OpenWrt – Blame information for rev 4
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
1 | office | 1 | From 25139116756cc285a3a5534834cc276ef1b7baaa Mon Sep 17 00:00:00 2001 |
2 | From: Stefan Metzmacher <metze@samba.org> |
||
3 | Date: Wed, 30 Sep 2015 21:17:02 +0200 |
||
4 | Subject: [PATCH 1/2] CVE-2015-5296: s3:libsmb: force signing when requiring |
||
5 | encryption in do_connect() |
||
6 | |||
7 | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536 |
||
8 | |||
9 | Signed-off-by: Stefan Metzmacher <metze@samba.org> |
||
10 | Reviewed-by: Jeremy Allison <jra@samba.org> |
||
11 | --- |
||
12 | source3/libsmb/clidfs.c | 7 ++++++- |
||
13 | 1 file changed, 6 insertions(+), 1 deletion(-) |
||
14 | |||
15 | --- a/source3/libsmb/clidfs.c |
||
16 | +++ b/source3/libsmb/clidfs.c |
||
17 | @@ -98,6 +98,11 @@ static struct cli_state *do_connect(TALL |
||
18 | const char *username; |
||
19 | const char *password; |
||
20 | NTSTATUS status; |
||
21 | + int signing_state = get_cmdline_auth_info_signing_state(auth_info); |
||
22 | + |
||
23 | + if (force_encrypt) { |
||
24 | + signing_state = Required; |
||
25 | + } |
||
26 | |||
27 | /* make a copy so we don't modify the global string 'service' */ |
||
28 | servicename = talloc_strdup(ctx,share); |
||
29 | @@ -132,7 +137,7 @@ static struct cli_state *do_connect(TALL |
||
30 | zero_sockaddr(&ss); |
||
31 | |||
32 | /* have to open a new connection */ |
||
33 | - c = cli_initialise_ex(get_cmdline_auth_info_signing_state(auth_info)); |
||
34 | + c = cli_initialise_ex(signing_state); |
||
35 | if (c == NULL) { |
||
36 | d_printf("Connection to %s failed\n", server_n); |
||
37 | return NULL; |
||
38 | --- a/source3/libsmb/libsmb_server.c |
||
39 | +++ b/source3/libsmb/libsmb_server.c |
||
40 | @@ -258,6 +258,7 @@ SMBC_server_internal(TALLOC_CTX *ctx, |
||
41 | const char *username_used; |
||
42 | NTSTATUS status; |
||
43 | char *newserver, *newshare; |
||
44 | + int signing_state = Undefined; |
||
45 | |||
46 | zero_sockaddr(&ss); |
||
47 | ZERO_STRUCT(c); |
||
48 | @@ -404,8 +405,12 @@ again: |
||
49 | |||
50 | zero_sockaddr(&ss); |
||
51 | |||
52 | + if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) { |
||
53 | + signing_state = Required; |
||
54 | + } |
||
55 | + |
||
56 | /* have to open a new connection */ |
||
57 | - if ((c = cli_initialise()) == NULL) { |
||
58 | + if ((c = cli_initialise_ex(signing_state)) == NULL) { |
||
59 | errno = ENOMEM; |
||
60 | return NULL; |
||
61 | } |
||
62 | @@ -750,6 +755,7 @@ SMBC_attr_server(TALLOC_CTX *ctx, |
||
63 | ipc_srv = SMBC_find_server(ctx, context, server, "*IPC$", |
||
64 | pp_workgroup, pp_username, pp_password); |
||
65 | if (!ipc_srv) { |
||
66 | + int signing_state = Undefined; |
||
67 | |||
68 | /* We didn't find a cached connection. Get the password */ |
||
69 | if (!*pp_password || (*pp_password)[0] == '\0') { |
||
70 | @@ -771,6 +777,9 @@ SMBC_attr_server(TALLOC_CTX *ctx, |
||
71 | if (smbc_getOptionUseCCache(context)) { |
||
72 | flags |= CLI_FULL_CONNECTION_USE_CCACHE; |
||
73 | } |
||
74 | + if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) { |
||
75 | + signing_state = Required; |
||
76 | + } |
||
77 | |||
78 | zero_sockaddr(&ss); |
||
79 | nt_status = cli_full_connection(&ipc_cli, |
||
80 | @@ -780,7 +789,7 @@ SMBC_attr_server(TALLOC_CTX *ctx, |
||
81 | *pp_workgroup, |
||
82 | *pp_password, |
||
83 | flags, |
||
84 | - Undefined); |
||
85 | + signing_state); |
||
86 | if (! NT_STATUS_IS_OK(nt_status)) { |
||
87 | DEBUG(1,("cli_full_connection failed! (%s)\n", |
||
88 | nt_errstr(nt_status))); |