[PATCH] Fix client compound signing errors.

Jeremy Allison jra at samba.org
Mon Jan 28 17:57:37 MST 2013 

This patchset fixes our client code to correctly
run smb2.compound within smbtorture in master
when --signing=required is set.

The original smbXcli_session_create() function
called when creating compound client requests
doesn't initialize the signing data, leading
the first request to be correctly signed, but
no subsequent ones in the compound request
are signed correctly (and so Windows returns
NT_STATUS_ACCESS_DENIED) when we run:

bin/smbtorture --signing=required //SERVER/SHARE -UUSER%PASSWORD smb2.compound

against a Windows SMB2 server.

Please review and push to master if you agree.

Cheers,

	Jeremy.
-------------- next part --------------
>From 48dda994b652cc434795e936699fe2b4985b2879 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Mon, 28 Jan 2013 16:51:25 -0800
Subject: [PATCH 1/2] Add new function smbXcli_session_copy(), to be used when
 creating compound SMB2 requests.

Copies the signing state needed to make client compound requests work
on signed connections.

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 libcli/smb/smbXcli_base.c | 27 +++++++++++++++++++++++++++
 libcli/smb/smbXcli_base.h |  2 ++
 2 files changed, 29 insertions(+)

diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index c547515..421e884 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -4482,6 +4482,33 @@ struct smbXcli_session *smbXcli_session_create(TALLOC_CTX *mem_ctx,
 	return session;
 }
 
+struct smbXcli_session *smbXcli_session_copy(TALLOC_CTX *mem_ctx,
+						struct smbXcli_session *src)
+{
+	struct smbXcli_session *session;
+
+	session = talloc_zero(mem_ctx, struct smbXcli_session);
+	if (session == NULL) {
+		return NULL;
+	}
+	session->smb2 = talloc_zero(session, struct smb2cli_session);
+	if (session->smb2 == NULL) {
+		talloc_free(session);
+		return NULL;
+	}
+
+	session->conn = src->conn;
+	*session->smb2 = *src->smb2;
+	session->smb2_channel = src->smb2_channel;
+	session->disconnect_expired = src->disconnect_expired;
+
+	DLIST_ADD_END(src->conn->sessions, session, struct smbXcli_session *);
+	talloc_set_destructor(session, smbXcli_session_destructor);
+
+	return session;
+}
+
+
 NTSTATUS smbXcli_session_application_key(struct smbXcli_session *session,
 					 TALLOC_CTX *mem_ctx,
 					 DATA_BLOB *key)
diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h
index b720bc6..f7b60d3 100644
--- a/libcli/smb/smbXcli_base.h
+++ b/libcli/smb/smbXcli_base.h
@@ -260,6 +260,8 @@ NTSTATUS smbXcli_negprot(struct smbXcli_conn *conn,
 
 struct smbXcli_session *smbXcli_session_create(TALLOC_CTX *mem_ctx,
 					       struct smbXcli_conn *conn);
+struct smbXcli_session *smbXcli_session_copy(TALLOC_CTX *mem_ctx,
+					       struct smbXcli_session *src);
 NTSTATUS smbXcli_session_application_key(struct smbXcli_session *session,
 					 TALLOC_CTX *mem_ctx,
 					 DATA_BLOB *key);
-- 
1.8.1


>From f17374978834696d9856b07eb5663b718ef8cda4 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Mon, 28 Jan 2013 16:52:11 -0800
Subject: [PATCH 2/2] Fix the compound tests to correctly pass against Windows
 when run with --signing=required.

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 source4/torture/smb2/compound.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/source4/torture/smb2/compound.c b/source4/torture/smb2/compound.c
index e75f682..4a47e14 100644
--- a/source4/torture/smb2/compound.c
+++ b/source4/torture/smb2/compound.c
@@ -92,8 +92,8 @@ static bool test_compound_related1(struct torture_context *tctx,
 				0, /* capabilities */
 				0 /* maximal_access */);
 
-	tree->session->smbXcli = smbXcli_session_create(tree->session,
-							tree->session->transport->conn);
+	tree->session->smbXcli = smbXcli_session_copy(tree->session,
+							tree->session->smbXcli);
 	smb2cli_session_set_id_and_flags(tree->session->smbXcli, UINT64_MAX, 0);
 
 	req[1] = smb2_close_send(tree, &cl);
@@ -171,8 +171,8 @@ static bool test_compound_related2(struct torture_context *tctx,
 				0, /* capabilities */
 				0 /* maximal_access */);
 
-	tree->session->smbXcli = smbXcli_session_create(tree->session,
-							tree->session->transport->conn);
+	tree->session->smbXcli = smbXcli_session_copy(tree->session,
+							tree->session->smbXcli);
 	smb2cli_session_set_id_and_flags(tree->session->smbXcli, UINT64_MAX, 0);
 
 	req[1] = smb2_close_send(tree, &cl);
@@ -459,8 +459,8 @@ static bool test_compound_invalid2(struct torture_context *tctx,
 				0, /* capabilities */
 				0 /* maximal_access */);
 
-	tree->session->smbXcli = smbXcli_session_create(tree->session,
-							tree->session->transport->conn);
+	tree->session->smbXcli = smbXcli_session_copy(tree->session,
+							tree->session->smbXcli);
 	smb2cli_session_set_id_and_flags(tree->session->smbXcli, UINT64_MAX, 0);
 
 	req[1] = smb2_close_send(tree, &cl);
-- 
1.8.1

More information about the samba-technical mailing list