From 1e7e14b0d5105299282bdb87f4618fae35364853 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Mon, 22 Oct 2018 18:21:58 +0200
Subject: [PATCH] s3:smb2_sesssetup: check session_info security level before
 it gets talloc_move'd

We talloc_move() session_info to session->global->auth_session_info
which sets session_info to NULL.

This means security_session_user_level(NULL, NULL) will always return
SECURITY_ANONYMOUS so we never sign the session setup response.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
 source3/smbd/smb2_sesssetup.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index fe5835b83f3..5420d4f09bb 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -525,6 +525,10 @@ static NTSTATUS smbd_smb2_reauth_generic_return(struct smbXsrv_session *session,
 
 	reload_services(smb2req->sconn, conn_snum_used, true);
 
+	if (security_session_user_level(session_info, NULL) >= SECURITY_USER) {
+		smb2req->do_signing = true;
+	}
+
 	session->status = NT_STATUS_OK;
 	TALLOC_FREE(session->global->auth_session_info);
 	session->global->auth_session_info = talloc_move(session->global,
@@ -551,10 +555,6 @@ static NTSTATUS smbd_smb2_reauth_generic_return(struct smbXsrv_session *session,
 
 	conn_clear_vuid_caches(xconn->client->sconn, session->compat->vuid);
 
-	if (security_session_user_level(session_info, NULL) >= SECURITY_USER) {
-		smb2req->do_signing = true;
-	}
-
 	*out_session_id = session->global->session_wire_id;
 
 	return NT_STATUS_OK;
-- 
2.17.2