The Samba-Bugzilla – Attachment 10531 Details for
Bug 10958
Session expired - reconnect - access denied
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Cheery-pick for v4-2 of patches that went into master.
bug-10958-v4.2 (text/plain), 3.03 KB, created by
Jeremy Allison
on 2014-12-12 22:42:58 UTC
(
hide
)
Description:
Cheery-pick for v4-2 of patches that went into master.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2014-12-12 22:42:58 UTC
Size:
3.03 KB
patch
obsolete
>From 1b90bf2db890a12868730fdcedaafb7a0145b15c Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 12 Dec 2014 09:22:15 +0100 >Subject: [PATCH 1/2] s3:smb2_server: allow reauthentication without signing > >If signing is not required we should not require it for reauthentication. >Windows clients would otherwise fail to reauthenticate. > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 382019656ee164fd21455ed7d7b5e9e18bd0ca72) >--- > source3/smbd/smb2_server.c | 5 ----- > source3/smbd/smb2_sesssetup.c | 4 ++++ > 2 files changed, 4 insertions(+), 5 deletions(-) > >diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c >index 31ec70b..39155b8 100644 >--- a/source3/smbd/smb2_server.c >+++ b/source3/smbd/smb2_server.c >@@ -1987,11 +1987,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) > if (x != NULL) { > signing_required = x->global->signing_required; > encryption_required = x->global->encryption_required; >- >- if (opcode == SMB2_OP_SESSSETUP && >- x->global->signing_key.length > 0) { >- signing_required = true; >- } > } > > req->do_signing = false; >diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c >index 366ca58..57f623a 100644 >--- a/source3/smbd/smb2_sesssetup.c >+++ b/source3/smbd/smb2_sesssetup.c >@@ -422,6 +422,10 @@ static NTSTATUS smbd_smb2_reauth_generic_return(struct smbXsrv_session *session, > > conn_clear_vuid_caches(smb2req->sconn, session->compat->vuid); > >+ if (security_session_user_level(session_info, NULL) >= SECURITY_USER) { >+ smb2req->do_signing = true; >+ } >+ > *out_session_id = session->global->session_wire_id; > > return NT_STATUS_OK; >-- >1.9.1 > > >From b38f6e44605d8d5c5252407dfc3ee9ee37feeeb2 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 12 Dec 2014 13:55:38 +0000 >Subject: [PATCH 2/2] libcli/smb: only force signing of smb2 session setups > when binding a new session > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Fri Dec 12 23:11:40 CET 2014 on sn-devel-104 > >(cherry picked from commit daff0f5d709eca621a7f319c892ecaba7b03e5c2) >--- > libcli/smb/smbXcli_base.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > >diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c >index e0c5ff9..2fe6a5a 100644 >--- a/libcli/smb/smbXcli_base.c >+++ b/libcli/smb/smbXcli_base.c >@@ -2677,7 +2677,12 @@ struct tevent_req *smb2cli_req_create(TALLOC_CTX *mem_ctx, > state->smb2.should_encrypt = session->smb2->should_encrypt; > > if (cmd == SMB2_OP_SESSSETUP && >- session->smb2->signing_key.length != 0) { >+ session->smb2_channel.signing_key.length == 0 && >+ session->smb2->signing_key.length != 0) >+ { >+ /* >+ * a session bind needs to be signed >+ */ > state->smb2.should_sign = true; > } > >-- >1.9.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=10531">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
metze
:
review+
Actions:
View
Attachments on
bug 10958
:
10460
|
10521
|
10522
|
10523
|
10530
| 10531 |
10533
|
10534