svn commit: samba r7676 - in branches/SAMBA_4_0/source/smb_server: .
abartlet at samba.org
abartlet at samba.org
Fri Jun 17 06:36:13 GMT 2005
Author: abartlet
Date: 2005-06-17 06:36:13 +0000 (Fri, 17 Jun 2005)
New Revision: 7676
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=7676
Log:
Make VUID and TID choice random, as this gives us protection against
replay attacks under SMB signing, where the session key is a fixed
derivitive of the user's password.
This removes the VID offset, but I'm not worried about random client
bytes mattering here, given the space (and the fact that it applies to
very, very old clients).
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/smb_server/conn.c
branches/SAMBA_4_0/source/smb_server/session.c
Changeset:
Modified: branches/SAMBA_4_0/source/smb_server/conn.c
===================================================================
--- branches/SAMBA_4_0/source/smb_server/conn.c 2005-06-17 06:30:03 UTC (rev 7675)
+++ branches/SAMBA_4_0/source/smb_server/conn.c 2005-06-17 06:36:13 UTC (rev 7676)
@@ -73,7 +73,7 @@
tcon = talloc_zero(smb_conn, struct smbsrv_tcon);
if (!tcon) return NULL;
- i = idr_get_new(smb_conn->tree.idtree_tid, tcon, UINT16_MAX);
+ i = idr_get_new_random(smb_conn->tree.idtree_tid, tcon, UINT16_MAX);
if (i == -1) {
DEBUG(1,("ERROR! Out of connection structures\n"));
return NULL;
Modified: branches/SAMBA_4_0/source/smb_server/session.c
===================================================================
--- branches/SAMBA_4_0/source/smb_server/session.c 2005-06-17 06:30:03 UTC (rev 7675)
+++ branches/SAMBA_4_0/source/smb_server/session.c 2005-06-17 06:36:13 UTC (rev 7676)
@@ -115,7 +115,7 @@
ZERO_STRUCTP(sess);
- i = idr_get_new_above(smb_conn->sessions.idtree_vuid, sess, VUID_OFFSET, UINT16_MAX);
+ i = idr_get_new_random(smb_conn->sessions.idtree_vuid, sess, UINT16_MAX);
if (i == -1) {
DEBUG(1,("ERROR! Out of connection structures\n"));
talloc_free(sess);
More information about the samba-cvs
mailing list