From 51e3bbd3e0a29171f4ed9e6fb933f4d124400de7 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 16 Apr 2012 12:14:07 +0200
Subject: s4:libcli/smb2: fix anonymous session setups against windows servers

Windows server doesn't set the SMB2_SESSION_FLAG_IS_GUEST nor
SMB2_SESSION_FLAG_IS_NULL flag.

This fix makes sure we don't try to verify a signature on the
final session setup response.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Apr 16 14:44:46 CEST 2012 on sn-devel-104
---
 source4/libcli/smb2/session.c     | 15 +++++++++++++++
 source4/libcli/smb2/wscript_build |  2 +-
 2 files changed, 16 insertions(+), 1 deletion(-)

(limited to 'source4/libcli')

diff --git a/source4/libcli/smb2/session.c b/source4/libcli/smb2/session.c
index 2657266401..57033b866a 100644
--- a/source4/libcli/smb2/session.c
+++ b/source4/libcli/smb2/session.c
@@ -27,6 +27,7 @@
 #include "libcli/smb2/smb2.h"
 #include "libcli/smb2/smb2_calls.h"
 #include "auth/gensec/gensec.h"
+#include "auth/credentials/credentials.h"
 #include "../libcli/smb/smbXcli_base.h"
 #include "../source3/libsmb/smb2cli.h"
 
@@ -231,6 +232,20 @@ static void smb2_session_setup_spnego_done(struct tevent_req *subreq)
 			return;
 		}
 
+		if (cli_credentials_is_anonymous(state->credentials)) {
+			/*
+			 * Windows server does not set the
+			 * SMB2_SESSION_FLAG_IS_GUEST nor
+			 * SMB2_SESSION_FLAG_IS_NULL flag.
+			 *
+			 * This fix makes sure we do not try
+			 * to verify a signature on the final
+			 * session setup response.
+			 */
+			tevent_req_done(req);
+			return;
+		}
+
 		status = gensec_session_key(session->gensec, state,
 					    &session_key);
 		if (tevent_req_nterror(req, status)) {
diff --git a/source4/libcli/smb2/wscript_build b/source4/libcli/smb2/wscript_build
index 2685fe71bf..02fc5b821d 100644
--- a/source4/libcli/smb2/wscript_build
+++ b/source4/libcli/smb2/wscript_build
@@ -4,7 +4,7 @@ bld.SAMBA_SUBSYSTEM('LIBCLI_SMB2',
 	source='transport.c request.c session.c tcon.c create.c close.c connect.c getinfo.c write.c read.c setinfo.c find.c ioctl.c logoff.c tdis.c flush.c lock.c notify.c cancel.c keepalive.c break.c util.c signing.c lease_break.c',
 	autoproto='smb2_proto.h',
 	deps='tevent-util cli_smb_common',
-	public_deps='smbclient-raw gensec tevent',
+	public_deps='smbclient-raw gensec samba-credentials tevent',
 	public_headers='smb2.h',
 	)
 
-- 
cgit