reply_sesssetup_and_X_spnego in Samba 3.6.x allows a non-zero (V)UID for a new Session Setup
Richard Sharpe
realrichardsharpe at gmail.com
Wed Feb 20 11:49:22 MST 2013
Hi,
Samba 3.6.x fails the following smbtorture test:
smbtorture 4.1.0pre1-DEVELOPERBUILD
Using seed 1361385618
time: 2013-02-20 10:40:19.087230
test: session1
time: 2013-02-20 10:40:19.090190
Remote OS: Unix, Lan Manager: Samba 3.6.12
TESTING SESSION HANDLING
create a second security context on the same transport
create a third security context on the same transport, with given vuid
vuid1=100 vuid2=101 vuid3=102
time: 2013-02-20 10:40:19.689054
failure: session1 [
../source4/torture/raw/context.c:123: status was NT_STATUS_OK,
expected ERRSRV:ERRbaduid: ../source4/torture/raw/context.c:123
]
This seems to happen because of the following code in reply_sesssetup_and_X:
/* Do we have a valid vuid now ? */
if (!is_partial_auth_vuid(sconn, vuid)) {
/* No, start a new authentication setup. */
vuid = register_initial_vuid(sconn);
if (vuid == UID_FIELD_INVALID) {
data_blob_free(&blob1);
reply_nterror(req, nt_status_squash(
NT_STATUS_INVALID_PARAMETER));
return;
}
}
If we don't have a valid VUID at that point and it is not 0, we should
reject the auth attempt with ERRSRV:ERRbaduid. At least that is what
W2K08 does.
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
More information about the samba-technical
mailing list