IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Use a flags bitmap for storing the signing state. This is in preparation
of a subsequent patch that adds more flags to the bitmap.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This adds a bitmap smbXsrv_encrpytion_flags with flags to the
smbXsrv_session_global.tdb and smbXsrv_tcon_global.tdb that we use
instead of bools for desired and required.
We need this info in the smbXsrv tdbs for smbstatus. Subsequent commits
for smbstatus will use it.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
More specifically move from smb2req->sconn to smb2req->xconn->client->sconn
to avouid using smb2req->sconn directly.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan 13 14:02:21 CET 2016 on sn-devel-144
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Only put session_info to the session->global context if we use it.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Don't enforce it but only announce ENCRYPT_DATA, using the
encryption_desired flag in session setup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Nonce code was terminating connections where xconn->smb2.server.cipher == 0.
If no negotiated cipher (smb2.server.cipher is zero) set nonce_high_max to zero.
smb2_get_new_nonce() returns NT_STATUS_ENCRYPTION_FAILED if it is ever called with
session->nonce_high_max == 0.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11300
Signed-off-by: Jeremy Allison <jra@samba.org>
Reuse of nonces with AES-CCM and AES-GCM leads to catastrophic failure,
so make sure the server drops the connection if that ever happens.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11300
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Simo Sorce <idra@samba.org>
Autobuild-Date(master): Fri May 29 22:38:50 CEST 2015 on sn-devel-104
This protects the full connection setup including
a posteriori verification of the negotiate messages,
by signing the final session setup response with a signing key
derived from the preauth hash and the authentication session key.
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
The cleanup of a failing session setup is now handled in
smbd_smb2_session_setup_wrap_*().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The wrapper calls smbXsrv_session_shutdown_send/recv() in case of an error,
this makes sure a failing reauth shuts down the session like an explicit logoff.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Even though the MS-SMB2 spec says so, Windows doesn't behave
like this.
This reverts commit 1cea6e5b6f8c0e28d5ba2d296c831c4878fca304.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org>
Bug 11103: - Samba does not set the required flags in the SMB2/SMB3 Negotiate Protocol Response when signing required by client
https://bugzilla.samba.org/show_bug.cgi?id=11103
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Steve French <smfrench@gmail.com>
If signing is not required we should not require it for reauthentication.
Windows clients would otherwise fail to reauthenticate.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
SMB 3.10 and later won't have SMB2_CAP_ENCRYPTION anymore.
xconn->smb2.server.cipher == 0 is the indication that we don't support encryption on the connection.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
For the continuation of a SMB2 SessionSetup we already have the
smb2req->session (with NT_STATUS_MORE_PROCESSING_REQUIRED).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Sep 8 09:52:23 CEST 2014 on sn-devel-104
This is the time of the last reauth.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
We should use stuff relative to the current request.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
We need to use the connection that is used by the current request.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
This prepares the structures for multi-channel support.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10344
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
When a session is invalidated then we must also ensure it isn't used in
any pending requests being processed.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
https://bugzilla.samba.org/show_bug.cgi?id=10208
Authentication error in smb2 session reauth invalidates
the session. In this case the session must in contrast
to successful session setup requests be torn down and live
no longer than the request.
The talloc move of the session from the global session
table to the request ensures that the session setup
reply can still be correctly signed, but subsequent
requests on the connection don't find a session any more.
Pair-Programmed-With: Jeremy Allison <jra@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
retrieve the server connection from the smbXsrv_session argument instead.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
This reverts commit dfd3c31a3f9eea96854b2d22574856368e86b245.
As Metze pointed out:
From MS-SMB2 section 2.2.4:
SMB2_NEGOTIATE_SIGNING_ENABLED
When set, indicates that security signatures are enabled
on the server. The server MUST set this bit, and the client MUST return
STATUS_INVALID_NETWORK_RESPONSE if the flag is missing.
I'll submit a documentation bug to fix#9222 that way.
Still sign if client request is signed, just don't negotiate it in
negprot or sessionsetup.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 3 00:59:42 CEST 2012 on sn-devel-104
Ensure we know after the destructor fires we're never going to
look at this again.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 12 03:00:21 CEST 2012 on sn-devel-104
