[SCM] Samba Shared Repository - branch v4-1-test updated

Karolin Seeger kseeger at samba.org
Thu Sep 19 12:07:12 CEST 2013 

The branch, v4-1-test has been updated
       via  a75cbcd s3: libsmb - 10150 - Not all OEM servers support the ALTNAME info level.
       via  c69e7c3 s3: libsmb : Bug 10150 - Not all OEM servers support the ALTNAME info level.
       via  4e5e7e4 s3: libsmb SMB2 wrapper layer. cli_smb2_get_ea_list_path() failed to close file on exit.
       via  ee469fa libcli/smb: only check the SMB2 session setup signature if required and valid
       via  f851d26 libcli/smb: fix non mendatory signing against some vendor SMB2 servers.
       via  007ed89 Fix is_legal_name() to not emit character conversion error messages.
      from  8fd1e54 s3: libsmb : The short name length is only a one byte field.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-test


- Log -----------------------------------------------------------------
commit a75cbcd5b7d5c5432e807c5dfc69ee9a846a5537
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Sep 17 18:10:16 2013 -0700

    s3: libsmb - 10150 - Not all OEM servers support the ALTNAME info level.
    
    Sigh. Some OEM servers return NT_STATUS_NOT_IMPLEMENTED not
    NT_STATUS_NOT_SUPPORTED.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (cherry picked from commit 75f353b857d50291672adefc6eefd210c9e8a0f7)
    
    Autobuild-User(v4-1-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-1-test): Thu Sep 19 12:06:58 CEST 2013 on sn-devel-104

commit c69e7c374ef5c30c6bc206d27ad64bf12109388a
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Sep 17 11:24:05 2013 -0700

    s3: libsmb : Bug 10150 - Not all OEM servers support the ALTNAME info level.
    
    Just ignore and print error message and an altname of "" if the
    server returns NT_STATUS_NOT_SUPPORTED.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Tue Sep 17 23:40:08 CEST 2013 on sn-devel-104
    (cherry picked from commit 17a9a0f37bbb730d09b3a57b00665d44aac18ea6)

commit 4e5e7e4ee03475e2e648f4401a2a6beaa941c682
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Sep 17 11:00:16 2013 -0700

    s3: libsmb SMB2 wrapper layer. cli_smb2_get_ea_list_path() failed to close file on exit.
    
    Found at SNIA SDC plugfest.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (cherry picked from commit cdc280deb1e6f99ec9eae05d75bc1104448662ef)
    
    Fix bug #10149 - cli_smb2_get_ea_list_path() failed to close file on exit.

commit ee469fa362f743ea691419e3cd8d4bc9cfebeee2
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Sep 18 02:24:30 2013 +0200

    libcli/smb: only check the SMB2 session setup signature if required and valid
    
    This is an update to commit af290a03cef63c3b08446c1980de064a3b1c8804
    that skips the scary debug messages.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=10146
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Wed Sep 18 04:46:00 CEST 2013 on sn-devel-104
    (cherry picked from commit 4879d0810a2ad741e32ad174a7a14cd35521aeaf)

commit f851d26bf97d447d74fe1ae9831f4bcb8ae28a28
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Sep 17 04:12:30 2013 +0200

    libcli/smb: fix non mendatory signing against some vendor SMB2 servers.
    
    Windows and Samba always sign the final session setup response
    even if signing is not mendatory, but it ensures that the signing
    key is correctly in place.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=10146
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Tue Sep 17 09:40:10 CEST 2013 on sn-devel-104
    (cherry picked from commit af290a03cef63c3b08446c1980de064a3b1c8804)

commit 007ed89399025788de65407ab002bbceb821c730
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Sep 10 10:46:18 2013 -0700

    Fix is_legal_name() to not emit character conversion error messages.
    
    Using next_codepoint() does the same check, but without the conversion
    message.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (cherry picked from commit 776db7d38597a29536e4127837ffa3b4f4ce35ab)
    
    Fix bug #10139 - valid utf8 filenames cause "invalid conversion error"
    messages.

