From 7104002cf87fb2636b0819f386da79a037cc0a4e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 21 Feb 2006 23:21:28 +0000 Subject: r13604: Fix for bug #3512 "use spnego=no" and "server signing=auto" cause client to disconnect after negprot" We missed one case of ignoring "BSRSPYL ". Merge for 3.0.21c. Jeremy. (This used to be commit 7d21cf420fdecaee43408ad5cc192cc0715d95a2) --- source3/smbd/sesssetup.c | 42 ++++++++++++++++++++---------------------- 1 file changed, 20 insertions(+), 22 deletions(-) diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 38e16126e2..1be117a7d4 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -69,6 +69,23 @@ static int add_signature(char *outbuf, char *p) return PTR_DIFF(p, start); } +/**************************************************************************** + Start the signing engine if needed. Don't fail signing here. +****************************************************************************/ + +static void sessionsetup_start_signing_engine(const auth_serversupplied_info *server_info, char *inbuf) +{ + if (!server_info->guest && !srv_signing_started()) { + /* We need to start the signing engine + * here but a W2K client sends the old + * "BSRSPYL " signature instead of the + * correct one. Subsequent packets will + * be correct. + */ + srv_check_sign_mac(inbuf, False); + } +} + /**************************************************************************** Send a security blob via a session setup reply. ****************************************************************************/ @@ -355,15 +372,7 @@ static int reply_spnego_kerberos(connection_struct *conn, SSVAL(outbuf, smb_uid, sess_vuid); - if (!server_info->guest && !srv_signing_started()) { - /* We need to start the signing engine - * here but a W2K client sends the old - * "BSRSPYL " signature instead of the - * correct one. Subsequent packets will - * be correct. - */ - srv_check_sign_mac(inbuf, False); - } + sessionsetup_start_signing_engine(server_info, inbuf); } /* wrap that up in a nice GSS-API wrapping */ @@ -436,16 +445,7 @@ static BOOL reply_spnego_ntlmssp(connection_struct *conn, char *inbuf, char *out SSVAL(outbuf,smb_uid,sess_vuid); - if (!server_info->guest && !srv_signing_started()) { - /* We need to start the signing engine - * here but a W2K client sends the old - * "BSRSPYL " signature instead of the - * correct one. Subsequent packets will - * be correct. - */ - - srv_check_sign_mac(inbuf, False); - } + sessionsetup_start_signing_engine(server_info, inbuf); } } @@ -1107,9 +1107,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, /* current_user_info is changed on new vuid */ reload_services( True ); - if (!server_info->guest && !srv_signing_started() && !srv_check_sign_mac(inbuf, True)) { - exit_server("reply_sesssetup_and_X: bad smb signature"); - } + sessionsetup_start_signing_engine(server_info, inbuf); SSVAL(outbuf,smb_uid,sess_vuid); SSVAL(inbuf,smb_uid,sess_vuid); -- cgit