[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-1723-g04ceabf

Stefan Metzmacher metze at samba.org
Wed May 20 18:00:19 GMT 2009


The branch, master has been updated
       via  04ceabf56f9372b953448d27ca18d9895b1d4c52 (commit)
       via  540b7130750f82d52a514a5117237e1b3e90e97b (commit)
       via  5b55e47b71382eed168038fe0f94b25628b611f9 (commit)
      from  f024ca961e55c76410cc952938f3efc173c746ec (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 04ceabf56f9372b953448d27ca18d9895b1d4c52
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed May 20 19:57:37 2009 +0200

    s4:libcli/smb2: fix session setup with raw NTLMSSP
    
    metze

commit 540b7130750f82d52a514a5117237e1b3e90e97b
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed May 20 17:17:07 2009 +0200

    s4:libcli/smb2: use raw ntlmssp if the server didn't provide a sec blob
    
    metze

commit 5b55e47b71382eed168038fe0f94b25628b611f9
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed May 20 19:51:40 2009 +0200

    s4:libcli/smb2: fill in transport->negotiate.secblob with the correct data
    
    metze

-----------------------------------------------------------------------

Summary of changes:
 source4/libcli/smb2/connect.c |    2 ++
 source4/libcli/smb2/session.c |   39 +++++++++++++++++++++++++--------------
 2 files changed, 27 insertions(+), 14 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/libcli/smb2/connect.c b/source4/libcli/smb2/connect.c
index b522a56..8d6ea04 100644
--- a/source4/libcli/smb2/connect.c
+++ b/source4/libcli/smb2/connect.c
@@ -105,6 +105,8 @@ static void continue_negprot(struct smb2_request *req)
 	c->status = smb2_negprot_recv(req, c, &state->negprot);
 	if (!composite_is_ok(c)) return;
 
+	transport->negotiate.secblob = state->negprot.out.secblob;
+	talloc_steal(transport, transport->negotiate.secblob.data);
 	transport->negotiate.system_time = state->negprot.out.system_time;
 	transport->negotiate.server_start_time = state->negprot.out.server_start_time;
 	transport->negotiate.security_mode = state->negprot.out.security_mode;
diff --git a/source4/libcli/smb2/session.c b/source4/libcli/smb2/session.c
index 127bb9b..9db32c4 100644
--- a/source4/libcli/smb2/session.c
+++ b/source4/libcli/smb2/session.c
@@ -149,27 +149,31 @@ static void session_request_handler(struct smb2_request *req)
 	struct smb2_session_state *state = talloc_get_type(c->private_data, 
 							   struct smb2_session_state);
 	struct smb2_session *session = req->session;
+	NTSTATUS session_key_err;
+	DATA_BLOB session_key;
+	NTSTATUS peer_status;
 
 	c->status = smb2_session_setup_recv(req, c, &state->io);
-	if (NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED) ||
-	    (NT_STATUS_IS_OK(c->status) && 
+	peer_status = c->status;
+
+	if (NT_STATUS_EQUAL(peer_status, NT_STATUS_MORE_PROCESSING_REQUIRED) ||
+	    (NT_STATUS_IS_OK(peer_status) &&
 	     NT_STATUS_EQUAL(state->gensec_status, NT_STATUS_MORE_PROCESSING_REQUIRED))) {
-		NTSTATUS session_key_err;
-		DATA_BLOB session_key;
 		c->status = gensec_update(session->gensec, c, 
 					  state->io.out.secblob,
 					  &state->io.in.secblob);
 		state->gensec_status = c->status;
 
-		session_key_err = gensec_session_key(session->gensec, &session_key);
-		if (NT_STATUS_IS_OK(session_key_err)) {
-			session->session_key = session_key;
-		}		
+		session->uid = state->io.out.uid;
 	}
 
-	session->uid = state->io.out.uid;
+	if (!NT_STATUS_IS_OK(c->status) &&
+	    !NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+		composite_error(c, c->status);
+		return;
+	}
 
-	if (NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+	if (NT_STATUS_EQUAL(peer_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 		state->req = smb2_session_setup_send(session, &state->io);
 		if (state->req == NULL) {
 			composite_error(c, NT_STATUS_NO_MEMORY);
@@ -181,9 +185,9 @@ static void session_request_handler(struct smb2_request *req)
 		return;
 	}
 
-	if (!NT_STATUS_IS_OK(c->status)) {
-		composite_error(c, c->status);
-		return;
+	session_key_err = gensec_session_key(session->gensec, &session_key);
+	if (NT_STATUS_IS_OK(session_key_err)) {
+		session->session_key = session_key;
 	}
 
 	if (session->transport->signing_required) {
@@ -207,6 +211,7 @@ struct composite_context *smb2_session_setup_spnego_send(struct smb2_session *se
 {
 	struct composite_context *c;
 	struct smb2_session_state *state;
+	const char *chosen_oid;
 
 	c = composite_create(session, session->transport->socket->event.ctx);
 	if (c == NULL) return NULL;
@@ -235,7 +240,13 @@ struct composite_context *smb2_session_setup_spnego_send(struct smb2_session *se
 	c->status = gensec_set_target_service(session->gensec, "cifs");
 	if (!composite_is_ok(c)) return c;
 
-	c->status = gensec_start_mech_by_oid(session->gensec, GENSEC_OID_SPNEGO);
+	if (session->transport->negotiate.secblob.length > 0) {
+		chosen_oid = GENSEC_OID_SPNEGO;
+	} else {
+		chosen_oid = GENSEC_OID_NTLMSSP;
+	}
+
+	c->status = gensec_start_mech_by_oid(session->gensec, chosen_oid);
 	if (!composite_is_ok(c)) return c;
 
 	c->status = gensec_update(session->gensec, c, 


-- 
Samba Shared Repository


More information about the samba-cvs mailing list