[SCM] Samba Shared Repository - branch master updated

Stefan Metzmacher metze at samba.org
Thu Sep 15 02:13:04 MDT 2011


The branch, master has been updated
       via  7f40b60 s3:libsmb: use local variables in cli_state_create()
       via  74a6fb3 s3:libsmb: use CAP_EXTENDED_SECURITY instead of cli->use_spnego
       via  dd836aa s3:libsmb: make use of SMB_CAP_BOTH/CLIENT_MASK in cli_session_setup_capabilities()
       via  1d8bdab s3:libsmb: calculate the negotiated SMB1 capabilities in cli_negprot_done()
       via  a8836ca s3:include: add some masks for SMB1 CAP_* flags
       via  91cba02 s3:libsmb: calculate all SMB1 capabilities we want to support for the connection
       via  3162d86 s3:libsmb: no need to reset capabilities in cli_session_setup_lanman2()
       via  d87ef02 s3:libsmb: make sure we always set cli->capabilities at the end of cli_negprot_done()
      from  7982819 Add a missing include file to two VFS modules Signed-off-by: Jeremy Allison <jra at samba.org>

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 7f40b606c497c56d05c376c6af82f1c3e4504529
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Sep 8 17:29:58 2011 +0200

    s3:libsmb: use local variables in cli_state_create()
    
    We don't need to keep use_spnego, use_level_II_oplocks, force_dos_errors
    and force_ascii within struct cli_state.
    
    metze
    
    Autobuild-User: Stefan Metzmacher <metze at samba.org>
    Autobuild-Date: Thu Sep 15 10:12:17 CEST 2011 on sn-devel-104

commit 74a6fb349f935c0eecb3dae151218c2ab25b40e1
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Sep 8 17:28:29 2011 +0200

    s3:libsmb: use CAP_EXTENDED_SECURITY instead of cli->use_spnego
    
    cli->capabilities contains the negotiated capabilities.
    
    metze

commit dd836aac9dde796be3fb9a883d2e3982db6512fd
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Sep 8 16:39:14 2011 +0200

    s3:libsmb: make use of SMB_CAP_BOTH/CLIENT_MASK in cli_session_setup_capabilities()
    
    This matches a w2k3 client.
    
    metze

commit 1d8bdab1c4465bcf265813827029aaca20b5bd9c
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Sep 8 16:14:51 2011 +0200

    s3:libsmb: calculate the negotiated SMB1 capabilities in cli_negprot_done()
    
    We calculate the negotiated capabilities based on the mask for:
     - client only flags
     - flags used in both directions
     - server only flags
    
    metze

commit a8836cae917ddd03f9e8d0934bb0cf329643e60a
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Sep 8 16:06:05 2011 +0200

    s3:include: add some masks for SMB1 CAP_* flags
    
    The flags are devided into 3 sections:
    - client only flags
    - flags used in both directions
    - server only flags
    
    metze

commit 91cba0235f7f20f8a9dec9dffaca7e5329107ad6
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Sep 8 16:09:35 2011 +0200

    s3:libsmb: calculate all SMB1 capabilities we want to support for the connection
    
    We should do this at startup in cli_state_create()
    and later calculate the negotiated capabilities in
    cli_negprot_done().
    
    metze

commit 3162d86528d152d8a055294e6e4d6f326828c772
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Sep 8 15:50:25 2011 +0200

    s3:libsmb: no need to reset capabilities in cli_session_setup_lanman2()
    
    This is only used cli->protocol < PROTOCOL_NT1, in which case
    cli_negprot_done() has already reset cli->capabilities.
    
    metze

commit d87ef021abaff8b1d13ec1038264251d66d9a9a6
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Sep 8 15:41:29 2011 +0200

    s3:libsmb: make sure we always set cli->capabilities at the end of cli_negprot_done()
    
    If the server doesn't support PROTOCOL_NT1 we should reset the negotiated
    capabilities to 0.
    
    metze

-----------------------------------------------------------------------

Summary of changes:
 source3/include/client.h    |    4 --
 source3/include/smb.h       |   25 ++++++++++++++
 source3/libsmb/cliconnect.c |   76 +++++++++++++++++++++++--------------------
 source3/libsmb/clientgen.c  |   46 ++++++++++++++++++++------
 4 files changed, 101 insertions(+), 50 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/include/client.h b/source3/include/client.h
index 37dbf02..8a26e73 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -96,15 +96,11 @@ struct cli_state {
 
 	bool use_kerberos;
 	bool fallback_after_kerberos;
-	bool use_spnego;
 	bool use_ccache;
 	bool got_kerberos_mechanism; /* Server supports krb5 in SPNEGO. */
 
 	bool use_oplocks; /* should we use oplocks? */
-	bool use_level_II_oplocks; /* should we use level II oplocks? */
 
