The branch, master has been updated
via df08929 s3:smb2_sesssetup: reject SMB2_SESSION_FLAG_BINDING requests
via 46e08eb s3:libcli/smb: add SMB2_SESSION_FLAG_BINDING
via 859e5be s3:smb2_ioctl: fix GUID_compare() check in
FSCTL_VALIDATE_NEGOTIATE_INFO
via 3a85737 s3:smb2_ioctl: allow clients to send padding at the end of
FSCTL_VALIDATE_NEGOTIATE_INFO
via 3cce521 s3:smb2_ioctl: remove FSCTL_VALIDATE_NEGOTIATE_INFO_224
implementation
from 5c3a0cb libcli/smb: setup tcon->smb2.should_encrypt in
smb2cli_tcon_set_values()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit df08929d28cab9f3d5fda573e2c2649b651f3e4c
Author: Stefan Metzmacher <[email protected]>
Date: Thu Jul 26 00:11:13 2012 +0200
s3:smb2_sesssetup: reject SMB2_SESSION_FLAG_BINDING requests
metze
Autobuild-User(master): Stefan Metzmacher <[email protected]>
Autobuild-Date(master): Thu Jul 26 02:08:56 CEST 2012 on sn-devel-104
commit 46e08eb75f7ca179c1708b601ccf4c601278fbda
Author: Stefan Metzmacher <[email protected]>
Date: Thu Jul 26 00:10:38 2012 +0200
s3:libcli/smb: add SMB2_SESSION_FLAG_BINDING
metze
commit 859e5be07057c928bb9b7a32643304c8e03588e1
Author: Stefan Metzmacher <[email protected]>
Date: Wed Jul 25 16:43:58 2012 +0200
s3:smb2_ioctl: fix GUID_compare() check in FSCTL_VALIDATE_NEGOTIATE_INFO
metze
commit 3a857371916ed9867174233b6623c2260d438202
Author: Stefan Metzmacher <[email protected]>
Date: Wed Jul 25 16:38:45 2012 +0200
s3:smb2_ioctl: allow clients to send padding at the end of
FSCTL_VALIDATE_NEGOTIATE_INFO
metze
commit 3cce5214f9d458f95885a5fc6b5a7b946a7b50a0
Author: Stefan Metzmacher <[email protected]>
Date: Wed Jul 25 23:29:28 2012 +0200
s3:smb2_ioctl: remove FSCTL_VALIDATE_NEGOTIATE_INFO_224 implementation
Only Windows8 Beta uses this and it's broken, the client send wrong
capabilities. Just returning an error seems to be fine for the Windows8 Beta
client.
metze
-----------------------------------------------------------------------
Summary of changes:
libcli/smb/smb2_constants.h | 5 ++-
source3/smbd/smb2_ioctl.c | 81 +----------------------------------------
source3/smbd/smb2_sesssetup.c | 13 +++++++
3 files changed, 19 insertions(+), 80 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/smb/smb2_constants.h b/libcli/smb/smb2_constants.h
index f2f28f8..a00a4a7 100644
--- a/libcli/smb/smb2_constants.h
+++ b/libcli/smb/smb2_constants.h
@@ -121,7 +121,10 @@
SMB2_CAP_ENCRYPTION)
-/* SMB2 session flags */
+/* SMB2 session (request) flags */
+#define SMB2_SESSION_FLAG_BINDING 0x01
+
+/* SMB2 session (response) flags */
#define SMB2_SESSION_FLAG_IS_GUEST 0x0001
#define SMB2_SESSION_FLAG_IS_NULL 0x0002
#define SMB2_SESSION_FLAG_ENCRYPT_DATA 0x0004 /* in dialect >= 0x224 */
diff --git a/source3/smbd/smb2_ioctl.c b/source3/smbd/smb2_ioctl.c
index 36b44e6..3502d35 100644
--- a/source3/smbd/smb2_ioctl.c
+++ b/source3/smbd/smb2_ioctl.c
@@ -487,83 +487,6 @@ static struct tevent_req *smbd_smb2_ioctl_send(TALLOC_CTX
*mem_ctx,
req);
return req;
- case FSCTL_VALIDATE_NEGOTIATE_INFO_224:
- {
- struct smbXsrv_connection *conn = smbreq->sconn->conn;
- uint32_t in_capabilities;
- DATA_BLOB in_guid_blob;
- struct GUID in_guid;
- uint16_t in_security_mode;
- uint16_t in_max_dialect;
- uint16_t max_dialect;
- DATA_BLOB out_guid_blob;
- NTSTATUS status;
-
- if (in_input.length != 0x18) {
- tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
- return tevent_req_post(req, ev);
- }
-
- if (in_max_output < 0x18) {
- tevent_req_nterror(req, NT_STATUS_BUFFER_TOO_SMALL);
