Fix for FSCTL_VALIDATE_NEGOTIATE_INFO to pass MS test suite.

Stefan (metze) Metzmacher metze at samba.org
Sat Jun 21 01:58:22 MDT 2014 

Hi Ira,

> From 5f5389fbe69a3a7c13ea54fcd11f6e2f561a2e32 Mon Sep 17 00:00:00 2001
> From: Ira Cooper <ira at samba.org>
> Date: Fri, 20 Jun 2014 21:29:26 -0700
> Subject: [PATCH 1/2] s3: Refactor smbd_smb2_request_process_negprot
> 
> Breakout smb2_protocol_dialect_match to support future work in
> fsctl_validate_neg_info.

Reviewed by me.

> 0002-s3-Fix-fsctl_validate_neg_info-to-pass-MS-compliance.patch
> 
> 
> From 706e6f5ed3122a96d4c5edc7d95e1af346ee6ab4 Mon Sep 17 00:00:00 2001
> From: Ira Cooper <ira at samba.org>
> Date: Fri, 20 Jun 2014 21:41:19 -0700
> Subject: [PATCH 2/2] s3: Fix fsctl_validate_neg_info to pass MS compliance
>  suite.
> 
> It turns out that all the client and server need to agree on is what
> protocol should have been negotiated.  If they disagree, they should
> disconnect.  The contents of the list of protocols used during
> negotiate and during FSCTL_VALIDATE_NEGOTIATE_INFO do not need to match.
> ---
>  source3/smbd/smb2_ioctl_network_fs.c | 28 +++++++++++++++++-----------
>  1 file changed, 17 insertions(+), 11 deletions(-)
> 
> diff --git a/source3/smbd/smb2_ioctl_network_fs.c b/source3/smbd/smb2_ioctl_network_fs.c
> index 5e0dc10..396da7b 100644
> --- a/source3/smbd/smb2_ioctl_network_fs.c
> +++ b/source3/smbd/smb2_ioctl_network_fs.c
> @@ -355,7 +355,7 @@ static NTSTATUS fsctl_validate_neg_info(TALLOC_CTX *mem_ctx,
>  	struct GUID in_guid;
>  	uint16_t in_security_mode;
>  	uint16_t in_num_dialects;
> -	uint16_t i;
> +	uint16_t dialect;
>  	DATA_BLOB out_guid_blob;
>  	NTSTATUS status;
>  
> @@ -381,20 +381,26 @@ static NTSTATUS fsctl_validate_neg_info(TALLOC_CTX *mem_ctx,
>  		return status;
>  	}
>  
> -	if (in_num_dialects != conn->smb2.client.num_dialects) {
> +	/*
> +	 * From: [MS-SMB2]
> +	 * 3.3.5.15.12 Handling a Validate Negotiate Info Request
> +	 *
> +	 * The server MUST determine the greatest common dialect
> +	 * between the dialects it implements and the Dialects array
> +	 * of the VALIDATE_NEGOTIATE_INFO request. If no dialect is
> +	 * matched, or if the value is not equal to Connection.Dialect,
> +	 * the server MUST terminate the transport connection
> +	 * and free the Connection object.
> +	 */
> +
> +	if (conn->protocol != smbd_smb2_protocol_dialect_match(
> +					in_input->data + 0x18,
> +					in_num_dialects,
> +					&dialect)) {
>  		*disconnect = true;
>  		return NT_STATUS_ACCESS_DENIED;

Can you use a helper variable instead of calling a function inside the
if statement?

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140621/941480ea/attachment.pgp>

More information about the samba-technical mailing list