Bug 13089 - smbc_open etc. in libsmbclient doesn't enforce smb signing
Summary: smbc_open etc. in libsmbclient doesn't enforce smb signing
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: libsmbclient (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
Depends on:
Reported: 2017-10-17 05:34 UTC by Motohiro Kanda
Modified: 2017-10-17 05:34 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Motohiro Kanda 2017-10-17 05:34:29 UTC

I have researched the bug 12997(CVE-2017-12150) and found
there also is a code path which ignores smb signing requirement
and falls back to anonymous.

SMBC_server_internal uses cli_session_setup_anon when login fails.
It sees NO_AUTO_ANONYMOUS_LOGON option flag but ignores for example,
client signing = mandatory in smb.conf. Is this by design?
Don't we need to see smbXcli_conn_signing_mandatory also?

Sample session on Fedora 25 follows.

$ smbd --version
Version 4.5.14

# smbclient does not fall back to anonymous due to fix on do_connect.

$ smbclient -U kanda //kandaw2016/temp
Enter kanda's password:
session setup failed: NT_STATUS_LOGON_FAILURE

# testread uses SMBC_server via smbc_open.

$ pwd

$ ./testread
Path: smb://kandaw2016/temp/hello
Workgroup: [KANDA]
Username: [kanda]
smbc_open: File exists
Path: ^C

Packet monitor shows that after ntlm session setup error, libsmbclient
attempts anonymous login and succeeds. It then tries tree connect to "temp"
and gets STATUS_ACCESS_DENIED from Windows server 2016.
It has restrictnullsessaccess=1 and maybe that's the cause of the error.

The point is, libsmbclient sometimes falls back to anonymous session
and messages go unsigned on wire, unless the caller sets NO_AUTO_ANONYMOUS_LOGON option.