[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Fri Dec 12 15:12:02 MST 2014
The branch, master has been updated
via daff0f5 libcli/smb: only force signing of smb2 session setups when binding a new session
via 3820196 s3:smb2_server: allow reauthentication without signing
via 81f99bd libsmb: Simplify netsamlogon_cache_get
via 8a56911 libsmb: Only print decoded netsamlogon cache entries
via 7c73946 libsmb: Fix removing invalid samlogon cache entries
from 7e81fe2 testprogs/test_ldb: check rootdse search with extended-dn control
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit daff0f5d709eca621a7f319c892ecaba7b03e5c2
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 12 13:55:38 2014 +0000
libcli/smb: only force signing of smb2 session setups when binding a new session
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Dec 12 23:11:40 CET 2014 on sn-devel-104
commit 382019656ee164fd21455ed7d7b5e9e18bd0ca72
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 12 09:22:15 2014 +0100
s3:smb2_server: allow reauthentication without signing
If signing is not required we should not require it for reauthentication.
Windows clients would otherwise fail to reauthenticate.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 81f99bd5c1894302ad0d6549f5fb28fa13df021c
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 12 11:44:06 2014 +0100
libsmb: Simplify netsamlogon_cache_get
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8a56911a4ad272ecbc5a0df67fe0c1fb5aabe8b3
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 12 11:41:14 2014 +0100
libsmb: Only print decoded netsamlogon cache entries
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7c73946f3ae3cee509276ae69bae92c21f711684
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 12 11:39:25 2014 +0100
libsmb: Fix removing invalid samlogon cache entries
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
libcli/smb/smbXcli_base.c | 7 ++++++-
source3/libsmb/samlogon_cache.c | 14 +++++++-------
source3/smbd/smb2_server.c | 5 -----
source3/smbd/smb2_sesssetup.c | 4 ++++
4 files changed, 17 insertions(+), 13 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index a3a7ecb..8aa6020 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -2682,7 +2682,12 @@ struct tevent_req *smb2cli_req_create(TALLOC_CTX *mem_ctx,
state->smb2.should_encrypt = session->smb2->should_encrypt;
if (cmd == SMB2_OP_SESSSETUP &&
- session->smb2->signing_key.length != 0) {
+ session->smb2_channel.signing_key.length == 0 &&
+ session->smb2->signing_key.length != 0)
+ {
+ /*
+ * a session bind needs to be signed
+ */
state->smb2.should_sign = true;
}
diff --git a/source3/libsmb/samlogon_cache.c b/source3/libsmb/samlogon_cache.c
index 1f1ab1d..4e50c78 100644
--- a/source3/libsmb/samlogon_cache.c
+++ b/source3/libsmb/samlogon_cache.c
@@ -211,7 +211,7 @@ struct netr_SamInfo3 *netsamlogon_cache_get(TALLOC_CTX *mem_ctx, const struct do
{
struct netr_SamInfo3 *info3 = NULL;
TDB_DATA data;
- fstring keystr, tmp;
+ fstring keystr;
enum ndr_err_code ndr_err;
DATA_BLOB blob;
struct netsamlogoncache_entry r;
@@ -223,7 +223,7 @@ struct netr_SamInfo3 *netsamlogon_cache_get(TALLOC_CTX *mem_ctx, const struct do
}
/* Prepare key as DOMAIN-SID/USER-RID string */
- slprintf(keystr, sizeof(keystr), "%s", sid_to_fstring(tmp, user_sid));
+ sid_to_fstring(keystr, user_sid);
DEBUG(10,("netsamlogon_cache_get: SID [%s]\n", keystr));
data = tdb_fetch_bystring( netsamlogon_tdb, keystr );
@@ -241,17 +241,17 @@ struct netr_SamInfo3 *netsamlogon_cache_get(TALLOC_CTX *mem_ctx, const struct do
ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, &r,
(ndr_pull_flags_fn_t)ndr_pull_netsamlogoncache_entry);
- if (DEBUGLEVEL >= 10) {
- NDR_PRINT_DEBUG(netsamlogoncache_entry, &r);
- }
-
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
DEBUG(0,("netsamlogon_cache_get: failed to pull entry from cache\n"));
- tdb_delete(netsamlogon_tdb, data);
+ tdb_delete_bystring(netsamlogon_tdb, keystr);
TALLOC_FREE(info3);
goto done;
}
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(netsamlogoncache_entry, &r);
+ }
+
info3 = (struct netr_SamInfo3 *)talloc_memdup(mem_ctx, &r.info3,
sizeof(r.info3));
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 4a2c875..46bf6f9 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1990,11 +1990,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
if (x != NULL) {
signing_required = x->global->signing_required;
encryption_required = x->global->encryption_required;
-
- if (opcode == SMB2_OP_SESSSETUP &&
- x->global->signing_key.length > 0) {
- signing_required = true;
- }
}
req->do_signing = false;
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 78cafe8..2f58e44 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -422,6 +422,10 @@ static NTSTATUS smbd_smb2_reauth_generic_return(struct smbXsrv_session *session,
conn_clear_vuid_caches(smb2req->sconn, session->compat->vuid);
+ if (security_session_user_level(session_info, NULL) >= SECURITY_USER) {
+ smb2req->do_signing = true;
+ }
+
*out_session_id = session->global->session_wire_id;
return NT_STATUS_OK;
--
Samba Shared Repository
More information about the samba-cvs
mailing list