greenbone / openvas-smb

SMB module for OpenVAS Scanner
GNU General Public License v2.0
47 stars 47 forks source link

Sign seal #83

Closed ramijebara closed 1 year ago

ramijebara commented 1 year ago

What

Added sign, seal to the bindstr variable, to samba/lib/com/dcom/main.c. Based on my experience, communication with newer versions of windows is much more reliable. queries that fail with the un-patched code work with this change.

Why

I was trying to communicate with fully patched Windows Server 2016+ machines and the default code was failing communication. After much research and testing of community suggestions I found that this change makes the communication much more reliable.

It has been tested for around 6 months.

References

This change was initially proposed in PR#81

jira issue reference: SC-953 // this line was added by ArnoStiefvater

cfi-gb commented 1 year ago

Related to:

jjnicola commented 1 year ago

Hello @ramijebara,

Thanks a lot for your contribution. Unfortunately, I had to revert this PR, since it generate conflict with the existing way of adding options. As you can see in the PR #84, I explained the reason and how to use it. Since you are not using other Openvas components (from your comment in PR #82), I suggest that, if possible, you pass your [sing,seal] options directly concatenated with the server variable when you open the connection. E.g. we use wmi_connect (int argc, char **argv). One of the arguments is the host and it already comes with [sign] concatenated (sign is default but it can be optionally change). This is why it conflicts if the options are also hardcoded with your PR. Best regards,