The branch, v3-6-test has been updated
via 5bfe963 s3:smb2_server: fix a logic error, we should sign non guest
sessions
via ecb9978 s3:smb2-server: session setup replies should always be
signed (except for guest sessions)
from 9269f41 s3-popt: Fix configure.developer builds on Solaris.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit 5bfe963d9279571b8392fabf0373b603014615eb
Author: Stefan Metzmacher <[email protected]>
Date: Thu Sep 22 21:04:51 2011 +0200
s3:smb2_server: fix a logic error, we should sign non guest sessions
metze
The last 2 patches address bug #8749 (SMB2: SessionSetup responses are not
signed).
commit ecb99789acc1cd8a4caa6635291cf5f44fe39e7e
Author: Michael Adam <[email protected]>
Date: Wed Sep 21 03:56:30 2011 +0200
s3:smb2-server: session setup replies should always be signed (except for
guest sessions)
not only if the session should be signed
Signed-off-by: Stefan Metzmacher <[email protected]>
Autobuild-User: Stefan Metzmacher <[email protected]>
Autobuild-Date: Wed Sep 21 11:00:09 CEST 2011 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/smb2_sesssetup.c | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index a081290..64a8053 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -187,6 +187,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct
smbd_smb2_session *session,
fstring tmp;
bool username_was_mapped = false;
bool map_domainuser_to_guest = false;
+ bool guest = false;
if (!spnego_parse_krb5_wrap(talloc_tos(), *secblob, &ticket, tok_id)) {
status = NT_STATUS_LOGON_FAILURE;
@@ -263,6 +264,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct
smbd_smb2_session *session,
*out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
/* force no signing */
session->do_signing = false;
+ guest = true;
}
data_blob_free(&session->session_info->user_session_key);
@@ -315,7 +317,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct
smbd_smb2_session *session,
* so that the response can be signed
*/
smb2req->session = session;
- if (session->do_signing) {
+ if (!guest) {
smb2req->do_signing = true;
}
@@ -469,6 +471,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct
smbd_smb2_session *s
uint64_t *out_session_id)
{
fstring tmp;
+ bool guest = false;
if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
lp_server_signing() == Required) {
@@ -481,6 +484,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct
smbd_smb2_session *s
*out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
/* force no signing */
session->do_signing = false;
+ guest = true;
}
session->session_key = session->session_info->user_session_key;
@@ -528,7 +532,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct
smbd_smb2_session *s
* so that the response can be signed
*/
smb2req->session = session;
- if (session->do_signing) {
+ if (!guest) {
smb2req->do_signing = true;
}
--
Samba Shared Repository
