[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Wed Aug 10 04:32:01 MDT 2011
The branch, master has been updated
via 8158042 s3:libsmb: make cli_session_setup_spnego() static
via 33a6a4e s3:winbindd_cm: use cli_session_setup() instead of cli_session_setup_spnego()
via d7cdd96 s3:libsmb: pass remote_realm to cli_session_setup_spnego() in cli_session_setup()
via c6a3ded s3:libsmb: store the remote_realm on the cli_state
via a726567 s3:smb_macros.h: simplify _smb_setlen() and _smb_setlen_large()
via b65ea9f s3:include: smb.h base old smb header offsets on new defines
via 6da226a s3:include: smb.h merge some stuff from source4
from 0a9c30f Revert "s3:test_async_echo: unsure the desired smb message sequence"
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 81580429ec1ab872aa06f541d696f087621b05e6
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 9 22:24:14 2011 +0200
s3:libsmb: make cli_session_setup_spnego() static
metze
Autobuild-User: Stefan Metzmacher <metze at samba.org>
Autobuild-Date: Wed Aug 10 12:31:55 CEST 2011 on sn-devel-104
commit 33a6a4ea854edb6cc667ba78babab0b930755b91
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 9 22:21:41 2011 +0200
s3:winbindd_cm: use cli_session_setup() instead of cli_session_setup_spnego()
metze
commit d7cdd9651e4e849f19d791fd587f74ad76d370c8
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 9 22:17:56 2011 +0200
s3:libsmb: pass remote_realm to cli_session_setup_spnego() in cli_session_setup()
metze
commit c6a3dedd99b57345af1b51bad560709319ec8caa
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 9 22:15:23 2011 +0200
s3:libsmb: store the remote_realm on the cli_state
metze
commit a7265675d5cd41f05a0ebaba43ad36a389419db2
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jul 28 11:27:10 2011 +0200
s3:smb_macros.h: simplify _smb_setlen() and _smb_setlen_large()
This also takes care of the correct casting.
metze
commit b65ea9faa8e775da9be976482cf1931456500355
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 12 09:40:56 2011 +0200
s3:include: smb.h base old smb header offsets on new defines
metze
commit 6da226a5e54354d72e66ffdc303086edc7db0f9b
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 12 09:37:53 2011 +0200
s3:include: smb.h merge some stuff from source4
metze
-----------------------------------------------------------------------
Summary of changes:
source3/include/client.h | 1 +
source3/include/smb.h | 99 +++++++++++++++++++++++++++-------------
source3/include/smb_macros.h | 10 ++--
source3/libsmb/cliconnect.c | 12 +++--
source3/libsmb/clientgen.c | 13 +++++
source3/libsmb/proto.h | 6 +--
source3/winbindd/winbindd_cm.c | 37 ++++++++------
7 files changed, 116 insertions(+), 62 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/client.h b/source3/include/client.h
index a4d4321..f44e52f 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -124,6 +124,7 @@ struct cli_state {
struct sockaddr_storage local_ss;
struct sockaddr_storage remote_ss;
const char *remote_name;
+ const char *remote_realm;
struct tevent_req *read_smb_req;
struct tevent_queue *outgoing;
struct tevent_req **pending;
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 88521d4..207fc9e 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -692,39 +692,71 @@ struct connections_data {
uint32 unused_compatitibility_field;
};
+#define SMB_MAGIC 0x424D53FF /* 0xFF 'S' 'M' 'B' */
+
+/* the basic packet size, assuming no words or bytes. Does not include the NBT header */
+#define MIN_SMB_SIZE 35
+
+/* when using NBT encapsulation every packet has a 4 byte header */
+#define NBT_HDR_SIZE 4
+
+/* offsets into message header for common items - NOTE: These have
+ changed from being offsets from the base of the NBT packet to the base of the SMB packet.
