svn commit: samba r16708 - in branches/SAMBA_4_0/source: libcli/raw libcli/smb2 smb_server/smb2

metze at samba.org metze at samba.org
Fri Jun 30 11:07:48 GMT 2006 

Author: metze
Date: 2006-06-30 11:07:47 +0000 (Fri, 30 Jun 2006)
New Revision: 16708

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16708

Log:
the packet format of SMB2 SessionSetup has changed,
there're 8 more unknown bytes...

Note:
 - vista-CTP also support this as a server,
   but uses the old format as client
 - but vista-beta2 only uses and accept the new format

metze
Modified:
   branches/SAMBA_4_0/source/libcli/raw/interfaces.h
   branches/SAMBA_4_0/source/libcli/smb2/session.c
   branches/SAMBA_4_0/source/smb_server/smb2/sesssetup.c


Changeset:
Modified: branches/SAMBA_4_0/source/libcli/raw/interfaces.h
===================================================================
--- branches/SAMBA_4_0/source/libcli/raw/interfaces.h	2006-06-30 08:19:44 UTC (rev 16707)
+++ branches/SAMBA_4_0/source/libcli/raw/interfaces.h	2006-06-30 11:07:47 UTC (rev 16708)
@@ -372,13 +372,18 @@
 		enum smb_sesssetup_level level;
 
 		struct {
-			/* static body buffer 16 (0x10) bytes */
-			/* uint16_t buffer_code;  0x11 = 0x10 + 1 */
+			/* NOTE: this was 0x11 = 0x10 + 1 in vista-CTP
+			 * and changed in vista-beta2, but both server's
+			 * can handle the 0x18 clients
+			 */
+			/* static body buffer 24 (0x18) bytes */
+			/* uint16_t buffer_code;  0x19 = 0x18 + 1 */
 			uint16_t _pad;
-			uint32_t unknown2; /* 0xF */
-			uint32_t unknown3; /* 0x00 */
+			uint32_t unknown2; /* 0x0000000F(vista-CTP) 0x00000007(vista-beta2) */
+			uint32_t unknown3; /* 0x0000000 */
 			/* uint16_t secblob_ofs */
 			/* uint16_t secblob_size */
+			uint64_t unknown4; /* 0x0000000000000000 only present in vista-beta2 */
 
 			/* dynamic body */
 			DATA_BLOB secblob;

Modified: branches/SAMBA_4_0/source/libcli/smb2/session.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/smb2/session.c	2006-06-30 08:19:44 UTC (rev 16707)
+++ branches/SAMBA_4_0/source/libcli/smb2/session.c	2006-06-30 11:07:47 UTC (rev 16708)
@@ -69,11 +69,11 @@
 	NTSTATUS status;
 	
 	req = smb2_request_init(session->transport, SMB2_OP_SESSSETUP, 
-				0x10, True, io->in.secblob.length);
+				0x18, True, io->in.secblob.length);
 	if (req == NULL) return NULL;
 
 	SBVAL(req->out.hdr,  SMB2_HDR_UID, session->uid);
-	SSVAL(req->out.body, 0x02, 0); /* pad */
+	SSVAL(req->out.body, 0x02, io->in._pad); /* pad */
 	SIVAL(req->out.body, 0x04, io->in.unknown2);
 	SIVAL(req->out.body, 0x08, io->in.unknown3);
 
@@ -84,6 +84,7 @@
 		talloc_free(req);
 		return NULL;
 	}
+	SBVAL(req->out.body, 0x10, io->in.unknown4);
 
 	smb2_transport_send(req);
 
@@ -209,9 +210,10 @@
 	c->event_ctx = session->transport->socket->event.ctx;
 
 	ZERO_STRUCT(state->io);
-	state->io.in._pad = 0x0;
-	state->io.in.unknown2 = 0xF;
-	state->io.in.unknown3 = 0x00;
+	state->io.in._pad = 0x0000;
+	state->io.in.unknown2 = 0x0000000F;
+	state->io.in.unknown3 = 0x00000000;
+	state->io.in.unknown4 = 0; /* uint64_t */
 
 	c->status = gensec_set_credentials(session->gensec, credentials);
 	if (!NT_STATUS_IS_OK(c->status)) {

