| commit | f3ddfb828e66738ca461c3284c423defb774547c | |
| author | Stefan Metzmacher <metze@samba.org> | |
| Fri, 30 Jun 2023 16:05:51 +0000 (30 18:05 +0200) | ||
| committer | Stefan Metzmacher <metze@samba.org> | |
| Thu, 23 May 2024 12:35:37 +0000 (23 12:35 +0000) | ||
| tree | c5ddfad183bef446419f71ed3e8453ea48cb9212 | treesnapshot (tar.gz zip) |
| parent | 551756abd2c9e4922075bc3037db645355542363 | commitdiff |
s3:smbd: allow anonymous encryption after one authenticated session setup
I have captures where a client tries smb3 encryption on an anonymous session,
we used to allow that before commit da7dcc443f45d07d9963df9daae458fbdd991a47
was released with samba-4.15.0rc1.
Testing against Windows Server 2022 revealed that anonymous signing is always
allowed (with the session key derived from 16 zero bytes) and
anonymous encryption is allowed after one authenticated session setup on
the tcp connection.
https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
I have captures where a client tries smb3 encryption on an anonymous session,
we used to allow that before commit da7dcc443f45d07d9963df9daae458fbdd991a47
was released with samba-4.15.0rc1.
Testing against Windows Server 2022 revealed that anonymous signing is always
allowed (with the session key derived from 16 zero bytes) and
anonymous encryption is allowed after one authenticated session setup on
the tcp connection.
https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>