[SCM] Samba Shared Repository - branch v3-6-test updated
Karolin Seeger
kseeger at samba.org
Mon Feb 18 01:54:16 MST 2013
The branch, v3-6-test has been updated
via e28ec90 smbd: fix initial large PAC sess setup response
from d21280f Fix bug 9519 - Samba returns unexpected error on SMB posix open.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit e28ec902a207655acab665c4cfabb1f2031fb24f
Author: David Disseldorp <ddiss at samba.org>
Date: Tue Feb 12 11:58:06 2013 +0100
smbd: fix initial large PAC sess setup response
An oversize Kerberos security token may be split across multiple Session
Setup AndX requests when authenticating as a user who is a member of
many (~2000) groups.
In such a case the NativeOS, NativeLanMan & PrimaryDomain fields must be
sent with the NT_STATUS_MORE_PROCESSING_REQUIRED response. Otherwise
Windows clients may resend the same security token data in subsequent
session setup andX requests, as observed with Windows 7 and Server 2012.
This change fixes the SMB1 server only.
Fix bug #9658 - Session Setup AndX exchange fails with an oversize security
token.
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/sesssetup.c | 14 +++++++++++++-
1 files changed, 13 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 4f09db9..75c2a15 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -905,6 +905,13 @@ static NTSTATUS check_spnego_blob_complete(struct smbd_server_connection *sconn,
(unsigned int)copy_len,
(unsigned int)pblob->length ));
+ if (pblob->length > pad->needed_len) {
+ DEBUG(2, ("subsequent security token data length %u "
+ "exceeds expected length %u\n",
+ (unsigned int)pblob->length,
+ (unsigned int)pad->needed_len));
+ }
+
tmp_blob = data_blob(NULL,
pad->partial_data.length + copy_len);
@@ -1165,13 +1172,18 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
status = check_spnego_blob_complete(sconn, smbpid, vuid, &blob1);
if (!NT_STATUS_IS_OK(status)) {
+ /*
+ * Pack error response, ensuring to fill NativeOS, NativeLanMan
+ * & PrimaryDomain fields on NT_STATUS_MORE_PROCESSING_REQUIRED
+ */
+ reply_outbuf(req, 4, 0);
+ reply_sesssetup_blob(req, data_blob_null, status);
if (!NT_STATUS_EQUAL(status,
NT_STATUS_MORE_PROCESSING_REQUIRED)) {
/* Real error - kill the intermediate vuid */
invalidate_vuid(sconn, vuid);
}
data_blob_free(&blob1);
- reply_nterror(req, nt_status_squash(status));
return;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list