[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Tue Oct 7 17:09:01 MDT 2014
The branch, master has been updated
via 3e2d419 libcli/smb: remove unused SMB2_TF_ALGORITHM define
via 72d3f93 libcli/smb: use SMB 3.10 flags for the transform header
via d021a2d libcli/smb: pass tcon flags to the server for SMB 3.10
via 2a4290f libcli/smb: avoid validate info after tcon for SMB 3.10
via c290ece libcli/smb: implement SMB 3.10 session setup
via 2f732db libcli/smb: implement SMB 3.10 negprot
via a00fe90 libcli/smb: add smb2cli_req_get_send_iov()
via 5c5a33c libcli/smb: add smb2_negotiate_context.c
via 9d92074 libcli/smb: add SMB 3.10 related defines
via 6db8a55 docs-xml: document SMB3_10 as available protocol for the client side
via 50cf2c3 s3:torture: add PROTOCOL_SMB3_10 handling
via 2fcf1b8 lib/param: add PROTOCOL_SMB3_10 handling
via 664ca0e libcli/smb: negotiate SMB3_DIALECT_REVISION_310 if PROTOCOL_SMB3_10 is requested
via d22fd00 libcli/smb: add PROTOCOL_SMB3_10
via 1fa8861 libcli/smb: add SMB3_DIALECT_REVISION_310 define
via 3eef853 libcli/smb: fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02
from b376a82 printer_list: fix talloc tos leak of tdb record
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3e2d4199c34352e2af5fb95b5ecb6f7c0b20cbff
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Oct 6 13:34:49 2014 +0200
libcli/smb: remove unused SMB2_TF_ALGORITHM define
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Oct 8 01:08:40 CEST 2014 on sn-devel-104
commit 72d3f931d79d94cd017a60a5c7aac0a0de324748
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Oct 6 13:33:24 2014 +0200
libcli/smb: use SMB 3.10 flags for the transform header
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d021a2d90fcef537419347bbb679346f96313312
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 29 10:30:21 2014 +0200
libcli/smb: pass tcon flags to the server for SMB 3.10
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 2a4290fa00c3dd35772b28b9aabeaf26999f0219
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Sep 26 21:28:14 2014 +0200
libcli/smb: avoid validate info after tcon for SMB 3.10
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit c290ece1f6bf1b8b6c11672eab692f418d738071
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Sep 24 22:58:49 2014 +0200
libcli/smb: implement SMB 3.10 session setup
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2f732db74298a55bfdeeb560f81a147e2bcd5baa
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 23 04:09:16 2014 +0200
libcli/smb: implement SMB 3.10 negprot
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit a00fe90c3ce874defd876652196738be90a9b76e
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Sep 24 08:59:58 2014 +0200
libcli/smb: add smb2cli_req_get_send_iov()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 5c5a33cfcbab90430782169dcef259ca43620b5c
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 23 04:09:16 2014 +0200
libcli/smb: add smb2_negotiate_context.c
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9d92074769a308d585404605613cf62079f779ca
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 29 10:14:08 2014 +0200
libcli/smb: add SMB 3.10 related defines
