DATA_BLOB signing_key;
DATA_BLOB session_key;
bool should_sign;
+ bool channel_setup;
} smb2;
};
uint16_t charge;
uint16_t credits;
uint64_t mid;
+ bool should_sign = false;
if (!tevent_req_is_in_progress(reqs[i])) {
return NT_STATUS_INTERNAL_ERROR;
}
nbt_len += reqlen;
- if (state->session && state->session->smb2.should_sign) {
+ if (state->session) {
+ should_sign = state->session->smb2.should_sign;
+ if (state->session->smb2.channel_setup) {
+ should_sign = true;
+ }
+ }
+
+ if (should_sign) {
NTSTATUS status;
status = smb2_signing_sign_pdu(state->session->smb2.signing_key,
uint32_t new_credits;
struct smbXcli_session *session = NULL;
const DATA_BLOB *signing_key = NULL;
+ bool should_sign = false;
new_credits = conn->smb2.cur_credits;
new_credits += credits;
}
last_session = session;
- if (session && session->smb2.should_sign) {
+ if (session) {
+ should_sign = session->smb2.should_sign;
+ if (session->smb2.channel_setup) {
+ should_sign = true;
+ }
+ }
+
+ if (should_sign) {
if (!(flags & SMB2_HDR_FLAG_SIGNED)) {
return NT_STATUS_ACCESS_DENIED;
}
} else {
signing_key = session_key;
}
+ if (session->smb2.channel_setup) {
+ signing_key = session_key;
+ }
status = smb2_signing_check_pdu(signing_key, recv_iov, 3);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- session->smb2.session_key = data_blob_dup_talloc(session, session_key);
- if (session->smb2.session_key.data == NULL) {
- return NT_STATUS_NO_MEMORY;
+ if (!session->smb2.channel_setup) {
+ session->smb2.session_key = data_blob_dup_talloc(session,
+ session_key);
+ if (session->smb2.session_key.data == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ if (session->smb2.channel_setup) {
+ data_blob_free(&session->smb2.signing_key);
+ session->smb2.channel_setup = false;
}
if (session->smb2.signing_key.length > 0) {
return NT_STATUS_OK;
}
+
+NTSTATUS smb2cli_session_create_channel(TALLOC_CTX *mem_ctx,
+ struct smbXcli_session *session1,
+ struct smbXcli_conn *conn,
+ struct smbXcli_session **_session2)
+{
+ struct smbXcli_session *session2;
+ uint16_t no_sign_flags;
+
+ no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST | SMB2_SESSION_FLAG_IS_NULL;
+
+ if (session1->smb2.session_flags & no_sign_flags) {
+ return NT_STATUS_INVALID_PARAMETER_MIX;
+ }
+
+ if (session1->smb2.session_key.length == 0) {
+ return NT_STATUS_INVALID_PARAMETER_MIX;
+ }
+
+ if (session1->smb2.signing_key.length == 0) {
+ return NT_STATUS_INVALID_PARAMETER_MIX;
+ }
+
+ if (conn == NULL) {
+ return NT_STATUS_INVALID_PARAMETER_MIX;
+ }
+
+ session2 = talloc_zero(mem_ctx, struct smbXcli_session);
+ if (session2 == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ session2->smb2.session_id = session1->smb2.session_id;
+ session2->smb2.session_flags = session1->smb2.session_flags;
+
+ session2->smb2.session_key = data_blob_dup_talloc(session2,
+ session1->smb2.session_key);
+ if (session2->smb2.session_key.data == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ session2->smb2.signing_key = data_blob_dup_talloc(session2,
+ session1->smb2.signing_key);
+ if (session2->smb2.signing_key.data == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ session2->smb2.should_sign = session1->smb2.should_sign;
+ session2->smb2.channel_setup = true;
+
+ talloc_set_destructor(session2, smbXcli_session_destructor);
+ DLIST_ADD_END(conn->sessions, session2, struct smbXcli_session *);
+ session2->conn = conn;
+
+ *_session2 = session2;
+ return NT_STATUS_OK;
+}
git.samba.org / metze / samba / wip.git / commitdiff