The branch, master has been updated
via 615c41c libcli/smb/smb2_signing: pass down 'protocol' to
smb2_signing_[sign|check]_pdu()
via 7309e11 libcli/smb/smb2_signing: rename session_key to signing_key
via 910251e libcli/smb/smbXcli: remove unused if statement from
smb2cli_conn_dispatch_incoming()
via b7684f2 s4:libcli/smb2: remove unused 'session_key' from struct
smb2_session
via 07b1de9 s4:librpc/dcerpc_smb2: make use of
smb2cli_session_application_key()
via a1ef9c7 libcli/smb/smbXcli: add smb2cli_session_application_key()
via aa4331b libcli/smb/smbXcli: maintain smb2 channel_signing_key
separate from the signing_key
via b93f6ac libcli/smb/smbXcli: remove unused checks from
smb2cli_session_create_channel()
via 18cd0b7 s3:torture/test_smb2: remove explicit
smb2_signing_check_pdu()
via c45cb33 s3:torture/test_smb2: a reauth doesn't update the
session/signing key
via 229128f lib/crypto: fix hmac_sha256_final() prototype
from 8a0e420 dbwrap: changed log level for information about lock order
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 615c41ce128233c90bc77fc413fdcdc92c1cad50
Author: Stefan Metzmacher <[email protected]>
Date: Mon Feb 27 09:29:53 2012 +0100
libcli/smb/smb2_signing: pass down 'protocol' to
smb2_signing_[sign|check]_pdu()
metze
Autobuild-User: Stefan Metzmacher <[email protected]>
Autobuild-Date: Mon Feb 27 14:26:32 CET 2012 on sn-devel-104
commit 7309e11ad58eb562859190ce99cb51ecbacbc540
Author: Stefan Metzmacher <[email protected]>
Date: Mon Feb 27 09:27:51 2012 +0100
libcli/smb/smb2_signing: rename session_key to signing_key
metze
commit 910251e8ed89c3ffe769a1007ec197c9c58805b3
Author: Stefan Metzmacher <[email protected]>
Date: Mon Feb 27 09:24:38 2012 +0100
libcli/smb/smbXcli: remove unused if statement from
smb2cli_conn_dispatch_incoming()
metze
commit b7684f2ac65e308dd2f159d81d6326491c8f557a
Author: Stefan Metzmacher <[email protected]>
Date: Mon Feb 27 09:20:20 2012 +0100
s4:libcli/smb2: remove unused 'session_key' from struct smb2_session
metze
commit 07b1de98cd50f061f410b36043efcf13210caf6b
Author: Stefan Metzmacher <[email protected]>
Date: Mon Feb 27 09:16:28 2012 +0100
s4:librpc/dcerpc_smb2: make use of smb2cli_session_application_key()
metze
commit a1ef9c761a6ccc16d6b1193ebcb95fa4493ac1ed
Author: Stefan Metzmacher <[email protected]>
Date: Mon Feb 27 09:03:54 2012 +0100
libcli/smb/smbXcli: add smb2cli_session_application_key()
metze
commit aa4331be9e6e3db3bd14c9abd024e95f6aec8bdb
Author: Stefan Metzmacher <[email protected]>
Date: Mon Feb 27 08:48:55 2012 +0100
libcli/smb/smbXcli: maintain smb2 channel_signing_key separate from the
signing_key
The signing_key is fix across all channels and is used for session setups
on a channel binding.
Note:
- the last session setup response is signed with the new channel signing
key.
- the reauth session setups are signed with the channel signing key.
