The branch, master has been updated
via 51e3bbd s4:libcli/smb2: fix anonymous session setups against
windows servers
via daa5cec s4:libcli/smb2: remove unused dependency to LIBPACKET
via 66d7553 s3:libsmb: fix anonymous session setups against windows
servers
via 92483ee s3:libsmb/ntlmssp: an empty string should mean no password
via b0939c5 libcli/smb: move smb2cli_session_setup_*() prototypes to
the code.
via 6054e9a libcli/smb: add smb2cli_session_get_flags()
via c60c2c5 libcli/smb: we should not force a session key for anonymous
connections
from b23f5a9 libcli/smb: make use of data_blob_string_const_null()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 51e3bbd3e0a29171f4ed9e6fb933f4d124400de7
Author: Stefan Metzmacher <[email protected]>
Date: Mon Apr 16 12:14:07 2012 +0200
s4:libcli/smb2: fix anonymous session setups against windows servers
Windows server doesn't set the SMB2_SESSION_FLAG_IS_GUEST nor
SMB2_SESSION_FLAG_IS_NULL flag.
This fix makes sure we don't try to verify a signature on the
final session setup response.
metze
Autobuild-User: Stefan Metzmacher <[email protected]>
Autobuild-Date: Mon Apr 16 14:44:46 CEST 2012 on sn-devel-104
commit daa5cec1ba765f2894e26b8218b09312e3a682c3
Author: Stefan Metzmacher <[email protected]>
Date: Mon Apr 16 12:12:59 2012 +0200
s4:libcli/smb2: remove unused dependency to LIBPACKET
metze
commit 66d7553b0e008601846c1fc7b3a82052cbb5d66d
Author: Stefan Metzmacher <[email protected]>
Date: Mon Apr 16 12:14:07 2012 +0200
s3:libsmb: fix anonymous session setups against windows servers
Windows server doesn't set the SMB2_SESSION_FLAG_IS_GUEST nor
SMB2_SESSION_FLAG_IS_NULL flag.
This fix makes sure we don't try to verify a signature on the
final session setup response.
metze
commit 92483eee254ef6844fe88abe1e64f67033a1ea2d
Author: Stefan Metzmacher <[email protected]>
Date: Mon Apr 16 12:32:28 2012 +0200
s3:libsmb/ntlmssp: an empty string should mean no password
metze
commit b0939c5774ee4cd4d385309c98eed6893a10381b
Author: Stefan Metzmacher <[email protected]>
Date: Mon Apr 16 12:49:58 2012 +0200
libcli/smb: move smb2cli_session_setup_*() prototypes to the code.
metze
commit 6054e9a48b32708797d79a30eaa05d90bdebde27
Author: Stefan Metzmacher <[email protected]>
Date: Mon Apr 16 12:45:02 2012 +0200
libcli/smb: add smb2cli_session_get_flags()
metze
commit c60c2c5d94c98e8c2888d912712e0d2155ab7fe7
Author: Stefan Metzmacher <[email protected]>
Date: Mon Apr 16 12:41:30 2012 +0200
libcli/smb: we should not force a session key for anonymous connections
smb2cli_session_set_session_key() should not check for a valid session
key, if the connection is a guest or null session.
