[SCM] Samba Shared Repository - branch v4-0-test updated -
release-4-0-0alpha5-262-g43e43de
Stefan Metzmacher
metze at samba.org
Thu Aug 14 11:15:24 GMT 2008
The branch, v4-0-test has been updated
via 43e43dead030f6bffd06631007fdb162c3c6b2b5 (commit)
via dd2f4f7a491debcc30e590f571272afd99e52940 (commit)
via 7c4abf6614c47471ae005a12abe27d85890d867f (commit)
via fe74faf13dc64eaa58d757de156aedcb24abed1f (commit)
via 1380fb954a7d9d4b543c4650a060fef9f357af7b (commit)
via 3f6cbece4a199a42ad6583ea4bd4302629399625 (commit)
from 0449a5c8267873d7986c7c50adce57029192c456 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit 43e43dead030f6bffd06631007fdb162c3c6b2b5
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 13 09:48:44 2008 +0200
smb2srv: async replies with STATUS_PENDING are not signed
..., but the they may have the sign flag set.
metze
commit dd2f4f7a491debcc30e590f571272afd99e52940
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 13 15:20:18 2008 +0200
smb2srv: sign replies when the request was also signed
metze
commit 7c4abf6614c47471ae005a12abe27d85890d867f
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 13 09:45:44 2008 +0200
smb2srv: use defines instead of hex values
metze
commit fe74faf13dc64eaa58d757de156aedcb24abed1f
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 13 15:19:01 2008 +0200
libcli/smb2: use smb2 signing in auto mode if the server supports it
metze
commit 1380fb954a7d9d4b543c4650a060fef9f357af7b
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 13 09:44:06 2008 +0200
libcli/smb2: we don't need check the same thing twice...
metze
commit 3f6cbece4a199a42ad6583ea4bd4302629399625
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 13 09:42:27 2008 +0200
libcli/smb2: async replies with STATUS_PENDING are not signed
metze
-----------------------------------------------------------------------
Summary of changes:
source/libcli/smb2/connect.c | 8 +++++-
source/libcli/smb2/signing.c | 6 ----
source/libcli/smb2/transport.c | 24 ++++++++---------
source/smb_server/smb2/receive.c | 46 +++++++++++++++++++++++++---------
source/smb_server/smb2/smb2_server.h | 2 +
5 files changed, 54 insertions(+), 32 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/libcli/smb2/connect.c b/source/libcli/smb2/connect.c
index c89c109..4315194 100644
--- a/source/libcli/smb2/connect.c
+++ b/source/libcli/smb2/connect.c
@@ -115,13 +115,19 @@ static void continue_negprot(struct smb2_request *req)
transport->signing_required = false;
break;
case SMB_SIGNING_SUPPORTED:
- case SMB_SIGNING_AUTO:
if (transport->negotiate.security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) {
transport->signing_required = true;
} else {
transport->signing_required = false;
}
break;
+ case SMB_SIGNING_AUTO:
+ if (transport->negotiate.security_mode & SMB2_NEGOTIATE_SIGNING_ENABLED) {
+ transport->signing_required = true;
+ } else {
+ transport->signing_required = false;
+ }
+ break;
case SMB_SIGNING_REQUIRED:
if (transport->negotiate.security_mode & SMB2_NEGOTIATE_SIGNING_ENABLED) {
transport->signing_required = true;
diff --git a/source/libcli/smb2/signing.c b/source/libcli/smb2/signing.c
index 0d655d1..de9e1e9 100644
--- a/source/libcli/smb2/signing.c
+++ b/source/libcli/smb2/signing.c
@@ -94,12 +94,6 @@ NTSTATUS smb2_check_signature(struct smb2_request_buffer *buf, DATA_BLOB session
return NT_STATUS_OK;
}
- if (session_key.length == 0) {
- DEBUG(2,("Wrong session key length %u for SMB2 signing\n",
- (unsigned)session_key.length));
- return NT_STATUS_ACCESS_DENIED;
- }
-
memcpy(sig, buf->hdr+SMB2_HDR_SIGNATURE, 16);
memset(buf->hdr + SMB2_HDR_SIGNATURE, 0, 16);
diff --git a/source/libcli/smb2/transport.c b/source/libcli/smb2/transport.c
index d9691be..b946a10 100644
--- a/source/libcli/smb2/transport.c
+++ b/source/libcli/smb2/transport.c
@@ -235,6 +235,17 @@ static NTSTATUS smb2_transport_finish_recv(void *private, DATA_BLOB blob)
req->in.body_size = req->in.size - (SMB2_HDR_BODY+NBT_HDR_SIZE);
req->status = NT_STATUS(IVAL(hdr, SMB2_HDR_STATUS));
+ if ((flags & SMB2_HDR_FLAG_ASYNC) &&
+ NT_STATUS_EQUAL(req->status, STATUS_PENDING)) {
+ req->cancel.can_cancel = true;
+ req->cancel.pending_id = IVAL(hdr, SMB2_HDR_PID);
+ for (i=0; i< req->cancel.do_cancel; i++) {
+ smb2_cancel(req);
+ }
