>From a400e74f6f2195cd14386aeb684a571c55c9f535 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 16 Jun 2015 15:50:30 -0700 Subject: [PATCH] smbd: Fix clients connecting unencrypted with PROTOCOL_SMB2_24 or higher. Nonce code was terminating connections where xconn->smb2.server.cipher == 0. If no negotiated cipher (smb2.server.cipher is zero) set nonce_high_max to zero and return NT_STATUS_ENCRYPTION_FAILED if smb2_get_new_nonce() is ever called with session->nonce_high_max == 0. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11300 Signed-off-by: Jeremy Allison --- source3/smbd/smb2_server.c | 4 ++++ source3/smbd/smb2_sesssetup.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index a8d54cb..c4f7c67 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -1465,6 +1465,10 @@ static NTSTATUS smb2_get_new_nonce(struct smbXsrv_session *session, uint64_t nonce_high; uint64_t nonce_low; + if (session->nonce_high_max == 0) { + return NT_STATUS_ENCRYPTION_FAILED; + } + session->nonce_low += 1; if (session->nonce_low == 0) { session->nonce_low += 1; diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 3e80da8..da7adb3 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -372,8 +372,8 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session, nonce_size = AES_GCM_128_IV_SIZE; break; default: - ZERO_STRUCT(session_key); - return NT_STATUS_INVALID_PARAMETER; + nonce_size = 0; + break; } x->nonce_high_max = SMB2_NONCE_HIGH_MAX(nonce_size); x->nonce_high = 0; -- 2.1.4