It's also not needed to remember the main session key.
metze
commit b93f6ac79c431e4effb3905824bcaef5cbe5e85a
Author: Stefan Metzmacher <[email protected]>
Date: Mon Feb 27 09:58:53 2012 +0100
libcli/smb/smbXcli: remove unused checks from
smb2cli_session_create_channel()
metze
commit 18cd0b789e5e9c4108353c4a6762f05f4db788a8
Author: Stefan Metzmacher <[email protected]>
Date: Mon Feb 27 09:18:33 2012 +0100
s3:torture/test_smb2: remove explicit smb2_signing_check_pdu()
smb2cli_session_set_session_key() already checks the signature
and that function really knows the signing key.
metze
commit c45cb3353be7ec2ddaf38d859a24a02163e88a1b
Author: Stefan Metzmacher <[email protected]>
Date: Mon Feb 27 11:52:50 2012 +0100
s3:torture/test_smb2: a reauth doesn't update the session/signing key
metze
commit 229128f7e14b215787eb8d80851e953f324b4012
Author: Stefan Metzmacher <[email protected]>
Date: Wed Feb 22 09:01:10 2012 +0100
lib/crypto: fix hmac_sha256_final() prototype
metze
-----------------------------------------------------------------------
Summary of changes:
lib/crypto/hmacsha256.h | 2 +-
libcli/smb/smb2_signing.c | 16 ++--
libcli/smb/smb2_signing.h | 6 +-
libcli/smb/smbXcli_base.c | 223 ++++++++++++++++++++++++++------------
libcli/smb/smbXcli_base.h | 12 ++-
libcli/smb/smb_common.h | 2 +-
source3/libsmb/cliconnect.c | 4 +-
source3/smbd/smb2_server.c | 4 +
source3/torture/test_smb2.c | 43 ++------
source4/libcli/smb2/session.c | 12 ++-
source4/libcli/smb2/smb2.h | 1 -
source4/librpc/rpc/dcerpc_smb2.c | 15 +++-
12 files changed, 215 insertions(+), 125 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/crypto/hmacsha256.h b/lib/crypto/hmacsha256.h
index 8960c63..d9ecac7 100644
--- a/lib/crypto/hmacsha256.h
+++ b/lib/crypto/hmacsha256.h
@@ -33,6 +33,6 @@ struct HMACSHA256Context {
void hmac_sha256_init(const uint8_t *key, size_t key_len, struct
HMACSHA256Context *ctx);
void hmac_sha256_update(const uint8_t *data, size_t data_len, struct
HMACSHA256Context *ctx);
-void hmac_sha256_final(uint8_t digest[20], struct HMACSHA256Context *ctx);
+void hmac_sha256_final(uint8_t digest[SHA256_DIGEST_LENGTH], struct
HMACSHA256Context *ctx);
#endif /* _HMAC_SHA256_H */
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index 3687ace..3017277 100644
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -23,7 +23,8 @@
#include "../libcli/smb/smb_common.h"
#include "../lib/crypto/crypto.h"
-NTSTATUS smb2_signing_sign_pdu(DATA_BLOB session_key,
+NTSTATUS smb2_signing_sign_pdu(DATA_BLOB signing_key,
+ enum protocol_types protocol,
struct iovec *vector,
int count)
{
@@ -52,9 +53,9 @@ NTSTATUS smb2_signing_sign_pdu(DATA_BLOB session_key,
return NT_STATUS_OK;
}
- if (session_key.length == 0) {
+ if (signing_key.length == 0) {
DEBUG(2,("Wrong session key length %u for SMB2 signing\n",
- (unsigned)session_key.length));
+ (unsigned)signing_key.length));
return NT_STATUS_ACCESS_DENIED;
}
@@ -63,7 +64,7 @@ NTSTATUS smb2_signing_sign_pdu(DATA_BLOB session_key,
SIVAL(hdr, SMB2_HDR_FLAGS, IVAL(hdr, SMB2_HDR_FLAGS) |
SMB2_HDR_FLAG_SIGNED);
ZERO_STRUCT(m);
- hmac_sha256_init(session_key.data, MIN(session_key.length, 16), &m);
