svn commit: samba r22212 - in branches: SAMBA_3_0/source/libsmb
SAMBA_3_0_25/source/libsmb
jra at samba.org
jra at samba.org
Sat Apr 14 00:53:40 GMT 2007
Author: jra
Date: 2007-04-14 00:53:38 +0000 (Sat, 14 Apr 2007)
New Revision: 22212
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=22212
Log:
Cope with signature errors on sessionsetupX logins
where the server just reflects our signature back
to us. Allow the upper layer to see the real error.
Jeremy.
Modified:
branches/SAMBA_3_0/source/libsmb/clientgen.c
branches/SAMBA_3_0_25/source/libsmb/clientgen.c
Changeset:
Modified: branches/SAMBA_3_0/source/libsmb/clientgen.c
===================================================================
--- branches/SAMBA_3_0/source/libsmb/clientgen.c 2007-04-13 22:56:27 UTC (rev 22211)
+++ branches/SAMBA_3_0/source/libsmb/clientgen.c 2007-04-14 00:53:38 UTC (rev 22212)
@@ -139,6 +139,26 @@
}
if (!cli_check_sign_mac(cli)) {
+ /*
+ * If we get a signature failure in sessionsetup, then
+ * the server sometimes just reflects the sent signature
+ * back to us. Detect this and allow the upper layer to
+ * retrieve the correct Windows error message.
+ */
+ if (CVAL(cli->outbuf,smb_com) == SMBsesssetupX &&
+ (smb_len(cli->inbuf) > (smb_ss_field + 8 - 4)) &&
+ (SVAL(cli->inbuf,smb_flg2) & FLAGS2_SMB_SECURITY_SIGNATURES) &&
+ memcmp(&cli->outbuf[smb_ss_field],&cli->inbuf[smb_ss_field],8) == 0 &&
+ cli_is_error(cli)) {
+
+ /*
+ * Reflected signature on login error.
+ * Set bad sig but don't close fd.
+ */
+ cli->smb_rw_error = READ_BAD_SIG;
+ return True;
+ }
+
DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
cli->smb_rw_error = READ_BAD_SIG;
close(cli->fd);
Modified: branches/SAMBA_3_0_25/source/libsmb/clientgen.c
===================================================================
--- branches/SAMBA_3_0_25/source/libsmb/clientgen.c 2007-04-13 22:56:27 UTC (rev 22211)
+++ branches/SAMBA_3_0_25/source/libsmb/clientgen.c 2007-04-14 00:53:38 UTC (rev 22212)
@@ -117,6 +117,26 @@
}
if (!cli_check_sign_mac(cli)) {
+ /*
+ * If we get a signature failure in sessionsetup, then
+ * the server sometimes just reflects the sent signature
+ * back to us. Detect this and allow the upper layer to
+ * retrieve the correct Windows error message.
+ */
+ if (CVAL(cli->outbuf,smb_com) == SMBsesssetupX &&
+ (smb_len(cli->inbuf) > (smb_ss_field + 8 - 4)) &&
+ (SVAL(cli->inbuf,smb_flg2) & FLAGS2_SMB_SECURITY_SIGNATURES) &&
+ memcmp(&cli->outbuf[smb_ss_field],&cli->inbuf[smb_ss_field],8) == 0 &&
+ cli_is_error(cli)) {
+
+ /*
+ * Reflected signature on login error.
+ * Set bad sig but don't close fd.
+ */
+ cli->smb_rw_error = READ_BAD_SIG;
+ return True;
+ }
+
DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
cli->smb_rw_error = READ_BAD_SIG;
close(cli->fd);
More information about the samba-cvs
mailing list