+ this has reduced all these values by 4
+*/
+#define HDR_COM 4
+#define HDR_RCLS 5
+#define HDR_REH 6
+#define HDR_ERR 7
+#define HDR_FLG 9
+#define HDR_FLG2 10
+#define HDR_PIDHIGH 12
+#define HDR_SS_FIELD 14
+#define HDR_TID 24
+#define HDR_PID 26
+#define HDR_UID 28
+#define HDR_MID 30
+#define HDR_WCT 32
+#define HDR_VWV 33
+
/* offsets into message for common items */
-#define smb_com 8
-#define smb_rcls 9
-#define smb_reh 10
-#define smb_err 11
-#define smb_flg 13
-#define smb_flg2 14
-#define smb_pidhigh 16
-#define smb_ss_field 18
-#define smb_tid 28
-#define smb_pid 30
-#define smb_uid 32
-#define smb_mid 34
-#define smb_wct 36
-#define smb_vwv 37
-#define smb_vwv0 37
-#define smb_vwv1 39
-#define smb_vwv2 41
-#define smb_vwv3 43
-#define smb_vwv4 45
-#define smb_vwv5 47
-#define smb_vwv6 49
-#define smb_vwv7 51
-#define smb_vwv8 53
-#define smb_vwv9 55
-#define smb_vwv10 57
-#define smb_vwv11 59
-#define smb_vwv12 61
-#define smb_vwv13 63
-#define smb_vwv14 65
-#define smb_vwv15 67
-#define smb_vwv16 69
-#define smb_vwv17 71
+#define smb_com (NBT_HDR_SIZE+HDR_COM)
+#define smb_rcls (NBT_HDR_SIZE+HDR_RCLS)
+#define smb_reh (NBT_HDR_SIZE+HDR_REH)
+#define smb_err (NBT_HDR_SIZE+HDR_ERR)
+#define smb_flg (NBT_HDR_SIZE+HDR_FLG)
+#define smb_flg2 (NBT_HDR_SIZE+HDR_FLG2)
+#define smb_pidhigh (NBT_HDR_SIZE+HDR_PIDHIGH)
+#define smb_ss_field (NBT_HDR_SIZE+HDR_SS_FIELD)
+#define smb_tid (NBT_HDR_SIZE+HDR_TID)
+#define smb_pid (NBT_HDR_SIZE+HDR_PID)
+#define smb_uid (NBT_HDR_SIZE+HDR_UID)
+#define smb_mid (NBT_HDR_SIZE+HDR_MID)
+#define smb_wct (NBT_HDR_SIZE+HDR_WCT)
+#define smb_vwv (NBT_HDR_SIZE+HDR_VWV)
+#define smb_vwv0 (smb_vwv+( 0*2))
+#define smb_vwv1 (smb_vwv+( 1*2))
+#define smb_vwv2 (smb_vwv+( 2*2))
+#define smb_vwv3 (smb_vwv+( 3*2))
+#define smb_vwv4 (smb_vwv+( 4*2))
+#define smb_vwv5 (smb_vwv+( 5*2))
+#define smb_vwv6 (smb_vwv+( 6*2))
+#define smb_vwv7 (smb_vwv+( 7*2))
+#define smb_vwv8 (smb_vwv+( 8*2))
+#define smb_vwv9 (smb_vwv+( 9*2))
+#define smb_vwv10 (smb_vwv+(10*2))
+#define smb_vwv11 (smb_vwv+(11*2))
+#define smb_vwv12 (smb_vwv+(12*2))
+#define smb_vwv13 (smb_vwv+(13*2))
+#define smb_vwv14 (smb_vwv+(14*2))
+#define smb_vwv15 (smb_vwv+(15*2))
+#define smb_vwv16 (smb_vwv+(16*2))
+#define smb_vwv17 (smb_vwv+(17*2))
+
+/* types of buffers in core SMB protocol */
+#define SMB_DATA_BLOCK 0x1
+#define SMB_ASCII4 0x4
+
/* flag defines. CIFS spec 3.1.1 */
#define FLAG_SUPPORT_LOCKREAD 0x01
@@ -824,6 +856,9 @@ struct connections_data {
#define SMBntcancel 0xA4 /* NT cancel */
#define SMBntrename 0xA5 /* NT rename */
+/* used to indicate end of chain */
+#define SMB_CHAIN_NONE 0xFF
+
/* These are the trans subcommands */
#define TRANSACT_SETNAMEDPIPEHANDLESTATE 0x01
#define TRANSACT_DCERPCCMD 0x26
diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h
index 957db5b..3be0224 100644
--- a/source3/include/smb_macros.h
+++ b/source3/include/smb_macros.h
@@ -132,13 +132,11 @@
/* Note that chain_size must be available as an extern int to this macro. */
#define smb_offset(p,buf) (PTR_DIFF(p,buf+4))
-#define smb_len(buf) (PVAL(buf,3)|(PVAL(buf,2)<<8)|((PVAL(buf,1)&1)<<16))
