The branch, master has been updated
via e7bf8e7 s3:smb2_server: do one central as_root check if the
operation requires it
via eec941e s3:smb2_server: do one central tcon check if the operation
requires it
via 59b9dfa s3:smb2_server: do one central session check if the
operation requires it
via aba6df9 s3:smb2_server: add and use smbd_smb2_call()
via e013332 s3:smb2_server: add .as_root to smbd_smb2_dispatch_table
via f69ed57 s3:smb2_server: add .need_tcon to smbd_smb2_dispatch_table
via 46f7a60 s3:smb2_server: add .need_session to
smbd_smb2_dispatch_table
via 357110c s3:smb2_server: introduce a smbd_smb2_dispatch_table (for
now just with names)
via 5ac4d3d s3:smb2_server: move 'conn' to main block of
smbd_smb2_request_dispatch()
via 83a746d libcli/util: add NT_STATUS_FILE_NOT_AVAILABLE
via 1453358 libcli/smb: use forward declaration instead of includes
from 33705f4 s4-scripting: Remove unused variables from ntacl tests
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e7bf8e7e23855c9f03983200d52a93cdd49c4948
Author: Stefan Metzmacher <[email protected]>
Date: Mon Aug 6 12:32:50 2012 +0200
s3:smb2_server: do one central as_root check if the operation requires it
metze
Autobuild-User(master): Stefan Metzmacher <[email protected]>
Autobuild-Date(master): Tue Aug 7 13:14:38 CEST 2012 on sn-devel-104
commit eec941e411676b72ac40107efcc0e19710db725e
Author: Stefan Metzmacher <[email protected]>
Date: Mon Aug 6 12:32:50 2012 +0200
s3:smb2_server: do one central tcon check if the operation requires it
metze
commit 59b9dfa0cbb5e9f165f9fc0bcbd90fedddd7ec32
Author: Stefan Metzmacher <[email protected]>
Date: Mon Aug 6 12:32:50 2012 +0200
s3:smb2_server: do one central session check if the operation requires it
metze
commit aba6df9f5502fcb3fb8b86ae14890554065155f8
Author: Stefan Metzmacher <[email protected]>
Date: Mon Aug 6 10:42:30 2012 +0200
s3:smb2_server: add and use smbd_smb2_call()
metze
commit e01333242f149fcbdd9db3b2195c1543c3f0647f
Author: Stefan Metzmacher <[email protected]>
Date: Mon Aug 6 10:04:48 2012 +0200
s3:smb2_server: add .as_root to smbd_smb2_dispatch_table
metze
commit f69ed57d0faff446f2c66591cef941dfc1675881
Author: Stefan Metzmacher <[email protected]>
Date: Mon Aug 6 10:04:48 2012 +0200
s3:smb2_server: add .need_tcon to smbd_smb2_dispatch_table
metze
commit 46f7a60e787396af1a061f39ddca699e296b0560
Author: Stefan Metzmacher <[email protected]>
Date: Mon Aug 6 10:02:54 2012 +0200
s3:smb2_server: add .need_session to smbd_smb2_dispatch_table
metze
commit 357110c10be1e4d2e295e3362bbd484463c8af78
Author: Stefan Metzmacher <[email protected]>
Date: Mon Aug 6 09:29:40 2012 +0200
s3:smb2_server: introduce a smbd_smb2_dispatch_table (for now just with
names)
metze
commit 5ac4d3d27448c7ccc7e0ae0b7ee3c83409821d43
Author: Stefan Metzmacher <[email protected]>
Date: Tue Aug 7 09:48:22 2012 +0200
s3:smb2_server: move 'conn' to main block of smbd_smb2_request_dispatch()
metze
commit 83a746d7f54f7a99ee6b3e26100f8e2c19e3c3bd
Author: Stefan Metzmacher <[email protected]>
Date: Tue Aug 7 09:22:53 2012 +0200
libcli/util: add NT_STATUS_FILE_NOT_AVAILABLE
metze
commit 145335878b08712236282bb6155ad3f62c1e54a4
Author: Stefan Metzmacher <[email protected]>
Date: Tue Aug 7 07:24:22 2012 +0200
libcli/smb: use forward declaration instead of includes
