The branch, master has been updated
via fa5475e s3:libsmb: make use of cli_state_security_mode()
via faab79e s3:winbindd_cm: make use of cli_state_security_mode()
via 9a855dd s3:auth_server: make use of cli_state_security_mode()
via fbd5cb5 s3:libsmb: add cli_state_security_mode()
via 7c405fd s3:libsmb: make use of cli_state_max_requests() in
cli_push_send()
via c507253 s3:libsmb: make use of cli_state_max_requests() in
cli_pull_send()
via dafeef4 s3:libsmb: add cli_state_max_requests()
via 38206f1 s3:libsmb: make sure cli->max_mux is valid in the return of
the server
via 90d95f3 s3:libsmb: set the MID to 0 in cli_setup_packet_buf()
via 53c0f00 s3:libsmb: check that max_xmit is not less than 1024
via 09547b2 s3:libsmb: better expect a max_xmit of 1024 instead of
0xFFFF for the CORE protocol
via eaccea9 s3:torture: there's no need to alter cli->max_xmit in order
to test large writes
via 80d2c2b s3:libsmb: don't mix smb2 share capabilities with smb1
capabilities
via b7a1fd9 s3:libsmb: the smb2 server capabilities from the session
setup are 32-bit
from 3a759e0 ldb:pyldb.c - "py_ldb_rename" remove superflous "ldb"
pointer
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit fa5475ea9e3cbd610ea9d00ce3a84123ea21b394
Author: Stefan Metzmacher <[email protected]>
Date: Tue Sep 13 16:47:24 2011 +0200
s3:libsmb: make use of cli_state_security_mode()
metze
Autobuild-User: Stefan Metzmacher <[email protected]>
Autobuild-Date: Tue Sep 13 19:45:01 CEST 2011 on sn-devel-104
commit faab79e28e239b274ac53ababe4f0e2e2f486dd1
Author: Stefan Metzmacher <[email protected]>
Date: Tue Sep 13 16:46:39 2011 +0200
s3:winbindd_cm: make use of cli_state_security_mode()
metze
commit 9a855dd5d9d042f4dd93e8fd43c50176e99a4c0e
Author: Stefan Metzmacher <[email protected]>
Date: Tue Sep 13 16:45:38 2011 +0200
s3:auth_server: make use of cli_state_security_mode()
metze
commit fbd5cb5835fa2c2aa8c859ac6a2ba4f414cc6baf
Author: Stefan Metzmacher <[email protected]>
Date: Tue Sep 13 16:45:04 2011 +0200
s3:libsmb: add cli_state_security_mode()
metze
commit 7c405fd92caf54bf5d9adce51f2635d13c1fe6f8
Author: Stefan Metzmacher <[email protected]>
Date: Tue Sep 13 16:30:56 2011 +0200
s3:libsmb: make use of cli_state_max_requests() in cli_push_send()
metze
commit c5072534bc4a49d6870dda86379353d313e655e7
Author: Stefan Metzmacher <[email protected]>
Date: Tue Sep 13 16:30:30 2011 +0200
s3:libsmb: make use of cli_state_max_requests() in cli_pull_send()
metze
commit dafeef47b4a325b877a22ed9939697399577b155
Author: Stefan Metzmacher <[email protected]>
Date: Tue Sep 13 16:24:35 2011 +0200
s3:libsmb: add cli_state_max_requests()
metze
commit 38206f16bd9008dc9bc6e180686fa1eac954f8b4
Author: Stefan Metzmacher <[email protected]>
Date: Tue Sep 13 17:05:51 2011 +0200
s3:libsmb: make sure cli->max_mux is valid in the return of the server
metze
commit 90d95f34f317d590bcb762e52fa4b35a01af598b
Author: Stefan Metzmacher <[email protected]>
Date: Tue Sep 13 15:06:03 2011 +0200
s3:libsmb: set the MID to 0 in cli_setup_packet_buf()
It's allocated when sending the request.
