svn commit: samba r22212 - in branches: SAMBA_3_0/source/libsmb SAMBA_3_0_25/source/libsmb

[jra at samba.org]

Author: jra
Date: 2007-04-14 00:53:38 +0000 (Sat, 14 Apr 2007)
New Revision: 22212

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=22212

Log:
Cope with signature errors on sessionsetupX logins
where the server just reflects our signature back
to us. Allow the upper layer to see the real error.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/libsmb/clientgen.c
   branches/SAMBA_3_0_25/source/libsmb/clientgen.c


Changeset:
Modified: branches/SAMBA_3_0/source/libsmb/clientgen.c
===================================================================
--- branches/SAMBA_3_0/source/libsmb/clientgen.c	2007-04-13 22:56:27 UTC (rev 22211)
+++ branches/SAMBA_3_0/source/libsmb/clientgen.c	2007-04-14 00:53:38 UTC (rev 22212)
@@ -139,6 +139,26 @@
 	}
 
 	if (!cli_check_sign_mac(cli)) {
+		/*
+		 * If we get a signature failure in sessionsetup, then
+		 * the server sometimes just reflects the sent signature
+		 * back to us. Detect this and allow the upper layer to
+		 * retrieve the correct Windows error message.
+		 */
+		if (CVAL(cli->outbuf,smb_com) == SMBsesssetupX &&
+			(smb_len(cli->inbuf) > (smb_ss_field + 8 - 4)) &&
+			(SVAL(cli->inbuf,smb_flg2) & FLAGS2_SMB_SECURITY_SIGNATURES) &&
+			memcmp(&cli->outbuf[smb_ss_field],&cli->inbuf[smb_ss_field],8) == 0 &&
+			cli_is_error(cli)) {
+
+			/*
+			 * Reflected signature on login error. 
+			 * Set bad sig but don't close fd.
+			 */
+			cli->smb_rw_error = READ_BAD_SIG;
+			return True;
+		}
+
 		DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
 		cli->smb_rw_error = READ_BAD_SIG;
 		close(cli->fd);

Modified: branches/SAMBA_3_0_25/source/libsmb/clientgen.c
===================================================================
--- branches/SAMBA_3_0_25/source/libsmb/clientgen.c	2007-04-13 22:56:27 UTC (rev 22211)
+++ branches/SAMBA_3_0_25/source/libsmb/clientgen.c	2007-04-14 00:53:38 UTC (rev 22212)
@@ -117,6 +117,26 @@
 	}
 
 	if (!cli_check_sign_mac(cli)) {
+		/*
+		 * If we get a signature failure in sessionsetup, then
+		 * the server sometimes just reflects the sent signature
+		 * back to us. Detect this and allow the upper layer to
+		 * retrieve the correct Windows error message.
+		 */
+		if (CVAL(cli->outbuf,smb_com) == SMBsesssetupX &&
+			(smb_len(cli->inbuf) > (smb_ss_field + 8 - 4)) &&
+			(SVAL(cli->inbuf,smb_flg2) & FLAGS2_SMB_SECURITY_SIGNATURES) &&
+			memcmp(&cli->outbuf[smb_ss_field],&cli->inbuf[smb_ss_field],8) == 0 &&
+			cli_is_error(cli)) {
+
+			/*
+			 * Reflected signature on login error. 
+			 * Set bad sig but don't close fd.
+			 */
+			cli->smb_rw_error = READ_BAD_SIG;
+			return True;
+		}
+
 		DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
 		cli->smb_rw_error = READ_BAD_SIG;
 		close(cli->fd);