metze
-----------------------------------------------------------------------
Summary of changes:
libcli/smb/smbXcli_base.h | 5 +-
libcli/util/nterr.c | 1 +
libcli/util/ntstatus.h | 1 +
source3/smbd/smb2_server.c | 422 +++++++++++++++-----------------------------
4 files changed, 145 insertions(+), 284 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h
index 2c0410b..5ef201e 100644
--- a/libcli/smb/smbXcli_base.h
+++ b/libcli/smb/smbXcli_base.h
@@ -21,14 +21,13 @@
#ifndef _SMBXCLI_BASE_H_
#define _SMBXCLI_BASE_H_
-#include <sys/uio.h>
-#include "libcli/smb/smb2_create_blob.h"
-
struct smbXcli_conn;
struct smbXcli_session;
struct smbXcli_tcon;
struct smb_trans_enc_state;
struct GUID;
+struct iovec;
+struct smb2_create_blobs;
struct smbXcli_conn *smbXcli_conn_create(TALLOC_CTX *mem_ctx,
int fd,
diff --git a/libcli/util/nterr.c b/libcli/util/nterr.c
index 4513e5c..793790d 100644
--- a/libcli/util/nterr.c
+++ b/libcli/util/nterr.c
@@ -551,6 +551,7 @@ const nt_err_code_struct nt_errs[] =
NT_STATUS_IO_REPARSE_TAG_NOT_HANDLED },
{ "NT_STATUS_NOT_A_REPARSE_POINT", NT_STATUS_NOT_A_REPARSE_POINT },
{ "NT_STATUS_NO_MORE_ENTRIES", NT_STATUS_NO_MORE_ENTRIES },
+ { "NT_STATUS_FILE_NOT_AVAILABLE", NT_STATUS_FILE_NOT_AVAILABLE },
{ "NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED",
NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED },
{ "NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX",
NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX },
{ "NT_STATUS_RPC_UNKNOWN_IF", NT_STATUS_RPC_UNKNOWN_IF },
diff --git a/libcli/util/ntstatus.h b/libcli/util/ntstatus.h
index af4ab6a..a42f78f 100644
--- a/libcli/util/ntstatus.h
+++ b/libcli/util/ntstatus.h
@@ -608,6 +608,7 @@ typedef uint32_t NTSTATUS;
#define NT_STATUS_DOWNGRADE_DETECTED NT_STATUS(0xC0000000 | 0x0388)
#define NT_STATUS_NO_S4U_PROT_SUPPORT NT_STATUS(0xC0000000 | 0x040A)
#define NT_STATUS_CROSSREALM_DELEGATION_FAILURE NT_STATUS(0xC0000000 | 0x040B)
+#define NT_STATUS_FILE_NOT_AVAILABLE NT_STATUS(0xC00000000 | 0x0467)
#define NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED NT_STATUS(0xC0000000 | 0x20004)
#define NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX NT_STATUS(0xC0000000 | 0x20026)
#define NT_STATUS_RPC_UNKNOWN_IF NT_STATUS(0xC0000000 | 0x20012)
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 1c19cce..4e3259a 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -32,34 +32,118 @@
#define OUTVEC_ALLOC_SIZE (SMB2_HDR_BODY + 9)
-static const char *smb2_names[] = {
- "SMB2_NEGPROT",
- "SMB2_SESSSETUP",
- "SMB2_LOGOFF",
- "SMB2_TCON",
- "SMB2_TDIS",
- "SMB2_CREATE",
- "SMB2_CLOSE",
- "SMB2_FLUSH",
- "SMB2_READ",
- "SMB2_WRITE",
- "SMB2_LOCK",
- "SMB2_IOCTL",
- "SMB2_CANCEL",
- "SMB2_KEEPALIVE",
- "SMB2_FIND",
- "SMB2_NOTIFY",
- "SMB2_GETINFO",
- "SMB2_SETINFO",
- "SMB2_BREAK"
+static const struct smbd_smb2_dispatch_table {
+ uint16_t opcode;
+ const char *name;
+ bool need_session;
+ bool need_tcon;
+ bool as_root;
+} smbd_smb2_table[] = {
+#define _OP(o) .opcode = o, .name = #o
+ {
+ _OP(SMB2_OP_NEGPROT),
+ .as_root = true,
+ },{
+ _OP(SMB2_OP_SESSSETUP),
+ .as_root = true,
+ },{
+ _OP(SMB2_OP_LOGOFF),
+ .need_session = true,
+ .as_root = true,
+ },{
+ _OP(SMB2_OP_TCON),
+ .need_session = true,
+ /*
+ * This call needs to be run as root.