metze
commit 53c0f001f25f7c9e1246ea46e66ee07997a34b03
Author: Stefan Metzmacher <[email protected]>
Date: Tue Sep 13 16:02:16 2011 +0200
s3:libsmb: check that max_xmit is not less than 1024
metze
commit 09547b24ff3862031e5c9a364fcdf0f3c6285bf8
Author: Stefan Metzmacher <[email protected]>
Date: Tue Sep 13 15:59:37 2011 +0200
s3:libsmb: better expect a max_xmit of 1024 instead of 0xFFFF for the CORE
protocol
metze
commit eaccea9e2917061ae0de094d71bf3450ab00acb1
Author: Stefan Metzmacher <[email protected]>
Date: Tue Sep 13 13:14:41 2011 +0200
s3:torture: there's no need to alter cli->max_xmit in order to test large
writes
metze
commit 80d2c2b00d2b8b7a5cb27ba60477cd8b994a869f
Author: Stefan Metzmacher <[email protected]>
Date: Tue Sep 13 13:49:15 2011 +0200
s3:libsmb: don't mix smb2 share capabilities with smb1 capabilities
metze
commit b7a1fd95a6fc4a3ff61bd83a5c2dc452f426f9f1
Author: Stefan Metzmacher <[email protected]>
Date: Tue Sep 13 13:48:03 2011 +0200
s3:libsmb: the smb2 server capabilities from the session setup are 32-bit
metze
-----------------------------------------------------------------------
Summary of changes:
source3/auth/auth_server.c | 12 +++++++++---
source3/include/client.h | 3 ++-
source3/libsmb/cliconnect.c | 33 ++++++++++++++++++++++++---------
source3/libsmb/clientgen.c | 12 +++++++++++-
source3/libsmb/clireadwrite.c | 12 +++++++++---
source3/libsmb/proto.h | 2 ++
source3/libsmb/smb2cli_tcon.c | 2 +-
source3/torture/torture.c | 10 +++-------
source3/winbindd/winbindd_cm.c | 4 +++-
9 files changed, 64 insertions(+), 26 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
index 1cc2524..04b4673 100644
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@@ -45,6 +45,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
NTSTATUS status;
/* security = server just can't function with spnego */
int flags = CLI_FULL_CONNECTION_DONT_SPNEGO;
+ uint16_t sec_mode = 0;
pserver = talloc_strdup(mem_ctx, lp_passwordserver());
p = pserver;
@@ -115,8 +116,9 @@ static struct cli_state *server_cryptkey(TALLOC_CTX
*mem_ctx)
return NULL;
}
+ sec_mode = cli_state_security_mode(cli);
if (cli_state_protocol(cli) < PROTOCOL_LANMAN2 ||
- !(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) {
+ !(sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) {
TALLOC_FREE(mutex);
DEBUG(1,("%s isn't in user level security mode\n",desthost));
cli_shutdown(cli);
@@ -228,9 +230,11 @@ static DATA_BLOB auth_get_challenge_server(const struct
auth_context *auth_conte
struct cli_state *cli = server_cryptkey(mem_ctx);
if (cli) {
+ uint16_t sec_mode = cli_state_security_mode(cli);
+
DEBUG(3,("using password server validation\n"));
- if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) ==
0) {
+ if ((sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
/* We can't work with unencrypted password servers
unless 'encrypt passwords = no' */
DEBUG(5,("make_auth_info_server: Server is unencrypted,
no challenge available..\n"));
@@ -277,6 +281,7 @@ static NTSTATUS check_smbserver_security(const struct
auth_context *auth_context
static bool bad_password_server = False;
NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
bool locally_made_cli = False;
+ uint16_t sec_mode = 0;
DEBUG(10, ("check_smbserver_security: Check auth for: [%s]\n",
user_info->mapped.account_name));
@@ -301,7 +306,8 @@ static NTSTATUS check_smbserver_security(const struct
auth_context *auth_context
return NT_STATUS_LOGON_FAILURE;
}
- if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
+ sec_mode = cli_state_security_mode(cli);