metze
-----------------------------------------------------------------------
Summary of changes:
libcli/smb/smbXcli_base.c | 13 +++++++++----
libcli/smb/smbXcli_base.h | 16 ++++++++++++++++
source3/libsmb/cliconnect.c | 16 ++++++++++++++++
source3/libsmb/ntlmssp.c | 2 +-
source3/libsmb/smb2cli.h | 15 ---------------
source4/libcli/smb2/session.c | 15 +++++++++++++++
source4/libcli/smb2/transport.c | 1 -
source4/libcli/smb2/wscript_build | 2 +-
8 files changed, 58 insertions(+), 22 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 67ab3d0..aad999d 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -4082,6 +4082,11 @@ uint64_t smb2cli_session_current_id(struct
smbXcli_session *session)
return session->smb2.session_id;
}
+uint16_t smb2cli_session_get_flags(struct smbXcli_session *session)
+{
+ return session->smb2.session_flags;
+}
+
NTSTATUS smb2cli_session_application_key(struct smbXcli_session *session,
TALLOC_CTX *mem_ctx,
DATA_BLOB *key)
@@ -4121,10 +4126,6 @@ NTSTATUS smb2cli_session_set_session_key(struct
smbXcli_session *session,
return NT_STATUS_INVALID_PARAMETER_MIX;
}
- if (session->smb2.signing_key.length != 0) {
- return NT_STATUS_INVALID_PARAMETER_MIX;
- }
-
no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST | SMB2_SESSION_FLAG_IS_NULL;
if (session->smb2.session_flags & no_sign_flags) {
@@ -4132,6 +4133,10 @@ NTSTATUS smb2cli_session_set_session_key(struct
smbXcli_session *session,
return NT_STATUS_OK;
}
+ if (session->smb2.signing_key.length != 0) {
+ return NT_STATUS_INVALID_PARAMETER_MIX;
+ }
+
ZERO_STRUCT(session_key);
memcpy(session_key, _session_key.data,
MIN(_session_key.length, sizeof(session_key)));
diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h
index dafd836..91dc244 100644
--- a/libcli/smb/smbXcli_base.h
+++ b/libcli/smb/smbXcli_base.h
@@ -247,6 +247,7 @@ struct smbXcli_session *smbXcli_session_create(TALLOC_CTX
*mem_ctx,
struct smbXcli_conn *conn);
uint8_t smb2cli_session_security_mode(struct smbXcli_session *session);
uint64_t smb2cli_session_current_id(struct smbXcli_session *session);
+uint16_t smb2cli_session_get_flags(struct smbXcli_session *session);
NTSTATUS smb2cli_session_application_key(struct smbXcli_session *session,
TALLOC_CTX *mem_ctx,
DATA_BLOB *key);
@@ -264,4 +265,19 @@ NTSTATUS smb2cli_session_set_channel_key(struct
smbXcli_session *session,
const DATA_BLOB channel_key,
const struct iovec *recv_iov);
+struct tevent_req *smb2cli_session_setup_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct smbXcli_conn *conn,
+ uint32_t timeout_msec,
+ struct smbXcli_session *session,
+ uint8_t in_flags,
+ uint32_t in_capabilities,
+ uint32_t in_channel,
+ uint64_t in_previous_session_id,
+ const DATA_BLOB *in_security_buffer);
+NTSTATUS smb2cli_session_setup_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ struct iovec **recv_iov,
+ DATA_BLOB *out_security_buffer);
+
#endif /* _SMBXCLI_BASE_H_ */
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 9d4e4e1..6e057a5 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1710,6 +1710,22 @@ static void cli_session_setup_ntlmssp_done(struct
tevent_req *subreq)
if (cli_state_protocol(state->cli) >= PROTOCOL_SMB2_02) {
struct smbXcli_session *session =
state->cli->smb2.session;
+
+ if (state->ntlmssp_state->nt_hash == NULL) {
+ /*
+ * Windows server does not set the
+ * SMB2_SESSION_FLAG_IS_GUEST nor
+ * SMB2_SESSION_FLAG_IS_NULL flag.
+ *
+ * This fix makes sure we do not try
+ * to verify a signature on the final
+ * session setup response.
