From f3ddfb828e66738ca461c3284c423defb774547c Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 30 Jun 2023 18:05:51 +0200
Subject: [PATCH] s3:smbd: allow anonymous encryption after one authenticated
 session setup
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

I have captures where a client tries smb3 encryption on an anonymous session,
we used to allow that before commit da7dcc443f45d07d9963df9daae458fbdd991a47
was released with samba-4.15.0rc1.

Testing against Windows Server 2022 revealed that anonymous signing is always
allowed (with the session key derived from 16 zero bytes) and
anonymous encryption is allowed after one authenticated session setup on
the tcp connection.

https://bugzilla.samba.org/show_bug.cgi?id=15412

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---
 selftest/knownfail.d/anon-encryption |  1 -
 source3/smbd/globals.h               |  5 +++++
 source3/smbd/smb2_server.c           | 11 +++++++++++
 source3/smbd/smb2_sesssetup.c        | 18 +++++++++++++++++-
 source3/smbd/smb2_tcon.c             |  4 ++++
 5 files changed, 37 insertions(+), 2 deletions(-)
 delete mode 100644 selftest/knownfail.d/anon-encryption

diff --git a/selftest/knownfail.d/anon-encryption b/selftest/knownfail.d/anon-encryption
deleted file mode 100644
index 99d833c205a..00000000000
--- a/selftest/knownfail.d/anon-encryption
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.smb2.session.*.anon-encryption2
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index bfa3b124d73..7d0d924dd73 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -522,6 +522,11 @@ struct smbXsrv_connection {
 		} smbtorture;
 
 		bool signing_mandatory;
+		/*
+		 * This is ConstrainedConnection in MS-SMB2,
+		 * but with reversed value...
+		 */
+		bool got_authenticated_session;
 	} smb2;
 };
 
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 642b530134b..a32044d9357 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -495,6 +495,17 @@ static NTSTATUS smbd_smb2_inbuf_parse_compound(struct smbXsrv_connection *xconn,
 				goto inval;
 			}
 
+			if (!xconn->smb2.got_authenticated_session) {
+				D_INFO("Got SMB2_TRANSFORM header, "
+				       "but not no authenticated session yet "
+				       "client[%s] server[%s]\n",
+				       tsocket_address_string(
+					xconn->remote_address, talloc_tos()),
+				       tsocket_address_string(
+					xconn->local_address, talloc_tos()));
+				goto inval;
+			}
+
 			if (len < SMB2_TF_HDR_SIZE) {
 				DEBUG(1, ("%d bytes left, expected at least %d\n",
 					   (int)len, SMB2_TF_HDR_SIZE));
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 3005385ac9c..d4140af2f1f 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -272,6 +272,13 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
 		x->global->signing_flags &= ~SMBXSRV_SIGNING_REQUIRED;
 		/* we map anonymous to guest internally */
 		guest = true;
+	} else {
+		/*
+		 * Remember we got one authenticated session on the connection
+		 * in order to allow SMB3 decryption to happen
+		 * (sadly even for future anonymous connections).
+		 */
+		xconn->smb2.got_authenticated_session = true;
 	}
 
 	if (guest && (x->global->encryption_flags & SMBXSRV_ENCRYPTION_REQUIRED)) {
@@ -289,7 +296,10 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
 	}
 	x->global->signing_algo = xconn->smb2.server.sign_algo;
 	x->global->encryption_cipher = xconn->smb2.server.cipher;
-	if (guest) {
+	if (*out_session_flags & SMB2_SESSION_FLAG_IS_GUEST) {
+		/*
+		 * A fallback to guest can't do any encryption
+		 */
 		x->global->encryption_cipher = SMB2_ENCRYPTION_NONE;
 	}
 
@@ -643,6 +653,12 @@ static NTSTATUS smbd_smb2_bind_auth_return(struct smbXsrv_session *session,
 		return NT_STATUS_LOGON_FAILURE;
 	}
 
+	/*
+	 * Remember we got one authenticated session on the connection
+	 * in order to allow SMB3 decryption to happen
+	 */
+	xconn->smb2.got_authenticated_session = true;
+
 	*out_session_id = session->global->session_wire_id;
 
 	return NT_STATUS_OK;
diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c
index b228036510a..20d89670df1 100644
--- a/source3/smbd/smb2_tcon.c
+++ b/source3/smbd/smb2_tcon.c
@@ -331,6 +331,10 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req,
 		}
 	}
 
+	if (guest_session) {
+		/* make sure we don't ask for optional encryption */
+		encryption_desired = false;
+	}
 	if (encryption_desired) {
 		encryption_flags |= SMBXSRV_ENCRYPTION_DESIRED;
 	}