+ *
+ * smbd_smb2_request_process_tcon()
+ * calls make_connection_snum(), which will call
+ * change_to_user(), when needed.
+ */
+ .as_root = true,
+ },{
+ _OP(SMB2_OP_TDIS),
+ .need_session = true,
+ .need_tcon = true,
+ .as_root = true,
+ },{
+ _OP(SMB2_OP_CREATE),
+ .need_session = true,
+ .need_tcon = true,
+ },{
+ _OP(SMB2_OP_CLOSE),
+ .need_session = true,
+ .need_tcon = true,
+ },{
+ _OP(SMB2_OP_FLUSH),
+ .need_session = true,
+ .need_tcon = true,
+ },{
+ _OP(SMB2_OP_READ),
+ .need_session = true,
+ .need_tcon = true,
+ },{
+ _OP(SMB2_OP_WRITE),
+ .need_session = true,
+ .need_tcon = true,
+ },{
+ _OP(SMB2_OP_LOCK),
+ .need_session = true,
+ .need_tcon = true,
+ },{
+ _OP(SMB2_OP_IOCTL),
+ .need_session = true,
+ .need_tcon = true,
+ },{
+ _OP(SMB2_OP_CANCEL),
+ .as_root = true,
+ },{
+ _OP(SMB2_OP_KEEPALIVE),
+ .as_root = true,
+ },{
+ _OP(SMB2_OP_FIND),
+ .need_session = true,
+ .need_tcon = true,
+ },{
+ _OP(SMB2_OP_NOTIFY),
+ .need_session = true,
+ .need_tcon = true,
+ },{
+ _OP(SMB2_OP_GETINFO),
+ .need_session = true,
+ .need_tcon = true,
+ },{
+ _OP(SMB2_OP_SETINFO),
+ .need_session = true,
+ .need_tcon = true,
+ },{
+ _OP(SMB2_OP_BREAK),
+ .need_session = true,
+ .need_tcon = true,
+ }
};
const char *smb2_opcode_name(uint16_t opcode)
{
- if (opcode > 0x12) {
+ if (opcode >= ARRAY_SIZE(smbd_smb2_table)) {
return "Bad SMB2 opcode";
}
- return smb2_names[opcode];
+ return smbd_smb2_table[opcode].name;
+}
+
+static const struct smbd_smb2_dispatch_table *smbd_smb2_call(uint16_t opcode)
+{
+ const struct smbd_smb2_dispatch_table *ret = NULL;
+
+ if (opcode >= ARRAY_SIZE(smbd_smb2_table)) {
+ return NULL;
+ }
+
+ ret = &smbd_smb2_table[opcode];
+
+ SMB_ASSERT(ret->opcode == opcode);
+
+ return ret;
}
static void print_req_vectors(struct smbd_smb2_request *req)
@@ -1568,6 +1652,8 @@ NTSTATUS smbd_smb2_request_verify_sizes(struct
smbd_smb2_request *req,
NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
{
+ struct smbXsrv_connection *conn = req->sconn->conn;
+ const struct smbd_smb2_dispatch_table *call = NULL;
const uint8_t *inhdr;
uint16_t opcode;
uint32_t flags;
@@ -1590,7 +1676,7 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
smb2_opcode_name(opcode),
(unsigned long long)mid));
- if (get_Protocol() >= PROTOCOL_SMB2_02) {
+ if (conn->protocol >= PROTOCOL_SMB2_02) {
/*
* once the protocol is negotiated
* SMB2_OP_NEGPROT is not allowed anymore
@@ -1610,6 +1696,11 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
}
}
+ call = smbd_smb2_call(opcode);
+ if (call == NULL) {
+ return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
+ }
+
allowed_flags = SMB2_HDR_FLAG_CHAINED |
SMB2_HDR_FLAG_SIGNED |
SMB2_HDR_FLAG_DFS;
@@ -1642,7 +1733,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
req->do_signing = false;
if (flags & SMB2_HDR_FLAG_SIGNED) {
- struct smbXsrv_connection *conn;
DATA_BLOB signing_key;
if (x == NULL) {
@@ -1650,7 +1740,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
req, NT_STATUS_ACCESS_DENIED);
}
- conn = x->connection;
signing_key = x->global->channels[0].signing_key;
if (!NT_STATUS_IS_OK(session_status)) {
@@ -1689,11 +1778,36 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
req->sconn->smb2.compound_related_in_progress = true;
}
- switch (opcode) {
- case SMB2_OP_NEGPROT:
+ if (call->need_session) {
+ if (!NT_STATUS_IS_OK(session_status)) {
+ return smbd_smb2_request_error(req, session_status);
+ }
+ }
+
+ if (call->need_tcon) {
+ SMB_ASSERT(call->need_session);
+
+ /*
+ * This call needs to be run as user.
