The Samba-Bugzilla – Attachment 8546 Details for
Bug 9658
Session Setup AndX exchange fails with an oversize security token
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
proposed SMB1 fix
0001-smbd-fix-initial-large-PAC-sess-setup-response.patch (text/plain), 2.07 KB, created by
David Disseldorp
on 2013-02-13 14:20:38 UTC
(
hide
)
Description:
proposed SMB1 fix
Filename:
MIME Type:
Creator:
David Disseldorp
Created:
2013-02-13 14:20:38 UTC
Size:
2.07 KB
patch
obsolete
>From ddeb6488cf5c4f3a7ac5dbe3cc3099052e89a138 Mon Sep 17 00:00:00 2001 >From: David Disseldorp <ddiss@samba.org> >Date: Tue, 12 Feb 2013 11:58:06 +0100 >Subject: [PATCH] smbd: fix initial large PAC sess setup response > >An oversize Kerberos security token may be split across multiple Session >Setup AndX requests when authenticating as a user who is a member of >many (~2000) groups. >In such a case the NativeOS, NativeLanMan & PrimaryDomain fields must be >sent with the NT_STATUS_MORE_PROCESSING_REQUIRED response. Otherwise >Windows clients may resend the same security token data in subsequent >session setup andX requests, as observed with Windows 7 and Server 2012. > >This change fixes the SMB1 server only. >--- > source3/smbd/sesssetup.c | 14 +++++++++++++- > 1 file changed, 13 insertions(+), 1 deletion(-) > >diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c >index 4f09db9..75c2a15 100644 >--- a/source3/smbd/sesssetup.c >+++ b/source3/smbd/sesssetup.c >@@ -905,6 +905,13 @@ static NTSTATUS check_spnego_blob_complete(struct smbd_server_connection *sconn, > (unsigned int)copy_len, > (unsigned int)pblob->length )); > >+ if (pblob->length > pad->needed_len) { >+ DEBUG(2, ("subsequent security token data length %u " >+ "exceeds expected length %u\n", >+ (unsigned int)pblob->length, >+ (unsigned int)pad->needed_len)); >+ } >+ > tmp_blob = data_blob(NULL, > pad->partial_data.length + copy_len); > >@@ -1165,13 +1172,18 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) > > status = check_spnego_blob_complete(sconn, smbpid, vuid, &blob1); > if (!NT_STATUS_IS_OK(status)) { >+ /* >+ * Pack error response, ensuring to fill NativeOS, NativeLanMan >+ * & PrimaryDomain fields on NT_STATUS_MORE_PROCESSING_REQUIRED >+ */ >+ reply_outbuf(req, 4, 0); >+ reply_sesssetup_blob(req, data_blob_null, status); > if (!NT_STATUS_EQUAL(status, > NT_STATUS_MORE_PROCESSING_REQUIRED)) { > /* Real error - kill the intermediate vuid */ > invalidate_vuid(sconn, vuid); > } > data_blob_free(&blob1); >- reply_nterror(req, nt_status_squash(status)); > return; > } > >-- >1.7.10.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=8546">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
jra
:
review+
Actions:
View
Attachments on
bug 9658
: 8546 |
8547
|
8551