[SCM] Samba Shared Repository - branch master updated
Michael Adam
obnox at samba.org
Tue Sep 30 18:00:04 MDT 2014
The branch, master has been updated
via 1ef2be6 vfs_fruit: deal with vfs_catia not being loaded
via b2626c2 vfs_fruit: remove redundant assignment
via 04ebed1 vfs_fruit: fix possible uninitialized use
via 26ff9f3 libcli/smb: call smb2cli_validate_negotiate_info*() after each authenticated tcon
via 7729ba5 libcli/smb: add smb2cli_validate_negotiate_info*()
via 6a82cb7 libcli/smb: list NT_STATUS_FILE_CLOSED as expected ioctl response.
via a51b623 s4:libcli/tcon: remove unused smb2_tree_connect*()
via 609b31a s4:torture/smb2: remove unused variable in torture_smb2_con_sopt()
via fe13b0c s4:torture/smb2: use smb2cli_tcon*() in torture_smb2_tree_connect()
via 04d0110 s4:torture/smb2: use torture_smb2_tree_connect() in notify.c
via a8d1f26 s4:torture/smb2: torture_smb2_tree_connect() creates a secondary tree connect
via c723d57 s4:libcli/smb2: make use of smb2cli_tcon*() in connect.c
via d11b0c4 s3:libsmb: remove unused smb2cli.h
via b77bb5a libcli/smb: move smb2cli_tcon.c to the toplevel
via 7ee18fb s3:smb2cli_tcon: use smb2 signing if possible
via 8c846f7 libcli/smb: add smb2cli_tcon_{should_sign,is_signing_on}()
via e954f92 libcli/smb: add smb2cli_tcon_should_encrypt()
via ca1081e libcli/smb: add smbXcli_session_is_authenticated()
via aa4310b libcli/smb: support additional_flags = SMB2_HDR_FLAG_SIGNED
via e9a5074 s3:libsmb: remove unused ';'
via 854f579 s4:libcli/smb_composite: don't try anonymous smb signing
via 760f23a s3:smb2_negprot: allow really large io sizes up to allmost 16MB
from 703ef59 tdb: Fix a comment
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 1ef2be68f802f44dd0e751b71a758f1a8f3ce865
Author: Ralph Boehme <rb at sernet.de>
Date: Sat Sep 27 08:54:57 2014 +0200
vfs_fruit: deal with vfs_catia not being loaded
Signed-off-by: Ralph Boehme <rb at sernet.de>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
Autobuild-User(master): Michael Adam <obnox at samba.org>
Autobuild-Date(master): Wed Oct 1 01:59:25 CEST 2014 on sn-devel-104
commit b2626c2d23cc9b9fdc0706f39d4c926aa12d679d
Author: Ralph Boehme <rb at sernet.de>
Date: Sat Sep 27 08:04:11 2014 +0200
vfs_fruit: remove redundant assignment
Signed-off-by: Ralph Boehme <rb at sernet.de>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit 04ebed138643449f35a0a9c9be82a57faa653dd1
Author: Ralph Boehme <rb at sernet.de>
Date: Sat Sep 27 08:03:12 2014 +0200
vfs_fruit: fix possible uninitialized use
Signed-off-by: Ralph Boehme <rb at sernet.de>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit 26ff9f348731ba0b2b47fec5ea8c10f83b4fad3b
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Sep 26 21:17:10 2014 +0200
libcli/smb: call smb2cli_validate_negotiate_info*() after each authenticated tcon
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit 7729ba584993d6214d3a1e7d837259aa849522e6
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Sep 26 21:15:00 2014 +0200
libcli/smb: add smb2cli_validate_negotiate_info*()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit 6a82cb7b687caa89c7e994b85715a15bfe6d3fe3
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 30 10:02:01 2014 +0200
libcli/smb: list NT_STATUS_FILE_CLOSED as expected ioctl response.
Some IOCTL requests change the behavior with new protocol versions.