+ *
+ * smbd_smb2_request_check_tcon()
+ * calls change_to_user() on success.
+ */
+ status = smbd_smb2_request_check_tcon(req);
+ if (!NT_STATUS_IS_OK(status)) {
+ return smbd_smb2_request_error(req, status);
+ }
+ }
+
+ if (call->as_root) {
/* This call needs to be run as root */
change_to_root_user();
+ } else {
+ SMB_ASSERT(call->need_tcon);
+ }
+ switch (opcode) {
+ case SMB2_OP_NEGPROT:
{
START_PROFILE(smb2_negprot);
return_value = smbd_smb2_request_process_negprot(req);
@@ -1702,9 +1816,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
break;
case SMB2_OP_SESSSETUP:
- /* This call needs to be run as root */
- change_to_root_user();
-
{
START_PROFILE(smb2_sesssetup);
return_value = smbd_smb2_request_process_sesssetup(req);
@@ -1713,14 +1824,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
break;
case SMB2_OP_LOGOFF:
- if (!NT_STATUS_IS_OK(session_status)) {
- return_value = smbd_smb2_request_error(req,
session_status);
- break;
- }
-
- /* This call needs to be run as root */
- change_to_root_user();
-
{
START_PROFILE(smb2_logoff);
return_value = smbd_smb2_request_process_logoff(req);
@@ -1729,20 +1832,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
break;
case SMB2_OP_TCON:
- if (!NT_STATUS_IS_OK(session_status)) {
- return_value = smbd_smb2_request_error(req,
session_status);
- break;
- }
-
- /*
- * This call needs to be run as root.
- *
- * smbd_smb2_request_process_tcon()
- * calls make_connection_snum(), which will call
- * change_to_user(), when needed.
- */
- change_to_root_user();
-
{
START_PROFILE(smb2_tcon);
return_value = smbd_smb2_request_process_tcon(req);
@@ -1751,25 +1840,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
break;
case SMB2_OP_TDIS:
- if (!NT_STATUS_IS_OK(session_status)) {
- return_value = smbd_smb2_request_error(req,
session_status);
- break;
- }
- /*
- * This call needs to be run as user.
- *
- * smbd_smb2_request_check_tcon()
- * calls change_to_user() on success.
- */
- status = smbd_smb2_request_check_tcon(req);
- if (!NT_STATUS_IS_OK(status)) {
- return_value = smbd_smb2_request_error(req, status);
- break;
- }
- /* This call needs to be run as root */
- change_to_root_user();
-
-
{
START_PROFILE(smb2_tdis);
return_value = smbd_smb2_request_process_tdis(req);
@@ -1778,22 +1848,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
break;
case SMB2_OP_CREATE:
- if (!NT_STATUS_IS_OK(session_status)) {
- return_value = smbd_smb2_request_error(req,
session_status);
- break;
- }
- /*
- * This call needs to be run as user.
- *
- * smbd_smb2_request_check_tcon()
- * calls change_to_user() on success.