+ hmac_sha256_init(signing_key.data, MIN(signing_key.length, 16), &m);
for (i=0; i < count; i++) {
hmac_sha256_update((const uint8_t *)vector[i].iov_base,
vector[i].iov_len, &m);
@@ -76,7 +77,8 @@ NTSTATUS smb2_signing_sign_pdu(DATA_BLOB session_key,
return NT_STATUS_OK;
}
-NTSTATUS smb2_signing_check_pdu(DATA_BLOB session_key,
+NTSTATUS smb2_signing_check_pdu(DATA_BLOB signing_key,
+ enum protocol_types protocol,
const struct iovec *vector,
int count)
{
@@ -107,7 +109,7 @@ NTSTATUS smb2_signing_check_pdu(DATA_BLOB session_key,
return NT_STATUS_OK;
}
- if (session_key.length == 0) {
+ if (signing_key.length == 0) {
/* we don't have the session key yet */
return NT_STATUS_OK;
}
@@ -115,7 +117,7 @@ NTSTATUS smb2_signing_check_pdu(DATA_BLOB session_key,
sig = hdr+SMB2_HDR_SIGNATURE;
ZERO_STRUCT(m);
- hmac_sha256_init(session_key.data, MIN(session_key.length, 16), &m);
+ hmac_sha256_init(signing_key.data, MIN(signing_key.length, 16), &m);
hmac_sha256_update(hdr, SMB2_HDR_SIGNATURE, &m);
hmac_sha256_update(zero_sig, 16, &m);
for (i=1; i < count; i++) {
diff --git a/libcli/smb/smb2_signing.h b/libcli/smb/smb2_signing.h
index 3c3e0c2..ba2b1ca 100644
--- a/libcli/smb/smb2_signing.h
+++ b/libcli/smb/smb2_signing.h
@@ -23,11 +23,13 @@
struct iovec;
-NTSTATUS smb2_signing_sign_pdu(DATA_BLOB session_key,
+NTSTATUS smb2_signing_sign_pdu(DATA_BLOB signing_key,
+ enum protocol_types protocol,
struct iovec *vector,
int count);
-NTSTATUS smb2_signing_check_pdu(DATA_BLOB session_key,
+NTSTATUS smb2_signing_check_pdu(DATA_BLOB signing_key,
+ enum protocol_types protocol,
const struct iovec *vector,
int count);
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index df01457..f47659d 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -133,10 +133,10 @@ struct smbXcli_session {
struct {
uint64_t session_id;
uint16_t session_flags;
+ DATA_BLOB application_key;
DATA_BLOB signing_key;
- DATA_BLOB session_key;
bool should_sign;
- bool channel_setup;
+ DATA_BLOB channel_signing_key;
} smb2;
};
@@ -2495,7 +2495,7 @@ NTSTATUS smb2cli_req_compound_submit(struct tevent_req
**reqs,
uint16_t charge;
uint16_t credits;
uint64_t mid;
- bool should_sign = false;
+ const DATA_BLOB *signing_key = NULL;
if (!tevent_req_is_in_progress(reqs[i])) {
return NT_STATUS_INTERNAL_ERROR;
@@ -2587,16 +2587,43 @@ skip_credits:
nbt_len += reqlen;
if (state->session) {
- should_sign = state->session->smb2.should_sign;
- if (state->session->smb2.channel_setup) {
+ bool should_sign = state->session->smb2.should_sign;
+
+ if (opcode == SMB2_OP_SESSSETUP &&
+ state->session->smb2.signing_key.length != 0) {
should_sign = true;
}
+
+ /*
+ * We prefer the channel signing key if it is
+ * already there.
+ */
+ if (should_sign) {
+ signing_key =
&state->session->smb2.channel_signing_key;
+ }
+
+ /*
+ * If it is a channel binding, we already have the main
+ * signing key and try that one.
+ */
+ if (signing_key && signing_key->length == 0) {
+ signing_key = &state->session->smb2.signing_key;
+ }
+
+ /*
+ * If we do not have any session key yet, we skip the
+ * signing of SMB2_OP_SESSSETUP requests.
