[SCM] Samba Shared Repository - branch master updated

Thu Mar 10 17:54:01 UTC 2022

The branch, master has been updated
       via  db94eefdd54 s3: smbd: Plumb in and use smbd_smb2_server_connection_read_handler() when server min protocol > NT1 (i.e. SMB2-only).
       via  5c180649fe6 s3: smbd: Add SMB2-only smbd_smb2_server_connection_read_handler().
       via  4f4c40bc6e4 s3: smbd: Rename smbd_server_connection_read_handler() smbd_smb1_server_connection_read_handler()
      from  40f2070d3b2 s4:auth: let authenticate_ldap_simple_bind() pass down the mapped nt4names

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit db94eefdd540e5c143f4ace9bde0bf689b089c97
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Mar 7 17:47:15 2022 -0800

    s3: smbd: Plumb in and use smbd_smb2_server_connection_read_handler() when server min protocol > NT1 (i.e. SMB2-only).
    
    This will allow us to remove the SMB1 server specific code
    when we disable SMB1, and still retain the ability to negotiate
    up from SMB1 -> SMB2 for old clients.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: David Mulder <dmulder at samba.org>
    
    Autobuild-User(master): David Mulder <dmulder at samba.org>
    Autobuild-Date(master): Thu Mar 10 17:53:26 UTC 2022 on sn-devel-184

commit 5c180649fe6174bcf39b05963ca6e03bb38129a7
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Mar 7 16:08:46 2022 -0800

    s3: smbd: Add SMB2-only smbd_smb2_server_connection_read_handler().
    
    Restricts negotiation to SMB2-only. This will make it easier
    to remove the SMB1-only parts of the server later.
    
    The only allowed pre-SMB2 requests are a NBSSrequest
    (to set the client NetBIOS name) and a 'normal' NBSSmessage
    containing an SMB1 negprot. This allows smbd_smb2_server_connection_read_handler()
    to work with older clients that use an initial SMB1negprot to
    bootstrap into SMB2.
    
    Eventually all other parts of the SMB1 server will
    be removed.
    
    Not yet used.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: David Mulder <dmulder at samba.org>

commit 4f4c40bc6e442a31237e2ccd2f9c80a56f3d1401
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Mar 7 17:45:23 2022 -0800

    s3: smbd: Rename smbd_server_connection_read_handler() smbd_smb1_server_connection_read_handler()
    
    Matches the name for the SMB2 connection read handler we're about to use.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: David Mulder <dmulder at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/process.c | 127 +++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 124 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index c7a346d8619..54b3bb88e01 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -2554,7 +2554,122 @@ static void smbd_server_connection_write_handler(
 	/* TODO: make write nonblocking */
 }
 
