The branch, master has been updated
       via  88dd6af605dc5754b7e146a068272d37651da710 (commit)
       via  880fbc4e8cd67de73c4bcda94489eb1e1422a04b (commit)
       via  0dfdb7b911ed4fe013fc4a22a8c3a28620277a67 (commit)
      from  2d1fcdc8072d53dfdb0f0a30911cdeac4aa06f35 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 88dd6af605dc5754b7e146a068272d37651da710
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed Mar 18 08:46:38 2009 +0100

    s3:libsmb: always create bytes array in cli_trans code
    
    Otherwise we return NO_MEMORY without a reason for fragmented trans
    requests, as talloc_append_blob() returns buf if we append a 0 length
    blob. When we pass buf = NULL we'll get back NULL and then assume
    NO_MEMORY...
    
    metze

commit 880fbc4e8cd67de73c4bcda94489eb1e1422a04b
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed Mar 18 07:56:51 2009 +0100

    s3:libsmb: fix smb signing for fragmented trans/trans2/nttrans requests
    
    Before we send the secondary requests we need to remove the
    old mid=>seqnum mapping and reset cli->mid and make the new
    mid=>seqnum mapping "persistent".
    
    The bug we had in cli_send_trans was this:
    The first cli_send_smb() incremented cli->mid
    and the secondary requests used the incremented mid,
    but as cli->outbuf still had the correct mid,
    we send the correct mid to the server. The real problem
    was that the cli_send_smb() function stored the seqnum
    under the wrong mid.
    
    cli_send_nttrans() was totally broken and now follows the
    same logic as cli_send_trans().
    
    The good thing is that in practice the problem is unlikely to happen,
    because max_xmit is large enough to avoid secondary requests.
    
    metze

commit 0dfdb7b911ed4fe013fc4a22a8c3a28620277a67
Author: Stefan Metzmacher <me...@samba.org>
Date:   Thu Mar 19 09:06:38 2009 +0100

    s3:lib/util_sock: use sys_recv() instead of sys_read() on sockets
    
    This ways the pcap support in socket wrapper sees the received data.
    
    metze

-----------------------------------------------------------------------

Summary of changes:
 source3/lib/util_sock.c   |    4 +-
 source3/libsmb/clitrans.c |   49 +++++++++++++++++++-------------------------
 2 files changed, 23 insertions(+), 30 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c
index de5b232..a0dbca1 100644
--- a/source3/lib/util_sock.c
+++ b/source3/lib/util_sock.c
@@ -519,7 +519,7 @@ NTSTATUS read_socket_with_timeout(int fd, char *buf,
                }
 
                while (nread < mincnt) {
-                       readret = sys_read(fd, buf + nread, maxcnt - nread);
+                       readret = sys_recv(fd, buf + nread, maxcnt - nread, 0);
 
                        if (readret == 0) {
                                DEBUG(5,("read_socket_with_timeout: "
@@ -588,7 +588,7 @@ NTSTATUS read_socket_with_timeout(int fd, char *buf,
                        return NT_STATUS_IO_TIMEOUT;
                }
 
-               readret = sys_read(fd, buf+nread, maxcnt-nread);
+               readret = sys_recv(fd, buf+nread, maxcnt-nread, 0);
 
                if (readret == 0) {
                        /* we got EOF on the file descriptor */
diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c
index 69e2be3..0266c03 100644
--- a/source3/libsmb/clitrans.c
+++ b/source3/libsmb/clitrans.c
@@ -112,9 +112,6 @@ bool cli_send_trans(struct cli_state *cli, int trans,
                        this_lparam = MIN(lparam-tot_param,cli->max_xmit - 
500); /* hack */
                        this_ldata = MIN(ldata-tot_data,cli->max_xmit - 
(500+this_lparam));
 
