[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Tue Aug 7 23:33:03 MDT 2012
The branch, master has been updated
via 528d3fe libcli/smb: do not set SMB2_TF_MSG_SIZE in the caller
via 143fb84 libcli/smb: smb2_signing_[en|de]crypt_pdu() check and set SMB2_TF_MSG_SIZE
via 6bfdca4 s3:smb2_sesssetup: remove unused code in smbd_smb2_reauth_generic_return()
via 5f7d786 s3:smb2_sesssetup: remove TALLOC_FREE(session) from smbd_smb2_[re]auth_generic_return
via c9ecfd6 s3:smb2_server: sign the last request at the start of smbd_smb2_request_reply()
from 64c0367 s3: Fix a crash in reply_lockingX_error
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 528d3fe2ae9691bc1c0b322bb3007524987f8b28
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 8 05:04:07 2012 +0200
libcli/smb: do not set SMB2_TF_MSG_SIZE in the caller
metze
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Aug 8 07:32:55 CEST 2012 on sn-devel-104
commit 143fb8403a5b763224b078e67aa9e4ef005ec9ca
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 8 05:03:19 2012 +0200
libcli/smb: smb2_signing_[en|de]crypt_pdu() check and set SMB2_TF_MSG_SIZE
metze
commit 6bfdca4786cd6293650ecde784e316d2f0258a56
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 8 05:35:37 2012 +0200
s3:smb2_sesssetup: remove unused code in smbd_smb2_reauth_generic_return()
A reauth exchange is already signed, with the channel signing key.
metze
commit 5f7d786b08f2d67d200fb473b12781174a69e776
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 8 05:33:50 2012 +0200
s3:smb2_sesssetup: remove TALLOC_FREE(session) from smbd_smb2_[re]auth_generic_return
The caller does this via the smbd_smb2_session_setup_state_destructor()
metze
commit c9ecfd6f3df2714bfaabb77ceb987ce65c62e38a
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 8 04:35:15 2012 +0200
s3:smb2_server: sign the last request at the start of smbd_smb2_request_reply()
This means we correctly sign all responses in a compound chain.
metze
-----------------------------------------------------------------------
Summary of changes:
libcli/smb/smb2_signing.c | 22 ++++++++++++++++------
libcli/smb/smbXcli_base.c | 3 ---
source3/smbd/smb2_server.c | 38 ++++++++++++++++----------------------
source3/smbd/smb2_sesssetup.c | 18 ------------------
4 files changed, 32 insertions(+), 49 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index bb621fd..97143f7 100644
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -238,13 +238,15 @@ NTSTATUS smb2_signing_encrypt_pdu(DATA_BLOB encryption_key,
return NT_STATUS_ACCESS_DENIED;
}
- alg = SMB2_ENCRYPTION_AES128_CCM;
- SSVAL(tf, SMB2_TF_ALGORITHM, alg);
-
a_total = SMB2_TF_HDR_SIZE - SMB2_TF_NONCE;
for (i=1; i < count; i++) {
m_total += vector[i].iov_len;
}
+
+ alg = SMB2_ENCRYPTION_AES128_CCM;
+ SSVAL(tf, SMB2_TF_ALGORITHM, alg);
+ SIVAL(tf, SMB2_TF_MSG_SIZE, m_total);
+
ZERO_STRUCT(key);
memcpy(key, encryption_key.data,
MIN(encryption_key.length, AES_BLOCK_SIZE));
@@ -283,6 +285,7 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key,
int i;
size_t a_total;
size_t m_total = 0;
+ uint32_t msg_size = 0;
struct aes_ccm_128_context ctx;
uint8_t key[AES_BLOCK_SIZE];
@@ -302,15 +305,22 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key,
return NT_STATUS_ACCESS_DENIED;
}
+ a_total = SMB2_TF_HDR_SIZE - SMB2_TF_NONCE;
+ for (i=1; i < count; i++) {
+ m_total += vector[i].iov_len;
+ }
+
alg = SVAL(tf, SMB2_TF_ALGORITHM);
+ msg_size = IVAL(tf, SMB2_TF_MSG_SIZE);
+
if (alg != SMB2_ENCRYPTION_AES128_CCM) {
return NT_STATUS_ACCESS_DENIED;
}
- a_total = SMB2_TF_HDR_SIZE - SMB2_TF_NONCE;
- for (i=1; i < count; i++) {
- m_total += vector[i].iov_len;
+ if (msg_size != m_total) {
+ return NT_STATUS_INTERNAL_ERROR;
}
+
ZERO_STRUCT(key);
memcpy(key, decryption_key.data,
MIN(decryption_key.length, AES_BLOCK_SIZE));
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index c6e3b2a..dad869c 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -2764,9 +2764,6 @@ skip_credits:
state->session->smb2->nonce_low += 1;
}
- SBVAL(state->smb2.transform, SMB2_TF_MSG_SIZE,
- reqlen);
-
buf = talloc_array(iov, uint8_t, reqlen);
if (buf == NULL) {
return NT_STATUS_NO_MEMORY;
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index afd001c..19a1051 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1977,7 +1977,6 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
struct tevent_req *subreq;
struct iovec *outhdr = SMBD_SMB2_OUT_HDR_IOV(req);
struct iovec *outdyn = SMBD_SMB2_OUT_DYN_IOV(req);
- struct iovec *lasthdr = NULL;
req->subreq = NULL;
TALLOC_FREE(req->async_te);
@@ -1985,9 +1984,24 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
if ((req->current_idx > SMBD_SMB2_NUM_IOV_PER_REQ) &&
(req->last_key.length > 0)) {
int last_idx = req->current_idx - SMBD_SMB2_NUM_IOV_PER_REQ;
+ struct iovec *lasthdr = SMBD_SMB2_IDX_HDR_IOV(req,out,last_idx);
+ NTSTATUS status;
+
+ /*
+ * As we are sure the header of the last request in the
+ * compound chain will not change, we can to sign here
+ * with the last signing key we remembered.
