diff options
| author | Tim Beale <timbeale@catalyst.net.nz> | 2018-09-27 09:46:41 +1200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2018-09-28 08:30:22 +0200 |
| commit | 378706266496ce79c1887fe96ab3b15f56770244 (patch) | |
| tree | bb626a9ecb21abbfdbae86cfab6ac5dd3f9220e6 /source3/smbd/negprot.c | |
| parent | 0122f45f053ecc545950c31bf1fb33fba143478c (diff) | |
| download | samba-378706266496ce79c1887fe96ab3b15f56770244.tar.gz | |
s3/smbd: Server responds incorrectly if no SMB protocol chosen
The SMBnegprot response from the server contains the DialectIndex of the
selected protocol from the client's request message. Currently, if no
protocol is selected, the server is responding with a DialectIndex=zero,
which is a valid index (PROTOCOL_CORE by default). The Windows spec, and
historically the code, should return DialectIndex=0xffff if no protocol
is chosen. The following commit changed it recently (presumably
inadvertently), so that it now returns DialectIndex=zero.
06940155f315529c5b5 s3:smbd: Fix size types in reply_negprot()
This results in somewhat confusing error messages on the client side:
ERROR(runtime): uncaught exception - (3221225997, 'The transport
connection has been reset.')
or, when signing is configured as mandatory:
smbXcli_negprot: SMB signing is mandatory and the selected protocol
level (1) doesn't support it.
ERROR(runtime): uncaught exception - (3221225506, '{Access Denied} A
process has requested access to an object but has not been granted those
access rights.')
This patch restores the old behaviour of returning 0xffff.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13621
Pair-Programmed-With: Ralph Boehme <slow@samba.org>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source3/smbd/negprot.c')
| -rw-r--r-- | source3/smbd/negprot.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index 27366ea0013..2d5edf1282c 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -28,6 +28,13 @@ #include "auth/gensec/gensec.h" #include "../libcli/smb/smb_signing.h" +/* + * MS-CIFS, 2.2.4.52.2 SMB_COM_NEGOTIATE Response: + * If the server does not support any of the listed dialects, it MUST return a + * DialectIndex of 0XFFFF + */ +#define NO_PROTOCOL_CHOSEN 0xffff + extern fstring remote_proto; static void get_challenge(struct smbXsrv_connection *xconn, uint8_t buff[8]) @@ -748,7 +755,7 @@ void reply_negprot(struct smb_request *req) DBG_NOTICE("No protocol supported !\n"); reply_outbuf(req, 1, 0); - SSVAL(req->outbuf, smb_vwv0, choice); + SSVAL(req->outbuf, smb_vwv0, NO_PROTOCOL_CHOSEN); ok = srv_send_smb(xconn, (char *)req->outbuf, false, 0, false, NULL); |