-----------------------------------------------------------------------

Summary of changes:
 libcli/smb/smbXcli_base.c      |   35 ++++++++++++++++++++++++++++++-----
 source3/client/client.c        |   11 ++++++++++-
 source3/libsmb/cli_smb2_fnum.c |    4 ++++
 source3/smbd/mangle_hash2.c    |   20 ++++++++------------
 4 files changed, 52 insertions(+), 18 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 1e91975..14d4cc3 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -4740,12 +4740,18 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
 	struct smbXcli_conn *conn = session->conn;
 	uint16_t no_sign_flags;
 	uint8_t session_key[16];
+	bool check_signature = true;
+	uint32_t hdr_flags;
 	NTSTATUS status;
 
 	if (conn == NULL) {
 		return NT_STATUS_INVALID_PARAMETER_MIX;
 	}
 
+	if (recv_iov[0].iov_len != SMB2_HDR_BODY) {
+		return NT_STATUS_INVALID_PARAMETER_MIX;
+	}
+
 	no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST | SMB2_SESSION_FLAG_IS_NULL;
 
 	if (session->smb2->session_flags & no_sign_flags) {
@@ -4837,11 +4843,30 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	status = smb2_signing_check_pdu(session->smb2_channel.signing_key,
-					session->conn->protocol,
-					recv_iov, 3);
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
+	check_signature = conn->mandatory_signing;
+
+	hdr_flags = IVAL(recv_iov[0].iov_base, SMB2_HDR_FLAGS);
+	if (hdr_flags & SMB2_HDR_FLAG_SIGNED) {
+		/*
+		 * Sadly some vendors don't sign the
+		 * final SMB2 session setup response
+		 *
+		 * At least Windows and Samba are always doing this
+		 * if there's a session key available.
+		 *
+		 * We only check the signature if it's mandatory
+		 * or SMB2_HDR_FLAG_SIGNED is provided.
+		 */
+		check_signature = true;
+	}
+
+	if (check_signature) {
+		status = smb2_signing_check_pdu(session->smb2_channel.signing_key,
+						session->conn->protocol,
+						recv_iov, 3);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
 	}
 
 	session->smb2->should_sign = false;
diff --git a/source3/client/client.c b/source3/client/client.c
index 0d1f5b4..afa5847 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -1709,7 +1709,16 @@ static int do_allinfo(const char *name)
 	if (!NT_STATUS_IS_OK(status)) {
 		d_printf("%s getting alt name for %s\n", nt_errstr(status),
 			 name);
-		return false;
+		/*
+		 * Ignore not supported or not implemented, it does not
+		 * hurt if we can't list alternate names.
+		 */
+		if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED) ||
+		    NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
+			altname[0] = '\0';
+		} else {
+			return false;
+		}
 	}
 	d_printf("altname: %s\n", altname);
 
diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c
index 3253f9d..202000f 100644
--- a/source3/libsmb/cli_smb2_fnum.c
+++ b/source3/libsmb/cli_smb2_fnum.c
@@ -1997,6 +1997,10 @@ NTSTATUS cli_smb2_get_ea_list_path(struct cli_state *cli,
 
   fail:
 
+	if (fnum != 0xffff) {
+		cli_smb2_close_fnum(cli, fnum);
+	}
+
 	TALLOC_FREE(frame);
 	return status;
 }
diff --git a/source3/smbd/mangle_hash2.c b/source3/smbd/mangle_hash2.c
index 655c727..c2910f8 100644
--- a/source3/smbd/mangle_hash2.c
+++ b/source3/smbd/mangle_hash2.c
@@ -626,21 +626,17 @@ static bool is_legal_name(const char *name)
 	while (*name) {
 		if (((unsigned int)name[0]) > 128 && (name[1] != 0)) {
 			/* Possible start of mb character. */
-			char mbc[2];
 			size_t size = 0;
+			(void)next_codepoint(name, &size);
 			/*
-			 * Note that if CH_UNIX is utf8 a string may be 3
-			 * bytes, but this is ok as mb utf8 characters don't
-			 * contain embedded ascii bytes. We are really checking
-			 * for mb UNIX asian characters like Japanese (SJIS) here.
-			 * JRA.
+			 * Note that we're only looking for multibyte
+			 * encoding here. No encoding with a length > 1
+			 * contains invalid characters.
 			 */
-			if (convert_string(CH_UNIX, CH_UTF16LE, name, 2, mbc, 2, &size)) {
-				if (size == 2) {
-					/* Was a good mb string. */
-					name += 2;
-					continue;
-				}
+			if (size > 1) {
+				/* Was a mb string. */
+				name += size;
+				continue;
 			}
 		}
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list