Bug 10146 - Samba SMB2 client code expects the response to sessionsetup to be signed.
Samba SMB2 client code expects the response to sessionsetup to be signed.
Status: RESOLVED FIXED
Product: Samba 4.1 and newer
Classification: Unclassified
Component: libsmbclient
unspecified
All All
: P5 normal
: ---
Assigned To: Karolin Seeger
Samba QA Contact
:
Depends on:
Blocks: 9306
  Show dependency treegraph
 
Reported: 2013-09-17 02:25 UTC by Jeremy Allison
Modified: 2013-09-19 10:08 UTC (History)
1 user (show)

See Also:


Attachments
git-am fix from master for 4.1.0 (1.42 KB, patch)
2013-09-17 18:12 UTC, Jeremy Allison
metze: review+
Details
Additional git-am fix from master for 4.1.0 (2.44 KB, patch)
2013-09-18 17:21 UTC, Jeremy Allison
metze: review+
Details
git-am fix from master for 4.1.0 (4.00 KB, patch)
2013-09-18 18:19 UTC, Jeremy Allison
metze: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2013-09-17 02:25:57 UTC
Samba and Windows servers always sign the response to the sessionsetup SMB2 request. Although this is preferred, this is not mandatory.

Some OEM SMB2 servers do not sign the SMB2 sessionsetup reply and so smbclient fails to connect. Found at the SNIA SDC plugfest.

Fix is to only enforce this if signing is set as mandatory.

Patch to follow.

Jeremy.
Comment 1 Jeremy Allison 2013-09-17 18:12:02 UTC
Created attachment 9220 [details]
git-am fix from master for 4.1.0

git cherry-pick -x af290a03cef63c3b08446c1980de064a3b1c8804

Metze - this still leaves an ugly error message such as:

Bad SMB2 signature for message
[0000] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
[0000] 03 94 24 7C 88 6E 35 BC   A9 AF 2E C1 1C 00 E5 00   ..$|.n5. ........

on every smbclient connection. Every OEM server except Samba and Windows behaves like this. Should we add an additional patch to only check the signature if the sessionsetup reply is signed ?

Jeremy.
Comment 2 Jeremy Allison 2013-09-18 17:21:58 UTC
Created attachment 9225 [details]
Additional git-am fix from master for 4.1.0
Comment 3 Jeremy Allison 2013-09-18 18:19:44 UTC
Created attachment 9226 [details]
git-am fix from master for 4.1.0

Both patches as a git-am single patchset file.

Equivalent to:

git cherry-pick -x af290a03cef63c3b08446c1980de064a3b1c8804
git cherry-pick -x 4879d0810a2ad741e32ad174a7a14cd35521aeaf

Jeremy.
Comment 4 Jeremy Allison 2013-09-18 18:24:30 UTC
Comment on attachment 9226 [details]
git-am fix from master for 4.1.0

Metze already added a +1 on both patches individually, so it's safe to push the combined fix to 4.1.0.

Thanks,

Jeremy.
Comment 5 Karolin Seeger 2013-09-19 08:14:08 UTC
Pushed to autobuild-v4-1-test.
Comment 6 Karolin Seeger 2013-09-19 10:08:51 UTC
Pushed to v4-1-test.
Closing out bug report.

Thanks!