-                       client_set_trans_sign_state_off(cli, mid);
-                       client_set_trans_sign_state_on(cli, mid);
-
                        cli_set_message(cli->outbuf,trans==SMBtrans?8:9,0,True);
                        SCVAL(cli->outbuf,smb_com,(trans==SMBtrans ? SMBtranss 
: SMBtranss2));
 
@@ -138,20 +135,14 @@ bool cli_send_trans(struct cli_state *cli, int trans,
                                memcpy(outdata,data+tot_data,this_ldata);
                        cli_setup_bcc(cli, outdata+this_ldata);
 
-                       /*
-                        * Save the mid we're using. We need this for finding
-                        * signing replies.
-                        */
-                       mid = cli->mid;
-
                        show_msg(cli->outbuf);
+
+                       client_set_trans_sign_state_off(cli, mid);
+                       cli->mid = mid;
                        if (!cli_send_smb(cli)) {
-                               client_set_trans_sign_state_off(cli, mid);
                                return False;
                        }
-
-                       /* Ensure we use the same mid for the secondaries. */
-                       cli->mid = mid;
+                       client_set_trans_sign_state_on(cli, mid);
 
                        tot_data += this_ldata;
                        tot_param += this_lparam;
@@ -461,21 +452,14 @@ bool cli_send_nt_trans(struct cli_state *cli,
                                memcpy(outdata,data+tot_data,this_ldata);
                        cli_setup_bcc(cli, outdata+this_ldata);
 
-                       /*
-                        * Save the mid we're using. We need this for finding
-                        * signing replies.
-                        */
-                       mid = cli->mid;
-
                        show_msg(cli->outbuf);
 
+                       client_set_trans_sign_state_off(cli, mid);
+                       cli->mid = mid;
                        if (!cli_send_smb(cli)) {
-                               client_set_trans_sign_state_off(cli, mid);
                                return False;
                        }
-
-                       /* Ensure we use the same mid for the secondaries. */
-                       cli->mid = mid;
+                       client_set_trans_sign_state_on(cli, mid);
 
                        tot_data += this_ldata;
                        tot_param += this_lparam;
@@ -747,6 +731,7 @@ static struct async_req *cli_ship_trans(TALLOC_CTX *mem_ctx,
        uint16_t this_data = 0;
        uint32_t useable_space;
        uint8_t cmd;
+       uint8_t pad[3];
 
        frame = talloc_stackframe();
 
@@ -759,9 +744,16 @@ static struct async_req *cli_ship_trans(TALLOC_CTX 
*mem_ctx,
 
        param_offset = smb_size - 4;
 
+       bytes = TALLOC_ARRAY(talloc_tos(), uint8_t, 0); /* padding */
+       if (bytes == NULL) {
+               goto fail;
+       }
+
        switch (cmd) {
        case SMBtrans:
-               bytes = TALLOC_ZERO_P(talloc_tos(), uint8_t); /* padding */
+               pad[0] = 0;
+               bytes = (uint8_t *)talloc_append_blob(talloc_tos(), bytes,
+                                               data_blob_const(pad, 1));
                if (bytes == NULL) {
                        goto fail;
                }
@@ -775,13 +767,14 @@ static struct async_req *cli_ship_trans(TALLOC_CTX 
*mem_ctx,
                param_offset += talloc_get_size(bytes);
                break;
        case SMBtrans2:
-               bytes = TALLOC_ARRAY(talloc_tos(), uint8_t, 3); /* padding */
+               pad[0] = 0;
+               pad[1] = 'D'; /* Copy this from "old" 3.0 behaviour */
+               pad[2] = ' ';
+               bytes = (uint8_t *)talloc_append_blob(talloc_tos(), bytes,
+                                               data_blob_const(pad, 3));
                if (bytes == NULL) {
                        goto fail;
                }
-               bytes[0] = 0;
-               bytes[1] = 'D'; /* Copy this from "old" 3.0 behaviour */
-               bytes[2] = ' ';
                wct = 14 + state->num_setup;
                param_offset += talloc_get_size(bytes);
                break;


-- 
Samba Shared Repository

Reply via email to