The Samba-Bugzilla – Attachment 16734 Details for
Bug 14793
We should start the SMB encryption as soon as possible
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for v4-13-test (only covers smbclient)
tmp413.diff.txt (text/plain), 3.20 KB, created by
Stefan Metzmacher
on 2021-08-13 09:05:42 UTC
(
hide
)
Description:
Patch for v4-13-test (only covers smbclient)
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2021-08-13 09:05:42 UTC
Size:
3.20 KB
patch
obsolete
>From 991adcf769059aea7674be3e9521b29e8294aff6 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 11 Aug 2021 14:33:24 +0200 >Subject: [PATCH] s3:libsmb: start encryption as soon as possible after the > session setup > >For the SMB1 UNIX CIFS extensions we create a temporary IPC$ tcon, >if there's no tcon yet. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14793 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >(similar to commit 21302649c46441ea325c66457294225ddb1d6235) >--- > source3/libsmb/clidfs.c | 44 +++++++++++++++++++++++++++++++---------- > 1 file changed, 34 insertions(+), 10 deletions(-) > >diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c >index 3cc52cc5ac9f..2a2509870e3a 100644 >--- a/source3/libsmb/clidfs.c >+++ b/source3/libsmb/clidfs.c >@@ -50,6 +50,7 @@ NTSTATUS cli_cm_force_encryption_creds(struct cli_state *c, > uint16_t major, minor; > uint32_t caplow, caphigh; > NTSTATUS status; >+ bool temp_ipc = false; > > if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) { > status = smb2cli_session_encryption_on(c->smb2.session); >@@ -72,12 +73,26 @@ NTSTATUS cli_cm_force_encryption_creds(struct cli_state *c, > return NT_STATUS_NOT_SUPPORTED; > } > >+ if (c->smb1.tcon == NULL) { >+ status = cli_tree_connect_creds(c, "IPC$", "IPC", creds); >+ if (!NT_STATUS_IS_OK(status)) { >+ d_printf("Encryption required and " >+ "can't connect to IPC$ to check " >+ "UNIX CIFS extensions.\n"); >+ return NT_STATUS_UNKNOWN_REVISION; >+ } >+ temp_ipc = true; >+ } >+ > status = cli_unix_extensions_version(c, &major, &minor, &caplow, > &caphigh); > if (!NT_STATUS_IS_OK(status)) { > d_printf("Encryption required and " > "can't get UNIX CIFS extensions " > "version from server.\n"); >+ if (temp_ipc) { >+ cli_tdis(c); >+ } > return NT_STATUS_UNKNOWN_REVISION; > } > >@@ -85,6 +100,9 @@ NTSTATUS cli_cm_force_encryption_creds(struct cli_state *c, > d_printf("Encryption required and " > "share %s doesn't support " > "encryption.\n", sharename); >+ if (temp_ipc) { >+ cli_tdis(c); >+ } > return NT_STATUS_UNSUPPORTED_COMPRESSION; > } > >@@ -93,9 +111,15 @@ NTSTATUS cli_cm_force_encryption_creds(struct cli_state *c, > d_printf("Encryption required and " > "setup failed with error %s.\n", > nt_errstr(status)); >+ if (temp_ipc) { >+ cli_tdis(c); >+ } > return status; > } > >+ if (temp_ipc) { >+ cli_tdis(c); >+ } > return NT_STATUS_OK; > } > >@@ -221,6 +245,16 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx, > > DEBUG(4,(" session setup ok\n")); > >+ if (force_encrypt) { >+ status = cli_cm_force_encryption_creds(c, >+ creds, >+ sharename); >+ if (!NT_STATUS_IS_OK(status)) { >+ cli_shutdown(c); >+ return status; >+ } >+ } >+ > /* here's the fun part....to support 'msdfs proxy' shares > (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL > here before trying to connect to the original share. >@@ -246,16 +280,6 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx, > return status; > } > >- if (force_encrypt) { >- status = cli_cm_force_encryption_creds(c, >- creds, >- sharename); >- if (!NT_STATUS_IS_OK(status)) { >- cli_shutdown(c); >- return status; >- } >- } >- > DEBUG(4,(" tconx ok\n")); > *pcli = c; > return NT_STATUS_OK; >-- >2.25.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jra
:
review+
Actions:
View
Attachments on
bug 14793
:
16732
|
16733
| 16734