-	bool force_dos_errors;
-	bool force_ascii;
 	bool case_sensitive; /* False by default. */
 
 	/* Where (if anywhere) this is mounted under DFS. */
diff --git a/source3/include/smb.h b/source3/include/smb.h
index c88b3fd..75008fe 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1239,6 +1239,31 @@ http://msdn.microsoft.com/en-us/library/cc246334(PROT.13).aspx
 #define CAP_DYNAMIC_REAUTH    0x20000000
 #define CAP_EXTENDED_SECURITY 0x80000000
 
+#define SMB_CAP_BOTH_MASK ( \
+	CAP_UNICODE | \
+	CAP_NT_SMBS | \
+	CAP_STATUS32 | \
+	CAP_LEVEL_II_OPLOCKS | \
+	CAP_EXTENDED_SECURITY | \
+	0)
+#define SMB_CAP_SERVER_MASK ( \
+	CAP_RAW_MODE | \
+	CAP_MPX_MODE | \
+	CAP_LARGE_FILES | \
+	CAP_RPC_REMOTE_APIS | \
+	CAP_LOCK_AND_READ | \
+	CAP_NT_FIND | \
+	CAP_DFS | \
+	CAP_W2K_SMBS | \
+	CAP_LARGE_READX | \
+	CAP_LARGE_WRITEX | \
+	CAP_LWIO | \
+	CAP_UNIX | \
+	0)
+#define SMB_CAP_CLIENT_MASK ( \
+	CAP_DYNAMIC_REAUTH | \
+	0)
+
 /* printing types */
 enum printing_types {PRINT_BSD,PRINT_SYSV,PRINT_AIX,PRINT_HPUX,
 		     PRINT_QNX,PRINT_PLP,PRINT_LPRNG,PRINT_SOFTQ,
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index d439155..b896f28 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -134,16 +134,6 @@ static struct tevent_req *cli_session_setup_lanman2_send(
 	vwv = state->vwv;
 
 	/*
-	 * LANMAN servers predate NT status codes and Unicode and
-	 * ignore those smb flags so we must disable the corresponding
-	 * default capabilities that would otherwise cause the Unicode
-	 * and NT Status flags to be set (and even returned by the
-	 * server)
-	 */
-
-	cli->capabilities &= ~(CAP_UNICODE | CAP_STATUS32);
-
-	/*
 	 * if in share level security then don't send a password now
 	 */
 	if (!(sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) {
@@ -367,18 +357,31 @@ static NTSTATUS cli_session_setup_lanman2(struct cli_state *cli, const char *use
  Work out suitable capabilities to offer the server.
 ****************************************************************************/
 
-static uint32 cli_session_setup_capabilities(struct cli_state *cli)
+static uint32_t cli_session_setup_capabilities(struct cli_state *cli,
+					       uint32_t sesssetup_capabilities)
 {
-	uint32 capabilities = CAP_NT_SMBS;
+	uint32_t client_capabilities = cli_state_capabilities(cli);
 
-	if (!cli->force_dos_errors)
-		capabilities |= CAP_STATUS32;
+	/*
+	 * We only send capabilities based on the mask for:
+	 * - client only flags
+	 * - flags used in both directions
+	 *
+	 * We do not echo the server only flags.
+	 */
+	client_capabilities &= (SMB_CAP_BOTH_MASK | SMB_CAP_CLIENT_MASK);
 
-	if (cli->use_level_II_oplocks)
-		capabilities |= CAP_LEVEL_II_OPLOCKS;
+	/*
+	 * Session Setup specific flags CAP_DYNAMIC_REAUTH
+	 * and CAP_EXTENDED_SECURITY are passed by the caller.
+	 * We need that in order to do guest logins even if
+	 * CAP_EXTENDED_SECURITY is negotiated.
+	 */
+	client_capabilities &= ~(CAP_DYNAMIC_REAUTH|CAP_EXTENDED_SECURITY);
+	sesssetup_capabilities &= (CAP_DYNAMIC_REAUTH|CAP_EXTENDED_SECURITY);
+	client_capabilities |= sesssetup_capabilities;
 
-	capabilities |= (cli_state_capabilities(cli) & (CAP_UNICODE|CAP_LARGE_FILES|CAP_LARGE_READX|CAP_LARGE_WRITEX|CAP_DFS));
-	return capabilities;
+	return client_capabilities;
 }
 
 /****************************************************************************
@@ -422,7 +425,7 @@ struct tevent_req *cli_session_setup_guest_create(TALLOC_CTX *mem_ctx,
 	SSVAL(vwv+8, 0, 0);
 	SSVAL(vwv+9, 0, 0);
 	SSVAL(vwv+10, 0, 0);
-	SIVAL(vwv+11, 0, cli_session_setup_capabilities(cli));
+	SIVAL(vwv+11, 0, cli_session_setup_capabilities(cli, 0));
 
 	bytes = talloc_array(state, uint8_t, 0);
 
