diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/smbd/smb2_server.c | 49 | ||||
-rw-r--r-- | source3/smbd/smb2_sesssetup.c | 3 |
2 files changed, 27 insertions, 25 deletions
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 8106a688fd..ad5b70e928 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -1431,8 +1431,8 @@ static void smbd_smb2_request_pending_timer(struct tevent_context *ev, uint32_t flags = 0; uint64_t session_id = 0; uint64_t message_id = 0; - uint64_t nonce_high; - uint64_t nonce_low; + uint64_t nonce_high = 0; + uint64_t nonce_low = 0; uint64_t async_id = 0; struct tevent_req *subreq = NULL; @@ -1476,15 +1476,18 @@ static void smbd_smb2_request_pending_timer(struct tevent_context *ev, body = hdr + SMB2_HDR_BODY; dyn = body + 8; - /* - * We may have 2 responses (PENDING, FINAL), - * so alter the nonce. - * - * The PENDING response has the SMB2_HDR_FLAG_ASYNC bit - * set. - */ - nonce_high = session_id | SMB2_HDR_FLAG_ASYNC; - nonce_low = message_id; + if (req->do_encryption) { + struct smbXsrv_session *x = req->session; + + nonce_high = x->nonce_high; + nonce_low = x->nonce_low; + + x->nonce_low += 1; + if (x->nonce_low == 0) { + x->nonce_low += 1; + x->nonce_high += 1; + } + } SIVAL(tf, SMB2_TF_PROTOCOL_ID, SMB2_TF_MAGIC); SBVAL(tf, SMB2_TF_NONCE+0, nonce_low); @@ -2310,22 +2313,18 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req) { DATA_BLOB encryption_key = req->session->global->encryption_key; uint8_t *tf; - const uint8_t *inhdr = SMBD_SMB2_IN_HDR_PTR(req); uint64_t session_id = req->session->global->session_wire_id; - uint64_t message_id = BVAL(inhdr, SMB2_HDR_MESSAGE_ID); - uint64_t async_id = BVAL(inhdr, SMB2_HDR_ASYNC_ID); - /* - * We may have 2 responses (PENDING, FINAL), - * so alter the nonce. - * - * The FINAL response has the SMB2_HDR_FLAG_ASYNC bit - * cleared. - */ - uint64_t nonce_high = session_id & ~SMB2_HDR_FLAG_ASYNC; - uint64_t nonce_low = message_id; + struct smbXsrv_session *x = req->session; + uint64_t nonce_high; + uint64_t nonce_low; + + nonce_high = x->nonce_high; + nonce_low = x->nonce_low; - if (nonce_low == 0) { - nonce_low = async_id; + x->nonce_low += 1; + if (x->nonce_low == 0) { + x->nonce_low += 1; + x->nonce_high += 1; } /* diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 12a9d22f16..a03abf73aa 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -277,6 +277,9 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session, label.data, label.length, context.data, context.length, x->global->encryption_key.data); + + generate_random_buffer((uint8_t *)&x->nonce_high, sizeof(x->nonce_high)); + x->nonce_low = 1; } x->global->application_key = data_blob_dup_talloc(x->global, |