From 2265e4633a5b37ded755f6c964cb4d3a6f67a350 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 2 Aug 2012 18:47:48 +0200
Subject: [PATCH] s3:smbd: setup session->global->signing_/application_key
 during old SMB1 session setups

metze
---
 source3/smbd/sesssetup.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 60 insertions(+), 2 deletions(-)

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index ad68c2663cc..003e4952f2d 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -905,6 +905,61 @@ void reply_sesssetup_and_X(struct smb_request *req)
 		return;
 	}
 
+	if (session_info->session_key.length > 0) {
+		uint8_t session_key[16];
+
+		/*
+		 * Note: the SMB1 signing key is not truncated to 16 byte!
+		 */
+		session->global->signing_key =
+			data_blob_dup_talloc(session->global,
+					     session_info->session_key);
+		if (session->global->signing_key.data == NULL) {
+			data_blob_free(&nt_resp);
+			data_blob_free(&lm_resp);
+			TALLOC_FREE(session);
+			reply_nterror(req, NT_STATUS_NO_MEMORY);
+			END_PROFILE(SMBsesssetupX);
+			return;
+		}
+
+		/*
+		 * The application key is truncated/padded to 16 bytes
+		 */
+		ZERO_STRUCT(session_key);
+		memcpy(session_key, session->global->signing_key.data,
+		       MIN(session->global->signing_key.length,
+			   sizeof(session_key)));
+		session->global->application_key =
+			data_blob_talloc(session->global,
+					 session_key,
+					 sizeof(session_key));
+		ZERO_STRUCT(session_key);
+		if (session->global->application_key.data == NULL) {
+			data_blob_free(&nt_resp);
+			data_blob_free(&lm_resp);
+			TALLOC_FREE(session);
+			reply_nterror(req, NT_STATUS_NO_MEMORY);
+			END_PROFILE(SMBsesssetupX);
+			return;
+		}
+
+		/*
+		 * Place the application key into the session_info
+		 */
+		data_blob_clear_free(&session_info->session_key);
+		session_info->session_key = data_blob_dup_talloc(session_info,
+						session->global->application_key);
+		if (session_info->session_key.data == NULL) {
+			data_blob_free(&nt_resp);
+			data_blob_free(&lm_resp);
+			TALLOC_FREE(session);
+			reply_nterror(req, NT_STATUS_NO_MEMORY);
+			END_PROFILE(SMBsesssetupX);
+			return;
+		}
+	}
+
 	session->compat = talloc_zero(session, struct user_struct);
 	if (session->compat == NULL) {
 		data_blob_free(&nt_resp);
@@ -938,13 +993,16 @@ void reply_sesssetup_and_X(struct smb_request *req)
 		return;
 	}
 
-	if (srv_is_signing_negotiated(sconn) && action == 0) {
+	if (srv_is_signing_negotiated(sconn) &&
+	    action == 0 &&
+	    session->global->signing_key.length > 0)
+	{
 		/*
 		 * Try and turn on server signing on the first non-guest
 		 * sessionsetup.
 		 */
 		srv_set_signing(sconn,
-			session_info->session_key,
+			session->global->signing_key,
 			nt_resp.data ? nt_resp : lm_resp);
 	}
 
-- 
2.11.4.GIT