[SCM] Samba Shared Repository - branch master updated
Volker Lendecke
vlendec at samba.org
Thu Aug 25 15:07:02 MDT 2011
The branch, master has been updated
via faa769e s3: Fix the build of vfs_aixacl2.c
via 7781043 s3: Remove a bogus comment
via f533b50 s3: Pass smbd_server_connection to (unused) server_encryption_shutdown
via 7e70f85 s3: Pass smbd_server_connection to srv_encrypt_buffer
via d4c4705 s3: Pass smbd_server_connection to srv_decrypt_buffer
via 08262fe s3: Pass smbd_server_connection to srv_free_enc_buffer
via f9ef138 s3: Pass smbd_server_connection to is_encrypted_packet
via b4b9918 s3: Pass sconn to valid_smb_header
via 4cb6e12 s3: Explicitly pass smb_srv_trans_enc_ctx to srv_enc_ctx
via 16888be s3: Fix some nonempty blank lines
from 50e30af s3: Fix bug 8385
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit faa769ec19b6486675048734837a6e2237d6f0a4
Author: SATOH Fumiyasu <fumiyas at osstech.co.jp>
Date: Mon Aug 22 13:48:40 2011 +0900
s3: Fix the build of vfs_aixacl2.c
Autobuild-User: Volker Lendecke <vlendec at samba.org>
Autobuild-Date: Thu Aug 25 23:06:12 CEST 2011 on sn-devel-104
commit 77810431c9568fa8a4047dc8c9eb19768f1e20a1
Author: Volker Lendecke <vl at samba.org>
Date: Thu Aug 25 17:22:13 2011 +0200
s3: Remove a bogus comment
commit f533b501051e9463a6398f3ae5eeb87a98343346
Author: Volker Lendecke <vl at samba.org>
Date: Fri Aug 5 17:02:22 2011 +0200
s3: Pass smbd_server_connection to (unused) server_encryption_shutdown
commit 7e70f85350c81f2b820d83da0d5d3ea46655e219
Author: Volker Lendecke <vl at samba.org>
Date: Fri Aug 5 17:00:42 2011 +0200
s3: Pass smbd_server_connection to srv_encrypt_buffer
commit d4c4705e5593a8f048da406fff596229d31d4151
Author: Volker Lendecke <vl at samba.org>
Date: Fri Aug 5 16:58:51 2011 +0200
s3: Pass smbd_server_connection to srv_decrypt_buffer
commit 08262fe9647f961bfb2b1eb2b7b9e8ed0318e466
Author: Volker Lendecke <vl at samba.org>
Date: Fri Aug 5 16:52:25 2011 +0200
s3: Pass smbd_server_connection to srv_free_enc_buffer
commit f9ef138ec7a7a6507e0bd9d7d8753027c002b562
Author: Volker Lendecke <vl at samba.org>
Date: Fri Aug 5 16:49:20 2011 +0200
s3: Pass smbd_server_connection to is_encrypted_packet
commit b4b9918cc80ffae55c0c75a93c229c7a29bbb230
Author: Volker Lendecke <vl at samba.org>
Date: Fri Aug 5 16:44:01 2011 +0200
s3: Pass sconn to valid_smb_header
commit 4cb6e1284c362aa0eabdb7d4f964390a0a455bd3
Author: Volker Lendecke <vl at samba.org>
Date: Fri Aug 5 16:22:48 2011 +0200
s3: Explicitly pass smb_srv_trans_enc_ctx to srv_enc_ctx
commit 16888be44a9d75f2770e4e7271d4a8d1b3e837f1
Author: Volker Lendecke <vl at samba.org>
Date: Sat Jun 25 15:14:25 2011 +0200
s3: Fix some nonempty blank lines
-----------------------------------------------------------------------
Summary of changes:
source3/lib/ctdbd_conn.c | 4 ----
source3/lib/messages_ctdbd.c | 6 +++---
source3/modules/vfs_aixacl2.c | 1 +
source3/nmbd/nmbd_winsserver.c | 6 +++---
source3/smbd/process.c | 21 +++++++++++----------
source3/smbd/proto.h | 13 +++++++------
source3/smbd/reply.c | 9 +++++----
source3/smbd/seal.c | 18 ++++++++++--------
8 files changed, 40 insertions(+), 38 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/lib/ctdbd_conn.c b/source3/lib/ctdbd_conn.c
index 79dc1f2..1b4f9ac 100644
--- a/source3/lib/ctdbd_conn.c
+++ b/source3/lib/ctdbd_conn.c
@@ -1358,10 +1358,6 @@ NTSTATUS ctdbd_register_ips(struct ctdbd_connection *conn,
}
conn->release_ip_handler = release_ip_handler;
- /*
- * store the IP address of the server socket for later
- * comparison in release_ip()
- */
conn->release_ip_priv = private_data;
/*
diff --git a/source3/lib/messages_ctdbd.c b/source3/lib/messages_ctdbd.c
index b9ee049..3140f65 100644
--- a/source3/lib/messages_ctdbd.c
+++ b/source3/lib/messages_ctdbd.c
@@ -2,17 +2,17 @@
Unix SMB/CIFS implementation.