E.g. FSCTL_VALIDATE_NEGOTIATE_INFO resulted in NT_STATUS_FILE_CLOSED
for old servers.
As SMB2 signing might be skipped for responses with NT_STATUS_FILE_CLOSED
we need to list it explicitly in the expected return values.
This way we'll get NT_STATUS_ACCESS_DENIED, if the server doesn't
sign the response to a signed requests.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit a51b6232d2822d48ffef089dca95b52ec052d9cc
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 29 11:19:14 2014 +0200
s4:libcli/tcon: remove unused smb2_tree_connect*()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit 609b31af3efd6d310bca6046c716481d2cd6468a
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 29 11:17:03 2014 +0200
s4:torture/smb2: remove unused variable in torture_smb2_con_sopt()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit fe13b0c92adae053c71d4d19f0f689bb7e545ff2
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 29 11:01:32 2014 +0200
s4:torture/smb2: use smb2cli_tcon*() in torture_smb2_tree_connect()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit 04d0110594d72e0953af1f78676e936a67ddf060
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 29 11:01:32 2014 +0200
s4:torture/smb2: use torture_smb2_tree_connect() in notify.c
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit a8d1f261a7ba2142e60d2bfc7a1db132cee74593
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 30 12:28:13 2014 +0200
s4:torture/smb2: torture_smb2_tree_connect() creates a secondary tree connect
So don't mark smb2_tree_init() as primary.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit c723d57e66b22260b73edeaa1b1ed1b9d8c7bf7d
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 29 10:50:18 2014 +0200
s4:libcli/smb2: make use of smb2cli_tcon*() in connect.c
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit d11b0c42228c4ed5f465ed7e5023985a275a59b7
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 25 03:31:55 2014 +0200
s3:libsmb: remove unused smb2cli.h
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit b77bb5a2e3db0656a799f3749140637ac85b5c05
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 25 03:28:37 2014 +0200
libcli/smb: move smb2cli_tcon.c to the toplevel
removing use of cli_state from the code.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit 7ee18fbf1e0fa108c4b3748269035fcee2a57ab5
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 25 01:47:44 2014 +0200
s3:smb2cli_tcon: use smb2 signing if possible
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit 8c846f78ed38f803bb21d199b52003128b82aa0c
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Sep 26 06:29:02 2014 +0200
libcli/smb: add smb2cli_tcon_{should_sign,is_signing_on}()
This can be used to force signing for individual requests.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit e954f9290cdbcbcc65dbfc5bf041db5cfd551f3d
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Sep 26 06:25:53 2014 +0200
libcli/smb: add smb2cli_tcon_should_encrypt()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit ca1081ef5e81247b0252726511db6f24e01b4d58
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 25 01:46:15 2014 +0200
libcli/smb: add smbXcli_session_is_authenticated()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit aa4310b0af1f7ee2acfbcef47030d743ac41ffa0
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 25 01:22:29 2014 +0200
libcli/smb: support additional_flags = SMB2_HDR_FLAG_SIGNED
With SMB2_HDR_FLAG_SIGNED we make sure that we either use smb2 signing
or smb2 encryption for the request.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit e9a5074e6b75ec193d6fd8891e6ffb3f54af88f1
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 25 01:47:02 2014 +0200
s3:libsmb: remove unused ';'
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit 854f579372eb98f180ff0a29e3dd8c04290f6325
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 28 13:05:49 2014 +0100
s4:libcli/smb_composite: don't try anonymous smb signing
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit 760f23a8e2297bfff423b81a712a86c6f62599cd
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Sep 26 06:13:10 2014 +0200
s3:smb2_negprot: allow really large io sizes up to allmost 16MB
The default is still 8MB (as on Windows 2012 *).