Modified: branches/SAMBA_4_0/source/smb_server/smb2/sesssetup.c
===================================================================
--- branches/SAMBA_4_0/source/smb_server/smb2/sesssetup.c	2006-06-30 08:19:44 UTC (rev 16707)
+++ branches/SAMBA_4_0/source/smb_server/smb2/sesssetup.c	2006-06-30 11:07:47 UTC (rev 16708)
@@ -126,22 +126,12 @@
 		return;
 	}
 
-	status = smb2srv_setup_reply(req, 0x08, True, io->smb2.out.secblob.length);
-	if (!NT_STATUS_IS_OK(status)) {
-		smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
-		talloc_free(req);
-		return;
-	}
+	SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x08, True, io->smb2.out.secblob.length));
 
 	SBVAL(req->out.hdr, SMB2_HDR_UID,    io->smb2.out.uid);
 
 	SSVAL(req->out.body, 0x02, io->smb2.out._pad);
-	status = smb2_push_o16s16_blob(&req->out, 0x04, io->smb2.out.secblob);
-	if (!NT_STATUS_IS_OK(status)) {
-		smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
-		talloc_free(req);
-		return;
-	}
+	SMB2SRV_CHECK(smb2_push_o16s16_blob(&req->out, 0x04, io->smb2.out.secblob));
 
 	smb2srv_send_reply(req);
 }
@@ -151,31 +141,18 @@
 	union smb_sesssetup *io;
 	NTSTATUS status;
 
-	if (req->in.body_size < 0x10) {
-		smb2srv_send_error(req,  NT_STATUS_FOOBAR);
-		return;
-	}
 
-	io = talloc(req, union smb_sesssetup);
-	if (!io) {
-		smbsrv_terminate_connection(req->smb_conn, nt_errstr(NT_STATUS_NO_MEMORY));
-		talloc_free(req);
-		return;
-	}
+	SMB2SRV_CHECK_BODY_SIZE(req, 0x18, True);
+	SMB2SRV_TALLOC_IO_PTR(io, union smb_sesssetup);
 
 	io->smb2.level		= RAW_SESSSETUP_SMB2;
 	io->smb2.in._pad	= SVAL(req->in.body, 0x02);
 	io->smb2.in.unknown2	= IVAL(req->in.body, 0x04);
 	io->smb2.in.unknown3	= IVAL(req->in.body, 0x08);
-	status = smb2_pull_o16s16_blob(&req->in, io, req->in.body+0x0C, &io->smb2.in.secblob);
-	if (!NT_STATUS_IS_OK(status)) {
-		smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
-		talloc_free(req);
-		return;
-	}
+	SMB2SRV_CHECK(smb2_pull_o16s16_blob(&req->in, io, req->in.body+0x0C, &io->smb2.in.secblob));
+	io->smb2.in.unknown4	= BVAL(req->in.body, 0x10);
 
 	req->status = smb2srv_sesssetup_backend(req, io);
-
 	if (req->control_flags & SMB2SRV_REQ_CTRL_FLAG_NOT_REPLY) {
 		talloc_free(req);
 		return;
@@ -200,12 +177,7 @@
 		return;
 	}
 
-	status = smb2srv_setup_reply(req, 0x04, False, 0);
-	if (!NT_STATUS_IS_OK(status)) {
-		smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
-		talloc_free(req);
-		return;
-	}
+	SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x04, False, 0));
 
 	SSVAL(req->out.body, 0x02, 0);
 
@@ -216,10 +188,7 @@
 {
 	uint16_t _pad;
 
-	if (req->in.body_size < 0x04) {
-		smb2srv_send_error(req,  NT_STATUS_FOOBAR);
-		return;
-	}
+	SMB2SRV_CHECK_BODY_SIZE(req, 0x04, False);
 
 	_pad	= SVAL(req->in.body, 0x02);

More information about the samba-cvs mailing list