+ if ((sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
if (user_info->password_state != AUTH_PASSWORD_PLAIN) {
DEBUG(1,("password server %s is plaintext, but we are
encrypted. This just can't work :-(\n", cli_state_remote_name(cli)));
return NT_STATUS_LOGON_FAILURE;
diff --git a/source3/include/client.h b/source3/include/client.h
index 9eae222..3c39e54 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -160,7 +160,7 @@ struct cli_state {
uint16_t security_mode;
uint16_t dialect_revision;
struct GUID server_guid;
- uint16_t server_capabilities;
+ uint32_t server_capabilities;
uint32_t max_transact_size;
uint32_t max_read_size;
uint32_t max_write_size;
@@ -170,6 +170,7 @@ struct cli_state {
/* SMB2 tcon */
uint8_t share_type;
uint32_t share_flags;
+ uint32_t share_capabilities;
uint32_t maximal_access;
} smb2;
};
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index f47336b..ec1ec67 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -122,6 +122,7 @@ static struct tevent_req *cli_session_setup_lanman2_send(
uint16_t *vwv;
uint8_t *bytes;
char *tmp;
+ uint16_t sec_mode = cli_state_security_mode(cli);
req = tevent_req_create(mem_ctx, &state,
struct cli_session_setup_lanman2_state);
@@ -145,12 +146,12 @@ static struct tevent_req *cli_session_setup_lanman2_send(
/*
* if in share level security then don't send a password now
*/
- if (!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) {
+ if (!(sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) {
passlen = 0;
}
if (passlen > 0
- && (cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE)
+ && (sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE)
&& passlen != 24) {
/*
* Encrypted mode needed, and non encrypted password
@@ -169,7 +170,7 @@ static struct tevent_req *cli_session_setup_lanman2_send(
tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
return tevent_req_post(req, ev);
}
- } else if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE)
+ } else if ((sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE)
&& passlen == 24) {
/*
* Encrypted mode needed, and encrypted password
@@ -1976,6 +1977,7 @@ NTSTATUS cli_session_setup(struct cli_state *cli,
{
char *p;
char *user2;
+ uint16_t sec_mode = cli_state_security_mode(cli);
if (user) {
user2 = talloc_strdup(talloc_tos(), user);
@@ -2016,7 +2018,7 @@ NTSTATUS cli_session_setup(struct cli_state *cli,
return NT_STATUS_ACCESS_DENIED;
}
- if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) ==
0 &&
+ if ((sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0 &&
!lp_client_plaintext_auth() && (*pass)) {
DEBUG(1, ("Server requested LM password but 'client
plaintext auth = no'"
" or 'client ntlmv2 auth = yes'\n"));
@@ -2037,13 +2039,13 @@ NTSTATUS cli_session_setup(struct cli_state *cli,
password at this point. The password is sent in the tree
connect */
- if ((cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) == 0)
+ if ((sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) == 0)
return cli_session_setup_plain(cli, user, "", workgroup);
/* if the server doesn't support encryption then we have to use
plaintext. The second password is ignored */
- if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
+ if ((sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
if (!lp_client_plaintext_auth() && (*pass)) {
DEBUG(1, ("Server requested LM password but 'client
plaintext auth = no'"
" or 'client ntlmv2 auth = yes'\n"));
@@ -2193,6 +2195,7 @@ struct tevent_req *cli_tcon_andx_create(TALLOC_CTX
*mem_ctx,
uint16_t *vwv;
char *tmp = NULL;