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
-----------------------------------------------------------------------
Summary of changes:
libcli/smb/smb2cli_ioctl.c | 12 +-
{source3/libsmb => libcli/smb}/smb2cli_tcon.c | 145 ++++++++----
libcli/smb/smbXcli_base.c | 313 +++++++++++++++++++++++--
libcli/smb/smbXcli_base.h | 42 ++++
libcli/smb/wscript | 1 +
source3/libsmb/cli_smb2_fnum.c | 1 -
source3/libsmb/cliconnect.c | 25 ++-
source3/libsmb/smb2cli.h | 40 ----
source3/modules/vfs_fruit.c | 33 ++-
source3/smbd/smb2_negprot.c | 9 +-
source3/torture/test_smb2.c | 11 +-
source3/wscript_build | 1 -
source4/libcli/smb2/connect.c | 55 ++---
source4/libcli/smb2/session.c | 1 -
source4/libcli/smb2/tcon.c | 67 ------
source4/libcli/smb_composite/sesssetup.c | 38 +++-
source4/torture/rpc/samba3rpc.c | 1 -
source4/torture/smb2/notify.c | 60 +----
source4/torture/smb2/util.c | 52 ++---
19 files changed, 597 insertions(+), 310 deletions(-)
rename {source3/libsmb => libcli/smb}/smb2cli_tcon.c (65%)
delete mode 100644 source3/libsmb/smb2cli.h
Changeset truncated at 500 lines:
diff --git a/libcli/smb/smb2cli_ioctl.c b/libcli/smb/smb2cli_ioctl.c
index 3090693..b0f8eea 100644
--- a/libcli/smb/smb2cli_ioctl.c
+++ b/libcli/smb/smb2cli_ioctl.c
@@ -184,7 +184,17 @@ static void smb2cli_ioctl_done(struct tevent_req *subreq)
{
.status = STATUS_BUFFER_OVERFLOW,
.body_size = 0x31
- }
+ },
+ {
+ /*
+ * We need to make sure that
+ * a response with NT_STATUS_FILE_CLOSED
+ * without signing generates NT_STATUS_ACCESS_DENIED
+ * if the request was signed.
+ */
+ .status = NT_STATUS_FILE_CLOSED,
+ .body_size = 0x09,
+ },
};
status = smb2cli_req_recv(subreq, state, &iov,
diff --git a/source3/libsmb/smb2cli_tcon.c b/libcli/smb/smb2cli_tcon.c
similarity index 65%
rename from source3/libsmb/smb2cli_tcon.c
rename to libcli/smb/smb2cli_tcon.c
index 2467ce5..dd31043 100644
--- a/source3/libsmb/smb2cli_tcon.c
+++ b/libcli/smb/smb2cli_tcon.c
@@ -18,15 +18,17 @@
*/
#include "includes.h"
-#include "client.h"
-#include "async_smb.h"
+#include "system/network.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "../libcli/smb/smb_common.h"
#include "../libcli/smb/smbXcli_base.h"
-#include "smb2cli.h"
-#include "libsmb/proto.h"
-#include "lib/util/tevent_ntstatus.h"
struct smb2cli_tcon_state {
- struct cli_state *cli;
+ struct tevent_context *ev;
+ struct smbXcli_conn *conn;
+ uint32_t timeout_msec;
+ struct smbXcli_session *session;
+ struct smbXcli_tcon *tcon;
uint8_t fixed[8];
uint8_t dyn_pad[1];
};
@@ -35,36 +37,39 @@ static void smb2cli_tcon_done(struct tevent_req *subreq);
struct tevent_req *smb2cli_tcon_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
- struct cli_state *cli,
- const char *share)
+ struct smbXcli_conn *conn,
+ uint32_t timeout_msec,
+ struct smbXcli_session *session,
+ struct smbXcli_tcon *tcon,
+ uint16_t flags,
+ const char *unc)
{
struct tevent_req *req, *subreq;
