diff options
author | Jeremy Allison <jra@samba.org> | 2006-02-21 23:21:28 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:10:19 -0500 |
commit | 7104002cf87fb2636b0819f386da79a037cc0a4e (patch) | |
tree | 2a7c20e8fedc75db9483bb5ee1840c82cbd5dbbe /source3 | |
parent | 6622ba566ed3cc3ac362c4e257d7c8ed3c437a8a (diff) | |
download | samba-7104002cf87fb2636b0819f386da79a037cc0a4e.tar.gz samba-7104002cf87fb2636b0819f386da79a037cc0a4e.tar.bz2 samba-7104002cf87fb2636b0819f386da79a037cc0a4e.zip |
r13604: Fix for bug #3512 "use spnego=no" and "server signing=auto" cause client to disconnect after negprot"
We missed one case of ignoring "BSRSPYL ".
Merge for 3.0.21c.
Jeremy.
(This used to be commit 7d21cf420fdecaee43408ad5cc192cc0715d95a2)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/smbd/sesssetup.c | 42 |
1 files changed, 20 insertions, 22 deletions
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 38e16126e2..1be117a7d4 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -70,6 +70,23 @@ static int add_signature(char *outbuf, char *p) } /**************************************************************************** + Start the signing engine if needed. Don't fail signing here. +****************************************************************************/ + +static void sessionsetup_start_signing_engine(const auth_serversupplied_info *server_info, char *inbuf) +{ + if (!server_info->guest && !srv_signing_started()) { + /* We need to start the signing engine + * here but a W2K client sends the old + * "BSRSPYL " signature instead of the + * correct one. Subsequent packets will + * be correct. + */ + srv_check_sign_mac(inbuf, False); + } +} + +/**************************************************************************** Send a security blob via a session setup reply. ****************************************************************************/ @@ -355,15 +372,7 @@ static int reply_spnego_kerberos(connection_struct *conn, SSVAL(outbuf, smb_uid, sess_vuid); - if (!server_info->guest && !srv_signing_started()) { - /* We need to start the signing engine - * here but a W2K client sends the old - * "BSRSPYL " signature instead of the - * correct one. Subsequent packets will - * be correct. - */ - srv_check_sign_mac(inbuf, False); - } + sessionsetup_start_signing_engine(server_info, inbuf); } /* wrap that up in a nice GSS-API wrapping */ @@ -436,16 +445,7 @@ static BOOL reply_spnego_ntlmssp(connection_struct *conn, char *inbuf, char *out SSVAL(outbuf,smb_uid,sess_vuid); - if (!server_info->guest && !srv_signing_started()) { - /* We need to start the signing engine - * here but a W2K client sends the old - * "BSRSPYL " signature instead of the - * correct one. Subsequent packets will - * be correct. - */ - - srv_check_sign_mac(inbuf, False); - } + sessionsetup_start_signing_engine(server_info, inbuf); } } @@ -1107,9 +1107,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, /* current_user_info is changed on new vuid */ reload_services( True ); - if (!server_info->guest && !srv_signing_started() && !srv_check_sign_mac(inbuf, True)) { - exit_server("reply_sesssetup_and_X: bad smb signature"); - } + sessionsetup_start_signing_engine(server_info, inbuf); SSVAL(outbuf,smb_uid,sess_vuid); SSVAL(inbuf,smb_uid,sess_vuid); |