svn commit: samba r12115 - in branches/SAMBA_4_0/source/smb_server/smb: .

Wed Dec 7 08:11:51 GMT 2005

Author: metze
Date: 2005-12-07 08:11:50 +0000 (Wed, 07 Dec 2005)
New Revision: 12115

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12115

Log:
bring SMB sesssetup_spnego in sync with SMB2 sesssetup

metze
Modified:
   branches/SAMBA_4_0/source/smb_server/smb/sesssetup.c


Changeset:
Modified: branches/SAMBA_4_0/source/smb_server/smb/sesssetup.c
===================================================================

--- branches/SAMBA_4_0/source/smb_server/smb/sesssetup.c	2005-12-07 07:28:43 UTC (rev 12114)
+++ branches/SAMBA_4_0/source/smb_server/smb/sesssetup.c	2005-12-07 08:11:50 UTC (rev 12115)
@@ -246,10 +246,11 @@
 */
 static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *sess)
 {
-	NTSTATUS status = NT_STATUS_ACCESS_DENIED;
-	struct smbsrv_session *smb_sess;
-	struct gensec_security *gensec_ctx;
+	NTSTATUS status;
+	NTSTATUS skey_status;
+	struct smbsrv_session *smb_sess = NULL;
 	struct auth_session_info *session_info = NULL;
+	DATA_BLOB session_key;
 	uint16_t vuid;
 
 	sess->spnego.out.vuid = 0;
@@ -266,10 +267,12 @@
 	}
 
 	vuid = SVAL(req->in.hdr,HDR_UID);
+
+	/* lookup an existing session */
 	smb_sess = smbsrv_session_find_sesssetup(req->smb_conn, vuid);
-	if (smb_sess) {
-		gensec_ctx = smb_sess->gensec_ctx;
-	} else {
+	if (!smb_sess) {
+		struct gensec_security *gensec_ctx;
+
 		status = gensec_server_start(req, &gensec_ctx,
 					     req->smb_conn->connection->event.ctx);
 		if (!NT_STATUS_IS_OK(status)) {
@@ -289,55 +292,57 @@
 			return status;
 		}
 
+		/* allocate a new session */
 		smb_sess = smbsrv_session_new(req->smb_conn, gensec_ctx);
-		if (!smb_sess) {
-			return NT_STATUS_ACCESS_DENIED;
-		}
 	}
 
-	status = gensec_update(gensec_ctx, req, sess->spnego.in.secblob, &sess->spnego.out.secblob);
-	if (NT_STATUS_IS_OK(status)) {
-		DATA_BLOB session_key;
-		
-		status = gensec_session_info(gensec_ctx, &session_info);
-		if (!NT_STATUS_IS_OK(status)) {
-			talloc_free(smb_sess);
-			return status;
-		}
-		
-		status = gensec_session_key(gensec_ctx, 
-					    &session_key);
-/* TODO: what if getting the session key failed? */
-		if (NT_STATUS_IS_OK(status) 
-		    && session_info->server_info->authenticated
-		    && srv_setup_signing(req->smb_conn, &session_key, NULL)) {
-			/* Force check of the request packet, now we know the session key */
-			req_signing_check_incoming(req);
+	if (!smb_sess) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
 
-			srv_signing_restart(req->smb_conn, &session_key, NULL);
-		}
+	if (!smb_sess->gensec_ctx) {
+		status = NT_STATUS_INTERNAL_ERROR;
+		DEBUG(1, ("Internal ERROR: no gensec_ctx on session: %s\n", nt_errstr(status)));
+		goto failed;
+	}
 
-	} else if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-	} else {
-		status = auth_nt_status_squash(status);
-		
-		/* This invalidates the VUID of the failed login */
-		talloc_free(smb_sess);
+	status = gensec_update(smb_sess->gensec_ctx, req, sess->spnego.in.secblob, &sess->spnego.out.secblob);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+		sess->spnego.out.vuid = smb_sess->vuid;
 		return status;
+	} else if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
 	}
-		
-	if (NT_STATUS_IS_OK(status)) {
-		/* Ensure this is marked as a 'real' vuid, not one
-		 * simply valid for the session setup leg */
-		status = smbsrv_session_sesssetup_finished(smb_sess, session_info);
-		if (!NT_STATUS_IS_OK(status)) {
-			return auth_nt_status_squash(status);
-		}
-		req->session = smb_sess;
+
+	status = gensec_session_info(smb_sess->gensec_ctx, &session_info);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
 	}
+
+	skey_status = gensec_session_key(smb_sess->gensec_ctx, &session_key);
+	if (NT_STATUS_IS_OK(skey_status) &&
+	    session_info->server_info->authenticated &&
+	    srv_setup_signing(req->smb_conn, &session_key, NULL)) {
+		/* Force check of the request packet, now we know the session key */
+		req_signing_check_incoming(req);
+
+		srv_signing_restart(req->smb_conn, &session_key, NULL);
+	}
+
+	/* Ensure this is marked as a 'real' vuid, not one
+	 * simply valid for the session setup leg */
+	status = smbsrv_session_sesssetup_finished(smb_sess, session_info);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto failed;
+	}
+	req->session = smb_sess;
+
 	sess->spnego.out.vuid = smb_sess->vuid;
+	return NT_STATUS_OK;
 
-	return status;
+failed:
+	talloc_free(smb_sess);
+	return auth_nt_status_squash(status);
 }
 
 /*

