[SCM] Samba Shared Repository - branch master updated

Stefan Metzmacher metze at samba.org
Wed Sep 21 03:01:03 MDT 2011 

The branch, master has been updated
       via  39dcf4b s3:smb2-server: session setup replies should always be signed (except for guest sessions)
      from  95b2e5a tdb2: change --enable-tdb2-breaks-compat to --enable-tdb2

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 39dcf4bf02d13201b2da11f4b9fd3b972da87c80
Author: Michael Adam <obnox at samba.org>
Date:   Wed Sep 21 03:56:30 2011 +0200

    s3:smb2-server: session setup replies should always be signed (except for guest sessions)
    
    not only if the session should be signed
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User: Stefan Metzmacher <metze at samba.org>
    Autobuild-Date: Wed Sep 21 11:00:09 CEST 2011 on sn-devel-104

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/smb2_sesssetup.c |    9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index e535f17..c81baa5 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -169,6 +169,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
 	char *real_username;
 	bool username_was_mapped = false;
 	bool map_domainuser_to_guest = false;
+	bool guest = false;
 
 	if (!spnego_parse_krb5_wrap(talloc_tos(), *secblob, &ticket, tok_id)) {
 		status = NT_STATUS_LOGON_FAILURE;
@@ -232,6 +233,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
 		*out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
 		/* force no signing */
 		session->do_signing = false;
+		guest = true;
 	}
 
 	session->session_key = session->session_info->session_key;
@@ -267,7 +269,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
 	 * so that the response can be signed
 	 */
 	smb2req->session = session;
-	if (session->do_signing) {
+	if (guest) {
 		smb2req->do_signing = true;
 	}
 
@@ -429,6 +431,8 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
 					uint16_t *out_session_flags,
 					uint64_t *out_session_id)
 {
+	bool guest = false;
+
 	if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
 	    lp_server_signing() == Required) {
 		session->do_signing = true;
@@ -440,6 +444,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
 		*out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
 		/* force no signing */
 		session->do_signing = false;
+		guest = true;
 	}
 
 	session->session_key = session->session_info->session_key;
@@ -479,7 +484,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
 	 * so that the response can be signed
 	 */
 	smb2req->session = session;
-	if (session->do_signing) {
+	if (!guest) {
 		smb2req->do_signing = true;
 	}
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list