Samba internal messaging functions
Copyright (C) 2007 by Volker Lendecke
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
diff --git a/source3/modules/vfs_aixacl2.c b/source3/modules/vfs_aixacl2.c
index e74c00f..5ded2a8 100644
--- a/source3/modules/vfs_aixacl2.c
+++ b/source3/modules/vfs_aixacl2.c
@@ -18,6 +18,7 @@
*/
#include "includes.h"
+#include "system/filesys.h"
#include "smbd/smbd.h"
#include "nfs4_acls.h"
diff --git a/source3/nmbd/nmbd_winsserver.c b/source3/nmbd/nmbd_winsserver.c
index 6ac6007..48c10e2 100644
--- a/source3/nmbd/nmbd_winsserver.c
+++ b/source3/nmbd/nmbd_winsserver.c
@@ -1878,9 +1878,9 @@ void fetch_all_active_wins_1b_names(void)
Deal with the special name query for *<1b>.
***********************************************************************/
-static void process_wins_dmb_query_request(struct subnet_record *subrec,
+static void process_wins_dmb_query_request(struct subnet_record *subrec,
struct packet_struct *p)
-{
+{
struct name_record *namerec = NULL;
char *prdata;
int num_ips;
@@ -2156,7 +2156,7 @@ received for name %s from IP %s on subnet %s. Error - should not be sent to WINS
nmb_namestr(question), inet_ntoa(from_ip), subrec->subnet_name));
return;
}
-
+
DEBUG(3,("wins_process_name_release_request: %s name release for name %s \
IP %s\n", releasing_group_name ? "Group" : "Unique", nmb_namestr(question), inet_ntoa(from_ip) ));
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 6d391df..a60d77e 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -144,7 +144,7 @@ bool srv_send_smb(struct smbd_server_connection *sconn, char *buffer,
}
if (do_encrypt) {
- NTSTATUS status = srv_encrypt_buffer(buffer, &buf_out);
+ NTSTATUS status = srv_encrypt_buffer(sconn, buffer, &buf_out);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("send_smb: SMB encryption failed "
"on outgoing packet! Error %s\n",
@@ -168,12 +168,12 @@ bool srv_send_smb(struct smbd_server_connection *sconn, char *buffer,
get_peer_addr(sconn->sock, addr, sizeof(addr)),
(int)ret, strerror(errno) ));
- srv_free_enc_buffer(buf_out);
+ srv_free_enc_buffer(sconn, buf_out);
goto out;
}
SMB_PERFCOUNT_SET_MSGLEN_OUT(pcd, len);
- srv_free_enc_buffer(buf_out);
+ srv_free_enc_buffer(sconn, buf_out);
out:
SMB_PERFCOUNT_END(pcd);
@@ -199,9 +199,10 @@ int srv_set_message(char *buf,
return (smb_size + num_words*2 + num_bytes);
}
-static bool valid_smb_header(const uint8_t *inbuf)
+static bool valid_smb_header(struct smbd_server_connection *sconn,
+ const uint8_t *inbuf)
{
- if (is_encrypted_packet(inbuf)) {
+ if (is_encrypted_packet(sconn, inbuf)) {
return true;
}
/*
@@ -463,8 +464,8 @@ static NTSTATUS receive_smb_talloc(TALLOC_CTX *mem_ctx,
return status;
}
- if (is_encrypted_packet((uint8_t *)*buffer)) {
- status = srv_decrypt_buffer(*buffer);
+ if (is_encrypted_packet(sconn, (uint8_t *)*buffer)) {
+ status = srv_decrypt_buffer(sconn, *buffer);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("receive_smb_talloc: SMB decryption failed on "
"incoming packet! Error %s\n",
@@ -1371,7 +1372,7 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req, in
/* Make sure this is an SMB packet. smb_size contains NetBIOS header
* so subtract 4 from it. */
- if (!valid_smb_header(req->inbuf)
+ if (!valid_smb_header(sconn, req->inbuf)
