[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Thu Sep 15 02:13:04 MDT 2011
The branch, master has been updated
via 7f40b60 s3:libsmb: use local variables in cli_state_create()
via 74a6fb3 s3:libsmb: use CAP_EXTENDED_SECURITY instead of cli->use_spnego
via dd836aa s3:libsmb: make use of SMB_CAP_BOTH/CLIENT_MASK in cli_session_setup_capabilities()
via 1d8bdab s3:libsmb: calculate the negotiated SMB1 capabilities in cli_negprot_done()
via a8836ca s3:include: add some masks for SMB1 CAP_* flags
via 91cba02 s3:libsmb: calculate all SMB1 capabilities we want to support for the connection
via 3162d86 s3:libsmb: no need to reset capabilities in cli_session_setup_lanman2()
via d87ef02 s3:libsmb: make sure we always set cli->capabilities at the end of cli_negprot_done()
from 7982819 Add a missing include file to two VFS modules Signed-off-by: Jeremy Allison <jra at samba.org>
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 7f40b606c497c56d05c376c6af82f1c3e4504529
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 8 17:29:58 2011 +0200
s3:libsmb: use local variables in cli_state_create()
We don't need to keep use_spnego, use_level_II_oplocks, force_dos_errors
and force_ascii within struct cli_state.
metze
Autobuild-User: Stefan Metzmacher <metze at samba.org>
Autobuild-Date: Thu Sep 15 10:12:17 CEST 2011 on sn-devel-104
commit 74a6fb349f935c0eecb3dae151218c2ab25b40e1
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 8 17:28:29 2011 +0200
s3:libsmb: use CAP_EXTENDED_SECURITY instead of cli->use_spnego
cli->capabilities contains the negotiated capabilities.
metze
commit dd836aac9dde796be3fb9a883d2e3982db6512fd
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 8 16:39:14 2011 +0200
s3:libsmb: make use of SMB_CAP_BOTH/CLIENT_MASK in cli_session_setup_capabilities()
This matches a w2k3 client.
metze
commit 1d8bdab1c4465bcf265813827029aaca20b5bd9c
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 8 16:14:51 2011 +0200
s3:libsmb: calculate the negotiated SMB1 capabilities in cli_negprot_done()
We calculate the negotiated capabilities based on the mask for:
- client only flags
- flags used in both directions
- server only flags
metze
commit a8836cae917ddd03f9e8d0934bb0cf329643e60a
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 8 16:06:05 2011 +0200
s3:include: add some masks for SMB1 CAP_* flags
The flags are devided into 3 sections:
- client only flags
- flags used in both directions
- server only flags
metze
commit 91cba0235f7f20f8a9dec9dffaca7e5329107ad6
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 8 16:09:35 2011 +0200
s3:libsmb: calculate all SMB1 capabilities we want to support for the connection
We should do this at startup in cli_state_create()
and later calculate the negotiated capabilities in
cli_negprot_done().
metze
commit 3162d86528d152d8a055294e6e4d6f326828c772
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 8 15:50:25 2011 +0200
s3:libsmb: no need to reset capabilities in cli_session_setup_lanman2()
This is only used cli->protocol < PROTOCOL_NT1, in which case
cli_negprot_done() has already reset cli->capabilities.
metze
commit d87ef021abaff8b1d13ec1038264251d66d9a9a6
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 8 15:41:29 2011 +0200
s3:libsmb: make sure we always set cli->capabilities at the end of cli_negprot_done()
If the server doesn't support PROTOCOL_NT1 we should reset the negotiated
capabilities to 0.
