The Samba-Bugzilla – Attachment 14603 Details for
Bug 13661
Session setup reauth fails to sign response
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
WIP patch for master, needs test
bug13661-master.patch (text/plain), 1.68 KB, created by
Ralph Böhme
on 2018-11-06 15:45:46 UTC
(
hide
)
Description:
WIP patch for master, needs test
Filename:
MIME Type:
Creator:
Ralph Böhme
Created:
2018-11-06 15:45:46 UTC
Size:
1.68 KB
patch
obsolete
>From 1e7e14b0d5105299282bdb87f4618fae35364853 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Mon, 22 Oct 2018 18:21:58 +0200 >Subject: [PATCH] s3:smb2_sesssetup: check session_info security level before > it gets talloc_move'd > >We talloc_move() session_info to session->global->auth_session_info >which sets session_info to NULL. > >This means security_session_user_level(NULL, NULL) will always return >SECURITY_ANONYMOUS so we never sign the session setup response. > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >--- > source3/smbd/smb2_sesssetup.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > >diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c >index fe5835b83f3..5420d4f09bb 100644 >--- a/source3/smbd/smb2_sesssetup.c >+++ b/source3/smbd/smb2_sesssetup.c >@@ -525,6 +525,10 @@ static NTSTATUS smbd_smb2_reauth_generic_return(struct smbXsrv_session *session, > > reload_services(smb2req->sconn, conn_snum_used, true); > >+ if (security_session_user_level(session_info, NULL) >= SECURITY_USER) { >+ smb2req->do_signing = true; >+ } >+ > session->status = NT_STATUS_OK; > TALLOC_FREE(session->global->auth_session_info); > session->global->auth_session_info = talloc_move(session->global, >@@ -551,10 +555,6 @@ static NTSTATUS smbd_smb2_reauth_generic_return(struct smbXsrv_session *session, > > conn_clear_vuid_caches(xconn->client->sconn, session->compat->vuid); > >- if (security_session_user_level(session_info, NULL) >= SECURITY_USER) { >- smb2req->do_signing = true; >- } >- > *out_session_id = session->global->session_wire_id; > > return NT_STATUS_OK; >-- >2.17.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=14603">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 13661
:
14603
|
14623
|
14629
|
14659