@@ -637,7 +640,7 @@ static struct tevent_req *cli_session_setup_plain_send(
 	SSVAL(vwv+8, 0, 0);
 	SSVAL(vwv+9, 0, 0);
 	SSVAL(vwv+10, 0, 0);
-	SIVAL(vwv+11, 0, cli_session_setup_capabilities(cli));
+	SIVAL(vwv+11, 0, cli_session_setup_capabilities(cli, 0));
 
 	bytes = talloc_array(state, uint8_t, 0);
 	bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), pass, strlen(pass)+1,
@@ -982,7 +985,7 @@ static struct tevent_req *cli_session_setup_nt1_send(
 	SSVAL(vwv+8, 0, nt_response.length);
 	SSVAL(vwv+9, 0, 0);
 	SSVAL(vwv+10, 0, 0);
-	SIVAL(vwv+11, 0, cli_session_setup_capabilities(cli));
+	SIVAL(vwv+11, 0, cli_session_setup_capabilities(cli, 0));
 
 	bytes = talloc_array(state, uint8_t,
 			     lm_response.length + nt_response.length);
@@ -1236,8 +1239,7 @@ static bool cli_sesssetup_blob_next(struct cli_sesssetup_blob_state *state,
 	SSVAL(state->vwv+8, 0, 0);
 	SSVAL(state->vwv+9, 0, 0);
 	SIVAL(state->vwv+10, 0,
-	      cli_session_setup_capabilities(state->cli)
-	      | CAP_EXTENDED_SECURITY);
+		cli_session_setup_capabilities(state->cli, CAP_EXTENDED_SECURITY));
 
 	state->buf = (uint8_t *)talloc_memdup(state, state->blob.data,
 					      thistime);
@@ -2555,9 +2557,6 @@ struct tevent_req *cli_negprot_send(TALLOC_CTX *mem_ctx,
 	}
 	state->cli = cli;
 
-	if (cli_state_protocol(cli) < PROTOCOL_NT1)
-		cli->use_spnego = False;
-
 	/* setup the protocol strings */
 	for (numprots=0; numprots < ARRAY_SIZE(prots); numprots++) {
 		uint8_t c = 2;
@@ -2602,6 +2601,8 @@ static void cli_negprot_done(struct tevent_req *subreq)
 	NTSTATUS status;
 	uint16_t protnum;
 	uint8_t *inbuf;
+	uint32_t both_capabilities;
+	uint32_t server_capabilities = 0;
 
 	status = cli_smb_recv(subreq, state, &inbuf, 1, &wct, &vwv,
 			      &num_bytes, &bytes);
@@ -2652,13 +2653,13 @@ static void cli_negprot_done(struct tevent_req *subreq)
 		ts = interpret_long_date(((char *)(vwv+11))+1);
 		cli->servertime = ts.tv_sec;
 		cli->secblob = data_blob(bytes, num_bytes);
-		cli->capabilities = IVAL(vwv + 9, 1);
-		if (cli_state_capabilities(cli) & CAP_RAW_MODE) {
+		server_capabilities = IVAL(vwv + 9, 1);
+		if (server_capabilities & CAP_RAW_MODE) {
 			cli->readbraw_supported = True;
 			cli->writebraw_supported = True;      
 		}
 		/* work out if they sent us a workgroup */
-		if (!(cli_state_capabilities(cli) & CAP_EXTENDED_SECURITY) &&
+		if (!(server_capabilities & CAP_EXTENDED_SECURITY) &&
 		    smb_buflen(inbuf) > 8) {
 			ssize_t ret;
 			status = smb_bytes_talloc_string(
@@ -2704,7 +2705,6 @@ static void cli_negprot_done(struct tevent_req *subreq)
 			return;
 		}
 
-		cli->use_spnego = False;
 		cli->sec_mode = SVAL(vwv + 1, 0);
 		cli->max_xmit = SVAL(vwv + 2, 0);
 		cli->max_mux = SVAL(vwv + 3, 0);
@@ -2719,7 +2719,6 @@ static void cli_negprot_done(struct tevent_req *subreq)
 		cli->secblob = data_blob(bytes, num_bytes);
 	} else {
 		/* the old core protocol */
-		cli->use_spnego = False;
 		cli->sec_mode = 0;
 		cli->serverzone = get_time_zone(time(NULL));
 		cli->max_xmit = 1024;
@@ -2738,10 +2737,17 @@ static void cli_negprot_done(struct tevent_req *subreq)
 
 	cli->max_xmit = MIN(cli->max_xmit, CLI_BUFFER_SIZE);
 
