svn commit: samba r15589 - branches/SAMBA_3_0/source/libsmb
branches/SAMBA_3_0/source/smbd trunk/source/libsmb trunk/source/smbd
vlendec at samba.org
vlendec at samba.org
Sat May 13 23:05:55 GMT 2006
Author: vlendec
Date: 2006-05-13 23:05:53 +0000 (Sat, 13 May 2006)
New Revision: 15589
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15589
Log:
While trying to understand the vuid code I found that security=share is broken
right now. r14112 broke it, in 3.0.22 register_vuid for security=share returns
UID_FIELD_INVALID which in current 3_0 is turned into an error condition. This
makes sure that we only call register_vuid if sec!=share and meanwhile also
fixes a little memleak.
Then I also found a crash in smbclient with sec=share and hostmsdfs=yes.
There's another crash with sec=share when coming from w2k3, but I need sleep
now.
Someone (jerry,jra?) please review the sesssetup.c change.
Thanks,
Volker
Modified:
branches/SAMBA_3_0/source/libsmb/cliconnect.c
branches/SAMBA_3_0/source/smbd/password.c
branches/SAMBA_3_0/source/smbd/sesssetup.c
trunk/source/libsmb/cliconnect.c
trunk/source/smbd/password.c
trunk/source/smbd/sesssetup.c
Changeset:
Modified: branches/SAMBA_3_0/source/libsmb/cliconnect.c
===================================================================
--- branches/SAMBA_3_0/source/libsmb/cliconnect.c 2006-05-13 22:17:58 UTC (rev 15588)
+++ branches/SAMBA_3_0/source/libsmb/cliconnect.c 2006-05-13 23:05:53 UTC (rev 15589)
@@ -221,6 +221,7 @@
fstr_sprintf( lanman, "Samba %s", SAMBA_VERSION_STRING);
+ memset(cli->outbuf, '\0', smb_size);
set_message(cli->outbuf,13,0,True);
SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
cli_setup_packet(cli);
@@ -937,7 +938,8 @@
pass = "";
}
- if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && *pass && passlen != 24) {
+ if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) &&
+ pass && *pass && passlen != 24) {
if (!lp_client_lanman_auth()) {
DEBUG(1, ("Server requested LANMAN password (share-level security) but 'client use lanman auth'"
" is disabled\n"));
Modified: branches/SAMBA_3_0/source/smbd/password.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/password.c 2006-05-13 22:17:58 UTC (rev 15588)
+++ branches/SAMBA_3_0/source/smbd/password.c 2006-05-13 23:05:53 UTC (rev 15589)
@@ -155,10 +155,9 @@
{
user_struct *vuser = NULL;
- /* Ensure no vuid gets registered in share level security. */
+ /* Paranoia check. */
if(lp_security() == SEC_SHARE) {
- data_blob_free(&session_key);
- return UID_FIELD_INVALID;
+ smb_panic("Tried to register uid in security=share\n");
}
/* Limit allowed vuids to 16bits - VUID_OFFSET. */
Modified: branches/SAMBA_3_0/source/smbd/sesssetup.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/sesssetup.c 2006-05-13 22:17:58 UTC (rev 15588)
+++ branches/SAMBA_3_0/source/smbd/sesssetup.c 2006-05-13 23:05:53 UTC (rev 15589)
@@ -1127,20 +1127,30 @@
/* register the name and uid as being validated, so further connections
to a uid can get through without a password, on the same VC */
- /* register_vuid keeps the server info */
- sess_vuid = register_vuid(server_info, session_key, nt_resp.data ? nt_resp : lm_resp, sub_user);
- data_blob_free(&nt_resp);
- data_blob_free(&lm_resp);
+ if (lp_security() == SEC_SHARE) {
+ sess_vuid = UID_FIELD_INVALID;
+ data_blob_free(&session_key);
+ TALLOC_FREE(server_info);
+ } else {
+ /* register_vuid keeps the server info */
+ sess_vuid = register_vuid(server_info, session_key,
+ nt_resp.data ? nt_resp : lm_resp,
+ sub_user);
+ if (sess_vuid == UID_FIELD_INVALID) {
+ data_blob_free(&nt_resp);
+ data_blob_free(&lm_resp);
