summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2006-02-21 23:21:28 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:10:19 -0500
commit7104002cf87fb2636b0819f386da79a037cc0a4e (patch)
tree2a7c20e8fedc75db9483bb5ee1840c82cbd5dbbe /source3
parent6622ba566ed3cc3ac362c4e257d7c8ed3c437a8a (diff)
downloadsamba-7104002cf87fb2636b0819f386da79a037cc0a4e.tar.gz
samba-7104002cf87fb2636b0819f386da79a037cc0a4e.tar.bz2
samba-7104002cf87fb2636b0819f386da79a037cc0a4e.zip
r13604: Fix for bug #3512 "use spnego=no" and "server signing=auto" cause client to disconnect after negprot"
We missed one case of ignoring "BSRSPYL ". Merge for 3.0.21c. Jeremy. (This used to be commit 7d21cf420fdecaee43408ad5cc192cc0715d95a2)
Diffstat (limited to 'source3')
-rw-r--r--source3/smbd/sesssetup.c42
1 files changed, 20 insertions, 22 deletions
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 38e16126e2..1be117a7d4 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -70,6 +70,23 @@ static int add_signature(char *outbuf, char *p)
}
/****************************************************************************
+ Start the signing engine if needed. Don't fail signing here.
+****************************************************************************/
+
+static void sessionsetup_start_signing_engine(const auth_serversupplied_info *server_info, char *inbuf)
+{
+ if (!server_info->guest && !srv_signing_started()) {
+ /* We need to start the signing engine
+ * here but a W2K client sends the old
+ * "BSRSPYL " signature instead of the
+ * correct one. Subsequent packets will
+ * be correct.
+ */
+ srv_check_sign_mac(inbuf, False);
+ }
+}
+
+/****************************************************************************
Send a security blob via a session setup reply.
****************************************************************************/
@@ -355,15 +372,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
SSVAL(outbuf, smb_uid, sess_vuid);
- if (!server_info->guest && !srv_signing_started()) {
- /* We need to start the signing engine
- * here but a W2K client sends the old
- * "BSRSPYL " signature instead of the
- * correct one. Subsequent packets will
- * be correct.
- */
- srv_check_sign_mac(inbuf, False);
- }
+ sessionsetup_start_signing_engine(server_info, inbuf);
}
/* wrap that up in a nice GSS-API wrapping */
@@ -436,16 +445,7 @@ static BOOL reply_spnego_ntlmssp(connection_struct *conn, char *inbuf, char *out
SSVAL(outbuf,smb_uid,sess_vuid);
- if (!server_info->guest && !srv_signing_started()) {
- /* We need to start the signing engine
- * here but a W2K client sends the old
- * "BSRSPYL " signature instead of the
- * correct one. Subsequent packets will
- * be correct.
- */
-
- srv_check_sign_mac(inbuf, False);
- }
+ sessionsetup_start_signing_engine(server_info, inbuf);
}
}
@@ -1107,9 +1107,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
/* current_user_info is changed on new vuid */
reload_services( True );
- if (!server_info->guest && !srv_signing_started() && !srv_check_sign_mac(inbuf, True)) {
- exit_server("reply_sesssetup_and_X: bad smb signature");
- }
+ sessionsetup_start_signing_engine(server_info, inbuf);
SSVAL(outbuf,smb_uid,sess_vuid);
SSVAL(inbuf,smb_uid,sess_vuid);