diff options
| -rw-r--r-- | source3/libsmb/cliconnect.c | 4 | ||||
| -rw-r--r-- | source3/smbd/password.c | 5 | ||||
| -rw-r--r-- | source3/smbd/sesssetup.c | 32 |
3 files changed, 26 insertions, 15 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 6b5de6d143..beabddc782 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -221,6 +221,7 @@ static BOOL cli_session_setup_plaintext(struct cli_state *cli, const char *user, fstr_sprintf( lanman, "Samba %s", SAMBA_VERSION_STRING); + memset(cli->outbuf, '\0', smb_size); set_message(cli->outbuf,13,0,True); SCVAL(cli->outbuf,smb_com,SMBsesssetupX); cli_setup_packet(cli); @@ -937,7 +938,8 @@ BOOL cli_send_tconX(struct cli_state *cli, pass = ""; } - if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && *pass && passlen != 24) { + if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && + pass && *pass && passlen != 24) { if (!lp_client_lanman_auth()) { DEBUG(1, ("Server requested LANMAN password (share-level security) but 'client use lanman auth'" " is disabled\n")); diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 230d7f297f..73b0ebb4b3 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -155,10 +155,9 @@ int register_vuid(auth_serversupplied_info *server_info, { user_struct *vuser = NULL; - /* Ensure no vuid gets registered in share level security. */ + /* Paranoia check. */ if(lp_security() == SEC_SHARE) { - data_blob_free(&session_key); - return UID_FIELD_INVALID; + smb_panic("Tried to register uid in security=share\n"); } /* Limit allowed vuids to 16bits - VUID_OFFSET. */ diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 8fe01a19b3..46acb20bda 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -1127,20 +1127,30 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, /* register the name and uid as being validated, so further connections to a uid can get through without a password, on the same VC */ - /* register_vuid keeps the server info */ - sess_vuid = register_vuid(server_info, session_key, nt_resp.data ? nt_resp : lm_resp, sub_user); - data_blob_free(&nt_resp); - data_blob_free(&lm_resp); - - if (sess_vuid == UID_FIELD_INVALID) { - return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE)); - } + if (lp_security() == SEC_SHARE) { + sess_vuid = UID_FIELD_INVALID; + data_blob_free(&session_key); + TALLOC_FREE(server_info); + } else { + /* register_vuid keeps the server info */ + sess_vuid = register_vuid(server_info, session_key, + nt_resp.data ? nt_resp : lm_resp, + sub_user); + if (sess_vuid == UID_FIELD_INVALID) { + data_blob_free(&nt_resp); + data_blob_free(&lm_resp); + return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE)); + } - /* current_user_info is changed on new vuid */ - reload_services( True ); + /* current_user_info is changed on new vuid */ + reload_services( True ); - sessionsetup_start_signing_engine(server_info, inbuf); + sessionsetup_start_signing_engine(server_info, inbuf); + } + data_blob_free(&nt_resp); + data_blob_free(&lm_resp); + SSVAL(outbuf,smb_uid,sess_vuid); SSVAL(inbuf,smb_uid,sess_vuid); |