]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
libcli/smb: use MID=0 for SMB2 Cancel with ASYNC_ID and legacy signing algorithms
authorStefan Metzmacher <metze@samba.org>
Tue, 28 Sep 2021 20:24:32 +0000 (22:24 +0200)
committerJeremy Allison <jra@samba.org>
Tue, 19 Oct 2021 19:23:39 +0000 (19:23 +0000)
We can only assume that servers with support for AES-GMAC-128 signing
will except an SMB2 Cancel with ASYNC_ID and real MID.
This strategy is also used by Windows clients, because
some vendors don't cope otherwise.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14855

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 19 19:23:39 UTC 2021 on sn-devel-184

libcli/smb/smb2_signing.c
libcli/smb/smbXcli_base.c

index fdb223aec64bb777c1f0e4bd35ad0ca0fe6da7e3..4a94b026ccc4a140da0fdd45d303827790a726de 100644 (file)
@@ -430,8 +430,16 @@ static NTSTATUS smb2_signing_calc_signature(struct smb2_signing_key *signing_key
        }
        msg_id = BVAL(hdr, SMB2_HDR_MESSAGE_ID);
        if (msg_id == 0) {
-               DBG_ERR("opcode[%u] msg_id == 0\n", opcode);
-               return NT_STATUS_INTERNAL_ERROR;
+               if (opcode != SMB2_OP_CANCEL ||
+                   sign_algo_id >= SMB2_SIGNING_AES128_GMAC)
+               {
+                       DBG_ERR("opcode[%u] msg_id == 0\n", opcode);
+                       return NT_STATUS_INTERNAL_ERROR;
+               }
+               /*
+                * Legacy algorithms allow MID 0
+                * for cancel requests
+                */
        }
        if (msg_id == UINT64_MAX) {
                DBG_ERR("opcode[%u] msg_id == UINT64_MAX\n", opcode);
index 3fb51e33ffe34f6622cc8338c0361cf3c89475a1..7579fa1c3783c56d0419514353adec78d47df924 100644 (file)
@@ -3318,7 +3318,11 @@ NTSTATUS smb2cli_req_compound_submit(struct tevent_req **reqs,
 
                state->smb2.cancel_flags = SVAL(state->smb2.hdr, SMB2_HDR_FLAGS);
                state->smb2.cancel_flags &= ~SMB2_HDR_FLAG_CHAINED;
-               state->smb2.cancel_mid = mid;
+               if (state->conn->smb2.server.sign_algo >= SMB2_SIGNING_AES128_GMAC) {
+                       state->smb2.cancel_mid = mid;
+               } else {
+                       state->smb2.cancel_mid = 0;
+               }
                state->smb2.cancel_aid = 0;
 
 skip_credits: