summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2006-05-13 23:05:53 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:17:02 -0500
commitee7b4b47cb590dc16ebdf3a40b360b0f0600aa84 (patch)
tree26795be8fbe7f490df678823961c134269d49249
parent3895a5a1fcb2c949647fd310b21476aa1db377f2 (diff)
downloadsamba-ee7b4b47cb590dc16ebdf3a40b360b0f0600aa84.tar.gz
samba-ee7b4b47cb590dc16ebdf3a40b360b0f0600aa84.tar.bz2
samba-ee7b4b47cb590dc16ebdf3a40b360b0f0600aa84.zip
r15589: While trying to understand the vuid code I found that security=share is broken
right now. r14112 broke it, in 3.0.22 register_vuid for security=share returns UID_FIELD_INVALID which in current 3_0 is turned into an error condition. This makes sure that we only call register_vuid if sec!=share and meanwhile also fixes a little memleak. Then I also found a crash in smbclient with sec=share and hostmsdfs=yes. There's another crash with sec=share when coming from w2k3, but I need sleep now. Someone (jerry,jra?) please review the sesssetup.c change. Thanks, Volker (This used to be commit 8059d0ae395604503cad3d9f197928305923e3f5)
-rw-r--r--source3/libsmb/cliconnect.c4
-rw-r--r--source3/smbd/password.c5
-rw-r--r--source3/smbd/sesssetup.c32
3 files changed, 26 insertions, 15 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 6b5de6d143..beabddc782 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -221,6 +221,7 @@ static BOOL cli_session_setup_plaintext(struct cli_state *cli, const char *user,
fstr_sprintf( lanman, "Samba %s", SAMBA_VERSION_STRING);
+ memset(cli->outbuf, '\0', smb_size);
set_message(cli->outbuf,13,0,True);
SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
cli_setup_packet(cli);
@@ -937,7 +938,8 @@ BOOL cli_send_tconX(struct cli_state *cli,
pass = "";
}
- if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && *pass && passlen != 24) {
+ if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) &&
+ pass && *pass && passlen != 24) {
if (!lp_client_lanman_auth()) {
DEBUG(1, ("Server requested LANMAN password (share-level security) but 'client use lanman auth'"
" is disabled\n"));
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 230d7f297f..73b0ebb4b3 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -155,10 +155,9 @@ int register_vuid(auth_serversupplied_info *server_info,
{
user_struct *vuser = NULL;
- /* Ensure no vuid gets registered in share level security. */
+ /* Paranoia check. */
if(lp_security() == SEC_SHARE) {
- data_blob_free(&session_key);
- return UID_FIELD_INVALID;
+ smb_panic("Tried to register uid in security=share\n");
}
/* Limit allowed vuids to 16bits - VUID_OFFSET. */
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 8fe01a19b3..46acb20bda 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -1127,20 +1127,30 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
/* register the name and uid as being validated, so further connections
to a uid can get through without a password, on the same VC */
- /* register_vuid keeps the server info */
- sess_vuid = register_vuid(server_info, session_key, nt_resp.data ? nt_resp : lm_resp, sub_user);
- data_blob_free(&nt_resp);
- data_blob_free(&lm_resp);
-
- if (sess_vuid == UID_FIELD_INVALID) {
- return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
- }
+ if (lp_security() == SEC_SHARE) {
+ sess_vuid = UID_FIELD_INVALID;
+ data_blob_free(&session_key);
+ TALLOC_FREE(server_info);
+ } else {
+ /* register_vuid keeps the server info */
+ sess_vuid = register_vuid(server_info, session_key,
+ nt_resp.data ? nt_resp : lm_resp,
+ sub_user);
+ if (sess_vuid == UID_FIELD_INVALID) {
+ data_blob_free(&nt_resp);
+ data_blob_free(&lm_resp);
+ return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
+ }
- /* current_user_info is changed on new vuid */
- reload_services( True );
+ /* current_user_info is changed on new vuid */
+ reload_services( True );
- sessionsetup_start_signing_engine(server_info, inbuf);
+ sessionsetup_start_signing_engine(server_info, inbuf);
+ }
+ data_blob_free(&nt_resp);
+ data_blob_free(&lm_resp);
+
SSVAL(outbuf,smb_uid,sess_vuid);
SSVAL(inbuf,smb_uid,sess_vuid);