struct smb2cli_tcon_state *state;
uint8_t *fixed;
- const char *tcon_share;
uint8_t *dyn;
size_t dyn_len;
+ uint32_t additional_flags = 0;
+ uint32_t clear_flags = 0;
req = tevent_req_create(mem_ctx, &state, struct smb2cli_tcon_state);
if (req == NULL) {
return NULL;
}
- state->cli = cli;
+ state->ev = ev;
+ state->conn = conn;
+ state->timeout_msec = timeout_msec;
+ state->session = session;
+ state->tcon = tcon;
- tcon_share = talloc_asprintf(state, "\\\\%s\\%s",
- smbXcli_conn_remote_name(cli->conn),
- share);
- if (tevent_req_nomem(tcon_share, req)) {
- return tevent_req_post(req, ev);
- }
if (!convert_string_talloc(state, CH_UNIX, CH_UTF16,
- tcon_share, strlen(tcon_share),
+ unc, strlen(unc),
&dyn, &dyn_len)) {
tevent_req_oom(req);
return tevent_req_post(req, ev);
}
- if (strlen(tcon_share) == 0) {
+ if (strlen(unc) == 0) {
TALLOC_FREE(dyn);
dyn_len = 0;
}
@@ -75,15 +80,19 @@ struct tevent_req *smb2cli_tcon_send(TALLOC_CTX *mem_ctx,
SSVAL(fixed, 6, dyn_len);
if (dyn_len == 0) {
- dyn = state->dyn_pad;;
+ dyn = state->dyn_pad;
dyn_len = sizeof(state->dyn_pad);
}
- subreq = smb2cli_req_send(state, ev, cli->conn, SMB2_OP_TCON,
- 0, 0, /* flags */
- cli->timeout,
+ if (smbXcli_session_is_authenticated(state->session)) {
+ additional_flags |= SMB2_HDR_FLAG_SIGNED;
+ }
+
+ subreq = smb2cli_req_send(state, ev, conn, SMB2_OP_TCON,
+ additional_flags, clear_flags,
+ timeout_msec,
NULL, /* tcon */
- cli->smb2.session,
+ session,
state->fixed, sizeof(state->fixed),
dyn, dyn_len,
0); /* max_dyn_len */
@@ -91,16 +100,18 @@ struct tevent_req *smb2cli_tcon_send(TALLOC_CTX *mem_ctx,
return tevent_req_post(req, ev);
}
tevent_req_set_callback(subreq, smb2cli_tcon_done, req);
+
return req;
}
+static void smb2cli_tcon_validate(struct tevent_req *subreq);
+
static void smb2cli_tcon_done(struct tevent_req *subreq)
{
struct tevent_req *req = tevent_req_callback_data(
subreq, struct tevent_req);
struct smb2cli_tcon_state *state = tevent_req_data(
req, struct smb2cli_tcon_state);
- struct cli_state *cli = state->cli;
NTSTATUS status;
struct iovec *iov;
uint8_t *body;
@@ -132,19 +143,47 @@ static void smb2cli_tcon_done(struct tevent_req *subreq)
share_capabilities = IVAL(body, 0x08);
maximal_access = IVAL(body, 0x0C);
- cli->smb2.tcon = smbXcli_tcon_create(cli);
- if (tevent_req_nomem(cli->smb2.tcon, req)) {
- return;
- }
-
- smb2cli_tcon_set_values(cli->smb2.tcon,
- cli->smb2.session,
+ smb2cli_tcon_set_values(state->tcon,
+ state->session,
tcon_id,
share_type,
share_flags,
share_capabilities,
maximal_access);
+ if (!smbXcli_session_is_authenticated(state->session)) {
+ tevent_req_done(req);
+ return;
+ }
+
+ subreq = smb2cli_validate_negotiate_info_send(state, state->ev,
+ state->conn,
+ state->timeout_msec,
+ state->session,
+ state->tcon);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, smb2cli_tcon_validate, req);
+}
+
+static void smb2cli_tcon_validate(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct smb2cli_tcon_state *state = tevent_req_data(
