summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--WHATSNEW.txt25
-rw-r--r--source/libsmb/smb_signing.c24
2 files changed, 37 insertions, 12 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 1edd9b8e946..c7131874205 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -3,16 +3,20 @@
Jun XX, 2006
==============================
+This is the latest stable release of Samba. This is the version
+that production Samba servers should be running for all current
+bug-fixes. Please read the following important changes in this
+release.
+
We would like to thank the developers of Klocwork for their
-analysis of the Samba source tree. This release includes
-fixes for over 200 defects reported by the Klocwork code
-analyzer.
+analysis of the Samba source tree. This release includes fixes
+for over 200 defects reported by the Klocwork code analyzer.
Thanks very much to those people who spent time testing the
release candidates and reported their findings. We would
-like to especially thank Thomas Bork <tombork@web.de> for
-his numerous reports. We believe that the final is in much
-better shape in a large part due to his efforts.
+like to especially thank Thomas Bork <tombork@web.de> for his
+numerous reports. We believe that the final is in much better
+shape in a large part due to his efforts.
New features in 3.0.23 include:
@@ -23,10 +27,10 @@ New features in 3.0.23 include:
o New handling of unmapped users and groups.
o New non-root share management tools.
o Improved support for local and BUILTIN groups.
- o Winbind IDMAP integration with RFC2307 schema objects
- supported by Windows 2003 R2.
- o Rewritten 'net ads join' to mimic Windows XP without
- requiring administrative rights to join a domain.
+ o Winbind IDMAP integration with RFC2307 schema objects supported
+ by Windows 2003 R2.
+ o Rewritten 'net ads join' to mimic Windows XP without requiring
+ administrative rights to join a domain.
User and Group changes
======================
@@ -148,6 +152,7 @@ o Jeremy Allison <jra@samba.org>
* Fix various issues raised by the Klocwork code analyzer.
* Fix nmbd WINS serving bug causing duplicate IPs in the *<1b>
query reply ("enhanced browsing = yes").
+ * Fix SMB signing failures in client tools.
o Nicholas Brealey <nick@brealey.org>
diff --git a/source/libsmb/smb_signing.c b/source/libsmb/smb_signing.c
index d68f161e231..68c259ba035 100644
--- a/source/libsmb/smb_signing.c
+++ b/source/libsmb/smb_signing.c
@@ -332,7 +332,22 @@ static void client_sign_outgoing_message(char *outbuf, struct smb_sign_info *si)
/* cli->outbuf[smb_ss_field+2]=0;
Uncomment this to test if the remote server actually verifies signatures...*/
- data->send_seq_num += 2;
+ /* Instead of re-introducing the trans_info_conect we
+ used to have here, we use the fact that during a
+ SMBtrans/SMBtrans2/SMBnttrans send that the mid stays
+ constant. This means that calling store_sequence_for_reply()
+ will return False for all trans secondaries, as the mid is already
+ on the stored sequence list. As the send_seqence_number must
+ remain constant for all primary+secondary trans sends, we
+ only increment the send sequence number when we successfully
+ add a new entry to the outstanding sequence list. This means
+ I can isolate the fix here rather than re-adding the trans
+ signing on/off calls in libsmb/clitrans2.c JRA.
+ */
+
+ if (store_sequence_for_reply(&data->outstanding_packet_list, SVAL(outbuf,smb_mid), data->send_seq_num + 1)) {
+ data->send_seq_num += 2;
+ }
}
/***********************************************************
@@ -356,7 +371,12 @@ static BOOL client_check_incoming_message(char *inbuf, struct smb_sign_info *si,
return False;
}
- reply_seq_number = data->send_seq_num - 1;
+ if (!get_sequence_for_reply(&data->outstanding_packet_list, SVAL(inbuf, smb_mid), &reply_seq_number)) {
+ DEBUG(1, ("client_check_incoming_message: received message "
+ "with mid %u with no matching send record.\n", (unsigned int)SVAL(inbuf, smb_mid) ));
+ return False;
+ }
+
simple_packet_signature(data, (const unsigned char *)inbuf,
reply_seq_number, calc_md5_mac);