]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
s3:smbd: make sure STATUS_PENDING responses are never signed
authorStefan Metzmacher <metze@samba.org>
Fri, 11 Jun 2021 13:33:46 +0000 (13:33 +0000)
committerStefan Metzmacher <metze@samba.org>
Thu, 15 Jul 2021 00:06:31 +0000 (00:06 +0000)
It's important to match Windows here in order to avoid reusing
a NONCE for AES-128-GMAC signing.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
source3/smbd/smb2_server.c

index 04f8c4ba10e6ea5b9dfbb7056f15bf9efa18254c..462689077b2c8ab50b17a34e98028a8b91965619 100644 (file)
@@ -2272,6 +2272,11 @@ static void smbd_smb2_request_pending_timer(struct tevent_context *ev,
        SIVAL(hdr, SMB2_HDR_STATUS, NT_STATUS_V(NT_STATUS_PENDING));
        SSVAL(hdr, SMB2_HDR_OPCODE, SVAL(outhdr, SMB2_HDR_OPCODE));
 
+       /*
+        * The STATUS_PENDING response has SMB2_HDR_FLAG_SIGNED
+        * clearedm, but echoes the signature field.
+        */
+       flags &= ~SMB2_HDR_FLAG_SIGNED;
        SIVAL(hdr, SMB2_HDR_FLAGS, flags);
        SIVAL(hdr, SMB2_HDR_NEXT_COMMAND, 0);
        SBVAL(hdr, SMB2_HDR_MESSAGE_ID, message_id);
@@ -2325,6 +2330,10 @@ static void smbd_smb2_request_pending_timer(struct tevent_context *ev,
                        SMBD_SMB2_IN_HDR_IOV(req),
                        &state->vector[1+SMBD_SMB2_HDR_IOV_OFS]);
 
+       /*
+        * We add SMB2_HDR_FLAG_ASYNC after smb2_set_operation_credit()
+        * as it reacts on it
+        */
        SIVAL(hdr, SMB2_HDR_FLAGS, flags | SMB2_HDR_FLAG_ASYNC);
 
        if (DEBUGLVL(10)) {
@@ -2350,19 +2359,6 @@ static void smbd_smb2_request_pending_timer(struct tevent_context *ev,
                                                nt_errstr(status));
                        return;
                }
-       } else if (req->do_signing) {
-               struct smbXsrv_session *x = req->session;
-               struct smb2_signing_key *signing_key =
-                       smbd_smb2_signing_key(x, xconn, NULL);
-
-               status = smb2_signing_sign_pdu(signing_key,
-                                       &state->vector[1+SMBD_SMB2_HDR_IOV_OFS],
-                                       SMBD_SMB2_NUM_IOV_PER_REQ - 1);
-               if (!NT_STATUS_IS_OK(status)) {
-                       smbd_server_connection_terminate(xconn,
-                                               nt_errstr(status));
-                       return;
-               }
        }
 
        state->queue_entry.mem_ctx = state;