-#define _smb_setlen(buf,len) do { buf[0] = 0; buf[1] = ((len)&0x10000)>>16; \
- buf[2] = ((len)&0xFF00)>>8; buf[3] = (len)&0xFF; } while (0)
+#define smb_len(buf) (RIVAL(buf, 0) & 0x1FFFF)
+#define _smb_setlen(buf,len) RSIVAL(buf, 0, (len) & 0x1FFFF)
-#define smb_len_large(buf) (PVAL(buf,3)|(PVAL(buf,2)<<8)|(PVAL(buf,1)<<16))
-#define _smb_setlen_large(buf,len) do { buf[0] = 0; buf[1] = ((len)&0xFF0000)>>16; \
- buf[2] = ((len)&0xFF00)>>8; buf[3] = (len)&0xFF; } while (0)
+#define smb_len_large(buf) (RIVAL(buf, 0) & 0xFFFFFF)
+#define _smb_setlen_large(buf,len) RSIVAL(buf, 0, (len) & 0xFFFFFF)
#define ENCRYPTION_REQUIRED(conn) ((conn) ? ((conn)->encrypt_level == Required) : false)
#define IS_CONN_ENCRYPTED(conn) ((conn) ? (conn)->encrypted_tid : false)
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index d91d241..eaac463 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1785,8 +1785,10 @@ fail:
dest_realm: The realm we're connecting to, if NULL we use our default realm.
****************************************************************************/
-ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
- const char *pass, const char *user_domain,
+static ADS_STATUS cli_session_setup_spnego(struct cli_state *cli,
+ const char *user,
+ const char *pass,
+ const char *user_domain,
const char * dest_realm)
{
char *principal = NULL;
@@ -2051,8 +2053,10 @@ NTSTATUS cli_session_setup(struct cli_state *cli,
/* if the server supports extended security then use SPNEGO */
if (cli_state_capabilities(cli) & CAP_EXTENDED_SECURITY) {
+ const char *remote_realm = cli_state_remote_realm(cli);
ADS_STATUS status = cli_session_setup_spnego(cli, user, pass,
- workgroup, NULL);
+ workgroup,
+ remote_realm);
if (!ADS_ERR_OK(status)) {
DEBUG(3, ("SPNEGO login failed: %s\n", ads_errstr(status)));
return ads_ntstatus(status);
@@ -2871,7 +2875,7 @@ NTSTATUS cli_connect_nb(const char *host, const struct sockaddr_storage *dest_ss
goto fail;
}
- cli = cli_state_create(NULL, fd, desthost, signing_state);
+ cli = cli_state_create(NULL, fd, desthost, NULL, signing_state);
if (cli == NULL) {
goto fail;
}
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index f9bb781..4689c7a 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -164,6 +164,7 @@ NTSTATUS cli_init_creds(struct cli_state *cli, const char *username, const char
struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
int fd,
const char *remote_name,
+ const char *remote_realm,
int signing_state)
{
struct cli_state *cli = NULL;
@@ -243,6 +244,13 @@ struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
goto error;
}
+ if (remote_realm) {
+ cli->conn.remote_realm = talloc_strdup(cli, remote_realm);
+ if (cli->conn.remote_realm == NULL) {
+ goto error;
+ }
+ }
+
cli->conn.fd = fd;
ss_length = sizeof(cli->conn.local_ss);
@@ -381,6 +389,11 @@ const char *cli_state_remote_name(struct cli_state *cli)
return cli->conn.remote_name;
}
+const char *cli_state_remote_realm(struct cli_state *cli)
+{
+ return cli->conn.remote_realm;
+}
+
uint16_t cli_state_get_vc_num(struct cli_state *cli)
{
return cli->smb1.vc_num;
diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h
index b38903a..1c7be95 100644
--- a/source3/libsmb/proto.h