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6db8a556013e828423057303957c4ac3497097b0
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 23 04:07:00 2014 +0200
docs-xml: document SMB3_10 as available protocol for the client side
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 50cf2c35438ccd5336a3a8dbd122ade95ab23f54
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 23 04:03:49 2014 +0200
s3:torture: add PROTOCOL_SMB3_10 handling
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2fcf1b892044ff740bbf4c5dd0de4636efe640e8
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 23 04:02:40 2014 +0200
lib/param: add PROTOCOL_SMB3_10 handling
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 664ca0e3eed26abbbc724d8066877ed555cdc61a
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 23 04:01:01 2014 +0200
libcli/smb: negotiate SMB3_DIALECT_REVISION_310 if PROTOCOL_SMB3_10 is requested
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d22fd000c94356c731ded51afc2b195d77993a64
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 23 03:58:48 2014 +0200
libcli/smb: add PROTOCOL_SMB3_10
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 1fa8861f159cc99d55dee26edfcce0414d908183
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 23 03:57:04 2014 +0200
libcli/smb: add SMB3_DIALECT_REVISION_310 define
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3eef853f741d9349e45a1a87e453c52bf56c4774
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Oct 6 14:19:39 2014 +0200
libcli/smb: fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02
If the connection starts with a SMB Negprot, the server only implies the
selected dialect, but not the clients security mode.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/smb.conf.5.xml | 2 +-
docs-xml/smbdotconf/protocol/clientmaxprotocol.xml | 3 +
lib/param/param_table.c | 1 +
libcli/smb/smb2_constants.h | 19 +-
libcli/smb/smb2_negotiate_context.c | 193 +++++++++
libcli/smb/smb2_negotiate_context.h | 54 +++
libcli/smb/smb2_signing.c | 10 +-
libcli/smb/smb2cli_session.c | 19 +-
libcli/smb/smb2cli_tcon.c | 10 +
libcli/smb/smbXcli_base.c | 447 ++++++++++++++++++--
libcli/smb/smbXcli_base.h | 12 +
libcli/smb/smb_constants.h | 5 +-
libcli/smb/wscript | 1 +
source3/torture/test_smb2.c | 3 +
14 files changed, 740 insertions(+), 39 deletions(-)
create mode 100644 libcli/smb/smb2_negotiate_context.c
create mode 100644 libcli/smb/smb2_negotiate_context.h
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/smb.conf.5.xml b/docs-xml/manpages/smb.conf.5.xml
index 5cf5adf..e98d183 100644
--- a/docs-xml/manpages/smb.conf.5.xml
+++ b/docs-xml/manpages/smb.conf.5.xml
@@ -471,7 +471,7 @@ chmod 1770 /usr/local/samba/lib/usershares
<varlistentry>
<term>%R</term>
<listitem><para>the selected protocol level after protocol negotiation. It can be one of CORE, COREPLUS,
- LANMAN1, LANMAN2, NT1, SMB2_02, SMB2_10, SMB2_22, SMB2_24, SMB3_00, SMB3_02 or SMB2_FF.</para></listitem>
+ LANMAN1, LANMAN2, NT1, SMB2_02, SMB2_10, SMB2_22, SMB2_24, SMB3_00, SMB3_02, SMB3_10 or SMB2_FF.</para></listitem>
</varlistentry>
<varlistentry>
diff --git a/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml
index 6693cd3..d541425 100644