+ req, struct smb2cli_tcon_state);
+ NTSTATUS status;
+
+ status = smb2cli_validate_negotiate_info_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ smb2cli_tcon_set_values(state->tcon, NULL,
+ UINT32_MAX, 0, 0, 0, 0);
+ tevent_req_nterror(req, status);
+ return;
+ }
+
tevent_req_done(req);
}
@@ -153,14 +192,19 @@ NTSTATUS smb2cli_tcon_recv(struct tevent_req *req)
return tevent_req_simple_recv_ntstatus(req);
}
-NTSTATUS smb2cli_tcon(struct cli_state *cli, const char *share)
+NTSTATUS smb2cli_tcon(struct smbXcli_conn *conn,
+ uint32_t timeout_msec,
+ struct smbXcli_session *session,
+ struct smbXcli_tcon *tcon,
+ uint16_t flags,
+ const char *unc)
{
TALLOC_CTX *frame = talloc_stackframe();
struct tevent_context *ev;
struct tevent_req *req;
NTSTATUS status = NT_STATUS_NO_MEMORY;
- if (smbXcli_conn_has_async_calls(cli->conn)) {
+ if (smbXcli_conn_has_async_calls(conn)) {
/*
* Can't use sync call while an async call is in flight
*/
@@ -171,7 +215,9 @@ NTSTATUS smb2cli_tcon(struct cli_state *cli, const char *share)
if (ev == NULL) {
goto fail;
}
- req = smb2cli_tcon_send(frame, ev, cli, share);
+ req = smb2cli_tcon_send(frame, ev, conn,
+ timeout_msec, session, tcon,
+ flags, unc);
if (req == NULL) {
goto fail;
}
@@ -185,15 +231,18 @@ NTSTATUS smb2cli_tcon(struct cli_state *cli, const char *share)
}
struct smb2cli_tdis_state {
- struct cli_state *cli;
+ struct smbXcli_tcon *tcon;
uint8_t fixed[4];
};
static void smb2cli_tdis_done(struct tevent_req *subreq);
struct tevent_req *smb2cli_tdis_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- struct cli_state *cli)
+ struct tevent_context *ev,
+ struct smbXcli_conn *conn,
+ uint32_t timeout_msec,
+ struct smbXcli_session *session,
+ struct smbXcli_tcon *tcon)
{
struct tevent_req *req, *subreq;
struct smb2cli_tdis_state *state;
@@ -203,14 +252,14 @@ struct tevent_req *smb2cli_tdis_send(TALLOC_CTX *mem_ctx,
if (req == NULL) {
return NULL;
}
- state->cli = cli;
+ state->tcon = tcon;
+
SSVAL(state->fixed, 0, 4);
- subreq = smb2cli_req_send(state, ev, cli->conn, SMB2_OP_TDIS,
+ subreq = smb2cli_req_send(state, ev, conn, SMB2_OP_TDIS,
0, 0, /* flags */
- cli->timeout,
- cli->smb2.tcon,
- cli->smb2.session,
+ timeout_msec,
+ tcon, session,
state->fixed, sizeof(state->fixed),
NULL, 0, /* dyn* */
0); /* max_dyn_len */
@@ -243,7 +292,7 @@ static void smb2cli_tdis_done(struct tevent_req *subreq)
if (tevent_req_nterror(req, status)) {
return;
}
- smb2cli_tcon_set_values(state->cli->smb2.tcon, NULL,
+ smb2cli_tcon_set_values(state->tcon, NULL,
UINT32_MAX, 0, 0, 0, 0);
tevent_req_done(req);
}
@@ -253,14 +302,17 @@ NTSTATUS smb2cli_tdis_recv(struct tevent_req *req)
return tevent_req_simple_recv_ntstatus(req);
}
-NTSTATUS smb2cli_tdis(struct cli_state *cli)
+NTSTATUS smb2cli_tdis(struct smbXcli_conn *conn,
+ uint32_t timeout_msec,
+ struct smbXcli_session *session,
+ struct smbXcli_tcon *tcon)