+ */
+ TALLOC_FREE(state->ntlmssp_state);
+ tevent_req_done(req);
+ return;
+ }
+
status = smb2cli_session_set_session_key(session,
state->ntlmssp_state->session_key,
recv_iov);
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index b877af5..72466fe 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -78,7 +78,7 @@ NTSTATUS ntlmssp_set_password(struct ntlmssp_state
*ntlmssp_state, const char *p
{
TALLOC_FREE(ntlmssp_state->lm_hash);
TALLOC_FREE(ntlmssp_state->nt_hash);
- if (!password) {
+ if (!password || strlen(password) == 0) {
return NT_STATUS_OK;
} else {
uint8_t lm_hash[16];
diff --git a/source3/libsmb/smb2cli.h b/source3/libsmb/smb2cli.h
index 184bd10..eeb6292 100644
--- a/source3/libsmb/smb2cli.h
+++ b/source3/libsmb/smb2cli.h
@@ -24,21 +24,6 @@ struct smbXcli_conn;
struct smbXcli_session;
struct cli_state;
-struct tevent_req *smb2cli_session_setup_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- struct smbXcli_conn *conn,
- uint32_t timeout_msec,
- struct smbXcli_session *session,
- uint8_t in_flags,
- uint32_t in_capabilities,
- uint32_t in_channel,
- uint64_t in_previous_session_id,
- const DATA_BLOB *in_security_buffer);
-NTSTATUS smb2cli_session_setup_recv(struct tevent_req *req,
- TALLOC_CTX *mem_ctx,
- struct iovec **recv_iov,
- DATA_BLOB *out_security_buffer);
-
struct tevent_req *smb2cli_logoff_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct cli_state *cli);
diff --git a/source4/libcli/smb2/session.c b/source4/libcli/smb2/session.c
index 2657266..57033b8 100644
--- a/source4/libcli/smb2/session.c
+++ b/source4/libcli/smb2/session.c
@@ -27,6 +27,7 @@
#include "libcli/smb2/smb2.h"
#include "libcli/smb2/smb2_calls.h"
#include "auth/gensec/gensec.h"
+#include "auth/credentials/credentials.h"
#include "../libcli/smb/smbXcli_base.h"
#include "../source3/libsmb/smb2cli.h"
@@ -231,6 +232,20 @@ static void smb2_session_setup_spnego_done(struct
tevent_req *subreq)
return;
}
+ if (cli_credentials_is_anonymous(state->credentials)) {
+ /*
+ * Windows server does not set the
+ * SMB2_SESSION_FLAG_IS_GUEST nor
+ * SMB2_SESSION_FLAG_IS_NULL flag.
+ *
+ * This fix makes sure we do not try
+ * to verify a signature on the final
+ * session setup response.
+ */
+ tevent_req_done(req);
+ return;
+ }
+
status = gensec_session_key(session->gensec, state,
&session_key);
if (tevent_req_nterror(req, status)) {
diff --git a/source4/libcli/smb2/transport.c b/source4/libcli/smb2/transport.c
index ac563da..a3845a6 100644
--- a/source4/libcli/smb2/transport.c
+++ b/source4/libcli/smb2/transport.c
@@ -27,7 +27,6 @@
#include "libcli/smb2/smb2_calls.h"
#include "lib/socket/socket.h"
#include "lib/events/events.h"
-#include "lib/stream/packet.h"
#include "../lib/util/dlinklist.h"
#include "../libcli/smb/smbXcli_base.h"
#include "librpc/ndr/libndr.h"
diff --git a/source4/libcli/smb2/wscript_build
b/source4/libcli/smb2/wscript_build
index 4ade978..02fc5b8 100644
--- a/source4/libcli/smb2/wscript_build
+++ b/source4/libcli/smb2/wscript_build
@@ -4,7 +4,7 @@ bld.SAMBA_SUBSYSTEM('LIBCLI_SMB2',
source='transport.c request.c session.c tcon.c create.c close.c
connect.c getinfo.c write.c read.c setinfo.c find.c ioctl.c logoff.c tdis.c
flush.c lock.c notify.c cancel.c keepalive.c break.c util.c signing.c
lease_break.c',
autoproto='smb2_proto.h',
deps='tevent-util cli_smb_common',
- public_deps='smbclient-raw LIBPACKET gensec tevent',
+ public_deps='smbclient-raw gensec samba-credentials tevent',
public_headers='smb2.h',
)
--
Samba Shared Repository
