sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-11 16:58:40 +03:00
Code
samba-mirror/source3/smbd
History
Stefan Metzmacher 9530c418a3 s3:smbd: allow anonymous encryption after one authenticated session setup 
I have captures where a client tries smb3 encryption on an anonymous session,
we used to allow that before commit da7dcc443f45d07d9963df9daae458fbdd991a47
was released with samba-4.15.0rc1.

Testing against Windows Server 2022 revealed that anonymous signing is always
allowed (with the session key derived from 16 zero bytes) and
anonymous encryption is allowed after one authenticated session setup on
the tcp connection.

https://bugzilla.samba.org/show_bug.cgi?id=15412

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit f3ddfb828e66738ca461c3284c423defb774547c)
2024-05-30 09:47:15 +00:00
..
notifyd
s3:notifyd: Use lpcfg_set_cmdline()
2023-09-14 21:35:29 +00:00
avahi_register.c
blocking.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
close.c
smbd: simplify handling of failing fstat() after unlinking file
2024-03-27 14:24:13 +00:00
conn_idle.c
s3:rpc_server: Activate samba-dcerpcd
2021-12-10 14:02:30 +00:00
conn_msg.c
conn.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
connection.c
dfree.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
dir.c
smbd: use check_any_access_fsp() for all access checks
2024-01-08 15:53:36 +00:00
dir.h
smbd: Give source3/smbd/dir.c its own header file
2023-12-19 16:05:36 +00:00
dmapi.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
dnsregister.c
dosmode.c
Revert "dosmode.c: prefer use of capabilities at two places over become_root"
2024-03-27 15:45:14 +00:00
durable.c
smbd: Modernize a DEBUG statement
2023-11-15 05:10:35 +00:00
error.c
s3: smbd: Rename reply_outbuf() -> reply_smb1_outbuf().
2022-04-07 17:37:30 +00:00
fake_file.c
smbd: Fix whitespace
2023-11-01 18:55:32 +00:00
fd_handle.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
fd_handle.h
smbd: fd_handle.h does not need includes.h
2022-04-26 21:41:29 +00:00
file_access.c
smbd: use check_any_access_fsp() for all access checks
2024-01-08 15:53:36 +00:00
fileio.c
smbd: allow POSIX opens for file_set_dosmode() in mark_file_modified()
2023-11-05 18:34:38 +00:00
filename.c
smbd: add a directory argument to safe_symlink_target_path()
2024-01-22 10:53:29 +00:00
files.c
smbd: set fsp->fsp_flags.can_write to false for access to previous-versions
2024-01-08 15:53:36 +00:00
globals.c
smbd: Slightly simplify set_current_case_sensitive()
2022-12-14 22:54:29 +00:00
globals.h
s3:smbd: allow anonymous encryption after one authenticated session setup
2024-05-30 09:47:15 +00:00
mangle_hash2.c
s3:smbd: Add missing newlines to logging messages
2023-08-08 04:39:38 +00:00
mangle_hash.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
mangle.c
msdfs.c
smbd: Give source3/smbd/dir.c its own header file
2023-12-19 16:05:36 +00:00
notify_fam.c
notify_inotify.c
notify_msg.c
notify.c
smbd: use check_any_access_fsp() for all access checks
2024-01-08 15:53:36 +00:00
ntquotas.c
smbd: Fix some whitespace
2023-11-01 18:55:32 +00:00
open.c
Revert "open.c: prefer capabilities over become_root"
2024-03-27 15:45:13 +00:00
oplock_linux.c
s3:smbd: Add missing newlines to logging messages
2023-08-08 04:39:38 +00:00
password.c
posix_acls.c
Revert "posix_acls.c: prefer capabilities over become_root"
2024-03-27 15:45:13 +00:00
proto.h
smbd: fix check_any_access_fsp() for non-fsa fsps
2024-01-08 15:53:36 +00:00
pysmbd.c
Use python.h from libreplace
2023-11-20 15:37:33 +00:00
quotas.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
scavenger.c
s3:smbd: Avoid integer overflow (CID 1035487)
2023-10-13 02:18:31 +00:00
scavenger.h
seal.c
sec_ctx.c
libcli/security: Rename dup_nt_token() -> security_token_duplicate()
2023-09-26 23:45:36 +00:00
server_exit.c
smbd: remove process shortname arg from reinit_after_fork()
2022-12-14 01:38:29 +00:00
server_reload.c
smbd: Remove source3/smbd/statcache.c
2022-12-14 22:54:29 +00:00
server.c
VERSION: move COPYRIGHT_STARTUP_MESSAGE as SAMBA_COPYRIGHT_STRING into version.h
2023-12-15 10:44:42 +00:00
session.c
share_access.c
Revert "s3:smbd: Remove NIS support"
2022-06-09 21:45:28 +00:00
smb1_aio.c
smbd: Remove unused "pcd" arg from smb1_srv_send()
2023-06-05 17:17:35 +00:00
smb1_aio.h
smbd: Move schedule_aio_write_and_X to smb1_aio.c
2022-04-07 17:37:29 +00:00
smb1_ipc.c
s3: smbd: Ensure all callers to srvstr_pull_req_talloc() pass a zeroed-out dest pointer.