+ */
+ if (signing_key && signing_key->length == 0) {
+ signing_key = NULL;
+ }
}
- if (should_sign) {
+ if (signing_key) {
NTSTATUS status;
- status =
smb2_signing_sign_pdu(state->session->smb2.signing_key,
+ status = smb2_signing_sign_pdu(*signing_key,
+
state->session->conn->protocol,
&iov[hdr_iov], num_iov -
hdr_iov);
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -2900,7 +2927,8 @@ static NTSTATUS smb2cli_conn_dispatch_incoming(struct
smbXcli_conn *conn,
if (session) {
should_sign = session->smb2.should_sign;
- if (session->smb2.channel_setup) {
+ if (opcode == SMB2_OP_SESSSETUP &&
+ session->smb2.signing_key.length != 0) {
should_sign = true;
}
}
@@ -2933,17 +2961,39 @@ static NTSTATUS smb2cli_conn_dispatch_incoming(struct
smbXcli_conn *conn,
}
last_session = session;
- signing_key = &session->smb2.signing_key;
+ signing_key = &session->smb2.channel_signing_key;
}
- if ((opcode == SMB2_OP_SESSSETUP) &&
- NT_STATUS_IS_OK(status)) {
+ if (opcode == SMB2_OP_SESSSETUP) {
/*
- * the caller has to check the signing
- * as only the caller knows the correct
- * session key
+ * We prefer the channel signing key, if it is
+ * already there.
+ *
+ * If we do not have a channel signing key yet,
+ * we try the main signing key, if it is not
+ * the final response.
*/
- signing_key = NULL;
+ if (signing_key && signing_key->length == 0 &&
+ !NT_STATUS_IS_OK(status)) {
+ signing_key = &session->smb2.signing_key;
+ }
+
+ if (signing_key && signing_key->length == 0) {
+ /*
+ * If we do not have a session key to
+ * verify the signature, we defer the
+ * signing check to the caller.
+ *
+ * The caller gets NT_STATUS_OK, it
+ * has to call
+ * smb2cli_session_set_session_key()
+ * or
+ * smb2cli_session_set_channel_key()
+ * which will check the signature
+ * with the channel signing key.
+ */
+ signing_key = NULL;
+ }
}
if (NT_STATUS_EQUAL(status, NT_STATUS_USER_SESSION_DELETED)) {
@@ -2953,9 +3003,7 @@ static NTSTATUS smb2cli_conn_dispatch_incoming(struct
smbXcli_conn *conn,
* propagate the NT_STATUS_USER_SESSION_DELETED
* status to the caller.
*/
- if (signing_key) {
- signing_key = NULL;
- }
+ signing_key = NULL;
}
if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_NAME_DELETED) ||
@@ -2999,7 +3047,9 @@ static NTSTATUS smb2cli_conn_dispatch_incoming(struct
smbXcli_conn *conn,
}
if (signing_key) {
- status = smb2_signing_check_pdu(*signing_key, cur, 3);
+ status = smb2_signing_check_pdu(*signing_key,
+ state->conn->protocol,
+ cur, 3);
if (!NT_STATUS_IS_OK(status)) {
/*
* If the signing check fails, we disconnect
@@ -4025,6 +4075,24 @@ uint64_t smb2cli_session_current_id(struct
smbXcli_session *session)
return session->smb2.session_id;
}
+NTSTATUS smb2cli_session_application_key(struct smbXcli_session *session,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *key)
+{
+ *key = data_blob_null;
+
+ if (session->smb2.application_key.length == 0) {
+ return NT_STATUS_NO_USER_SESSION_KEY;
+ }
+
+ *key = data_blob_dup_talloc(mem_ctx, session->smb2.application_key);
+ if (key->data == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ return NT_STATUS_OK;
+}
+
void smb2cli_session_set_id_and_flags(struct smbXcli_session *session,
uint64_t session_id,
uint16_t session_flags)
@@ -4033,19 +4101,23 @@ void smb2cli_session_set_id_and_flags(struct
smbXcli_session *session,
session->smb2.session_flags = session_flags;
}
-NTSTATUS smb2cli_session_update_session_key(struct smbXcli_session *session,
- const DATA_BLOB session_key,
- const struct iovec *recv_iov)
+NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
+ const DATA_BLOB _session_key,
+ const struct iovec *recv_iov)
{
struct smbXcli_conn *conn = session->conn;
uint16_t no_sign_flags;
- DATA_BLOB signing_key;
+ uint8_t session_key[16];
NTSTATUS status;
if (conn == NULL) {
return NT_STATUS_INVALID_PARAMETER_MIX;
}
+ if (session->smb2.signing_key.length != 0) {
+ return NT_STATUS_INVALID_PARAMETER_MIX;
+ }
+
no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST | SMB2_SESSION_FLAG_IS_NULL;
if (session->smb2.session_flags & no_sign_flags) {
@@ -4053,40 +4125,35 @@ NTSTATUS smb2cli_session_update_session_key(struct
smbXcli_session *session,
return NT_STATUS_OK;
}
- if (session->smb2.signing_key.length > 0) {
- signing_key = session->smb2.signing_key;
- } else {
- signing_key = session_key;
- }
- if (session->smb2.channel_setup) {
- signing_key = session_key;
- }
+ ZERO_STRUCT(session_key);
+ memcpy(session_key, _session_key.data,
+ MIN(_session_key.length, sizeof(session_key)));
- status = smb2_signing_check_pdu(signing_key, recv_iov, 3);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- if (!session->smb2.channel_setup) {
- session->smb2.session_key = data_blob_dup_talloc(session,
- session_key);
- if (session->smb2.session_key.data == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
+ session->smb2.signing_key = data_blob_talloc(session,
+ session_key,
+ sizeof(session_key));
+ ZERO_STRUCT(session_key);
+ if (session->smb2.signing_key.data == NULL) {
+ return NT_STATUS_NO_MEMORY;
}
- if (session->smb2.channel_setup) {
- data_blob_free(&session->smb2.signing_key);
- session->smb2.channel_setup = false;
+ session->smb2.application_key = data_blob_dup_talloc(session,
+ session->smb2.signing_key);
+ if (session->smb2.application_key.data == NULL) {
+ return NT_STATUS_NO_MEMORY;
}
- if (session->smb2.signing_key.length > 0) {
- return NT_STATUS_OK;
+ session->smb2.channel_signing_key = data_blob_dup_talloc(session,
+ session->smb2.signing_key);
+ if (session->smb2.channel_signing_key.data == NULL) {
+ return NT_STATUS_NO_MEMORY;
}
- session->smb2.signing_key = data_blob_dup_talloc(session, signing_key);
- if (session->smb2.signing_key.data == NULL) {
- return NT_STATUS_NO_MEMORY;
+ status = smb2_signing_check_pdu(session->smb2.channel_signing_key,
+ session->conn->protocol,
+ recv_iov, 3);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
session->smb2.should_sign = false;
@@ -4108,17 +4175,6 @@ NTSTATUS smb2cli_session_create_channel(TALLOC_CTX
*mem_ctx,
struct smbXcli_session **_session2)
{
struct smbXcli_session *session2;
- uint16_t no_sign_flags;
-
- no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST | SMB2_SESSION_FLAG_IS_NULL;
-
- if (session1->smb2.session_flags & no_sign_flags) {
- return NT_STATUS_INVALID_PARAMETER_MIX;
- }
-
- if (session1->smb2.session_key.length == 0) {
- return NT_STATUS_INVALID_PARAMETER_MIX;
- }
if (session1->smb2.signing_key.length == 0) {
return NT_STATUS_INVALID_PARAMETER_MIX;
@@ -4135,12 +4191,6 @@ NTSTATUS smb2cli_session_create_channel(TALLOC_CTX
*mem_ctx,
session2->smb2.session_id = session1->smb2.session_id;
session2->smb2.session_flags = session1->smb2.session_flags;
- session2->smb2.session_key = data_blob_dup_talloc(session2,
- session1->smb2.session_key);
- if (session2->smb2.session_key.data == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
session2->smb2.signing_key = data_blob_dup_talloc(session2,
session1->smb2.signing_key);
if (session2->smb2.signing_key.data == NULL) {
