mirror of
https://github.com/samba-team/samba.git
synced 2025-02-26 21:57:41 +03:00
s3:smbd: improve the error returns for invalid session binding requests
This brings us closer to what a Windows Server with GMAC signing returns. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
Stefan Metzmacher
parent
1025e1bfea
commit
898caeae63
@ -1,28 +1,4 @@
|
|||||||
^samba3.smb2.session.*.bind_negative_smb3signCtoHs
|
# These tests fail with INVALID_PARAMETER as
|
||||||
|
# we required the same client guid for session binds
|
||||||
^samba3.smb2.session.*.bind_negative_smb3signCtoHd
|
^samba3.smb2.session.*.bind_negative_smb3signCtoHd
|
||||||
^samba3.smb2.session.*.bind_negative_smb3signCtoGs
|
|
||||||
^samba3.smb2.session.*.bind_negative_smb3signCtoGd
|
|
||||||
^samba3.smb2.session.*.bind_negative_smb3signHtoCs
|
|
||||||
^samba3.smb2.session.*.bind_negative_smb3signHtoCd
|
^samba3.smb2.session.*.bind_negative_smb3signHtoCd
|
||||||
^samba3.smb2.session.*.bind_negative_smb3signHtoGs
|
|
||||||
^samba3.smb2.session.*.bind_negative_smb3signHtoGd
|
|
||||||
^samba3.smb2.session.*.bind_negative_smb3signGtoCs
|
|
||||||
^samba3.smb2.session.*.bind_negative_smb3signGtoCd
|
|
||||||
^samba3.smb2.session.*.bind_negative_smb3signGtoHs
|
|
||||||
^samba3.smb2.session.*.bind_negative_smb3signGtoHd
|
|
||||||
^samba3.smb2.session.*.bind_negative_smb3sneGtoCs
|
|
||||||
^samba3.smb2.session.*.bind_negative_smb3sneGtoCd
|
|
||||||
^samba3.smb2.session.*.bind_negative_smb3sneGtoHs
|
|
||||||
^samba3.smb2.session.*.bind_negative_smb3sneGtoHd
|
|
||||||
^samba3.smb2.session.*.bind_negative_smb3sneCtoGs
|
|
||||||
^samba3.smb2.session.*.bind_negative_smb3sneCtoGd
|
|
||||||
^samba3.smb2.session.*.bind_negative_smb3sneHtoGs
|
|
||||||
^samba3.smb2.session.*.bind_negative_smb3sneHtoGd
|
|
||||||
^samba3.smb2.session.*.bind_negative_smb3signC30toGs
|
|
||||||
^samba3.smb2.session.*.bind_negative_smb3signC30toGd
|
|
||||||
^samba3.smb2.session.*.bind_negative_smb3signH2XtoGs
|
|
||||||
^samba3.smb2.session.*.bind_negative_smb3signH2XtoGd
|
|
||||||
^samba3.smb2.session.*.bind_negative_smb3signGtoC30s
|
|
||||||
^samba3.smb2.session.*.bind_negative_smb3signGtoC30d
|
|
||||||
^samba3.smb2.session.*.bind_negative_smb3signGtoH2Xs
|
|
||||||
^samba3.smb2.session.*.bind_negative_smb3signGtoH2Xd
|
|
||||||
|
|||||||
@ -691,16 +691,6 @@ static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
|
|||||||
state->in_security_buffer = in_security_buffer;
|
state->in_security_buffer = in_security_buffer;
|
||||||
|
|
||||||
if (in_flags & SMB2_SESSION_FLAG_BINDING) {
|
if (in_flags & SMB2_SESSION_FLAG_BINDING) {
|
||||||
if (smb2req->xconn->protocol < PROTOCOL_SMB3_00) {
|
|
||||||
tevent_req_nterror(req, NT_STATUS_REQUEST_NOT_ACCEPTED);
|
|
||||||
return tevent_req_post(req, ev);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!smb2req->xconn->client->server_multi_channel_enabled) {
|
|
||||||
tevent_req_nterror(req, NT_STATUS_REQUEST_NOT_ACCEPTED);
|
|
||||||
return tevent_req_post(req, ev);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (in_session_id == 0) {
|
if (in_session_id == 0) {
|
||||||
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
|
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
|
||||||
return tevent_req_post(req, ev);
|
return tevent_req_post(req, ev);
|
||||||
@ -711,6 +701,29 @@ static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
|
|||||||
return tevent_req_post(req, ev);
|
return tevent_req_post(req, ev);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ((smb2req->session->global->signing_algo >= SMB2_SIGNING_AES128_GMAC) &&
|
||||||
|
(smb2req->xconn->smb2.server.sign_algo != smb2req->session->global->signing_algo))
|
||||||
|
{
|
||||||
|
tevent_req_nterror(req, NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
|
||||||
|
return tevent_req_post(req, ev);
|
||||||
|
}
|
||||||
|
if ((smb2req->xconn->smb2.server.sign_algo >= SMB2_SIGNING_AES128_GMAC) &&
|
||||||
|
(smb2req->session->global->signing_algo != smb2req->xconn->smb2.server.sign_algo))
|
||||||
|
{
|
||||||
|
tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED);
|
||||||
|
return tevent_req_post(req, ev);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (smb2req->xconn->protocol < PROTOCOL_SMB3_00) {
|
||||||
|
tevent_req_nterror(req, NT_STATUS_REQUEST_NOT_ACCEPTED);
|
||||||
|
return tevent_req_post(req, ev);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!smb2req->xconn->client->server_multi_channel_enabled) {
|
||||||
|
tevent_req_nterror(req, NT_STATUS_REQUEST_NOT_ACCEPTED);
|
||||||
|
return tevent_req_post(req, ev);
|
||||||
|
}
|
||||||
|
|
||||||
if (!smb2req->do_signing) {
|
if (!smb2req->do_signing) {
|
||||||
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
|
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
|
||||||
return tevent_req_post(req, ev);
|
return tevent_req_post(req, ev);
|
||||||
@ -723,17 +736,19 @@ static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
|
|||||||
return tevent_req_post(req, ev);
|
return tevent_req_post(req, ev);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (smb2req->session->global->signing_algo
|
if (smb2req->session->global->encryption_cipher
|
||||||
!= smb2req->xconn->smb2.server.sign_algo)
|
!= smb2req->xconn->smb2.server.cipher)
|
||||||
{
|
{
|
||||||
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
|
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
|
||||||
return tevent_req_post(req, ev);
|
return tevent_req_post(req, ev);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (smb2req->session->global->encryption_cipher
|
status = smb2req->session->status;
|
||||||
!= smb2req->xconn->smb2.server.cipher)
|
if (NT_STATUS_EQUAL(status, NT_STATUS_BAD_LOGON_SESSION_STATE)) {
|
||||||
{
|
/*
|
||||||
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
|
* This comes from smb2srv_session_lookup_global().
|
||||||
|
*/
|
||||||
|
tevent_req_nterror(req, NT_STATUS_USER_SESSION_DELETED);
|
||||||
return tevent_req_post(req, ev);
|
return tevent_req_post(req, ev);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user