2023-08-14 15:55:43 +00:00
smb1_ipc.h
smbd: Move ipc.c -> smb1_ipc.c
2022-04-07 17:37:29 +00:00
smb1_lanman.c
s3:smbd: Add missing newlines to logging messages
2023-08-08 04:39:38 +00:00
smb1_lanman.h
smbd: Move lanman.c -> smb1_lanman.c
2022-04-07 17:37:29 +00:00
smb1_message.c
s3: smbd: Ensure all callers to srvstr_pull_req_talloc() pass a zeroed-out dest pointer.
2023-08-14 15:55:43 +00:00
smb1_message.h
smbd: Move message.c -> smb1_message.c
2022-04-07 17:37:29 +00:00
smb1_negprot.c
s3:smbd: Add missing newlines to logging messages
2023-08-08 04:39:38 +00:00
smb1_negprot.h
smbd: Move negprot.c -> smb1_negprot.c
2022-04-07 17:37:29 +00:00
smb1_nttrans.c
s3: smbd: Now we have proved hardlink_internals() doesn't use src_dirfsp and dst_dirfsp, remove the parameters.
2023-09-19 19:51:47 +00:00
smb1_nttrans.h
smbd: Remove duplicate read_nttrans_ea_list function prototype
2022-04-07 17:37:30 +00:00
smb1_oplock.c
smbd: Remove unused "pcd" arg from smb1_srv_send()
2023-06-05 17:17:35 +00:00
smb1_oplock.h
smbd: Move send_break_message_smb1 to smb1_oplock.c
2022-04-07 17:37:29 +00:00
smb1_pipes.c
smbd: Remove code #ifdef'ed out >23years ago
2023-11-01 18:55:32 +00:00
smb1_pipes.h
smbd: Move reply_pipe_write to smb1_pipes.c
2022-04-07 17:37:30 +00:00
smb1_process.c
Revert "smbd: Fix CID 1504457 Resource leak"
2023-10-13 02:18:31 +00:00
smb1_process.h
smbd: Remove unused "deferred_pcd" from process_smb1()
2023-06-05 17:17:35 +00:00
smb1_reply.c
smbd: use check_any_access_fsp() for all access checks
2024-01-08 15:53:36 +00:00
smb1_reply.h
s3: smbd: Move reply_findnclose() from trans2.c to smb1_reply.c
2022-04-07 17:37:30 +00:00
smb1_service.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
smb1_service.h
smbd: Move make_connection to smb1_service.c
2022-04-07 17:37:29 +00:00
smb1_sesssetup.c
s3: smbd: Ensure all callers to srvstr_pull_req_talloc() pass a zeroed-out dest pointer.
2023-08-14 15:55:43 +00:00
smb1_sesssetup.h
smbd: Move sesssetup.c -> smb1_sesssetup.c
2022-04-07 17:37:29 +00:00
smb1_signing.c
CVE-2023-3347: smbd: pass lp_ctx to smb[1|2]_srv_init_signing()
2023-07-21 12:05:35 +00:00
smb1_signing.h
CVE-2023-3347: smbd: pass lp_ctx to smb[1|2]_srv_init_signing()
2023-07-21 12:05:35 +00:00
smb1_trans2.c
smbd: Give source3/smbd/dir.c its own header file
2023-12-19 16:05:36 +00:00
smb1_trans2.h
smbd: Move handling smb_set_posix_lock() to smb1_trans2.c
2023-01-04 08:54:32 +00:00
smb1_utils.c
smbd: Move filename_convert_smb1_search_path() to smb1-only code
2023-11-01 18:55:32 +00:00
smb1_utils.h
smbd: Move filename_convert_smb1_search_path() to smb1-only code
2023-11-01 18:55:32 +00:00
smb2_aio.c
s3: smbd: Add some DEVELOPER-only code to panic if the destructor for an aio_lnk is called and the associated fsp doesn't exist.
2023-09-20 01:49:34 +00:00
smb2_break.c
s3: smbd: Correctly set smb2req->smb1req->posix_pathnames from the calling fsp on SMB2 calls.
2023-03-31 20:22:38 +00:00
smb2_close.c
smbd: don't leak the fsp if close_file_smb() fails
2023-07-10 21:32:32 +00:00
smb2_create.c
smbd: bring back "smb3 unix extensions" option
2023-11-27 18:31:35 +00:00
smb2_flush.c
smbd: use check_any_access_fsp() for all access checks
2024-01-08 15:53:36 +00:00
smb2_getinfo.c
smbd: use check_any_access_fsp() for all access checks
2024-01-08 15:53:36 +00:00
smb2_glue.c
s3: smbd: Correctly set smb2req->smb1req->posix_pathnames from the calling fsp on SMB2 calls.
