From: Ralph Boehme <slow@samba.org>
Date: Thu, 8 Nov 2018 16:31:41 +0000 (+0100)
Subject: s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd
X-Git-Tag: samba-4.8.8~20
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=58c53ddef51239c9581728131b60188c663c14a6;p=thirdparty%2Fsamba.git

s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd

We talloc_move() session_info to session->global->auth_session_info
which sets session_info to NULL.

This means security_session_user_level(NULL, NULL) will always return
SECURITY_ANONYMOUS so we never sign the session setup response.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Nov 13 14:22:46 CET 2018 on sn-devel-144

(cherry picked from commit bb93e691ca9b1922bf552363a1e7d70792749d67)

Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Fri Nov 23 13:52:04 CET 2018 on sn-devel-144
---

diff --git a/selftest/knownfail.d/samba3.smb2 b/selftest/knownfail.d/samba3.smb2
deleted file mode 100644
index 7e96e6798e7..00000000000
--- a/selftest/knownfail.d/samba3.smb2
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.smb2.session krb5.expire1n\(ad_member\)
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 5e1e8b4ec57..2c24e7a1abc 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -525,6 +525,10 @@ static NTSTATUS smbd_smb2_reauth_generic_return(struct smbXsrv_session *session,
 
 	reload_services(smb2req->sconn, conn_snum_used, true);
 
+	if (security_session_user_level(session_info, NULL) >= SECURITY_USER) {
+		smb2req->do_signing = true;
+	}
+
 	session->status = NT_STATUS_OK;
 	TALLOC_FREE(session->global->auth_session_info);
 	session->global->auth_session_info = talloc_move(session->global,
@@ -551,10 +555,6 @@ static NTSTATUS smbd_smb2_reauth_generic_return(struct smbXsrv_session *session,
 
 	conn_clear_vuid_caches(xconn->client->sconn, session->compat->vuid);
 
-	if (security_session_user_level(session_info, NULL) >= SECURITY_USER) {
-		smb2req->do_signing = true;
-	}
-
 	*out_session_id = session->global->session_wire_id;
 
 	return NT_STATUS_OK;