[SCM] Samba Shared Repository - branch master updated

Stefan Metzmacher metze at samba.org
Wed Sep 18 04:46:03 CEST 2013 

The branch, master has been updated
       via  4879d08 libcli/smb: only check the SMB2 session setup signature if required and valid
      from  17a9a0f s3: libsmb : Bug 10150 - Not all OEM servers support the ALTNAME info level.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 4879d0810a2ad741e32ad174a7a14cd35521aeaf
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Sep 18 02:24:30 2013 +0200

    libcli/smb: only check the SMB2 session setup signature if required and valid
    
    This is an update to commit af290a03cef63c3b08446c1980de064a3b1c8804
    that skips the scary debug messages.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=10146
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Wed Sep 18 04:46:00 CEST 2013 on sn-devel-104

-----------------------------------------------------------------------

Summary of changes:
 libcli/smb/smbXcli_base.c |   26 +++++++++++++++++++++-----
 1 files changed, 21 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index f59f1f7..27ac2a8 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -4742,12 +4742,18 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
 	struct smbXcli_conn *conn = session->conn;
 	uint16_t no_sign_flags;
 	uint8_t session_key[16];
+	bool check_signature = true;
+	uint32_t hdr_flags;
 	NTSTATUS status;
 
 	if (conn == NULL) {
 		return NT_STATUS_INVALID_PARAMETER_MIX;
 	}
 
+	if (recv_iov[0].iov_len != SMB2_HDR_BODY) {
+		return NT_STATUS_INVALID_PARAMETER_MIX;
+	}
+
 	no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST | SMB2_SESSION_FLAG_IS_NULL;
 
 	if (session->smb2->session_flags & no_sign_flags) {
@@ -4839,18 +4845,28 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	status = smb2_signing_check_pdu(session->smb2_channel.signing_key,
-					session->conn->protocol,
-					recv_iov, 3);
-	if (!NT_STATUS_IS_OK(status)) {
+	check_signature = conn->mandatory_signing;
+
+	hdr_flags = IVAL(recv_iov[0].iov_base, SMB2_HDR_FLAGS);
+	if (hdr_flags & SMB2_HDR_FLAG_SIGNED) {
 		/*
 		 * Sadly some vendors don't sign the
 		 * final SMB2 session setup response
 		 *
 		 * At least Windows and Samba are always doing this
 		 * if there's a session key available.
+		 *
+		 * We only check the signature if it's mandatory
+		 * or SMB2_HDR_FLAG_SIGNED is provided.
 		 */
-		if (conn->mandatory_signing) {
+		check_signature = true;
+	}
+
+	if (check_signature) {
+		status = smb2_signing_check_pdu(session->smb2_channel.signing_key,
+						session->conn->protocol,
+						recv_iov, 3);
+		if (!NT_STATUS_IS_OK(status)) {
 			return status;
 		}
 	}


-- 
Samba Shared Repository

More information about the samba-cvs mailing list