@@ -4148,7 +4198,6 @@ NTSTATUS smb2cli_session_create_channel(TALLOC_CTX
*mem_ctx,
}
session2->smb2.should_sign = session1->smb2.should_sign;
- session2->smb2.channel_setup = true;
talloc_set_destructor(session2, smbXcli_session_destructor);
DLIST_ADD_END(conn->sessions, session2, struct smbXcli_session *);
@@ -4157,3 +4206,41 @@ NTSTATUS smb2cli_session_create_channel(TALLOC_CTX
*mem_ctx,
*_session2 = session2;
return NT_STATUS_OK;
}
+
+NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session,
+ const DATA_BLOB _channel_key,
+ const struct iovec *recv_iov)
+{
+ struct smbXcli_conn *conn = session->conn;
+ uint8_t channel_key[16];
+ NTSTATUS status;
+
+ if (conn == NULL) {
+ return NT_STATUS_INVALID_PARAMETER_MIX;
+ }
+
+ if (session->smb2.channel_signing_key.length != 0) {
+ return NT_STATUS_INVALID_PARAMETER_MIX;
+ }
+
+ ZERO_STRUCT(channel_key);
+ memcpy(channel_key, _channel_key.data,
+ MIN(_channel_key.length, sizeof(channel_key)));
+
+ session->smb2.channel_signing_key = data_blob_talloc(session,
+ channel_key,
+ sizeof(channel_key));
+ ZERO_STRUCT(channel_key);
+ if (session->smb2.channel_signing_key.data == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = smb2_signing_check_pdu(session->smb2.channel_signing_key,
+ session->conn->protocol,
+ recv_iov, 3);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h
index a2b64b1..27f3425 100644
--- a/libcli/smb/smbXcli_base.h
+++ b/libcli/smb/smbXcli_base.h
@@ -246,15 +246,21 @@ struct smbXcli_session *smbXcli_session_create(TALLOC_CTX
*mem_ctx,
struct smbXcli_conn *conn);
uint8_t smb2cli_session_security_mode(struct smbXcli_session *session);
uint64_t smb2cli_session_current_id(struct smbXcli_session *session);
+NTSTATUS smb2cli_session_application_key(struct smbXcli_session *session,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *key);
void smb2cli_session_set_id_and_flags(struct smbXcli_session *session,
uint64_t session_id,
uint16_t session_flags);
-NTSTATUS smb2cli_session_update_session_key(struct smbXcli_session *session,
- const DATA_BLOB session_key,
- const struct iovec *recv_iov);
+NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
+ const DATA_BLOB session_key,
+ const struct iovec *recv_iov);
NTSTATUS smb2cli_session_create_channel(TALLOC_CTX *mem_ctx,
struct smbXcli_session *session1,
struct smbXcli_conn *conn,
struct smbXcli_session **_session2);
+NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session,
+ const DATA_BLOB channel_key,
+ const struct iovec *recv_iov);
#endif /* _SMBXCLI_BASE_H_ */
diff --git a/libcli/smb/smb_common.h b/libcli/smb/smb_common.h
index 1f21e55..47a336a 100644
--- a/libcli/smb/smb_common.h
+++ b/libcli/smb/smb_common.h
@@ -22,10 +22,10 @@
#ifndef __LIBCLI_SMB_SMB_COMMON_H__
#define __LIBCLI_SMB_SMB_COMMON_H__
+#include "libcli/smb/smb_constants.h"
#include "libcli/smb/smb2_constants.h"
#include "libcli/smb/smb2_create_blob.h"
#include "libcli/smb/smb2_signing.h"
-#include "libcli/smb/smb_constants.h"
#include "libcli/smb/smb_util.h"
#include "libcli/smb/smb_unix_ext.h"
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 146fc3d..79b9496 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1519,7 +1519,7 @@ static void cli_session_setup_kerberos_done(struct
tevent_req *subreq)
if (cli_state_protocol(state->cli) >= PROTOCOL_SMB2_02) {
struct smbXcli_session *session = state->cli->smb2.session;
- status = smb2cli_session_update_session_key(session,
+ status = smb2cli_session_set_session_key(session,
--
Samba Shared Repository
