diff options
-rw-r--r-- | WHATSNEW.txt | 25 | ||||
-rw-r--r-- | source/libsmb/smb_signing.c | 24 |
2 files changed, 37 insertions, 12 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 1edd9b8e946..c7131874205 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -3,16 +3,20 @@ Jun XX, 2006 ============================== +This is the latest stable release of Samba. This is the version +that production Samba servers should be running for all current +bug-fixes. Please read the following important changes in this +release. + We would like to thank the developers of Klocwork for their -analysis of the Samba source tree. This release includes -fixes for over 200 defects reported by the Klocwork code -analyzer. +analysis of the Samba source tree. This release includes fixes +for over 200 defects reported by the Klocwork code analyzer. Thanks very much to those people who spent time testing the release candidates and reported their findings. We would -like to especially thank Thomas Bork <tombork@web.de> for -his numerous reports. We believe that the final is in much -better shape in a large part due to his efforts. +like to especially thank Thomas Bork <tombork@web.de> for his +numerous reports. We believe that the final is in much better +shape in a large part due to his efforts. New features in 3.0.23 include: @@ -23,10 +27,10 @@ New features in 3.0.23 include: o New handling of unmapped users and groups. o New non-root share management tools. o Improved support for local and BUILTIN groups. - o Winbind IDMAP integration with RFC2307 schema objects - supported by Windows 2003 R2. - o Rewritten 'net ads join' to mimic Windows XP without - requiring administrative rights to join a domain. + o Winbind IDMAP integration with RFC2307 schema objects supported + by Windows 2003 R2. + o Rewritten 'net ads join' to mimic Windows XP without requiring + administrative rights to join a domain. User and Group changes ====================== @@ -148,6 +152,7 @@ o Jeremy Allison <jra@samba.org> * Fix various issues raised by the Klocwork code analyzer. * Fix nmbd WINS serving bug causing duplicate IPs in the *<1b> query reply ("enhanced browsing = yes"). + * Fix SMB signing failures in client tools. o Nicholas Brealey <nick@brealey.org> diff --git a/source/libsmb/smb_signing.c b/source/libsmb/smb_signing.c index d68f161e231..68c259ba035 100644 --- a/source/libsmb/smb_signing.c +++ b/source/libsmb/smb_signing.c @@ -332,7 +332,22 @@ static void client_sign_outgoing_message(char *outbuf, struct smb_sign_info *si) /* cli->outbuf[smb_ss_field+2]=0; Uncomment this to test if the remote server actually verifies signatures...*/ - data->send_seq_num += 2; + /* Instead of re-introducing the trans_info_conect we + used to have here, we use the fact that during a + SMBtrans/SMBtrans2/SMBnttrans send that the mid stays + constant. This means that calling store_sequence_for_reply() + will return False for all trans secondaries, as the mid is already + on the stored sequence list. As the send_seqence_number must + remain constant for all primary+secondary trans sends, we + only increment the send sequence number when we successfully + add a new entry to the outstanding sequence list. This means + I can isolate the fix here rather than re-adding the trans + signing on/off calls in libsmb/clitrans2.c JRA. + */ + + if (store_sequence_for_reply(&data->outstanding_packet_list, SVAL(outbuf,smb_mid), data->send_seq_num + 1)) { + data->send_seq_num += 2; + } } /*********************************************************** @@ -356,7 +371,12 @@ static BOOL client_check_incoming_message(char *inbuf, struct smb_sign_info *si, return False; } - reply_seq_number = data->send_seq_num - 1; + if (!get_sequence_for_reply(&data->outstanding_packet_list, SVAL(inbuf, smb_mid), &reply_seq_number)) { + DEBUG(1, ("client_check_incoming_message: received message " + "with mid %u with no matching send record.\n", (unsigned int)SVAL(inbuf, smb_mid) )); + return False; + } + simple_packet_signature(data, (const unsigned char *)inbuf, reply_seq_number, calc_md5_mac); |