The Samba-Bugzilla – Attachment 7307 Details for
Bug 8749
SMB2: SessionSetup responses are not signed
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patchset for 3.6 test
8749.mbox (text/plain), 3.17 KB, created by
Christian Ambach
on 2012-02-08 13:58:55 UTC
(
hide
)
Description:
Patchset for 3.6 test
Filename:
MIME Type:
Creator:
Christian Ambach
Created:
2012-02-08 13:58:55 UTC
Size:
3.17 KB
patch
obsolete
>From 85680565ccdb261cd77b065ac536612810463e1e Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Wed, 21 Sep 2011 03:56:30 +0200 >Subject: [PATCH] s3:smb2-server: session setup replies should always be signed (except for guest sessions) > >not only if the session should be signed > >Signed-off-by: Stefan Metzmacher <metze@samba.org> > >Autobuild-User: Stefan Metzmacher <metze@samba.org> >Autobuild-Date: Wed Sep 21 11:00:09 CEST 2011 on sn-devel-104 >--- > source3/smbd/smb2_sesssetup.c | 8 ++++++-- > 1 files changed, 6 insertions(+), 2 deletions(-) > >diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c >index a081290..c837277 100644 >--- a/source3/smbd/smb2_sesssetup.c >+++ b/source3/smbd/smb2_sesssetup.c >@@ -187,6 +187,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session, > fstring tmp; > bool username_was_mapped = false; > bool map_domainuser_to_guest = false; >+ bool guest = false; > > if (!spnego_parse_krb5_wrap(talloc_tos(), *secblob, &ticket, tok_id)) { > status = NT_STATUS_LOGON_FAILURE; >@@ -263,6 +264,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session, > *out_session_flags |= SMB2_SESSION_FLAG_IS_NULL; > /* force no signing */ > session->do_signing = false; >+ guest = true; > } > > data_blob_free(&session->session_info->user_session_key); >@@ -315,7 +317,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session, > * so that the response can be signed > */ > smb2req->session = session; >- if (session->do_signing) { >+ if (guest) { > smb2req->do_signing = true; > } > >@@ -469,6 +471,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s > uint64_t *out_session_id) > { > fstring tmp; >+ bool guest = false; > > if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) || > lp_server_signing() == Required) { >@@ -481,6 +484,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s > *out_session_flags |= SMB2_SESSION_FLAG_IS_NULL; > /* force no signing */ > session->do_signing = false; >+ guest = true; > } > > session->session_key = session->session_info->user_session_key; >@@ -528,7 +532,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s > * so that the response can be signed > */ > smb2req->session = session; >- if (session->do_signing) { >+ if (!guest) { > smb2req->do_signing = true; > } > >-- >1.5.5.6 > > >From 3250e70bdfa78bddf7276b64b65ead18eb415754 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 22 Sep 2011 21:04:51 +0200 >Subject: [PATCH] s3:smb2_server: fix a logic error, we should sign non guest sessions > >metze >--- > source3/smbd/smb2_sesssetup.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > >diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c >index c837277..64a8053 100644 >--- a/source3/smbd/smb2_sesssetup.c >+++ b/source3/smbd/smb2_sesssetup.c >@@ -317,7 +317,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session, > * so that the response can be signed > */ > smb2req->session = session; >- if (guest) { >+ if (!guest) { > smb2req->do_signing = true; > } > >-- >1.5.5.6 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
metze
:
review+
Actions:
View
Attachments on
bug 8749
:
7306
| 7307