-	/* a way to force ascii SMB */
-	if (cli->force_ascii) {
-		cli->capabilities &= ~CAP_UNICODE;
-	}
+	/*
+	 * Now calculate the negotiated capabilities
+	 * based on the mask for:
+	 * - client only flags
+	 * - flags used in both directions
+	 * - server only flags
+	 */
+	both_capabilities = cli->capabilities & server_capabilities;
+	cli->capabilities = cli->capabilities & SMB_CAP_CLIENT_MASK;
+	cli->capabilities |= both_capabilities & SMB_CAP_BOTH_MASK;
+	cli->capabilities |= server_capabilities & SMB_CAP_SERVER_MASK;
 
 	tevent_req_done(req);
 }
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index c22cd30..05f9548 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -90,7 +90,7 @@ void cli_setup_packet_buf(struct cli_state *cli, char *buf)
 		flags2 |= FLAGS2_DFS_PATHNAMES;
 	if (cli_state_capabilities(cli) & CAP_STATUS32)
 		flags2 |= FLAGS2_32_BIT_ERROR_CODES;
-	if (cli->use_spnego)
+	if (cli_state_capabilities(cli) & CAP_EXTENDED_SECURITY)
 		flags2 |= FLAGS2_EXTENDED_SECURITY;
 	SSVAL(buf,smb_flg2, flags2);
 }
@@ -173,6 +173,10 @@ struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
 	bool mandatory_signing;
 	socklen_t ss_length;
 	int ret;
+	bool use_spnego = lp_client_use_spnego();
+	bool force_dos_errors = false;
+	bool force_ascii = false;
+	bool use_level_II_oplocks = false;
 
 	/* Check the effective uid - make sure we are not setuid */
 	if (is_setuid_root()) {
@@ -195,29 +199,25 @@ struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
 	cli->max_xmit = CLI_BUFFER_SIZE+4;
 	cli->case_sensitive = false;
 
-	cli->use_spnego = lp_client_use_spnego();
-
-	cli->capabilities = CAP_UNICODE | CAP_STATUS32 | CAP_DFS;
-
 	/* Set the CLI_FORCE_DOSERR environment variable to test
 	   client routines using DOS errors instead of STATUS32
 	   ones.  This intended only as a temporary hack. */	
 	if (getenv("CLI_FORCE_DOSERR")) {
-		cli->force_dos_errors = true;
+		force_dos_errors = true;
 	}
 	if (flags & CLI_FULL_CONNECTION_FORCE_DOS_ERRORS) {
-		cli->force_dos_errors = true;
+		force_dos_errors = true;
 	}
 
 	if (getenv("CLI_FORCE_ASCII")) {
-		cli->force_ascii = true;
+		force_ascii = true;
 	}
 	if (flags & CLI_FULL_CONNECTION_FORCE_ASCII) {
-		cli->force_ascii = true;
+		force_ascii = true;
 	}
 
 	if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO) {
-		cli->use_spnego = false;
+		use_spnego = false;
 	} else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS) {
 		cli->use_kerberos = true;
 	}
@@ -234,7 +234,7 @@ struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
 		cli->use_oplocks = true;
 	}
 	if (flags & CLI_FULL_CONNECTION_LEVEL_II_OPLOCKS) {
-		cli->use_level_II_oplocks = true;
+		use_level_II_oplocks = true;
 	}
 
 	if (signing_state == Undefined) {
@@ -279,6 +279,30 @@ struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
 		goto error;
 	}
 
+	cli->capabilities = 0;
+	cli->capabilities |= CAP_LARGE_FILES;
+	cli->capabilities |= CAP_NT_SMBS | CAP_RPC_REMOTE_APIS;
+	cli->capabilities |= CAP_LOCK_AND_READ | CAP_NT_FIND;
+	cli->capabilities |= CAP_DFS | CAP_W2K_SMBS;
+	cli->capabilities |= CAP_LARGE_READX|CAP_LARGE_WRITEX;
+	cli->capabilities |= CAP_LWIO;
+
+	if (!force_dos_errors) {
+		cli->capabilities |= CAP_STATUS32;
+	}
+
+	if (!force_ascii) {
+		cli->capabilities |= CAP_UNICODE;
+	}
+
+	if (use_spnego) {
+		cli->capabilities |= CAP_EXTENDED_SECURITY;
+	}
+
+	if (use_level_II_oplocks) {
+		cli->capabilities |= CAP_LEVEL_II_OPLOCKS;
+	}
+
 	cli->conn.outgoing = tevent_queue_create(cli, "cli_outgoing");
 	if (cli->conn.outgoing == NULL) {
 		goto error;


-- 
Samba Shared Repository


More information about the samba-cvs mailing list