The Samba-Bugzilla – Attachment 12421 Details for
Bug 11994
smbclient fails to connect to Azure or Apple share spnego fails with no mechListMIC
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for master.
bug-11994 (text/plain), 3.59 KB, created by
Jeremy Allison
on 2016-08-31 22:41:55 UTC
(
hide
)
Description:
git-am fix for master.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2016-08-31 22:41:55 UTC
Size:
3.59 KB
patch
obsolete
>From 5739fba0cff2086e91c80b14e5d59a42e1fe26cc Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Wed, 31 Aug 2016 12:33:19 -0700 >Subject: [PATCH 1/3] auth: gensec: Add new flag > GENSEC_FEATURE_SPENGO_IGNORE_SERVER_MIC. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11994 > >Signed-off-by: Jeremy Allison <jra@samba.org> >--- > auth/gensec/gensec.h | 1 + > 1 file changed, 1 insertion(+) > >diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h >index e8bd7b1..8eb3173 100644 >--- a/auth/gensec/gensec.h >+++ b/auth/gensec/gensec.h >@@ -63,6 +63,7 @@ struct gensec_target { > #define GENSEC_FEATURE_UNIX_TOKEN 0x00000100 > #define GENSEC_FEATURE_NTLM_CCACHE 0x00000200 > #define GENSEC_FEATURE_LDAP_STYLE 0x00000400 >+#define GENSEC_FEATURE_SPENGO_IGNORE_SERVER_MIC 0x00000800 > > #define GENSEC_EXPIRE_TIME_INFINITY (NTTIME)0x8000000000000000LL > >-- >2.8.0.rc3.226.g39d4020 > > >From c2bb4767f77947fdbfe059f253cb313084f29606 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Wed, 31 Aug 2016 13:13:08 -0700 >Subject: [PATCH 2/3] auth: gensec: Implement spnego feature > GENSEC_FEATURE_SPENGO_IGNORE_SERVER_MIC. > >Needed for Microsoft Azure and Apple El Capitan SMB Servers. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11994 > >Signed-off-by: Jeremy Allison <jra@samba.org> >--- > auth/gensec/spnego.c | 18 ++++++++++++++++++ > 1 file changed, 18 insertions(+) > >diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c >index ef30ab7..4db44af 100644 >--- a/auth/gensec/spnego.c >+++ b/auth/gensec/spnego.c >@@ -1171,6 +1171,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA > { > bool have_sign = true; > bool new_spnego = false; >+ bool ignore_mic = false; > > have_sign = gensec_have_feature(spnego_state->sub_sec_security, > GENSEC_FEATURE_SIGN); >@@ -1182,6 +1183,23 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA > > switch (spnego.negTokenTarg.negResult) { > case SPNEGO_ACCEPT_COMPLETED: >+ /* >+ * Does the client want us to ignore the >+ * fact the server didn't send a mechListMIC >+ * in the accept-completed reply ? >+ * Microsoft Azure and Apple El Capitan >+ * SMB Servers have this bug. >+ */ >+ ignore_mic = gensec_have_feature( >+ spnego_state->sub_sec_security, >+ GENSEC_FEATURE_SPENGO_IGNORE_SERVER_MIC); >+ if (ignore_mic && >+ spnego.negTokenTarg.mechListMIC.length >+ == 0) { >+ new_spnego = false; >+ } >+ break; >+ > case SPNEGO_NONE_RESULT: > if (spnego_state->num_targs == 1) { > /* >-- >2.8.0.rc3.226.g39d4020 > > >From cee5ffe89e5b1aa4c9a0e423803f59a4e9a29b92 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Wed, 31 Aug 2016 13:15:14 -0700 >Subject: [PATCH 3/3] s3: libsmb: Allow connection to SMB servers that don't > return a mechListMic value in the final accept-complete spnego exchange. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11994 > >Signed-off-by: Jeremy Allison <jra@samba.org> >--- > source3/libsmb/cliconnect.c | 2 ++ > 1 file changed, 2 insertions(+) > >diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c >index 9c8851f..b007c2a 100644 >--- a/source3/libsmb/cliconnect.c >+++ b/source3/libsmb/cliconnect.c >@@ -1348,6 +1348,8 @@ static struct tevent_req *cli_session_setup_gensec_send( > > gensec_want_feature(state->auth_generic->gensec_security, > GENSEC_FEATURE_SESSION_KEY); >+ gensec_want_feature(state->auth_generic->gensec_security, >+ GENSEC_FEATURE_SPENGO_IGNORE_SERVER_MIC); > if (cli->use_ccache) { > gensec_want_feature(state->auth_generic->gensec_security, > GENSEC_FEATURE_NTLM_CCACHE); >-- >2.8.0.rc3.226.g39d4020 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=12421">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 11994
:
12207
|
12421
|
12425