1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
samba-mirror/source3/smbd
Stefan Metzmacher f3ddfb828e s3:smbd: allow anonymous encryption after one authenticated session setup
I have captures where a client tries smb3 encryption on an anonymous session,
we used to allow that before commit da7dcc443f
was released with samba-4.15.0rc1.

Testing against Windows Server 2022 revealed that anonymous signing is always
allowed (with the session key derived from 16 zero bytes) and
anonymous encryption is allowed after one authenticated session setup on
the tcp connection.

https://bugzilla.samba.org/show_bug.cgi?id=15412

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-05-23 12:35:37 +00:00
..
notifyd smbd: Slightly simplify notifyd_send_delete() 2024-04-23 17:53:36 +00:00
avahi_register.c
blocking.c s3:smbd: Fix code spelling 2023-07-19 09:58:37 +00:00
close.c smbd: Modernize a few DEBUGs 2024-05-15 16:51:39 +00:00
conn_idle.c smbd: Remove sconn->using_smb2 2024-04-17 07:57:36 +00:00
conn_msg.c
conn.c smbd: Add conn_using_smb2() 2024-04-17 07:57:36 +00:00
connection.c
dfree.c s3:smbd: Fix code spelling 2023-07-19 09:58:37 +00:00
dir.c smbd: Remove sconn->using_smb2 2024-04-17 07:57:36 +00:00
dir.h smbd: Give source3/smbd/dir.c its own header file 2023-12-19 16:05:36 +00:00
dmapi.c s3:smbd: Fix code spelling 2023-07-19 09:58:37 +00:00
dnsregister.c
dosmode.c smbd: Return FILE_ATTRIBUTE_REPARSE_POINT from "user.DOSATTRIB" 2024-05-06 20:55:37 +00:00
durable.c smbd: Modernize a DEBUG statement 2023-11-15 05:10:35 +00:00
error.c
fake_file.c smbd: Fix whitespace 2023-11-01 18:55:32 +00:00
fd_handle.c s3:smbd: Fix code spelling 2023-07-19 09:58:37 +00:00
fd_handle.h
file_access.c smbd: use check_any_access_fsp() for all access checks 2024-01-08 15:53:36 +00:00
fileio.c smbd: allow POSIX opens for file_set_dosmode() in mark_file_modified() 2023-11-05 18:34:38 +00:00
filename.c smbd: Remove sconn->using_smb2 2024-04-17 07:57:36 +00:00
files.c smbd: Remove struct open_symlink_err 2024-03-28 08:05:35 +00:00
globals.c smbd: Slightly simplify set_current_case_sensitive() 2022-12-14 22:54:29 +00:00
globals.h s3:smbd: allow anonymous encryption after one authenticated session setup 2024-05-23 12:35:37 +00:00
mangle_hash2.c s3:smbd: Add missing newlines to logging messages 2023-08-08 04:39:38 +00:00
mangle_hash.c s3:smbd: Fix code spelling 2023-07-19 09:58:37 +00:00
mangle.c
msdfs.c s3:smbd: Fix code spelling 2024-02-08 02:48:44 +00:00
notify_fam.c
notify_inotify.c
notify_msg.c
notify.c s3:notify: don't log user_can_stat_name_under_fsp with level 0 for OBJECT_NAME_NOT_FOUND 2024-04-23 14:17:32 +00:00
ntquotas.c smbd: Fix some whitespace 2023-11-01 18:55:32 +00:00
open.c smbd: Simplify request_timed_out 2024-05-22 04:23:29 +00:00
oplock_linux.c s3:smbd: Add missing newlines to logging messages 2023-08-08 04:39:38 +00:00
password.c smbd: Give smbXsrv_session.c its own header file 2024-03-12 13:31:31 +00:00
posix_acls.c Revert "posix_acls.c: prefer capabilities over become_root" 2024-03-27 09:40:34 +00:00
proto.h smbd: Remove message_to_share_mode_entry and vice versa 2024-04-30 22:44:32 +00:00
pysmbd.c Use python.h from libreplace 2023-11-20 15:37:33 +00:00
quotas.c s3:smbd: Fix code spelling 2023-07-19 09:58:37 +00:00
scavenger.c s3:smbd: Avoid integer overflow (CID 1035487) 2023-10-13 02:18:31 +00:00