- return tevent_req_post(req, ev);
- }
-
- in_capabilities = IVAL(in_input.data, 0x00);
- in_guid_blob = data_blob_const(in_input.data + 0x04, 16);
- in_security_mode = SVAL(in_input.data, 0x14);
- in_max_dialect = SVAL(in_input.data, 0x16);
-
- status = GUID_from_ndr_blob(&in_guid_blob, &in_guid);
- if (tevent_req_nterror(req, status)) {
- return tevent_req_post(req, ev);
- }
-
- max_dialect =
conn->smb2.client.dialects[conn->smb2.client.num_dialects-1];
- if (in_max_dialect != max_dialect) {
- state->disconnect = true;
- tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
- return tevent_req_post(req, ev);
- }
-
- if (!GUID_compare(&in_guid, &conn->smb2.client.guid)) {
- state->disconnect = true;
- tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
- return tevent_req_post(req, ev);
- }
-
- if (in_security_mode != conn->smb2.client.security_mode) {
- state->disconnect = true;
- tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
- return tevent_req_post(req, ev);
- }
-
- if (in_capabilities != conn->smb2.client.capabilities) {
- state->disconnect = true;
- tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
- return tevent_req_post(req, ev);
- }
-
- status = GUID_to_ndr_blob(&conn->smb2.server.guid, state,
- &out_guid_blob);
- if (tevent_req_nterror(req, status)) {
- return tevent_req_post(req, ev);
- }
-
- state->out_output = data_blob_talloc(state, NULL, 0x18);
- if (tevent_req_nomem(state->out_output.data, req)) {
- return tevent_req_post(req, ev);
- }
-
- SIVAL(state->out_output.data, 0x00,
conn->smb2.server.capabilities);
- memcpy(state->out_output.data+0x04, out_guid_blob.data, 16);
- SIVAL(state->out_output.data, 0x14,
conn->smb2.server.security_mode);
- SIVAL(state->out_output.data, 0x16, conn->smb2.server.dialect);
-
- tevent_req_done(req);
- return tevent_req_post(req, ev);
- }
-
case FSCTL_VALIDATE_NEGOTIATE_INFO:
{
struct smbXsrv_connection *conn = smbreq->sconn->conn;
@@ -586,7 +509,7 @@ static struct tevent_req *smbd_smb2_ioctl_send(TALLOC_CTX
*mem_ctx,
in_security_mode = SVAL(in_input.data, 0x14);
in_num_dialects = SVAL(in_input.data, 0x16);
- if (in_input.length != (0x18 + in_num_dialects*2)) {
+ if (in_input.length < (0x18 + in_num_dialects*2)) {
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
return tevent_req_post(req, ev);
}
@@ -617,7 +540,7 @@ static struct tevent_req *smbd_smb2_ioctl_send(TALLOC_CTX
*mem_ctx,
}
}
- if (!GUID_compare(&in_guid, &conn->smb2.client.guid)) {
+ if (GUID_compare(&in_guid, &conn->smb2.client.guid) != 0) {
state->disconnect = true;
tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
return tevent_req_post(req, ev);
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 85bcc05..5355292 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -441,6 +441,19 @@ static struct tevent_req
*smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
state->in_previous_session_id = in_previous_session_id;
state->in_security_buffer = in_security_buffer;
+ if (in_flags & SMB2_SESSION_FLAG_BINDING) {
+ if (smb2req->sconn->conn->protocol < PROTOCOL_SMB2_22) {
+ tevent_req_nterror(req, NT_STATUS_REQUEST_NOT_ACCEPTED);
+ return tevent_req_post(req, ev);
+ }
+
+ /*
+ * We do not support multi channel.
+ */
+ tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED);
+ return tevent_req_post(req, ev);
+ }
+
talloc_set_destructor(state, smbd_smb2_session_setup_state_destructor);
if (state->in_session_id == 0) {
--
Samba Shared Repository