+ */
- lasthdr = SMBD_SMB2_IDX_HDR_IOV(req,out,last_idx);
+ status = smb2_signing_sign_pdu(req->last_key,
+ conn->protocol,
+ lasthdr,
+ SMBD_SMB2_NUM_IOV_PER_REQ);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
}
+ data_blob_clear_free(&req->last_key);
req->current_idx += SMBD_SMB2_NUM_IOV_PER_REQ;
@@ -2005,8 +2019,6 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
return NT_STATUS_NO_MEMORY;
}
- data_blob_clear_free(&req->last_key);
-
if (req->do_signing) {
struct smbXsrv_session *x = req->session;
DATA_BLOB signing_key = x->global->channels[0].signing_key;
@@ -2041,24 +2053,6 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
smb2_calculate_credits(req, req);
/*
- * As we are sure the header of the last request in the
- * compound chain will not change, we can to sign here
- * with the last signing key we remembered.
- */
- if (lasthdr != NULL) {
- NTSTATUS status;
-
- status = smb2_signing_sign_pdu(req->last_key,
- conn->protocol,
- lasthdr,
- SMBD_SMB2_NUM_IOV_PER_REQ);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- }
- data_blob_clear_free(&req->last_key);
-
- /*
* now check if we need to sign the current response
*/
if (req->do_signing) {
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 474c04b..07a168f 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -208,7 +208,6 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
sizeof(session_key));
if (x->global->signing_key.data == NULL) {
ZERO_STRUCT(session_key);
- TALLOC_FREE(session);
return NT_STATUS_NO_MEMORY;
}
@@ -226,7 +225,6 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
x->global->signing_key);
if (x->global->application_key.data == NULL) {
ZERO_STRUCT(session_key);
- TALLOC_FREE(session);
return NT_STATUS_NO_MEMORY;
}
@@ -244,7 +242,6 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
x->global->channels[0].signing_key = data_blob_dup_talloc(x->global->channels,
x->global->signing_key);
if (x->global->channels[0].signing_key.data == NULL) {
- TALLOC_FREE(session);
return NT_STATUS_NO_MEMORY;
}
@@ -252,13 +249,11 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
session_info->session_key = data_blob_dup_talloc(session_info,
x->global->application_key);
if (session_info->session_key.data == NULL) {
- TALLOC_FREE(session);
return NT_STATUS_NO_MEMORY;
}
session->compat = talloc_zero(session, struct user_struct);
if (session->compat == NULL) {
- TALLOC_FREE(session);
return NT_STATUS_NO_MEMORY;
}
session->compat->session = session;
@@ -278,7 +273,6 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
DEBUG(1, ("smb2: Failed to claim session "
"for vuid=%llu\n",
(unsigned long long)session->compat->vuid));
- TALLOC_FREE(session);
return NT_STATUS_LOGON_FAILURE;
}
@@ -300,7 +294,6 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
DEBUG(0, ("smb2: Failed to update session for vuid=%llu - %s\n",
(unsigned long long)session->compat->vuid,
nt_errstr(status)));
- TALLOC_FREE(session);
return NT_STATUS_LOGON_FAILURE;
}
@@ -334,7 +327,6 @@ static NTSTATUS smbd_smb2_reauth_generic_return(struct smbXsrv_session *session,
session_info->session_key = data_blob_dup_talloc(session_info,
x->global->application_key);
if (session_info->session_key.data == NULL) {
- TALLOC_FREE(session);
return NT_STATUS_NO_MEMORY;
}
@@ -363,21 +355,11 @@ static NTSTATUS smbd_smb2_reauth_generic_return(struct smbXsrv_session *session,
DEBUG(0, ("smb2: Failed to update session for vuid=%llu - %s\n",
(unsigned long long)session->compat->vuid,
nt_errstr(status)));
- TALLOC_FREE(session);
return NT_STATUS_LOGON_FAILURE;
}
conn_clear_vuid_caches(conn->sconn, session->compat->vuid);
- /*
- * we attach the session to the request
- * so that the response can be signed
- */
- smb2req->session = session;
- smb2req->do_signing = true;
-
- global_client_caps |= (CAP_LEVEL_II_OPLOCKS|CAP_STATUS32);
-
*out_session_id = session->global->session_wire_id;
return NT_STATUS_OK;
--
Samba Shared Repository
More information about the samba-cvs
mailing list