From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 10 May 2017 14:17:48 +0000 (+0200)
Subject: s3:libsmb: don't rely on gensec_session_key() to work on an unfinished authentication
X-Git-Tag: ldb-1.1.30~182
X-Git-Url: http://git.samba.org/samba.git/?p=vlendec%2Fsamba-autobuild%2F.git;a=commitdiff_plain;h=f4424579a0b4305751b308588c40cb7c005bd9e9

s3:libsmb: don't rely on gensec_session_key() to work on an unfinished authentication

If smbXcli_session_is_guest() returns true, we should handle the authentication
as anonymous and don't touch the gensec context anymore.

Note that smbXcli_session_is_guest() always returns false, if signing is
required!

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 93f873079db..a28a5824dc2 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1070,13 +1070,16 @@ static void cli_session_setup_gensec_remote_done(struct tevent_req *subreq)
 			 * We can't finish the gensec handshake, we don't
 			 * have a negotiated session key.
 			 *
-			 * So just pretend we are completely done.
+			 * So just pretend we are completely done,
+			 * we need to continue as anonymous from this point,
+			 * as we can't get a session key.
 			 *
 			 * Note that smbXcli_session_is_guest()
 			 * always returns false if we require signing.
 			 */
 			state->blob_in = data_blob_null;
 			state->local_ready = true;
+			state->is_anonymous = true;
 		}
 
 		state->remote_ready = true;