+ talloc_free(buffer);
+ return NT_STATUS_OK;
+ }
+
if (req->session && req->session->signing_active) {
status = smb2_check_signature(&req->in,
req->session->session_key);
@@ -244,19 +255,6 @@ static NTSTATUS smb2_transport_finish_recv(void *private, DATA_BLOB blob)
return status;
}
}
-
-
- if (NT_STATUS_EQUAL(req->status, STATUS_PENDING)) {
- if (flags & 0x00000002) {
- req->cancel.can_cancel = true;
- req->cancel.pending_id = IVAL(hdr, SMB2_HDR_PID);
- for (i=0; i< req->cancel.do_cancel; i++) {
- smb2_cancel(req);
- }
- }
- talloc_free(buffer);
- return NT_STATUS_OK;
- }
buffer_code = SVAL(req->in.body, 0);
req->in.body_fixed = (buffer_code & ~1);
diff --git a/source/smb_server/smb2/receive.c b/source/smb_server/smb2/receive.c
index cfd6c1d..1fe6f0b 100644
--- a/source/smb_server/smb2/receive.c
+++ b/source/smb_server/smb2/receive.c
@@ -79,12 +79,12 @@ struct smb2srv_request *smb2srv_init_request(struct smbsrv_connection *smb_conn)
NTSTATUS smb2srv_setup_reply(struct smb2srv_request *req, uint16_t body_fixed_size,
bool body_dynamic_present, uint32_t body_dynamic_size)
{
- uint32_t flags = 0x00000001;
+ uint32_t flags = SMB2_HDR_FLAG_REDIRECT;
uint32_t pid = IVAL(req->in.hdr, SMB2_HDR_PID);
uint32_t tid = IVAL(req->in.hdr, SMB2_HDR_TID);
if (req->pending_id) {
- flags |= 0x00000002;
+ flags |= SMB2_HDR_FLAG_ASYNC;
pid = req->pending_id;
tid = 0;
}
@@ -236,7 +236,7 @@ void smb2srv_send_reply(struct smb2srv_request *req)
}
/* if signing is active on the session then sign the packet */
- if (req->session && req->session->smb2_signing.active) {
+ if (req->is_signed) {
status = smb2_sign_message(&req->out,
req->session->session_info->session_key);
if (!NT_STATUS_IS_OK(status)) {
@@ -310,12 +310,7 @@ static NTSTATUS smb2srv_reply(struct smb2srv_request *req)
if (!req->session) goto nosession;
- if (!req->session->smb2_signing.active) {
- /* TODO: workout the correct error code */
- smb2srv_send_error(req, NT_STATUS_FOOBAR);
- return NT_STATUS_OK;
- }
-
+ req->is_signed = true;
status = smb2_check_signature(&req->in,
req->session->session_info->session_key);
if (!NT_STATUS_IS_OK(status)) {
@@ -511,6 +506,8 @@ static NTSTATUS smb2srv_init_pending(struct smbsrv_connection *smb_conn)
NTSTATUS smb2srv_queue_pending(struct smb2srv_request *req)
{
+ NTSTATUS status;
+ bool signing_used = false;
int id;
if (req->pending_id) {
@@ -526,10 +523,35 @@ NTSTATUS smb2srv_queue_pending(struct smb2srv_request *req)
DLIST_ADD_END(req->smb_conn->requests2.list, req, struct smb2srv_request *);
req->pending_id = id;
+ if (req->smb_conn->connection->event.fde == NULL) {
+ /* the socket has been destroyed - no point trying to send an error! */
+ return NT_STATUS_REMOTE_DISCONNECT;
+ }
+
talloc_set_destructor(req, smb2srv_request_deny_destructor);
- smb2srv_send_error(req, STATUS_PENDING);
- talloc_set_destructor(req, smb2srv_request_destructor);
+ status = smb2srv_setup_reply(req, 8, true, 0);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ SIVAL(req->out.hdr, SMB2_HDR_STATUS, NT_STATUS_V(STATUS_PENDING));
+
+ SSVAL(req->out.body, 0x02, 0);
+ SIVAL(req->out.body, 0x04, 0);
+
+ /* if the real reply will be signed set the signed flags, but don't sign */
+ if (req->is_signed) {
+ SIVAL(req->out.hdr, SMB2_HDR_FLAGS, IVAL(req->out.hdr, SMB2_HDR_FLAGS) | SMB2_HDR_FLAG_SIGNED);
+ signing_used = req->is_signed;
+ req->is_signed = false;
+ }
+
+ smb2srv_send_reply(req);
+
+ req->is_signed = signing_used;
+
+ talloc_set_destructor(req, smb2srv_request_destructor);
return NT_STATUS_OK;
}
@@ -545,7 +567,7 @@ void smb2srv_cancel_recv(struct smb2srv_request *req)
flags = IVAL(req->in.hdr, SMB2_HDR_FLAGS);
pending_id = IVAL(req->in.hdr, SMB2_HDR_PID);
- if (!(flags & 0x00000002)) {
+ if (!(flags & SMB2_HDR_FLAG_ASYNC)) {
/* TODO: what to do here? */
goto done;
}
diff --git a/source/smb_server/smb2/smb2_server.h b/source/smb_server/smb2/smb2_server.h
index ae4abbd..d45e086 100644
--- a/source/smb_server/smb2/smb2_server.h
+++ b/source/smb_server/smb2/smb2_server.h
@@ -62,6 +62,8 @@ struct smb2srv_request {
uint8_t _chained_file_handle[16];
uint8_t *chained_file_handle;
+ bool is_signed;
+
struct smb2_request_buffer in;
struct smb2_request_buffer out;
};
--
Samba Shared Repository
More information about the samba-cvs
mailing list