session_info *session_info = NULL; status = gensec_session_info(session->gensec, @@ -326,6 +330,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) session->global->auth_session_info_seqnum += 1; session->global->channels[0].auth_session_info_seqnum = session->global->auth_session_info_seqnum; + session->global->expiration_time = gensec_expire_time(session->gensec); status = smbXsrv_session_update(session); if (!NT_STATUS_IS_OK(status)) { @@ -337,6 +342,60 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) return; } + /* current_user_info is changed on new vuid */ + reload_services(sconn, conn_snum_used, true); + } else if (NT_STATUS_IS_OK(status)) { + struct auth_session_info *session_info = NULL; + + status = gensec_session_info(session->gensec, + session, + &session_info); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1,("Failed to generate session_info " + "(user and group token) for session setup: %s\n", + nt_errstr(status))); + data_blob_free(&out_blob); + TALLOC_FREE(session); + reply_nterror(req, nt_status_squash(status)); + return; + } + + if (security_session_user_level(session_info, NULL) < SECURITY_USER) { + action = 1; + } + + session->compat->session_info = session_info; + session->compat->vuid = session->global->session_wire_id; + + if (security_session_user_level(session_info, NULL) >= SECURITY_USER) { + session->compat->homes_snum = + register_homes_share(session_info->unix_info->unix_name); + } + + set_current_user_info(session_info->unix_info->sanitized_username, + session_info->unix_info->unix_name, + session_info->info->domain_name); + + session->status = NT_STATUS_OK; + TALLOC_FREE(session->global->auth_session_info); + session->global->auth_session_info = session_info; + session->global->auth_session_info_seqnum += 1; + session->global->channels[0].auth_session_info_seqnum = + session->global->auth_session_info_seqnum; + session->global->expiration_time = gensec_expire_time(session->gensec); + + status = smbXsrv_session_update(session); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("smb1: Failed to update session for vuid=%d - %s\n", + session->compat->vuid, nt_errstr(status))); + data_blob_free(&out_blob); + TALLOC_FREE(session); + reply_nterror(req, NT_STATUS_LOGON_FAILURE); + return; + } + + conn_clear_vuid_caches(sconn, session->compat->vuid); + /* current_user_info is changed on new vuid */ reload_services(sconn, conn_snum_used, true); } -- 2.34.1