uint8_t *bytes;
+ uint16_t sec_mode = cli_state_security_mode(cli);
*psmbreq = NULL;
@@ -2209,7 +2212,7 @@ struct tevent_req *cli_tcon_andx_create(TALLOC_CTX
*mem_ctx,
}
/* in user level security don't send a password now */
- if (cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) {
+ if (sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) {
passlen = 1;
pass = "";
} else if (pass == NULL) {
@@ -2218,7 +2221,7 @@ struct tevent_req *cli_tcon_andx_create(TALLOC_CTX
*mem_ctx,
goto access_denied;
}
- if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) &&
+ if ((sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) &&
*pass && passlen != 24) {
if (!lp_client_lanman_auth()) {
DEBUG(1, ("Server requested LANMAN password "
@@ -2235,7 +2238,7 @@ struct tevent_req *cli_tcon_andx_create(TALLOC_CTX
*mem_ctx,
passlen = 24;
pass = (const char *)p24;
} else {
- if((cli->sec_mode & (NEGOTIATE_SECURITY_USER_LEVEL
+ if((sec_mode & (NEGOTIATE_SECURITY_USER_LEVEL
|NEGOTIATE_SECURITY_CHALLENGE_RESPONSE))
== 0) {
uint8_t *tmp_pass;
@@ -2730,6 +2733,18 @@ static void cli_negprot_done(struct tevent_req *subreq)
cli->use_spnego = False;
cli->sec_mode = 0;
cli->serverzone = get_time_zone(time(NULL));
+ cli->max_xmit = 1024;
+ cli->max_mux = 1;
+ }
+
+ if (cli->max_xmit < 1024) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ if (cli->max_mux < 1) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
}
cli->max_xmit = MIN(cli->max_xmit, CLI_BUFFER_SIZE);
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 21ecab8..2d3a3a1 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -71,7 +71,7 @@ void cli_setup_packet_buf(struct cli_state *cli, char *buf)
SSVAL(buf,smb_pid,cli->smb1.pid);
memset(buf+smb_pidhigh, 0, 12);
SSVAL(buf,smb_uid, cli_state_get_uid(cli));
- SSVAL(buf,smb_mid,cli->smb1.mid);
+ SSVAL(buf,smb_mid, 0);
if (cli_state_protocol(cli) <= PROTOCOL_CORE) {
return;
@@ -514,6 +514,16 @@ uint32_t cli_state_available_size(struct cli_state *cli,
uint32_t ofs)
return ret;
}
+uint16_t cli_state_max_requests(struct cli_state *cli)
+{
+ return cli->max_mux;
+}
+
+uint16_t cli_state_security_mode(struct cli_state *cli)
+{
+ return cli->sec_mode;
+}
+
struct cli_echo_state {
uint16_t vwv[1];
DATA_BLOB data;
diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c
index a6f79fb..cd73252 100644
--- a/source3/libsmb/clireadwrite.c
+++ b/source3/libsmb/clireadwrite.c
@@ -396,6 +396,7 @@ struct cli_pull_state {
/*
* Outstanding requests
*/
+ uint16_t max_reqs;
int num_reqs;
struct cli_pull_subreq *reqs;
@@ -479,8 +480,10 @@ struct tevent_req *cli_pull_send(TALLOC_CTX *mem_ctx,
state->chunk_size = cli_read_max_bufsize(cli);
+ state->max_reqs = cli_state_max_requests(cli);
+
state->num_reqs = MAX(window_size/state->chunk_size, 1);
- state->num_reqs = MIN(state->num_reqs, cli->max_mux);
+ state->num_reqs = MIN(state->num_reqs, state->max_reqs);
state->reqs = talloc_zero_array(state, struct cli_pull_subreq,
state->num_reqs);
@@ -1080,6 +1083,7 @@ struct cli_push_state {
* Outstanding requests
*/
uint32_t pending;
+ uint16_t max_reqs;
uint32_t num_reqs;
struct cli_push_write_state **reqs;
};
@@ -1163,14 +1167,16 @@ struct tevent_req *cli_push_send(TALLOC_CTX *mem_ctx,
struct event_context *ev,
state->chunk_size = cli_write_max_bufsize(cli, mode, 14);
+ state->max_reqs = cli_state_max_requests(cli);
+
if (window_size == 0) {
- window_size = cli->max_mux * state->chunk_size;
+ window_size = state->max_reqs * state->chunk_size;
}
state->num_reqs = window_size/state->chunk_size;
if ((window_size % state->chunk_size) > 0) {
