svn commit: samba r13604 - in branches/SAMBA_3_0/source/smbd: .

Tue Feb 21 23:21:30 GMT 2006

Author: jra
Date: 2006-02-21 23:21:28 +0000 (Tue, 21 Feb 2006)
New Revision: 13604

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13604

Log:
Fix for bug #3512 "use spnego=no" and "server signing=auto" cause client to disconnect after negprot"
We missed one case of ignoring "BSRSPYL ".
Merge for 3.0.21c.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/smbd/sesssetup.c


Changeset:
Modified: branches/SAMBA_3_0/source/smbd/sesssetup.c
===================================================================

--- branches/SAMBA_3_0/source/smbd/sesssetup.c	2006-02-21 23:21:26 UTC (rev 13603)
+++ branches/SAMBA_3_0/source/smbd/sesssetup.c	2006-02-21 23:21:28 UTC (rev 13604)
@@ -70,6 +70,23 @@
 }
 
 /****************************************************************************
+ Start the signing engine if needed. Don't fail signing here.
+****************************************************************************/
+
+static void sessionsetup_start_signing_engine(const auth_serversupplied_info *server_info, char *inbuf)
+{
+	if (!server_info->guest && !srv_signing_started()) {
+		/* We need to start the signing engine
+		 * here but a W2K client sends the old
+		 * "BSRSPYL " signature instead of the
+		 * correct one. Subsequent packets will
+		 * be correct.
+		 */
+	       	srv_check_sign_mac(inbuf, False);
+	}
+}
+
+/****************************************************************************
  Send a security blob via a session setup reply.
 ****************************************************************************/
 
@@ -355,15 +372,7 @@
 		
 		SSVAL(outbuf, smb_uid, sess_vuid);
 
-		if (!server_info->guest && !srv_signing_started()) {
-			/* We need to start the signing engine
-			 * here but a W2K client sends the old
-			 * "BSRSPYL " signature instead of the
-			 * correct one. Subsequent packets will
-			 * be correct.
-			 */
-		       	srv_check_sign_mac(inbuf, False);
-		}
+		sessionsetup_start_signing_engine(server_info, inbuf);
 	}
 
         /* wrap that up in a nice GSS-API wrapping */
@@ -436,16 +445,7 @@
 			
 			SSVAL(outbuf,smb_uid,sess_vuid);
 
-			if (!server_info->guest && !srv_signing_started()) {
-				/* We need to start the signing engine
-				 * here but a W2K client sends the old
-				 * "BSRSPYL " signature instead of the
-				 * correct one. Subsequent packets will
-				 * be correct.
-				 */
-
-				srv_check_sign_mac(inbuf, False);
-			}
+			sessionsetup_start_signing_engine(server_info, inbuf);
 		}
 	}
 
@@ -1107,9 +1107,7 @@
 	/* current_user_info is changed on new vuid */
 	reload_services( True );
 
- 	if (!server_info->guest && !srv_signing_started() && !srv_check_sign_mac(inbuf, True)) {
-		exit_server("reply_sesssetup_and_X: bad smb signature");
-	}
+	sessionsetup_start_signing_engine(server_info, inbuf);
 
 	SSVAL(outbuf,smb_uid,sess_vuid);
 	SSVAL(inbuf,smb_uid,sess_vuid);