2023-03-31 20:22:38 +00:00
smb2_ioctl_dfs.c
smb2_ioctl_filesys.c
smbd: rename check_access_fsp() to check_any_access_fsp()
2024-01-08 15:53:36 +00:00
smb2_ioctl_named_pipe.c
smb2_ioctl_network_fs.c
s3:smbd multichannel: always allow multichannel to the ip of the queried connection
2024-01-09 10:21:34 +00:00
smb2_ioctl_private.h
s3: smbd: Split out smb2_ioctl_smbtorture() into a separate file.
2021-08-11 19:16:29 +00:00
smb2_ioctl_smbtorture.c
s3: smbd: Call smbd_fsctl_torture_async_sleep() when we get FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP.
2021-08-11 19:16:29 +00:00
smb2_ioctl.c
s3:smbd: Remove unreachable code (CID 710840)
2023-11-02 03:08:37 +00:00
smb2_ipc.c
smbd: Move nt_status_np_pipe to smb2_ipc.c
2022-04-07 17:37:29 +00:00
smb2_keepalive.c
smb2_lock.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
smb2_negprot.c
smbd: Remove callback for release_ip when "state" is free'ed
2023-12-15 11:06:34 +00:00
smb2_notify.c
s3: smbd: Correctly set smb2req->smb1req->posix_pathnames from the calling fsp on SMB2 calls.
2023-03-31 20:22:38 +00:00
smb2_nttrans.c
smbd: use check_any_access_fsp() for all access checks
2024-01-08 15:53:36 +00:00
smb2_oplock.c
smbd: Fix Coverity ID 1499372 Uninitialized scalar variable
2023-11-21 18:33:51 +00:00
smb2_pipes.c
smbd: Use security_token_count_flag_sids() in open_np_file()
2023-05-16 10:53:40 +00:00
smb2_posix.c
smbd: add inode marshalling in smb3_file_posix_information_init()
2023-10-26 16:32:30 +00:00
smb2_process.c
s3:smbd multichannel: improve smbXsrv_connection_dbg()
2024-01-09 10:21:34 +00:00
smb2_query_directory.c
smbd: Slightly simplify smbd_smb2_query_directory_send()
2023-12-19 16:05:36 +00:00
smb2_read.c
s3: smbd: named pipe reads are async. Use the same logic as for named pipe transacts to avoid crashes on shutdown.
2023-09-20 01:49:34 +00:00
smb2_reply.c
smbd: use check_any_access_fsp() for all access checks
2024-01-08 15:53:36 +00:00
smb2_server.c
s3:smbd: allow anonymous encryption after one authenticated session setup
2024-05-30 09:47:15 +00:00
smb2_service.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
smb2_sesssetup.c
s3:smbd: allow anonymous encryption after one authenticated session setup
2024-05-30 09:47:15 +00:00
smb2_setinfo.c
s3: smbd: Correctly set smb2req->smb1req->posix_pathnames from the calling fsp on SMB2 calls.
2023-03-31 20:22:38 +00:00
smb2_signing.c
CVE-2023-3347: smbd: fix "server signing = mandatory"
2023-07-21 13:03:09 +00:00
smb2_tcon.c
s3:smbd: allow anonymous encryption after one authenticated session setup
2024-05-30 09:47:15 +00:00
smb2_trans2.c
smbd: Some README.Coding in smbd_do_qfilepathinfo()
2024-01-24 00:35:33 +00:00
smb2_write.c
smbd: replace CHECK_WRITE() macro with calls to check_any_access_fsp()
2024-01-08 15:53:36 +00:00
smbd_cleanupd.c
s3:smbd: Fix code spelling
2023-07-19 09:58:37 +00:00
smbd_cleanupd.h
smbd.h
smbd: Hide the SMB1 posix symlink behaviour behind UCF_LCOMP_LNK_OK
2022-12-22 19:50:34 +00:00
smbXsrv_client.c
s3:smbd: Fix code spelling
2023-10-25 22:23:37 +00:00
smbXsrv_open.c
s3:smbd: Add missing space to warning message
2023-08-08 04:39:38 +00:00
smbXsrv_open.h
smbd: Remove smbXsrv_open_global0->db_rec
2023-02-13 10:49:43 +00:00
smbXsrv_session.c
smbXsrv_session: store session_global->client_guid
2024-01-09 10:21:34 +00:00
smbXsrv_tcon.c
s3:smbd: Fix code spelling
2023-10-25 22:23:37 +00:00
smbXsrv_version.c
srvstr.c
smbd: Move message_push_string() to smb1_utils.c
2022-06-06 19:22:28 +00:00
statvfs.c
smbd: Fix the build on FreeBSD
2022-08-04 20:44:32 +00:00
uid.c
source3: move lib/substitute.c functions out of proto.h
2021-11-11 13:49:32 +00:00
utmp.c
vfs.c
smbd: Convert a void* into the real DIR*
2023-11-21 17:34:36 +00:00