metze
-----------------------------------------------------------------------
Summary of changes:
source3/include/client.h | 4 --
source3/include/smb.h | 25 ++++++++++++++
source3/libsmb/cliconnect.c | 76 +++++++++++++++++++++++--------------------
source3/libsmb/clientgen.c | 46 ++++++++++++++++++++------
4 files changed, 101 insertions(+), 50 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/client.h b/source3/include/client.h
index 37dbf02..8a26e73 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -96,15 +96,11 @@ struct cli_state {
bool use_kerberos;
bool fallback_after_kerberos;
- bool use_spnego;
bool use_ccache;
bool got_kerberos_mechanism; /* Server supports krb5 in SPNEGO. */
bool use_oplocks; /* should we use oplocks? */
- bool use_level_II_oplocks; /* should we use level II oplocks? */
- bool force_dos_errors;
- bool force_ascii;
bool case_sensitive; /* False by default. */
/* Where (if anywhere) this is mounted under DFS. */
diff --git a/source3/include/smb.h b/source3/include/smb.h
index c88b3fd..75008fe 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1239,6 +1239,31 @@ http://msdn.microsoft.com/en-us/library/cc246334(PROT.13).aspx
#define CAP_DYNAMIC_REAUTH 0x20000000
#define CAP_EXTENDED_SECURITY 0x80000000
+#define SMB_CAP_BOTH_MASK ( \
+ CAP_UNICODE | \
+ CAP_NT_SMBS | \
+ CAP_STATUS32 | \
+ CAP_LEVEL_II_OPLOCKS | \
+ CAP_EXTENDED_SECURITY | \
+ 0)
+#define SMB_CAP_SERVER_MASK ( \
+ CAP_RAW_MODE | \
+ CAP_MPX_MODE | \
+ CAP_LARGE_FILES | \
+ CAP_RPC_REMOTE_APIS | \
+ CAP_LOCK_AND_READ | \
+ CAP_NT_FIND | \
+ CAP_DFS | \
+ CAP_W2K_SMBS | \
+ CAP_LARGE_READX | \
+ CAP_LARGE_WRITEX | \
+ CAP_LWIO | \
+ CAP_UNIX | \
+ 0)
+#define SMB_CAP_CLIENT_MASK ( \
+ CAP_DYNAMIC_REAUTH | \
+ 0)
+
/* printing types */
enum printing_types {PRINT_BSD,PRINT_SYSV,PRINT_AIX,PRINT_HPUX,
PRINT_QNX,PRINT_PLP,PRINT_LPRNG,PRINT_SOFTQ,
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index d439155..b896f28 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -134,16 +134,6 @@ static struct tevent_req *cli_session_setup_lanman2_send(
vwv = state->vwv;
/*
- * LANMAN servers predate NT status codes and Unicode and
- * ignore those smb flags so we must disable the corresponding
- * default capabilities that would otherwise cause the Unicode
- * and NT Status flags to be set (and even returned by the
- * server)
- */
-
- cli->capabilities &= ~(CAP_UNICODE | CAP_STATUS32);
-
- /*
* if in share level security then don't send a password now
*/
if (!(sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) {
@@ -367,18 +357,31 @@ static NTSTATUS cli_session_setup_lanman2(struct cli_state *cli, const char *use
Work out suitable capabilities to offer the server.
****************************************************************************/
-static uint32 cli_session_setup_capabilities(struct cli_state *cli)
+static uint32_t cli_session_setup_capabilities(struct cli_state *cli,
+ uint32_t sesssetup_capabilities)
{
- uint32 capabilities = CAP_NT_SMBS;
+ uint32_t client_capabilities = cli_state_capabilities(cli);
- if (!cli->force_dos_errors)
- capabilities |= CAP_STATUS32;
+ /*
+ * We only send capabilities based on the mask for:
+ * - client only flags
+ * - flags used in both directions
+ *
+ * We do not echo the server only flags.
+ */
+ client_capabilities &= (SMB_CAP_BOTH_MASK | SMB_CAP_CLIENT_MASK);
- if (cli->use_level_II_oplocks)
- capabilities |= CAP_LEVEL_II_OPLOCKS;
+ /*
+ * Session Setup specific flags CAP_DYNAMIC_REAUTH
+ * and CAP_EXTENDED_SECURITY are passed by the caller.
+ * We need that in order to do guest logins even if
+ * CAP_EXTENDED_SECURITY is negotiated.