--- a/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml
+++ b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml
@@ -63,6 +63,9 @@
<listitem>
<para><constant>SMB3_02</constant>: Windows 8.1 SMB3 version.</para>
</listitem>
+ <listitem>
+ <para><constant>SMB3_10</constant>: Windows 10 technical preview SMB3 version.</para>
+ </listitem>
</itemizedlist>
<para>By default SMB3 selects the SMB3_00 variant.</para>
</listitem>
diff --git a/lib/param/param_table.c b/lib/param/param_table.c
index d3f60c3..bdc6b85 100644
--- a/lib/param/param_table.c
+++ b/lib/param/param_table.c
@@ -40,6 +40,7 @@
static const struct enum_list enum_protocol[] = {
{PROTOCOL_SMB2_10, "SMB2"}, /* for now keep PROTOCOL_SMB2_10 */
{PROTOCOL_SMB3_00, "SMB3"}, /* for now keep PROTOCOL_SMB3_00 */
+ {PROTOCOL_SMB3_10, "SMB3_10"},
{PROTOCOL_SMB3_02, "SMB3_02"},
{PROTOCOL_SMB3_00, "SMB3_00"},
{PROTOCOL_SMB2_24, "SMB2_24"},
diff --git a/libcli/smb/smb2_constants.h b/libcli/smb/smb2_constants.h
index 0b34723..191de2b 100644
--- a/libcli/smb/smb2_constants.h
+++ b/libcli/smb/smb2_constants.h
@@ -28,14 +28,14 @@
#define SMB2_TF_NONCE 0x14 /* 16 bytes */
#define SMB2_TF_MSG_SIZE 0x24 /* 4 bytes */
#define SMB2_TF_RESERVED 0x28 /* 2 bytes */
-#define SMB2_TF_ALGORITHM 0x2A /* 2 bytes */
+#define SMB2_TF_FLAGS 0x2A /* 2 bytes */
#define SMB2_TF_SESSION_ID 0x2C /* 8 bytes */
#define SMB2_TF_HDR_SIZE 0x34 /* 52 bytes */
#define SMB2_TF_MAGIC 0x424D53FD /* 0xFD 'S' 'M' 'B' */
-#define SMB2_ENCRYPTION_AES128_CCM 0x0001
+#define SMB2_TF_FLAGS_ENCRYPTED 0x0001
/* offsets into header elements for a sync SMB2 request */
#define SMB2_HDR_PROTOCOL_ID 0x00
@@ -97,6 +97,7 @@
#define SMB2_DIALECT_REVISION_224 0x0224
#define SMB3_DIALECT_REVISION_300 0x0300
#define SMB3_DIALECT_REVISION_302 0x0302
+#define SMB3_DIALECT_REVISION_310 0x0310
#define SMB2_DIALECT_REVISION_2FF 0x02FF
/* SMB2 negotiate security_mode */
@@ -122,15 +123,29 @@
SMB2_CAP_DIRECTORY_LEASING | \
SMB2_CAP_ENCRYPTION)
+/* Types of SMB2 Negotiate Contexts - only in dialect >= 0x310 */
+#define SMB2_PREAUTH_INTEGRITY_CAPABILITIES 0x0001
+#define SMB2_ENCRYPTION_CAPABILITIES 0x0002
+
+/* Values for the SMB2_PREAUTH_INTEGRITY_CAPABILITIES Context (>= 0x310) */
+#define SMB2_PREAUTH_INTEGRITY_SHA512 0x0001
+
+/* Values for the SMB2_ENCRYPTION_CAPABILITIES Context (>= 0x310) */
+#define SMB2_ENCRYPTION_AES128_CCM 0x0001 /* only in dialect >= 0x224 */
+#define SMB2_ENCRYPTION_AES128_GCM 0x0002 /* only in dialect >= 0x310 */
/* SMB2 session (request) flags */
#define SMB2_SESSION_FLAG_BINDING 0x01
+/* SMB2_SESSION_FLAG_ENCRYPT_DATA 0x04 only in dialect >= 0x310 */
/* SMB2 session (response) flags */
#define SMB2_SESSION_FLAG_IS_GUEST 0x0001
#define SMB2_SESSION_FLAG_IS_NULL 0x0002
#define SMB2_SESSION_FLAG_ENCRYPT_DATA 0x0004 /* in dialect >= 0x224 */
+/* SMB2 tree connect (request) flags */
+#define SMB2_SHAREFLAG_CLUSTER_RECONNECT 0x0001 /* only in dialect >= 0x310 */
+
/* SMB2 sharetype flags */
#define SMB2_SHARE_TYPE_DISK 0x1
#define SMB2_SHARE_TYPE_PIPE 0x2
diff --git a/libcli/smb/smb2_negotiate_context.c b/libcli/smb/smb2_negotiate_context.c
new file mode 100644
index 0000000..61c9e55
--- /dev/null
+++ b/libcli/smb/smb2_negotiate_context.c
