The Samba-Bugzilla – Attachment 10530 Details for
Bug 10958
Session expired - reconnect - access denied
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches for master
tmp.diff.txt (text/plain), 2.68 KB, created by
Stefan Metzmacher
on 2014-12-12 15:18:31 UTC
(
hide
)
Description:
Patches for master
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2014-12-12 15:18:31 UTC
Size:
2.68 KB
patch
obsolete
>From b4e5a04f069f73db46d1463dc8aba0cab814d2c0 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 12 Dec 2014 09:22:15 +0100 >Subject: [PATCH 1/2] s3:smb2_server: allow reauthentication without signing > >If signing is not required we should not require it for reauthentication. >Windows clients would otherwise fail to reauthenticate. > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >--- > source3/smbd/smb2_server.c | 5 ----- > source3/smbd/smb2_sesssetup.c | 4 ++++ > 2 files changed, 4 insertions(+), 5 deletions(-) > >diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c >index 4a2c875..46bf6f9 100644 >--- a/source3/smbd/smb2_server.c >+++ b/source3/smbd/smb2_server.c >@@ -1990,11 +1990,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) > if (x != NULL) { > signing_required = x->global->signing_required; > encryption_required = x->global->encryption_required; >- >- if (opcode == SMB2_OP_SESSSETUP && >- x->global->signing_key.length > 0) { >- signing_required = true; >- } > } > > req->do_signing = false; >diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c >index 78cafe8..2f58e44 100644 >--- a/source3/smbd/smb2_sesssetup.c >+++ b/source3/smbd/smb2_sesssetup.c >@@ -422,6 +422,10 @@ static NTSTATUS smbd_smb2_reauth_generic_return(struct smbXsrv_session *session, > > conn_clear_vuid_caches(smb2req->sconn, session->compat->vuid); > >+ if (security_session_user_level(session_info, NULL) >= SECURITY_USER) { >+ smb2req->do_signing = true; >+ } >+ > *out_session_id = session->global->session_wire_id; > > return NT_STATUS_OK; >-- >1.9.1 > > >From d3578997eb0f15ab887ea955c6c99980817c4270 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 12 Dec 2014 13:55:38 +0000 >Subject: [PATCH 2/2] libcli/smb: only force signing of smb2 session setups > when binding a new session > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >--- > libcli/smb/smbXcli_base.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > >diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c >index a3a7ecb..8aa6020 100644 >--- a/libcli/smb/smbXcli_base.c >+++ b/libcli/smb/smbXcli_base.c >@@ -2682,7 +2682,12 @@ struct tevent_req *smb2cli_req_create(TALLOC_CTX *mem_ctx, > state->smb2.should_encrypt = session->smb2->should_encrypt; > > if (cmd == SMB2_OP_SESSSETUP && >- session->smb2->signing_key.length != 0) { >+ session->smb2_channel.signing_key.length == 0 && >+ session->smb2->signing_key.length != 0) >+ { >+ /* >+ * a session bind needs to be signed >+ */ > state->smb2.should_sign = true; > } > >-- >1.9.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=10530">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 10958
:
10460
|
10521
|
10522
|
10523
|
10530
|
10531
|
10533
|
10534