|| (size < (smb_size - 4))) {
DEBUG(2,("Non-SMB packet of length %d. Terminating server\n",
smb_len(req->inbuf)));
@@ -1611,7 +1612,7 @@ static void process_smb(struct smbd_server_connection *sconn,
if (smbd_is_smb2_header(inbuf, nread)) {
smbd_smb2_first_negprot(sconn, inbuf, nread);
return;
- } else if (nread >= smb_size && valid_smb_header(inbuf)
+ } else if (nread >= smb_size && valid_smb_header(sconn, inbuf)
&& CVAL(inbuf, smb_com) != 0x72) {
/* This is a non-negprot SMB1 packet.
Disable SMB2 from now on. */
@@ -2665,7 +2666,7 @@ static bool smbd_echo_reply(uint8_t *inbuf, size_t inbuf_len,
DEBUG(10, ("Got short packet: %d bytes\n", (int)inbuf_len));
return false;
}
- if (!valid_smb_header(inbuf)) {
+ if (!valid_smb_header(smbd_server_conn, inbuf)) {
DEBUG(10, ("Got invalid SMB header\n"));
return false;
}
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index 289c012..d271d7f 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -48,7 +48,6 @@
/* The following definitions come from smbd/signing.c */
-struct smbd_server_connection;
bool srv_check_sign_mac(struct smbd_server_connection *conn,
const char *inbuf, uint32_t *seqnum, bool trusted_channel);
void srv_calculate_sign_mac(struct smbd_server_connection *conn,
@@ -937,17 +936,19 @@ void reply_getattrE(struct smb_request *req);
/* The following definitions come from smbd/seal.c */
-bool is_encrypted_packet(const uint8_t *inbuf);
-void srv_free_enc_buffer(char *buf);
-NTSTATUS srv_decrypt_buffer(char *buf);
-NTSTATUS srv_encrypt_buffer(char *buf, char **buf_out);
+bool is_encrypted_packet(struct smbd_server_connection *sconn,
+ const uint8_t *inbuf);
+void srv_free_enc_buffer(struct smbd_server_connection *sconn, char *buf);
+NTSTATUS srv_decrypt_buffer(struct smbd_server_connection *sconn, char *buf);
+NTSTATUS srv_encrypt_buffer(struct smbd_server_connection *sconn, char *buf,
+ char **buf_out);
NTSTATUS srv_request_encryption_setup(connection_struct *conn,
unsigned char **ppdata,
size_t *p_data_size,
unsigned char **pparam,
size_t *p_param_size);
NTSTATUS srv_encryption_start(connection_struct *conn);
-void server_encryption_shutdown(void);
+void server_encryption_shutdown(struct smbd_server_connection *sconn);
/* The following definitions come from smbd/sec_ctx.c */
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index cd07c6d..124c610 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -3158,7 +3158,7 @@ void reply_readbraw(struct smb_request *req)
START_PROFILE(SMBreadbraw);
if (srv_is_signing_active(sconn) ||
- is_encrypted_packet(req->inbuf)) {
+ is_encrypted_packet(sconn, req->inbuf)) {
exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
"raw reads/writes are disallowed.");
}
@@ -3582,7 +3582,8 @@ static void send_file_readX(connection_struct *conn, struct smb_request *req,
*/
if (!req_is_in_chain(req) &&
- !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) &&
+ !is_encrypted_packet(req->sconn, req->inbuf) &&
+ (fsp->base_fsp == NULL) &&
(fsp->wcp == NULL) &&
lp_use_sendfile(SNUM(conn), req->sconn->smb1.signing_state) ) {
uint8 headerbuf[smb_size + 12 * 2];
@@ -3787,7 +3788,7 @@ void reply_read_and_X(struct smb_request *req)
}
/* We currently don't do this on signed or sealed data. */
if (srv_is_signing_active(req->sconn) ||