@@ -0,0 +1,193 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Copyright (C) Stefan Metzmacher 2014
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../libcli/smb/smb_common.h"
+#include "libcli/smb/smb2_negotiate_context.h"
+
+static size_t smb2_negotiate_context_padding(uint32_t offset, size_t n)
+{
+ if ((offset & (n-1)) == 0) return 0;
+ return n - (offset & (n-1));
+}
+
+/*
+ parse a set of SMB2 create contexts
+*/
+NTSTATUS smb2_negotiate_context_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB buffer,
+ struct smb2_negotiate_contexts *contexts)
+{
+ const uint8_t *data = buffer.data;
+ uint32_t remaining = buffer.length;
+
+ while (true) {
+ uint16_t data_length;
+ uint16_t type;
+ DATA_BLOB b;
+ NTSTATUS status;
+ size_t pad;
+ uint32_t next_offset;
+
+ if (remaining < 8) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ type = SVAL(data, 0x00);
+ data_length = SVAL(data, 0x02);
+#if 0
+ reserved = IVAL(data, 0x04);
+#endif
+
+ next_offset = 0x08 + data_length;
+ if (remaining < next_offset) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ b = data_blob_const(data+0x08, data_length);
+ status = smb2_negotiate_context_add(mem_ctx, contexts, type, b);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ remaining -= next_offset;
+ data += next_offset;
+
+ if (remaining == 0) {
+ break;
+ }
+
+ pad = smb2_negotiate_context_padding(next_offset, 8);
+ if (remaining < pad) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ remaining -= pad;
+ data += pad;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/*
+ add a context to a smb2_negotiate attribute context
+*/
+static NTSTATUS smb2_negotiate_context_push_one(TALLOC_CTX *mem_ctx, DATA_BLOB *buffer,
+ const struct smb2_negotiate_context *context,
+ bool last)
+{
+ uint32_t ofs = buffer->length;
+ size_t next_offset = 0;
+ size_t next_pad = 0;
+ bool ok;
+
+ if (context->data.length > UINT16_MAX) {
+ return NT_STATUS_INVALID_PARAMETER_MIX;
+ }
+
+ next_offset = 0x08 + context->data.length;
+ if (!last) {
+ next_pad = smb2_negotiate_context_padding(next_offset, 8);
+ }
+
+ ok = data_blob_realloc(mem_ctx, buffer,
+ buffer->length + next_offset + next_pad);
+ if (!ok) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ SSVAL(buffer->data, ofs+0x00, context->type);
+ SIVAL(buffer->data, ofs+0x02, context->data.length);
+ SIVAL(buffer->data, ofs+0x04, 0);
+ memcpy(buffer->data+ofs+0x08, context->data.data, context->data.length);
+ if (next_pad > 0) {
+ memset(buffer->data+ofs+next_offset, 0, next_pad);
+ next_offset += next_pad;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/*
+ create a buffer of a set of create contexts
+*/
+NTSTATUS smb2_negotiate_context_push(TALLOC_CTX *mem_ctx, DATA_BLOB *buffer,
+ const struct smb2_negotiate_contexts contexts)
+{
+ int i;
+ NTSTATUS status;
+
+ *buffer = data_blob(NULL, 0);
+ for (i=0; i < contexts.num_contexts; i++) {
+ bool last = false;
+ const struct smb2_negotiate_context *c;
+
+ if ((i + 1) == contexts.num_contexts) {
+ last = true;
+ }
+
+ c = &contexts.contexts[i];
+ status = smb2_negotiate_context_push_one(mem_ctx, buffer, c, last);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ }
+ return NT_STATUS_OK;
+}
+