+++ b/source3/libsmb/proto.h
@@ -30,10 +30,6 @@
/* The following definitions come from libsmb/cliconnect.c */
-ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
- const char *pass, const char *user_domain,
- const char * dest_realm);
-
NTSTATUS cli_session_setup(struct cli_state *cli,
const char *user,
const char *pass, int passlen,
@@ -162,6 +158,7 @@ NTSTATUS cli_init_creds(struct cli_state *cli, const char *username, const char
struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
int fd,
const char *remote_name,
+ const char *remote_realm,
int signing_state);
bool cli_state_encryption_on(struct cli_state *cli);
void cli_nt_pipes_close(struct cli_state *cli);
@@ -170,6 +167,7 @@ void cli_sockopt(struct cli_state *cli, const char *options);
const struct sockaddr_storage *cli_state_local_sockaddr(struct cli_state *cli);
const struct sockaddr_storage *cli_state_remote_sockaddr(struct cli_state *cli);
const char *cli_state_remote_name(struct cli_state *cli);
+const char *cli_state_remote_realm(struct cli_state *cli);
uint16_t cli_state_get_vc_num(struct cli_state *cli);
uint16 cli_setpid(struct cli_state *cli, uint16 pid);
uint16_t cli_getpid(struct cli_state *cli);
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 26cd8bc..09189aa 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -806,7 +806,9 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
goto done;
}
- *cli = cli_state_create(NULL, sockfd, controller, Undefined);
+ *cli = cli_state_create(NULL, sockfd,
+ controller, domain->alt_name,
+ Undefined);
if (*cli == NULL) {
DEBUG(1, ("Could not cli_initialize\n"));
result = NT_STATUS_NO_MEMORY;
@@ -848,18 +850,19 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
winbindd_set_locator_kdc_envs(domain);
- ads_status = cli_session_setup_spnego(*cli,
- machine_krb5_principal,
- machine_password,
- lp_workgroup(),
- domain->alt_name);
+ result = cli_session_setup(*cli,
+ machine_krb5_principal,
+ machine_password,
+ strlen(machine_password)+1,
+ machine_password,
+ strlen(machine_password)+1,
+ lp_workgroup());
- if (!ADS_ERR_OK(ads_status)) {
+ if (!NT_STATUS_IS_OK(result)) {
DEBUG(4,("failed kerberos session setup with %s\n",
- ads_errstr(ads_status)));
+ nt_errstr(result)));
}
- result = ads_ntstatus(ads_status);
if (NT_STATUS_IS_OK(result)) {
/* Ensure creds are stored for NTLMSSP authenticated pipe access. */
result = cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
@@ -877,14 +880,16 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
"[%s]\\[%s]\n", controller, lp_netbios_name(),
lp_workgroup(), machine_account));
- ads_status = cli_session_setup_spnego(*cli,
- machine_account,
- machine_password,
- lp_workgroup(),
- NULL);
- if (!ADS_ERR_OK(ads_status)) {
+ result = cli_session_setup(*cli,
+ machine_account,
+ machine_password,
+ strlen(machine_password)+1,
+ machine_password,
+ strlen(machine_password)+1,
+ lp_workgroup());
+ if (!NT_STATUS_IS_OK(result)) {
DEBUG(4, ("authenticated session setup failed with %s\n",
- ads_errstr(ads_status)));
+ nt_errstr(result)));
}
result = ads_ntstatus(ads_status);
--
Samba Shared Repository
More information about the samba-cvs
mailing list