+ */
+ client_capabilities &= ~(CAP_DYNAMIC_REAUTH|CAP_EXTENDED_SECURITY);
+ sesssetup_capabilities &= (CAP_DYNAMIC_REAUTH|CAP_EXTENDED_SECURITY);
+ client_capabilities |= sesssetup_capabilities;
- capabilities |= (cli_state_capabilities(cli) & (CAP_UNICODE|CAP_LARGE_FILES|CAP_LARGE_READX|CAP_LARGE_WRITEX|CAP_DFS));
- return capabilities;
+ return client_capabilities;
}
/****************************************************************************
@@ -422,7 +425,7 @@ struct tevent_req *cli_session_setup_guest_create(TALLOC_CTX *mem_ctx,
SSVAL(vwv+8, 0, 0);
SSVAL(vwv+9, 0, 0);
SSVAL(vwv+10, 0, 0);
- SIVAL(vwv+11, 0, cli_session_setup_capabilities(cli));
+ SIVAL(vwv+11, 0, cli_session_setup_capabilities(cli, 0));
bytes = talloc_array(state, uint8_t, 0);
@@ -637,7 +640,7 @@ static struct tevent_req *cli_session_setup_plain_send(
SSVAL(vwv+8, 0, 0);
SSVAL(vwv+9, 0, 0);
SSVAL(vwv+10, 0, 0);
- SIVAL(vwv+11, 0, cli_session_setup_capabilities(cli));
+ SIVAL(vwv+11, 0, cli_session_setup_capabilities(cli, 0));
bytes = talloc_array(state, uint8_t, 0);
bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), pass, strlen(pass)+1,
@@ -982,7 +985,7 @@ static struct tevent_req *cli_session_setup_nt1_send(
SSVAL(vwv+8, 0, nt_response.length);
SSVAL(vwv+9, 0, 0);
SSVAL(vwv+10, 0, 0);
- SIVAL(vwv+11, 0, cli_session_setup_capabilities(cli));
+ SIVAL(vwv+11, 0, cli_session_setup_capabilities(cli, 0));
bytes = talloc_array(state, uint8_t,
lm_response.length + nt_response.length);
@@ -1236,8 +1239,7 @@ static bool cli_sesssetup_blob_next(struct cli_sesssetup_blob_state *state,
SSVAL(state->vwv+8, 0, 0);
SSVAL(state->vwv+9, 0, 0);
SIVAL(state->vwv+10, 0,
- cli_session_setup_capabilities(state->cli)
- | CAP_EXTENDED_SECURITY);
+ cli_session_setup_capabilities(state->cli, CAP_EXTENDED_SECURITY));
state->buf = (uint8_t *)talloc_memdup(state, state->blob.data,
thistime);
@@ -2555,9 +2557,6 @@ struct tevent_req *cli_negprot_send(TALLOC_CTX *mem_ctx,
}
state->cli = cli;
- if (cli_state_protocol(cli) < PROTOCOL_NT1)
- cli->use_spnego = False;
-
/* setup the protocol strings */
for (numprots=0; numprots < ARRAY_SIZE(prots); numprots++) {
uint8_t c = 2;
@@ -2602,6 +2601,8 @@ static void cli_negprot_done(struct tevent_req *subreq)
NTSTATUS status;
uint16_t protnum;
uint8_t *inbuf;
+ uint32_t both_capabilities;
+ uint32_t server_capabilities = 0;
status = cli_smb_recv(subreq, state, &inbuf, 1, &wct, &vwv,
&num_bytes, &bytes);
@@ -2652,13 +2653,13 @@ static void cli_negprot_done(struct tevent_req *subreq)
ts = interpret_long_date(((char *)(vwv+11))+1);
cli->servertime = ts.tv_sec;
cli->secblob = data_blob(bytes, num_bytes);
- cli->capabilities = IVAL(vwv + 9, 1);
- if (cli_state_capabilities(cli) & CAP_RAW_MODE) {
+ server_capabilities = IVAL(vwv + 9, 1);
+ if (server_capabilities & CAP_RAW_MODE) {
cli->readbraw_supported = True;
cli->writebraw_supported = True;
}
/* work out if they sent us a workgroup */
- if (!(cli_state_capabilities(cli) & CAP_EXTENDED_SECURITY) &&
+ if (!(server_capabilities & CAP_EXTENDED_SECURITY) &&
smb_buflen(inbuf) > 8) {
ssize_t ret;
status = smb_bytes_talloc_string(
@@ -2704,7 +2705,6 @@ static void cli_negprot_done(struct tevent_req *subreq)
return;
}
- cli->use_spnego = False;
cli->sec_mode = SVAL(vwv + 1, 0);
cli->max_xmit = SVAL(vwv + 2, 0);
cli->max_mux = SVAL(vwv + 3, 0);
@@ -2719,7 +2719,6 @@ static void cli_negprot_done(struct tevent_req *subreq)
cli->secblob = data_blob(bytes, num_bytes);
} else {
/* the old core protocol */
- cli->use_spnego = False;
cli->sec_mode = 0;
cli->serverzone = get_time_zone(time(NULL));
cli->max_xmit = 1024;