scavenger.h
seal.c
sec_ctx.c libcli/security: Rename dup_nt_token() -> security_token_duplicate() 2023-09-26 23:45:36 +00:00
server_exit.c smbd: Give smbXsrv_session.c its own header file 2024-03-12 13:31:31 +00:00
server_reload.c smbd: Remove source3/smbd/statcache.c 2022-12-14 22:54:29 +00:00
server.c smbd-server: Process ip add/drop events for options:dynamic only 2024-04-16 23:51:45 +00:00
session.c
share_access.c Revert "s3:smbd: Remove NIS support" 2022-06-09 21:45:28 +00:00
smb1_aio.c smbd: Remove unused "pcd" arg from smb1_srv_send() 2023-06-05 17:17:35 +00:00
smb1_aio.h
smb1_ipc.c s3: smbd: Ensure all callers to srvstr_pull_req_talloc() pass a zeroed-out dest pointer. 2023-08-14 15:55:43 +00:00
smb1_ipc.h
smb1_lanman.c lib: Give lib/util/util_file.c its own header file 2024-04-16 23:51:45 +00:00
smb1_lanman.h
smb1_message.c s3: smbd: Ensure all callers to srvstr_pull_req_talloc() pass a zeroed-out dest pointer. 2023-08-14 15:55:43 +00:00
smb1_message.h
smb1_negprot.c s3:smbd: Add missing newlines to logging messages 2023-08-08 04:39:38 +00:00
smb1_negprot.h
smb1_nttrans.c s3: smbd: Now we have proved hardlink_internals() doesn't use src_dirfsp and dst_dirfsp, remove the parameters. 2023-09-19 19:51:47 +00:00
smb1_nttrans.h
smb1_oplock.c smbd: Remove unused "pcd" arg from smb1_srv_send() 2023-06-05 17:17:35 +00:00
smb1_oplock.h
smb1_pipes.c smbd: Remove code #ifdef'ed out >23years ago 2023-11-01 18:55:32 +00:00
smb1_pipes.h
smb1_process.c smbd: Remove sconn->using_smb2 2024-04-17 07:57:36 +00:00
smb1_process.h smbd: Remove unused "deferred_pcd" from process_smb1() 2023-06-05 17:17:35 +00:00
smb1_reply.c smbd: Remove an unused function parameter 2024-05-22 04:23:29 +00:00
smb1_reply.h
smb1_service.c s3:smbd: Fix code spelling 2023-07-19 09:58:37 +00:00
smb1_service.h
smb1_sesssetup.c smbd: Give smbXsrv_session.c its own header file 2024-03-12 13:31:31 +00:00
smb1_sesssetup.h
smb1_signing.c CVE-2023-3347: smbd: pass lp_ctx to smb[1|2]_srv_init_signing() 2023-07-21 12:05:35 +00:00
smb1_signing.h CVE-2023-3347: smbd: pass lp_ctx to smb[1|2]_srv_init_signing() 2023-07-21 12:05:35 +00:00
smb1_trans2.c smbd: Simplify smb_set_file_unix_link() 2024-04-23 17:53:36 +00:00
smb1_trans2.h smbd: Move handling smb_set_posix_lock() to smb1_trans2.c 2023-01-04 08:54:32 +00:00
smb1_utils.c smbd: Move filename_convert_smb1_search_path() to smb1-only code 2023-11-01 18:55:32 +00:00
smb1_utils.h smbd: Move filename_convert_smb1_search_path() to smb1-only code 2023-11-01 18:55:32 +00:00
smb2_aio.c s3: smbd: Add some DEVELOPER-only code to panic if the destructor for an aio_lnk is called and the associated fsp doesn't exist. 2023-09-20 01:49:34 +00:00
smb2_break.c s3: smbd: Correctly set smb2req->smb1req->posix_pathnames from the calling fsp on SMB2 calls. 2023-03-31 20:22:38 +00:00
smb2_close.c smbd: don't leak the fsp if close_file_smb() fails 2023-07-10 21:32:32 +00:00
smb2_create.c smbd: Add reparse tag to smb3_posix_cc_info 2024-05-14 23:29:46 +00:00
smb2_flush.c smbd: use check_any_access_fsp() for all access checks 2024-01-08 15:53:36 +00:00
smb2_getinfo.c smbd: use check_any_access_fsp() for all access checks 2024-01-08 15:53:36 +00:00
smb2_glue.c s3: smbd: Correctly set smb2req->smb1req->posix_pathnames from the calling fsp on SMB2 calls. 2023-03-31 20:22:38 +00:00