{
TALLOC_CTX *frame = talloc_stackframe();
struct tevent_context *ev;
struct tevent_req *req;
NTSTATUS status = NT_STATUS_NO_MEMORY;
- if (smbXcli_conn_has_async_calls(cli->conn)) {
+ if (smbXcli_conn_has_async_calls(conn)) {
/*
* Can't use sync call while an async call is in flight
*/
@@ -271,7 +323,8 @@ NTSTATUS smb2cli_tdis(struct cli_state *cli)
if (ev == NULL) {
goto fail;
}
- req = smb2cli_tdis_send(frame, ev, cli);
+ req = smb2cli_tdis_send(frame, ev, conn,
+ timeout_msec, session, tcon);
if (req == NULL) {
goto fail;
}
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 6c367ae..ac81f7a 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -48,6 +48,8 @@ struct smbXcli_conn {
struct tevent_req **pending;
struct tevent_req *read_smb_req;
+ enum protocol_types min_protocol;
+ enum protocol_types max_protocol;
enum protocol_types protocol;
bool allow_signing;
bool desire_signing;
@@ -186,6 +188,7 @@ struct smbXcli_tcon {
uint32_t flags;
uint32_t capabilities;
uint32_t maximal_access;
+ bool should_sign;
bool should_encrypt;
} smb2;
};
@@ -338,6 +341,8 @@ struct smbXcli_conn *smbXcli_conn_create(TALLOC_CTX *mem_ctx,
}
conn->pending = NULL;
+ conn->min_protocol = PROTOCOL_NONE;
+ conn->max_protocol = PROTOCOL_NONE;
conn->protocol = PROTOCOL_NONE;
switch (signing_state) {
@@ -2679,11 +2684,24 @@ struct tevent_req *smb2cli_req_create(TALLOC_CTX *mem_ctx,
session->smb2_channel.signing_key.length == 0) {
state->smb2.should_encrypt = false;
}
+
+ if (additional_flags & SMB2_HDR_FLAG_SIGNED) {
+ if (session->smb2_channel.signing_key.length == 0) {
+ tevent_req_nterror(req, NT_STATUS_NO_USER_SESSION_KEY);
+ return req;
+ }
+
+ additional_flags &= ~SMB2_HDR_FLAG_SIGNED;
+ state->smb2.should_sign = true;
+ }
}
if (tcon) {
tid = tcon->smb2.tcon_id;
+ if (tcon->smb2.should_sign) {
+ state->smb2.should_sign = true;
+ }
if (tcon->smb2.should_encrypt) {
state->smb2.should_encrypt = true;
}
@@ -3736,8 +3754,6 @@ struct smbXcli_negprot_state {
struct smbXcli_conn *conn;
struct tevent_context *ev;
uint32_t timeout_msec;
- enum protocol_types min_protocol;
- enum protocol_types max_protocol;
struct {
uint8_t fixed[36];
@@ -3772,8 +3788,6 @@ struct tevent_req *smbXcli_negprot_send(TALLOC_CTX *mem_ctx,
state->conn = conn;
state->ev = ev;
state->timeout_msec = timeout_msec;
- state->min_protocol = min_protocol;
- state->max_protocol = max_protocol;
if (min_protocol == PROTOCOL_NONE) {
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
@@ -3790,6 +3804,10 @@ struct tevent_req *smbXcli_negprot_send(TALLOC_CTX *mem_ctx,
return tevent_req_post(req, ev);
}
+ conn->min_protocol = min_protocol;
+ conn->max_protocol = max_protocol;
+ conn->protocol = PROTOCOL_NONE;
+
if ((min_protocol < PROTOCOL_SMB2_02) &&
(max_protocol < PROTOCOL_SMB2_02)) {
/*
@@ -3869,11 +3887,11 @@ static struct tevent_req *smbXcli_negprot_smb1_subreq(struct smbXcli_negprot_sta
uint8_t c = 2;
bool ok;
