[SCM] Samba Shared Repository - branch master updated

Thu, 07 Jul 2016 05:53:49 -0700 

The branch, master has been updated
       via  f76a429 CVE-2016-2019: s3:selftest: add regression tests for guest 
logins and mandatory signing
       via  53a1248 CVE-2016-2019: s3:libsmb: add comment regarding 
smbXcli_session_is_guest() with mandatory signing
       via  d81bffa CVE-2016-2019: libcli/smb: don't allow guest sessions if we 
require signing
      from  ef1a66d testprogs: Do not use the deprecated samba-tool user add

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit f76a4296cd6701c00a7e0fed05a6bbdce4f7bb7c
Author: Stefan Metzmacher <[email protected]>
Date:   Thu Apr 28 02:24:52 2016 +0200

    CVE-2016-2019: s3:selftest: add regression tests for guest logins and 
mandatory signing
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860
    
    Signed-off-by: Stefan Metzmacher <[email protected]>
    
    Autobuild-User(master): Karolin Seeger <[email protected]>
    Autobuild-Date(master): Thu Jul  7 14:52:20 CEST 2016 on sn-devel-144

commit 53a1248fb3a7d1406eb18730ca3ab4d238f891f4
Author: Stefan Metzmacher <[email protected]>
Date:   Thu Apr 28 02:36:35 2016 +0200

    CVE-2016-2019: s3:libsmb: add comment regarding smbXcli_session_is_guest() 
with mandatory signing
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860
    
    Signed-off-by: Stefan Metzmacher <[email protected]>

commit d81bffa0fbae56cc399c09b04e88a739dcad88cb
Author: Stefan Metzmacher <[email protected]>
Date:   Wed Apr 20 11:26:57 2016 +0200

    CVE-2016-2019: libcli/smb: don't allow guest sessions if we require signing
    
    Note real anonymous sessions (with "" as username) don't hit this
    as we don't even call smb2cli_session_set_session_key() in that case.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860
    
    Signed-off-by: Stefan Metzmacher <[email protected]>

-----------------------------------------------------------------------

Summary of changes:
 libcli/smb/smbXcli_base.c                   | 19 +++++++++++++++++--
 source3/libsmb/cliconnect.c                 |  3 +++
 source3/script/tests/test_smbclient_ntlm.sh |  4 ++++
 3 files changed, 24 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 135538b..0a2473e 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -5312,6 +5312,10 @@ bool smbXcli_session_is_guest(struct smbXcli_session 
*session)
                return false;
        }
 
+       if (session->conn->mandatory_signing) {
+               return false;
+       }
+
        if (session->conn->protocol >= PROTOCOL_SMB2_02) {
                if (session->smb2->session_flags & SMB2_SESSION_FLAG_IS_GUEST) {
                        return true;
@@ -5571,7 +5575,7 @@ NTSTATUS smb2cli_session_set_session_key(struct 
smbXcli_session *session,
                                         const struct iovec *recv_iov)
 {
        struct smbXcli_conn *conn = session->conn;
-       uint16_t no_sign_flags;
+       uint16_t no_sign_flags = 0;
        uint8_t session_key[16];
        bool check_signature = true;
        uint32_t hdr_flags;
@@ -5596,7 +5600,18 @@ NTSTATUS smb2cli_session_set_session_key(struct 
smbXcli_session *session,
                return NT_STATUS_INVALID_PARAMETER_MIX;
        }
 
-       no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST | SMB2_SESSION_FLAG_IS_NULL;
+       if (!conn->mandatory_signing) {
+               /*
+                * only allow guest sessions without
+                * mandatory signing.
+                *
+                * If we try an authentication with username != ""
+                * and the server let us in without verifying the
+                * password we don't have a negotiated session key
+                * for signing.
+                */
+               no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST;
+       }
 
        if (session->smb2->session_flags & no_sign_flags) {
                session->smb2->should_sign = false;
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index ea92c8f..ebba8f2 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1588,6 +1588,9 @@ static void cli_session_setup_gensec_remote_done(struct 
tevent_req *subreq)
                         * have a negotiated session key.
                         *
                         * So just pretend we are completely done.
+                        *
+                        * Note that smbXcli_session_is_guest()
+                        * always returns false if we require signing.
                         */
                        state->blob_in = data_blob_null;
                        state->local_ready = true;
diff --git a/source3/script/tests/test_smbclient_ntlm.sh 
b/source3/script/tests/test_smbclient_ntlm.sh
index b8fc564..33a927f 100755
--- a/source3/script/tests/test_smbclient_ntlm.sh
+++ b/source3/script/tests/test_smbclient_ntlm.sh
@@ -37,4 +37,8 @@ else
 
        testit "smbclient baduser.badpassword.NT1NEW.guest" $SMBCLIENT 
//$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mNT1 -c quit $ADDARGS
        testit "smbclient baduser.badpassword.SMB3.guest" $SMBCLIENT 
//$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mSMB3 -c quit $ADDARGS
+
+       testit_expect_failure "smbclient baduser.badpassword.NT1OLD.signfail" 
$SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mNT1 
--option=clientusespnego=no --option=clientntlmv2auth=no --signing=required -c 
quit $ADDARGS
+       testit_expect_failure "smbclient baduser.badpassword.NT1NEW.signfail" 
$SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mNT1 
--signing=required -c quit $ADDARGS
+       testit_expect_failure "smbclient baduser.badpassword.SMB3.signfail" 
$SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mSMB3 
--signing=required -c quit $ADDARGS
 fi


-- 
Samba Shared Repository

Reply via email to