[SCM] Samba Shared Repository - branch v3-6-test updated

Mon, 18 Feb 2013 00:54:26 -0800 

The branch, v3-6-test has been updated
       via  e28ec90 smbd: fix initial large PAC sess setup response
      from  d21280f Fix bug 9519 - Samba returns unexpected error on SMB posix 
open.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit e28ec902a207655acab665c4cfabb1f2031fb24f
Author: David Disseldorp <[email protected]>
Date:   Tue Feb 12 11:58:06 2013 +0100

    smbd: fix initial large PAC sess setup response
    
    An oversize Kerberos security token may be split across multiple Session
    Setup AndX requests when authenticating as a user who is a member of
    many (~2000) groups.
    In such a case the NativeOS, NativeLanMan & PrimaryDomain fields must be
    sent with the NT_STATUS_MORE_PROCESSING_REQUIRED response. Otherwise
    Windows clients may resend the same security token data in subsequent
    session setup andX requests, as observed with Windows 7 and Server 2012.
    
    This change fixes the SMB1 server only.
    
    Fix bug #9658 - Session Setup AndX exchange fails with an oversize security
    token.

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/sesssetup.c |   14 +++++++++++++-
 1 files changed, 13 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 4f09db9..75c2a15 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -905,6 +905,13 @@ static NTSTATUS check_spnego_blob_complete(struct 
smbd_server_connection *sconn,
                        (unsigned int)copy_len,
                        (unsigned int)pblob->length ));
 
+               if (pblob->length > pad->needed_len) {
+                       DEBUG(2, ("subsequent security token data length %u "
+                                 "exceeds expected length %u\n",
+                                 (unsigned int)pblob->length,
+                                 (unsigned int)pad->needed_len));
+               }
+
                tmp_blob = data_blob(NULL,
                                pad->partial_data.length + copy_len);
 
@@ -1165,13 +1172,18 @@ static void reply_sesssetup_and_X_spnego(struct 
smb_request *req)
 
        status = check_spnego_blob_complete(sconn, smbpid, vuid, &blob1);
        if (!NT_STATUS_IS_OK(status)) {
+               /*
+                * Pack error response, ensuring to fill NativeOS, NativeLanMan
+                * & PrimaryDomain fields on NT_STATUS_MORE_PROCESSING_REQUIRED
+                */
+               reply_outbuf(req, 4, 0);
+               reply_sesssetup_blob(req, data_blob_null, status);
                if (!NT_STATUS_EQUAL(status,
                                NT_STATUS_MORE_PROCESSING_REQUIRED)) {
                        /* Real error - kill the intermediate vuid */
                        invalidate_vuid(sconn, vuid);
                }
                data_blob_free(&blob1);
-               reply_nterror(req, nt_status_squash(status));
                return;
        }
 


-- 
Samba Shared Repository

Reply via email to