-static void smbd_server_connection_read_handler(
+static void smbd_smb2_server_connection_read_handler(
+			struct smbXsrv_connection *xconn, int fd)
+{
+	char lenbuf[NBT_HDR_SIZE];
+	size_t len = 0;
+	uint8_t *buffer = NULL;
+	size_t bufferlen = 0;
+	NTSTATUS status;
+	uint8_t msg_type = 0;
+
+	/* Read the first 4 bytes - contains length of remainder. */
+	status = read_smb_length_return_keepalive(fd, lenbuf, 0, &len);
+	if (!NT_STATUS_IS_OK(status)) {
+		exit_server_cleanly("failed to receive request length");
+		return;
+	}
+
+	/* Integer wrap check. */
+	if (len + NBT_HDR_SIZE < len) {
+		exit_server_cleanly("Invalid length on initial request");
+		return;
+	}
+
+	/*
+	 * The +4 here can't wrap, we've checked the length above already.
+	 */
+	bufferlen = len+NBT_HDR_SIZE;
+
+	buffer = talloc_array(talloc_tos(), uint8_t, bufferlen);
+	if (buffer == NULL) {
+		DBG_ERR("Could not allocate request inbuf of length %zu\n",
+			bufferlen);
+                exit_server_cleanly("talloc fail");
+		return;
+	}
+
+	/* Copy the NBT_HDR_SIZE length. */
+	memcpy(buffer, lenbuf, sizeof(lenbuf));
+
+	status = read_packet_remainder(fd, (char *)buffer+NBT_HDR_SIZE, 0, len);
+	if (!NT_STATUS_IS_OK(status)) {
+		exit_server_cleanly("Failed to read remainder of initial request");
+		return;
+	}
+
+	/* Check the message type. */
+	msg_type = PULL_LE_U8(buffer,0);
+	if (msg_type == NBSSrequest) {
+		/*
+		 * clients can send this request before
+		 * bootstrapping into SMB2. Cope with this
+		 * message only, don't allow any other strange
+		 * NBSS types.
+		 */
+		reply_special(xconn, (char *)buffer, bufferlen);
+		xconn->client->sconn->num_requests++;
+		return;
+	}
+
+	/* Only a 'normal' message type allowed now. */
+	if (msg_type != NBSSmessage) {
+		DBG_ERR("Invalid message type %d\n", msg_type);
+		exit_server_cleanly("Invalid message type for initial request");
+		return;
+	}
+
+	/* Could this be an SMB1 negprot bootstrap into SMB2 ? */
+	if (bufferlen < smb_size) {
+		exit_server_cleanly("Invalid initial SMB1 or SMB2 packet");
+		return;
+	}
+	if (valid_smb_header(buffer)) {
+		/* Can *only* allow an SMB1 negprot here. */
+		uint8_t cmd = PULL_LE_U8(buffer, smb_com);
+		if (cmd != SMBnegprot) {
+			DBG_ERR("Incorrect SMB1 command 0x%hhx, "
+				"should be SMBnegprot (0x72)\n",
+				cmd);
+			exit_server_cleanly("Invalid initial SMB1 packet");
+		}
+		/* Minimal process_smb(). */
+		show_msg((char *)buffer);
+		construct_reply(xconn,
+				(char *)buffer,
+				bufferlen,
+				0,
+				0,
+				false,
+				NULL);
+		xconn->client->sconn->trans_num++;
+		xconn->client->sconn->num_requests++;
+		return;
+
+	} else if (!smbd_is_smb2_header(buffer, bufferlen)) {
+		exit_server_cleanly("Invalid initial SMB2 packet");
+		return;
+	}
+
+	/* Here we know we're a valid SMB2 packet. */
+
+	/*
+	 * Point at the start of the SMB2 PDU.
+	 * len is the length of the SMB2 PDU.
+	 */
+
+	status = smbd_smb2_process_negprot(xconn,
+					   0,
+					   (const uint8_t *)buffer+NBT_HDR_SIZE,
+					   len);
+	if (!NT_STATUS_IS_OK(status)) {
+		exit_server_cleanly("SMB2 negprot fail");
+	}
+	return;
+}
+
+static void smbd_smb1_server_connection_read_handler(
 	struct smbXsrv_connection *xconn, int fd)
 {
 	uint8_t *inbuf = NULL;
@@ -2642,7 +2757,13 @@ static void smbd_server_connection_handler(struct tevent_context *ev,
 		return;
 	}
 	if (flags & TEVENT_FD_READ) {
-		smbd_server_connection_read_handler(xconn, xconn->transport.sock);
+		if (lp_server_min_protocol() > PROTOCOL_NT1) {
+			smbd_smb2_server_connection_read_handler(xconn,
+						xconn->transport.sock);
+		} else {
+			smbd_smb1_server_connection_read_handler(xconn,
+						xconn->transport.sock);
+		}
 		return;
 	}
 }
@@ -2670,7 +2791,7 @@ static void smbd_server_echo_handler(struct tevent_context *ev,
 		return;
 	}
 	if (flags & TEVENT_FD_READ) {
-		smbd_server_connection_read_handler(
+		smbd_smb1_server_connection_read_handler(
 			xconn, xconn->smb1.echo_handler.trusted_fd);
 		return;
 	}


-- 
Samba Shared Repository