+NTSTATUS smb2_negotiate_context_add(TALLOC_CTX *mem_ctx, struct smb2_negotiate_contexts *c,
+ uint16_t type, DATA_BLOB data)
+{
+ struct smb2_negotiate_context *array;
+
+ array = talloc_realloc(mem_ctx, c->contexts,
+ struct smb2_negotiate_context,
+ c->num_contexts + 1);
+ NT_STATUS_HAVE_NO_MEMORY(array);
+ c->contexts = array;
+
+ c->contexts[c->num_contexts].type = type;
+
+ if (data.data) {
+ c->contexts[c->num_contexts].data = data_blob_talloc(c->contexts,
+ data.data,
+ data.length);
+ NT_STATUS_HAVE_NO_MEMORY(c->contexts[c->num_contexts].data.data);
+ } else {
+ c->contexts[c->num_contexts].data = data_blob_null;
+ }
+
+ c->num_contexts += 1;
+
+ return NT_STATUS_OK;
+}
+
+/*
+ * return the first blob with the given tag
+ */
+struct smb2_negotiate_context *smb2_negotiate_context_find(const struct smb2_negotiate_contexts *c,
+ uint16_t type)
+{
+ uint32_t i;
+
+ for (i=0; i < c->num_contexts; i++) {
+ if (c->contexts[i].type == type) {
+ return &c->contexts[i];
+ }
+ }
+
+ return NULL;
+}
diff --git a/libcli/smb/smb2_negotiate_context.h b/libcli/smb/smb2_negotiate_context.h
new file mode 100644
index 0000000..d98104a
--- /dev/null
+++ b/libcli/smb/smb2_negotiate_context.h
@@ -0,0 +1,54 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Copyright (C) Stefan Metzmacher 2014
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _LIBCLI_SMB_SMB2_NEGOTIATE_BLOB_H_
+#define _LIBCLI_SMB_SMB2_NEGOTIATE_BLOB_H_
+
+struct smb2_negotiate_context {
+ uint16_t type;
+ DATA_BLOB data;
+};
+
+struct smb2_negotiate_contexts {
+ uint32_t num_contexts;
+ struct smb2_negotiate_context *contexts;
+};
+
+/*
+ parse a set of SMB2 negotiate contexts
+*/
+NTSTATUS smb2_negotiate_context_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB buffer,
+ struct smb2_negotiate_contexts *contexts);
+
+/*
+ negotiate a buffer of a set of negotiate contexts
+*/
+NTSTATUS smb2_negotiate_context_push(TALLOC_CTX *mem_ctx, DATA_BLOB *buffer,
+ const struct smb2_negotiate_contexts contexts);
+
+NTSTATUS smb2_negotiate_context_add(TALLOC_CTX *mem_ctx, struct smb2_negotiate_contexts *c,
+ uint16_t type, DATA_BLOB data);
+
+/*
+ * return the first context with the given tag
+ */
+struct smb2_negotiate_context *smb2_negotiate_context_find(const struct smb2_negotiate_contexts *b,
+ uint16_t type);
+
+#endif /* _LIBCLI_SMB_SMB2_NEGOTIATE_BLOB_H_ */
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index 97143f7..72c2c2f 100644
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -214,7 +214,6 @@ NTSTATUS smb2_signing_encrypt_pdu(DATA_BLOB encryption_key,
int count)
{
uint8_t *tf;
- uint16_t alg;
uint8_t sig[16];
int i;
size_t a_total;
@@ -243,8 +242,7 @@ NTSTATUS smb2_signing_encrypt_pdu(DATA_BLOB encryption_key,
m_total += vector[i].iov_len;
}
- alg = SMB2_ENCRYPTION_AES128_CCM;
- SSVAL(tf, SMB2_TF_ALGORITHM, alg);
+ SSVAL(tf, SMB2_TF_FLAGS, SMB2_TF_FLAGS_ENCRYPTED);
SIVAL(tf, SMB2_TF_MSG_SIZE, m_total);
ZERO_STRUCT(key);
@@ -279,7 +277,7 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key,
int count)
{
uint8_t *tf;
- uint16_t alg;
+ uint16_t flags;
uint8_t *sig_ptr = NULL;
uint8_t sig[16];
int i;
@@ -310,10 +308,10 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key,
m_total += vector[i].iov_len;
}