- */
- status = smbd_smb2_request_check_tcon(req);
- if (!NT_STATUS_IS_OK(status)) {
- return_value = smbd_smb2_request_error(req, status);
- break;
- }
-
{
START_PROFILE(smb2_create);
return_value = smbd_smb2_request_process_create(req);
@@ -1802,22 +1856,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
break;
case SMB2_OP_CLOSE:
- if (!NT_STATUS_IS_OK(session_status)) {
- return_value = smbd_smb2_request_error(req,
session_status);
- break;
- }
- /*
- * This call needs to be run as user.
- *
- * smbd_smb2_request_check_tcon()
- * calls change_to_user() on success.
- */
- status = smbd_smb2_request_check_tcon(req);
- if (!NT_STATUS_IS_OK(status)) {
- return_value = smbd_smb2_request_error(req, status);
- break;
- }
-
{
START_PROFILE(smb2_close);
return_value = smbd_smb2_request_process_close(req);
@@ -1826,22 +1864,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
break;
case SMB2_OP_FLUSH:
- if (!NT_STATUS_IS_OK(session_status)) {
- return_value = smbd_smb2_request_error(req,
session_status);
- break;
- }
- /*
- * This call needs to be run as user.
- *
- * smbd_smb2_request_check_tcon()
- * calls change_to_user() on success.
- */
- status = smbd_smb2_request_check_tcon(req);
- if (!NT_STATUS_IS_OK(status)) {
- return_value = smbd_smb2_request_error(req, status);
- break;
- }
-
{
START_PROFILE(smb2_flush);
return_value = smbd_smb2_request_process_flush(req);
@@ -1850,22 +1872,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
break;
case SMB2_OP_READ:
- if (!NT_STATUS_IS_OK(session_status)) {
- return_value = smbd_smb2_request_error(req,
session_status);
- break;
- }
- /*
- * This call needs to be run as user.
- *
- * smbd_smb2_request_check_tcon()
- * calls change_to_user() on success.
- */
- status = smbd_smb2_request_check_tcon(req);
- if (!NT_STATUS_IS_OK(status)) {
- return_value = smbd_smb2_request_error(req, status);
- break;
- }
-
{
START_PROFILE(smb2_read);
return_value = smbd_smb2_request_process_read(req);
@@ -1874,22 +1880,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
break;
case SMB2_OP_WRITE:
- if (!NT_STATUS_IS_OK(session_status)) {
- return_value = smbd_smb2_request_error(req,
session_status);
- break;
- }
- /*
- * This call needs to be run as user.
- *
- * smbd_smb2_request_check_tcon()
- * calls change_to_user() on success.
- */
- status = smbd_smb2_request_check_tcon(req);
- if (!NT_STATUS_IS_OK(status)) {
- return_value = smbd_smb2_request_error(req, status);
- break;
- }
-
{
START_PROFILE(smb2_write);
return_value = smbd_smb2_request_process_write(req);
@@ -1898,30 +1888,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
break;
case SMB2_OP_LOCK:
- if (!NT_STATUS_IS_OK(session_status)) {
- /* Too ugly to live ? JRA. */
- if
(NT_STATUS_EQUAL(session_status,NT_STATUS_USER_SESSION_DELETED)) {
- session_status = NT_STATUS_FILE_CLOSED;
- }
- return_value = smbd_smb2_request_error(req,
session_status);
- break;
- }
- /*
- * This call needs to be run as user.
- *
- * smbd_smb2_request_check_tcon()
- * calls change_to_user() on success.
- */
- status = smbd_smb2_request_check_tcon(req);
- if (!NT_STATUS_IS_OK(status)) {
- /* Too ugly to live ? JRA. */
- if
(NT_STATUS_EQUAL(status,NT_STATUS_NETWORK_NAME_DELETED)) {
- status = NT_STATUS_FILE_CLOSED;
- }
- return_value = smbd_smb2_request_error(req, status);
- break;
- }
-
{
START_PROFILE(smb2_lock);
return_value = smbd_smb2_request_process_lock(req);
@@ -1930,22 +1896,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
break;
case SMB2_OP_IOCTL:
- if (!NT_STATUS_IS_OK(session_status)) {
- return_value = smbd_smb2_request_error(req,
session_status);
- break;
--
Samba Shared Repository