state->num_reqs += 1;
}
- state->num_reqs = MIN(state->num_reqs, cli->max_mux);
+ state->num_reqs = MIN(state->num_reqs, state->max_reqs);
state->num_reqs = MAX(state->num_reqs, 1);
state->reqs = talloc_zero_array(state, struct cli_push_write_state *,
diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h
index c618fda..4a56971 100644
--- a/source3/libsmb/proto.h
+++ b/source3/libsmb/proto.h
@@ -181,6 +181,8 @@ bool cli_set_case_sensitive(struct cli_state *cli, bool
case_sensitive);
enum protocol_types cli_state_protocol(struct cli_state *cli);
uint32_t cli_state_capabilities(struct cli_state *cli);
uint32_t cli_state_available_size(struct cli_state *cli, uint32_t ofs);
+uint16_t cli_state_max_requests(struct cli_state *cli);
+uint16_t cli_state_security_mode(struct cli_state *cli);
struct tevent_req *cli_echo_send(TALLOC_CTX *mem_ctx, struct event_context *ev,
struct cli_state *cli, uint16_t num_echos,
DATA_BLOB data);
diff --git a/source3/libsmb/smb2cli_tcon.c b/source3/libsmb/smb2cli_tcon.c
index 8c2c802..9cf73e3 100644
--- a/source3/libsmb/smb2cli_tcon.c
+++ b/source3/libsmb/smb2cli_tcon.c
@@ -118,7 +118,7 @@ static void smb2cli_tcon_done(struct tevent_req *subreq)
body = (uint8_t *)iov[1].iov_base;
cli->smb2.share_type = CVAL(body, 2);
cli->smb2.share_flags = IVAL(body, 4);
- cli->capabilities = IVAL(body, 8);
+ cli->smb2.share_capabilities = IVAL(body, 8);
cli->smb2.maximal_access = IVAL(body, 12);
TALLOC_FREE(subreq);
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index d791684..ff1175d 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -963,7 +963,7 @@ static bool run_readwritemulti(int dummy)
return test;
}
-static bool run_readwritelarge_internal(int max_xmit_k)
+static bool run_readwritelarge_internal(void)
{
static struct cli_state *cli1;
uint16_t fnum1;
@@ -979,8 +979,6 @@ static bool run_readwritelarge_internal(int max_xmit_k)
cli_sockopt(cli1, sockops);
memset(buf,'\0',sizeof(buf));
- cli1->max_xmit = max_xmit_k*1024;
-
if (signing_state == Required) {
/* Horrible cheat to force
multiple signed outstanding
@@ -1037,8 +1035,6 @@ static bool run_readwritelarge_internal(int max_xmit_k)
return False;
}
- cli1->max_xmit = 4*1024;
-
cli_smbwrite(cli1, fnum1, buf, 0, sizeof(buf), NULL);
status = cli_qfileinfo_basic(cli1, fnum1, NULL, &fsize, NULL, NULL,
@@ -1086,14 +1082,14 @@ static bool run_readwritelarge_internal(int max_xmit_k)
static bool run_readwritelarge(int dummy)
{
- return run_readwritelarge_internal(128);
+ return run_readwritelarge_internal();
}
static bool run_readwritelarge_signtest(int dummy)
{
bool ret;
signing_state = Required;
- ret = run_readwritelarge_internal(2);
+ ret = run_readwritelarge_internal();
signing_state = Undefined;
return ret;
}
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 807ad40..b631ab6 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -788,6 +788,7 @@ static NTSTATUS cm_prepare_connection(const struct
winbindd_domain *domain,
char *ipc_domain = NULL;
char *ipc_password = NULL;
int flags = 0;
+ uint16_t sec_mode = 0;
struct named_mutex *mutex;
@@ -910,7 +911,8 @@ static NTSTATUS cm_prepare_connection(const struct
winbindd_domain *domain,
cm_get_ipc_userpass(&ipc_username, &ipc_domain, &ipc_password);
- if ((((*cli)->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) != 0) &&
+ sec_mode = cli_state_security_mode(*cli);
+ if (((sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) != 0) &&
(strlen(ipc_username) > 0)) {
/* Only try authenticated if we have a username */
--
Samba Shared Repository