- alg = SVAL(tf, SMB2_TF_ALGORITHM);
+ flags = SVAL(tf, SMB2_TF_FLAGS);
msg_size = IVAL(tf, SMB2_TF_MSG_SIZE);
- if (alg != SMB2_ENCRYPTION_AES128_CCM) {
+ if (flags != SMB2_TF_FLAGS_ENCRYPTED) {
return NT_STATUS_ACCESS_DENIED;
}
diff --git a/libcli/smb/smb2cli_session.c b/libcli/smb/smb2cli_session.c
index 4418a0d..65a604a 100644
--- a/libcli/smb/smb2cli_session.c
+++ b/libcli/smb/smb2cli_session.c
@@ -120,6 +120,7 @@ static void smb2cli_session_setup_done(struct tevent_req *subreq)
tevent_req_data(req,
struct smb2cli_session_setup_state);
NTSTATUS status;
+ NTSTATUS preauth_status;
uint64_t current_session_id;
uint64_t session_id;
uint16_t session_flags;
@@ -127,6 +128,7 @@ static void smb2cli_session_setup_done(struct tevent_req *subreq)
uint16_t security_buffer_offset;
uint16_t security_buffer_length;
uint8_t *security_buffer_data = NULL;
+ struct iovec sent_iov[3];
const uint8_t *hdr;
const uint8_t *body;
static const struct smb2cli_req_expected_response expected[] = {
@@ -142,13 +144,28 @@ static void smb2cli_session_setup_done(struct tevent_req *subreq)
status = smb2cli_req_recv(subreq, state, &state->recv_iov,
expected, ARRAY_SIZE(expected));
- TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status) &&
!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ TALLOC_FREE(subreq);
tevent_req_nterror(req, status);
return;
}
+ smb2cli_req_get_sent_iov(subreq, sent_iov);
+ preauth_status = smb2cli_session_update_preauth(state->session, sent_iov);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, preauth_status)) {
+ return;
+ }
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ preauth_status = smb2cli_session_update_preauth(state->session,
+ state->recv_iov);
+ if (tevent_req_nterror(req, preauth_status)) {
+ return;
+ }
+ }
+
hdr = (const uint8_t *)state->recv_iov[0].iov_base;
body = (const uint8_t *)state->recv_iov[1].iov_base;
diff --git a/libcli/smb/smb2cli_tcon.c b/libcli/smb/smb2cli_tcon.c
index dd31043..8863bae 100644
--- a/libcli/smb/smb2cli_tcon.c
+++ b/libcli/smb/smb2cli_tcon.c
@@ -76,6 +76,11 @@ struct tevent_req *smb2cli_tcon_send(TALLOC_CTX *mem_ctx,
fixed = state->fixed;
SSVAL(fixed, 0, 9);
+ if (smbXcli_conn_protocol(conn) >= PROTOCOL_SMB3_10) {
+ SSVAL(fixed, 2, flags);
+ } else {
+ SSVAL(fixed, 2, 0); /* Reserved */
+ }
SSVAL(fixed, 4, SMB2_HDR_BODY + 8);
SSVAL(fixed, 6, dyn_len);
@@ -156,6 +161,11 @@ static void smb2cli_tcon_done(struct tevent_req *subreq)
return;
}
+ if (smbXcli_conn_protocol(state->conn) >= PROTOCOL_SMB3_10) {
+ tevent_req_done(req);
+ return;
+ }
+
subreq = smb2cli_validate_negotiate_info_send(state, state->ev,
state->conn,
state->timeout_msec,
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index ac81f7a..ad405a2 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -31,6 +31,8 @@
#include "../libcli/smb/read_smb.h"
#include "smbXcli_base.h"
#include "librpc/ndr/libndr.h"
+#include "libcli/smb/smb2_negotiate_context.h"
+#include <hcrypto/sha.h>
struct smbXcli_conn;
struct smbXcli_req;
@@ -120,11 +122,14 @@ struct smbXcli_conn {
NTTIME system_time;
NTTIME start_time;
DATA_BLOB gss_blob;
+ uint16_t cipher;
} server;
uint64_t mid;
--
Samba Shared Repository
More information about the samba-cvs
mailing list