smb2_ioctl_dfs.c
smb2_ioctl_filesys.c smbd: rename check_access_fsp() to check_any_access_fsp() 2024-01-08 15:53:36 +00:00
smb2_ioctl_named_pipe.c
smb2_ioctl_network_fs.c lib: Make GUID_to_ndr_buf() return void 2024-03-12 13:31:31 +00:00
smb2_ioctl_private.h
smb2_ioctl_smbtorture.c
smb2_ioctl.c s3:smbd: Remove unreachable code (CID 710840) 2023-11-02 03:08:37 +00:00
smb2_ipc.c
smb2_keepalive.c
smb2_lock.c s3:smbd: Fix code spelling 2023-07-19 09:58:37 +00:00
smb2_negprot.c smbd: Save a few bytes of .text 2024-04-30 22:44:32 +00:00
smb2_notify.c s3: smbd: Correctly set smb2req->smb1req->posix_pathnames from the calling fsp on SMB2 calls. 2023-03-31 20:22:38 +00:00
smb2_nttrans.c smbd: Remove sconn->using_smb2 2024-04-17 07:57:36 +00:00
smb2_oplock.c smbd: Use struct oplock_break_message for MSG_SMB_KERNEL_BREAK 2024-04-30 22:44:32 +00:00
smb2_pipes.c smbd: Use security_token_count_flag_sids() in open_np_file() 2023-05-16 10:53:40 +00:00
smb2_posix.c smbd: add inode marshalling in smb3_file_posix_information_init() 2023-10-26 16:32:30 +00:00
smb2_process.c smbd: Remove sconn->using_smb2 2024-04-17 07:57:36 +00:00
smb2_query_directory.c smbd: Slightly simplify smbd_smb2_query_directory_send() 2023-12-19 16:05:36 +00:00
smb2_read.c smbd: Remove a no-op call to init_strict_lock_struct 2024-05-22 04:23:29 +00:00
smb2_reply.c smbd: Modernize a few DEBUGs 2024-05-14 22:29:36 +00:00
smb2_server.c s3:smbd: allow anonymous encryption after one authenticated session setup 2024-05-23 12:35:37 +00:00
smb2_service.c smbd: Remove sconn->using_smb2 2024-04-17 07:57:36 +00:00
smb2_sesssetup.c s3:smbd: allow anonymous encryption after one authenticated session setup 2024-05-23 12:35:37 +00:00
smb2_setinfo.c lib: Remove timeval_set() 2024-03-22 06:07:42 +00:00
smb2_signing.c CVE-2023-3347: smbd: fix "server signing = mandatory" 2023-07-21 13:03:09 +00:00
smb2_tcon.c s3:smbd: allow anonymous encryption after one authenticated session setup 2024-05-23 12:35:37 +00:00
smb2_trans2.c smbd: Remove an unnecessary else 2024-05-22 04:23:29 +00:00
smb2_write.c smbd: replace CHECK_WRITE() macro with calls to check_any_access_fsp() 2024-01-08 15:53:36 +00:00
smbd_cleanupd.c s3:smbd: Fix code spelling 2023-07-19 09:58:37 +00:00
smbd_cleanupd.h
smbd.h smbd: Hide the SMB1 posix symlink behaviour behind UCF_LCOMP_LNK_OK 2022-12-22 19:50:34 +00:00
smbXsrv_client.c smbd: Fix a copy&paste error in smbXsrv_client_remove() 2024-04-30 22:44:32 +00:00
smbXsrv_open.c smbd: Simplify smbXsrv_open_clear_replay_cache() 2024-04-30 22:44:32 +00:00
smbXsrv_open.h smbd: Remove smbXsrv_open_global0->db_rec 2023-02-13 10:49:43 +00:00
smbXsrv_session.c smbd: Simplify an if-condition 2024-04-30 22:44:32 +00:00
smbXsrv_session.h smbd: Give smbXsrv_session.c its own header file 2024-03-12 13:31:31 +00:00
smbXsrv_tcon.c s3:smbd: Fix code spelling 2023-10-25 22:23:37 +00:00
smbXsrv_version.c smbXsrv_version: Use a struct assignment 2024-03-12 13:31:31 +00:00
srvstr.c smbd: Move message_push_string() to smb1_utils.c 2022-06-06 19:22:28 +00:00
statvfs.c smbd: Fix the build on FreeBSD 2022-08-04 20:44:32 +00:00
uid.c smbd: Give smbXsrv_session.c its own header file 2024-03-12 13:31:31 +00:00
utmp.c
vfs.c smbd: Convert a void* into the real DIR* 2023-11-21 17:34:36 +00:00