+ return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
+ }
- if (sess_vuid == UID_FIELD_INVALID) {
- return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
+ /* current_user_info is changed on new vuid */
+ reload_services( True );
+
+ sessionsetup_start_signing_engine(server_info, inbuf);
}
- /* current_user_info is changed on new vuid */
- reload_services( True );
-
- sessionsetup_start_signing_engine(server_info, inbuf);
-
+ data_blob_free(&nt_resp);
+ data_blob_free(&lm_resp);
+
SSVAL(outbuf,smb_uid,sess_vuid);
SSVAL(inbuf,smb_uid,sess_vuid);
Modified: trunk/source/libsmb/cliconnect.c
===================================================================
--- trunk/source/libsmb/cliconnect.c 2006-05-13 22:17:58 UTC (rev 15588)
+++ trunk/source/libsmb/cliconnect.c 2006-05-13 23:05:53 UTC (rev 15589)
@@ -221,6 +221,7 @@
fstr_sprintf( lanman, "Samba %s", SAMBA_VERSION_STRING);
+ memset(cli->outbuf, '\0', smb_size);
set_message(cli->outbuf,13,0,True);
SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
cli_setup_packet(cli);
@@ -937,7 +938,8 @@
pass = "";
}
- if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && *pass && passlen != 24) {
+ if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) &&
+ pass && *pass && passlen != 24) {
if (!lp_client_lanman_auth()) {
DEBUG(1, ("Server requested LANMAN password (share-level security) but 'client use lanman auth'"
" is disabled\n"));
Modified: trunk/source/smbd/password.c
===================================================================
--- trunk/source/smbd/password.c 2006-05-13 22:17:58 UTC (rev 15588)
+++ trunk/source/smbd/password.c 2006-05-13 23:05:53 UTC (rev 15589)
@@ -155,10 +155,9 @@
{
user_struct *vuser = NULL;
- /* Ensure no vuid gets registered in share level security. */
+ /* Paranoia check. */
if(lp_security() == SEC_SHARE) {
- data_blob_free(&session_key);
- return UID_FIELD_INVALID;
+ smb_panic("Tried to register uid in security=share\n");
}
/* Limit allowed vuids to 16bits - VUID_OFFSET. */
Modified: trunk/source/smbd/sesssetup.c
===================================================================
--- trunk/source/smbd/sesssetup.c 2006-05-13 22:17:58 UTC (rev 15588)
+++ trunk/source/smbd/sesssetup.c 2006-05-13 23:05:53 UTC (rev 15589)
@@ -1127,20 +1127,30 @@
/* register the name and uid as being validated, so further connections
to a uid can get through without a password, on the same VC */
- /* register_vuid keeps the server info */
- sess_vuid = register_vuid(server_info, session_key, nt_resp.data ? nt_resp : lm_resp, sub_user);
- data_blob_free(&nt_resp);
- data_blob_free(&lm_resp);
+ if (lp_security() == SEC_SHARE) {
+ sess_vuid = UID_FIELD_INVALID;
+ data_blob_free(&session_key);
+ TALLOC_FREE(server_info);
+ } else {
+ /* register_vuid keeps the server info */
+ sess_vuid = register_vuid(server_info, session_key,
+ nt_resp.data ? nt_resp : lm_resp,
+ sub_user);
+ if (sess_vuid == UID_FIELD_INVALID) {
+ data_blob_free(&nt_resp);
+ data_blob_free(&lm_resp);
+ return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
+ }
- if (sess_vuid == UID_FIELD_INVALID) {
- return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
+ /* current_user_info is changed on new vuid */
+ reload_services( True );
+
+ sessionsetup_start_signing_engine(server_info, inbuf);
}
- /* current_user_info is changed on new vuid */
- reload_services( True );
-
- sessionsetup_start_signing_engine(server_info, inbuf);
-
+ data_blob_free(&nt_resp);
+ data_blob_free(&lm_resp);
+
SSVAL(outbuf,smb_uid,sess_vuid);
SSVAL(inbuf,smb_uid,sess_vuid);
More information about the samba-cvs
mailing list