From 918e6288fa775893a7e895334e05ce7780f89eaf Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 6 Mar 2009 16:18:50 +0100 Subject: s3:libsmb: smb signing works the same for extented and non-extended security This is only cosmetic, but it makes it easier to understand. metze --- source3/libsmb/cliconnect.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) (limited to 'source3/libsmb/cliconnect.c') diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index ad11ee0ed4..58e7dd1f8e 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -379,6 +379,7 @@ static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user, DATA_BLOB session_key = data_blob_null; NTSTATUS result; char *p; + bool ok; if (passlen == 0) { /* do nothing - guest login */ @@ -436,11 +437,7 @@ static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user, SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data); #endif } -#ifdef LANMAN_ONLY - cli_simple_set_signing(cli, session_key, lm_response); -#else - cli_simple_set_signing(cli, session_key, nt_response); -#endif + cli_temp_set_signing(cli); } else { /* pre-encrypted password supplied. Only used for security=server, can't do @@ -492,6 +489,22 @@ static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user, goto end; } +#ifdef LANMAN_ONLY + ok = cli_simple_set_signing(cli, session_key, lm_response); +#else + ok = cli_simple_set_signing(cli, session_key, nt_response); +#endif + if (ok) { + /* 'resign' the last message, so we get the right sequence numbers + for checking the first reply from the server */ + cli_calculate_sign_mac(cli, cli->outbuf); + + if (!cli_check_sign_mac(cli, cli->inbuf)) { + result = NT_STATUS_ACCESS_DENIED; + goto end; + } + } + /* use the returned vuid from now on */ cli->vuid = SVAL(cli->inbuf,smb_uid); -- cgit From 6e572d40a913f788f06e4bc7a7047129bc22ad5a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 6 Mar 2009 11:52:15 +0100 Subject: s3:libsmb: remove cli_setup_signing_state() and add struct cli_state *cli_initialise_ex() This prepares the next changes. metze --- source3/libsmb/cliconnect.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'source3/libsmb/cliconnect.c') diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 58e7dd1f8e..e3d1b65be0 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1949,7 +1949,7 @@ NTSTATUS cli_start_connection(struct cli_state **output_cli, if (!my_name) my_name = global_myname(); - if (!(cli = cli_initialise())) { + if (!(cli = cli_initialise_ex(signing_state))) { return NT_STATUS_NO_MEMORY; } @@ -1997,8 +1997,6 @@ again: return NT_STATUS_BAD_NETWORK_NAME; } - cli_setup_signing_state(cli, signing_state); - if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO) cli->use_spnego = False; else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS) -- cgit From e58ade4136b40d82c24f3556845e7412a3330992 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 6 Mar 2009 14:24:59 +0100 Subject: Fix a smbclient segfault against security=share servers --- source3/libsmb/cliconnect.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'source3/libsmb/cliconnect.c') diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index e3d1b65be0..ec2932488e 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1297,10 +1297,17 @@ struct async_req *cli_tcon_andx_send(TALLOC_CTX *mem_ctx, return result; access_denied: - result = async_req_new(mem_ctx); - if (async_post_ntstatus(result, ev, NT_STATUS_ACCESS_DENIED)) { - return result; + { + struct cli_request *state; + if (!async_req_setup(mem_ctx, &result, &state, + struct cli_request)) { + goto fail; + } + if (async_post_ntstatus(result, ev, NT_STATUS_ACCESS_DENIED)) { + return result; + } } + fail: TALLOC_FREE(result); return NULL; } -- cgit