- is_encrypted_packet(req->inbuf)) {
+ is_encrypted_packet(req->sconn, req->inbuf)) {
reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
END_PROFILE(SMBreadX);
return;
@@ -4414,7 +4415,7 @@ bool is_valid_writeX_buffer(struct smbd_server_connection *sconn,
unsigned int doff = 0;
size_t len = smb_len_large(inbuf);
- if (is_encrypted_packet(inbuf)) {
+ if (is_encrypted_packet(sconn, inbuf)) {
/* Can't do this on encrypted
* connections. */
return false;
diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c
index fa25cad..c0aaa5a 100644
--- a/source3/smbd/seal.c
+++ b/source3/smbd/seal.c
@@ -46,16 +46,17 @@ struct smb_srv_trans_enc_ctx {
Return global enc context - this must change if we ever do multiple contexts.
******************************************************************************/
-static uint16_t srv_enc_ctx(void)
+static uint16_t srv_enc_ctx(const struct smb_srv_trans_enc_ctx *ec)
{
- return srv_trans_enc_ctx->es->enc_ctx_num;
+ return ec->es->enc_ctx_num;
}
/******************************************************************************
Is this an incoming encrypted packet ?
******************************************************************************/
-bool is_encrypted_packet(const uint8_t *inbuf)
+bool is_encrypted_packet(struct smbd_server_connection *sconn,
+ const uint8_t *inbuf)
{
NTSTATUS status;
uint16_t enc_num;
@@ -73,7 +74,7 @@ bool is_encrypted_packet(const uint8_t *inbuf)
}
/* Encrypted messages are 0xFF'E'<ctx> */
- if (srv_trans_enc_ctx && enc_num == srv_enc_ctx()) {
+ if (srv_trans_enc_ctx && enc_num == srv_enc_ctx(srv_trans_enc_ctx)) {
return true;
}
return false;
@@ -323,7 +324,7 @@ static NTSTATUS make_srv_encryption_context(const struct tsocket_address *remote
Free an encryption-allocated buffer.
******************************************************************************/
-void srv_free_enc_buffer(char *buf)
+void srv_free_enc_buffer(struct smbd_server_connection *sconn, char *buf)
{
/* We know this is an smb buffer, and we
* didn't malloc, only copy, for a keepalive,
@@ -342,7 +343,7 @@ void srv_free_enc_buffer(char *buf)
Decrypt an incoming buffer.
******************************************************************************/
-NTSTATUS srv_decrypt_buffer(char *buf)
+NTSTATUS srv_decrypt_buffer(struct smbd_server_connection *sconn, char *buf)
{
/* Ignore non-session messages. */
if(CVAL(buf,0)) {
@@ -360,7 +361,8 @@ NTSTATUS srv_decrypt_buffer(char *buf)
Encrypt an outgoing buffer. Return the encrypted pointer in buf_out.
******************************************************************************/
-NTSTATUS srv_encrypt_buffer(char *buf, char **buf_out)
+NTSTATUS srv_encrypt_buffer(struct smbd_server_connection *sconn, char *buf,
+ char **buf_out)
{
*buf_out = buf;
@@ -801,7 +803,7 @@ NTSTATUS srv_encryption_start(connection_struct *conn)
Shutdown all server contexts.
******************************************************************************/
-void server_encryption_shutdown(void)
+void server_encryption_shutdown(struct smbd_server_connection *sconn)
{
srv_free_encryption_context(&partial_srv_trans_enc_ctx);
srv_free_encryption_context(&srv_trans_enc_ctx);
--
Samba Shared Repository
More information about the samba-cvs
mailing list