- if (smb1cli_prots[i].proto < state->min_protocol) {
+ if (smb1cli_prots[i].proto < state->conn->min_protocol) {
continue;
}
- if (smb1cli_prots[i].proto > state->max_protocol) {
+ if (smb1cli_prots[i].proto > state->conn->max_protocol) {
continue;
}
@@ -3894,7 +3912,7 @@ static struct tevent_req *smbXcli_negprot_smb1_subreq(struct smbXcli_negprot_sta
}
}
- smb1cli_req_flags(state->max_protocol,
+ smb1cli_req_flags(state->conn->max_protocol,
state->conn->smb1.client.capabilities,
SMBnegprot,
0, 0, &flags,
@@ -3989,11 +4007,11 @@ static void smbXcli_negprot_smb1_done(struct tevent_req *subreq)
protnum = SVAL(vwv, 0);
for (i=0; i < ARRAY_SIZE(smb1cli_prots); i++) {
- if (smb1cli_prots[i].proto < state->min_protocol) {
+ if (smb1cli_prots[i].proto < state->conn->min_protocol) {
continue;
}
- if (smb1cli_prots[i].proto > state->max_protocol) {
+ if (smb1cli_prots[i].proto > state->conn->max_protocol) {
continue;
}
@@ -4309,11 +4327,11 @@ static struct tevent_req *smbXcli_negprot_smb2_subreq(struct smbXcli_negprot_sta
buf = state->smb2.dyn;
for (i=0; i < ARRAY_SIZE(smb2cli_prots); i++) {
- if (smb2cli_prots[i].proto < state->min_protocol) {
+ if (smb2cli_prots[i].proto < state->conn->min_protocol) {
continue;
}
- if (smb2cli_prots[i].proto > state->max_protocol) {
+ if (smb2cli_prots[i].proto > state->conn->max_protocol) {
continue;
}
@@ -4326,12 +4344,12 @@ static struct tevent_req *smbXcli_negprot_smb2_subreq(struct smbXcli_negprot_sta
SSVAL(buf, 2, dialect_count);
SSVAL(buf, 4, state->conn->smb2.client.security_mode);
SSVAL(buf, 6, 0); /* Reserved */
- if (state->max_protocol >= PROTOCOL_SMB2_22) {
+ if (state->conn->max_protocol >= PROTOCOL_SMB2_22) {
SIVAL(buf, 8, state->conn->smb2.client.capabilities);
} else {
SIVAL(buf, 8, 0); /* Capabilities */
}
- if (state->max_protocol >= PROTOCOL_SMB2_10) {
+ if (state->conn->max_protocol >= PROTOCOL_SMB2_10) {
NTSTATUS status;
DATA_BLOB blob;
@@ -4391,11 +4409,11 @@ static void smbXcli_negprot_smb2_done(struct tevent_req *subreq)
dialect_revision = SVAL(body, 4);
for (i=0; i < ARRAY_SIZE(smb2cli_prots); i++) {
- if (smb2cli_prots[i].proto < state->min_protocol) {
+ if (smb2cli_prots[i].proto < state->conn->min_protocol) {
continue;
}
- if (smb2cli_prots[i].proto > state->max_protocol) {
+ if (smb2cli_prots[i].proto > state->conn->max_protocol) {
continue;
}
@@ -4408,7 +4426,7 @@ static void smbXcli_negprot_smb2_done(struct tevent_req *subreq)
}
if (conn->protocol == PROTOCOL_NONE) {
- if (state->min_protocol >= PROTOCOL_SMB2_02) {
+ if (state->conn->min_protocol >= PROTOCOL_SMB2_02) {
tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
return;
}
@@ -4419,7 +4437,7 @@ static void smbXcli_negprot_smb2_done(struct tevent_req *subreq)
}
/* make sure we do not loop forever */
- state->min_protocol = PROTOCOL_SMB2_02;
+ state->conn->min_protocol = PROTOCOL_SMB2_02;
--
Samba Shared Repository
More information about the samba-cvs
mailing list