@@ -2738,10 +2737,17 @@ static void cli_negprot_done(struct tevent_req *subreq)
cli->max_xmit = MIN(cli->max_xmit, CLI_BUFFER_SIZE);
- /* a way to force ascii SMB */
- if (cli->force_ascii) {
- cli->capabilities &= ~CAP_UNICODE;
- }
+ /*
+ * Now calculate the negotiated capabilities
+ * based on the mask for:
+ * - client only flags
+ * - flags used in both directions
+ * - server only flags
+ */
+ both_capabilities = cli->capabilities & server_capabilities;
+ cli->capabilities = cli->capabilities & SMB_CAP_CLIENT_MASK;
+ cli->capabilities |= both_capabilities & SMB_CAP_BOTH_MASK;
+ cli->capabilities |= server_capabilities & SMB_CAP_SERVER_MASK;
tevent_req_done(req);
}
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index c22cd30..05f9548 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -90,7 +90,7 @@ void cli_setup_packet_buf(struct cli_state *cli, char *buf)
flags2 |= FLAGS2_DFS_PATHNAMES;
if (cli_state_capabilities(cli) & CAP_STATUS32)
flags2 |= FLAGS2_32_BIT_ERROR_CODES;
- if (cli->use_spnego)
+ if (cli_state_capabilities(cli) & CAP_EXTENDED_SECURITY)
flags2 |= FLAGS2_EXTENDED_SECURITY;
SSVAL(buf,smb_flg2, flags2);
}
@@ -173,6 +173,10 @@ struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
bool mandatory_signing;
socklen_t ss_length;
int ret;
+ bool use_spnego = lp_client_use_spnego();
+ bool force_dos_errors = false;
+ bool force_ascii = false;
+ bool use_level_II_oplocks = false;
/* Check the effective uid - make sure we are not setuid */
if (is_setuid_root()) {
@@ -195,29 +199,25 @@ struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
cli->max_xmit = CLI_BUFFER_SIZE+4;
cli->case_sensitive = false;
- cli->use_spnego = lp_client_use_spnego();
-
- cli->capabilities = CAP_UNICODE | CAP_STATUS32 | CAP_DFS;
-
/* Set the CLI_FORCE_DOSERR environment variable to test
client routines using DOS errors instead of STATUS32
ones. This intended only as a temporary hack. */
if (getenv("CLI_FORCE_DOSERR")) {
- cli->force_dos_errors = true;
+ force_dos_errors = true;
}
if (flags & CLI_FULL_CONNECTION_FORCE_DOS_ERRORS) {
- cli->force_dos_errors = true;
+ force_dos_errors = true;
}
if (getenv("CLI_FORCE_ASCII")) {
- cli->force_ascii = true;
+ force_ascii = true;
}
if (flags & CLI_FULL_CONNECTION_FORCE_ASCII) {
- cli->force_ascii = true;
+ force_ascii = true;
}
if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO) {
- cli->use_spnego = false;
+ use_spnego = false;
} else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS) {
cli->use_kerberos = true;
}
@@ -234,7 +234,7 @@ struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
cli->use_oplocks = true;
}
if (flags & CLI_FULL_CONNECTION_LEVEL_II_OPLOCKS) {
- cli->use_level_II_oplocks = true;
+ use_level_II_oplocks = true;
}
if (signing_state == Undefined) {
@@ -279,6 +279,30 @@ struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
goto error;
}
+ cli->capabilities = 0;
+ cli->capabilities |= CAP_LARGE_FILES;
+ cli->capabilities |= CAP_NT_SMBS | CAP_RPC_REMOTE_APIS;
+ cli->capabilities |= CAP_LOCK_AND_READ | CAP_NT_FIND;
+ cli->capabilities |= CAP_DFS | CAP_W2K_SMBS;
+ cli->capabilities |= CAP_LARGE_READX|CAP_LARGE_WRITEX;
+ cli->capabilities |= CAP_LWIO;
+
+ if (!force_dos_errors) {
+ cli->capabilities |= CAP_STATUS32;
+ }
+
+ if (!force_ascii) {
+ cli->capabilities |= CAP_UNICODE;
+ }
+
+ if (use_spnego) {
+ cli->capabilities |= CAP_EXTENDED_SECURITY;
+ }
+
+ if (use_level_II_oplocks) {
+ cli->capabilities |= CAP_LEVEL_II_OPLOCKS;
+ }
+
cli->conn.outgoing = tevent_queue_create(cli, "cli_outgoing");
if (cli->conn.outgoing == NULL) {
goto error;
--
Samba Shared Repository
More information about the samba-cvs
mailing list