The Samba-Bugzilla – Attachment 10534 Details for
Bug 10958
Session expired - reconnect - access denied
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches for v4-0-test
tmp40.diff.txt (text/plain), 4.29 KB, created by
Stefan Metzmacher
on 2014-12-14 11:09:37 UTC
(
hide
)
Description:
Patches for v4-0-test
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2014-12-14 11:09:37 UTC
Size:
4.29 KB
patch
obsolete
>From 55275d7fcf81a19e429ce8bb61655e6aa2ffed50 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 12 Jun 2014 15:10:11 +0200 >Subject: [PATCH 1/3] s3:smb2_server: use the global signing key to check if > signing is required > >If we have a channel session key, we also always have a global session key. > >For multi-channel it's possible that the channel session key is not in place >yet, in that case the global session key needs to be used. > >In both cases (reauth or session bind) we session setup requests need to be >signed. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Michael Adam <obnox@samba.org> >(cherry picked from commit 7e006d11134cdc37ea0fc13110fe5bbfb9de3f14) >--- > source3/smbd/smb2_server.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c >index b46f994..fe58ca5 100644 >--- a/source3/smbd/smb2_server.c >+++ b/source3/smbd/smb2_server.c >@@ -1912,7 +1912,7 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) > encryption_required = x->global->encryption_required; > > if (opcode == SMB2_OP_SESSSETUP && >- x->global->channels[0].signing_key.length) { >+ x->global->signing_key.length > 0) { > signing_required = true; > } > } >-- >1.9.1 > > >From 187b0b3579cd4865dd23d1fd5eed6f9012b94447 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 12 Dec 2014 09:22:15 +0100 >Subject: [PATCH 2/3] s3:smb2_server: allow reauthentication without signing > >If signing is not required we should not require it for reauthentication. >Windows clients would otherwise fail to reauthenticate. > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 382019656ee164fd21455ed7d7b5e9e18bd0ca72) >--- > source3/smbd/smb2_server.c | 5 ----- > source3/smbd/smb2_sesssetup.c | 4 ++++ > 2 files changed, 4 insertions(+), 5 deletions(-) > >diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c >index fe58ca5..d0dec0f 100644 >--- a/source3/smbd/smb2_server.c >+++ b/source3/smbd/smb2_server.c >@@ -1910,11 +1910,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) > if (x != NULL) { > signing_required = x->global->signing_required; > encryption_required = x->global->encryption_required; >- >- if (opcode == SMB2_OP_SESSSETUP && >- x->global->signing_key.length > 0) { >- signing_required = true; >- } > } > > req->do_signing = false; >diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c >index e911945..a82d696 100644 >--- a/source3/smbd/smb2_sesssetup.c >+++ b/source3/smbd/smb2_sesssetup.c >@@ -422,6 +422,10 @@ static NTSTATUS smbd_smb2_reauth_generic_return(struct smbXsrv_session *session, > > conn_clear_vuid_caches(conn->sconn, session->compat->vuid); > >+ if (security_session_user_level(session_info, NULL) >= SECURITY_USER) { >+ smb2req->do_signing = true; >+ } >+ > *out_session_id = session->global->session_wire_id; > > return NT_STATUS_OK; >-- >1.9.1 > > >From 5cd8617142f9b74c5d740de45e812811a0b1e9ec Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 12 Dec 2014 13:55:38 +0000 >Subject: [PATCH 3/3] libcli/smb: only force signing of smb2 session setups > when binding a new session > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Fri Dec 12 23:11:40 CET 2014 on sn-devel-104 > >(cherry picked from commit daff0f5d709eca621a7f319c892ecaba7b03e5c2) >--- > libcli/smb/smbXcli_base.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > >diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c >index c971a6d..b799e11 100644 >--- a/libcli/smb/smbXcli_base.c >+++ b/libcli/smb/smbXcli_base.c >@@ -2576,7 +2576,12 @@ struct tevent_req *smb2cli_req_create(TALLOC_CTX *mem_ctx, > state->smb2.should_encrypt = session->smb2->should_encrypt; > > if (cmd == SMB2_OP_SESSSETUP && >- session->smb2->signing_key.length != 0) { >+ session->smb2_channel.signing_key.length == 0 && >+ session->smb2->signing_key.length != 0) >+ { >+ /* >+ * a session bind needs to be signed >+ */ > state->smb2.should_sign = true; > } > >-- >1.9.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jra
:
review+
Actions:
View
Attachments on
bug 10958
:
10460
|
10521
|
10522
|
10523
|
10530
|
10531
|
10533
| 10534