The branch, master has been updated
via 88dd6af605dc5754b7e146a068272d37651da710 (commit)
via 880fbc4e8cd67de73c4bcda94489eb1e1422a04b (commit)
via 0dfdb7b911ed4fe013fc4a22a8c3a28620277a67 (commit)
from 2d1fcdc8072d53dfdb0f0a30911cdeac4aa06f35 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 88dd6af605dc5754b7e146a068272d37651da710
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Mar 18 08:46:38 2009 +0100
s3:libsmb: always create bytes array in cli_trans code
Otherwise we return NO_MEMORY without a reason for fragmented trans
requests, as talloc_append_blob() returns buf if we append a 0 length
blob. When we pass buf = NULL we'll get back NULL and then assume
NO_MEMORY...
metze
commit 880fbc4e8cd67de73c4bcda94489eb1e1422a04b
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Mar 18 07:56:51 2009 +0100
s3:libsmb: fix smb signing for fragmented trans/trans2/nttrans requests
Before we send the secondary requests we need to remove the
old mid=>seqnum mapping and reset cli->mid and make the new
mid=>seqnum mapping "persistent".
The bug we had in cli_send_trans was this:
The first cli_send_smb() incremented cli->mid
and the secondary requests used the incremented mid,
but as cli->outbuf still had the correct mid,
we send the correct mid to the server. The real problem
was that the cli_send_smb() function stored the seqnum
under the wrong mid.
cli_send_nttrans() was totally broken and now follows the
same logic as cli_send_trans().
The good thing is that in practice the problem is unlikely to happen,
because max_xmit is large enough to avoid secondary requests.
metze
commit 0dfdb7b911ed4fe013fc4a22a8c3a28620277a67
Author: Stefan Metzmacher <me...@samba.org>
Date: Thu Mar 19 09:06:38 2009 +0100
s3:lib/util_sock: use sys_recv() instead of sys_read() on sockets
This ways the pcap support in socket wrapper sees the received data.
metze
-----------------------------------------------------------------------
Summary of changes:
source3/lib/util_sock.c | 4 +-
source3/libsmb/clitrans.c | 49 +++++++++++++++++++-------------------------
2 files changed, 23 insertions(+), 30 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c
index de5b232..a0dbca1 100644
--- a/source3/lib/util_sock.c
+++ b/source3/lib/util_sock.c
@@ -519,7 +519,7 @@ NTSTATUS read_socket_with_timeout(int fd, char *buf,
}
while (nread < mincnt) {
- readret = sys_read(fd, buf + nread, maxcnt - nread);
+ readret = sys_recv(fd, buf + nread, maxcnt - nread, 0);
if (readret == 0) {
DEBUG(5,("read_socket_with_timeout: "
@@ -588,7 +588,7 @@ NTSTATUS read_socket_with_timeout(int fd, char *buf,
return NT_STATUS_IO_TIMEOUT;
}
- readret = sys_read(fd, buf+nread, maxcnt-nread);
+ readret = sys_recv(fd, buf+nread, maxcnt-nread, 0);
if (readret == 0) {
/* we got EOF on the file descriptor */
diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c
index 69e2be3..0266c03 100644
--- a/source3/libsmb/clitrans.c
+++ b/source3/libsmb/clitrans.c
@@ -112,9 +112,6 @@ bool cli_send_trans(struct cli_state *cli, int trans,
this_lparam = MIN(lparam-tot_param,cli->max_xmit -
500); /* hack */
this_ldata = MIN(ldata-tot_data,cli->max_xmit -
(500+this_lparam));
- client_set_trans_sign_state_off(cli, mid);
- client_set_trans_sign_state_on(cli, mid);
-
cli_set_message(cli->outbuf,trans==SMBtrans?8:9,0,True);
SCVAL(cli->outbuf,smb_com,(trans==SMBtrans ? SMBtranss
: SMBtranss2));
@@ -138,20 +135,14 @@ bool cli_send_trans(struct cli_state *cli, int trans,
memcpy(outdata,data+tot_data,this_ldata);
cli_setup_bcc(cli, outdata+this_ldata);
- /*
- * Save the mid we're using. We need this for finding
- * signing replies.
- */
- mid = cli->mid;
-
show_msg(cli->outbuf);
+
+ client_set_trans_sign_state_off(cli, mid);
+ cli->mid = mid;
if (!cli_send_smb(cli)) {
- client_set_trans_sign_state_off(cli, mid);
return False;
}
-
- /* Ensure we use the same mid for the secondaries. */
- cli->mid = mid;
+ client_set_trans_sign_state_on(cli, mid);
tot_data += this_ldata;
tot_param += this_lparam;
@@ -461,21 +452,14 @@ bool cli_send_nt_trans(struct cli_state *cli,
memcpy(outdata,data+tot_data,this_ldata);
cli_setup_bcc(cli, outdata+this_ldata);
- /*
- * Save the mid we're using. We need this for finding
- * signing replies.
- */
- mid = cli->mid;
-
show_msg(cli->outbuf);
+ client_set_trans_sign_state_off(cli, mid);
+ cli->mid = mid;
if (!cli_send_smb(cli)) {
- client_set_trans_sign_state_off(cli, mid);
return False;
}
-
- /* Ensure we use the same mid for the secondaries. */
- cli->mid = mid;
+ client_set_trans_sign_state_on(cli, mid);
tot_data += this_ldata;
tot_param += this_lparam;
@@ -747,6 +731,7 @@ static struct async_req *cli_ship_trans(TALLOC_CTX *mem_ctx,
uint16_t this_data = 0;
uint32_t useable_space;
uint8_t cmd;
+ uint8_t pad[3];
frame = talloc_stackframe();
@@ -759,9 +744,16 @@ static struct async_req *cli_ship_trans(TALLOC_CTX
*mem_ctx,
param_offset = smb_size - 4;
+ bytes = TALLOC_ARRAY(talloc_tos(), uint8_t, 0); /* padding */
+ if (bytes == NULL) {
+ goto fail;
+ }
+
switch (cmd) {
case SMBtrans:
- bytes = TALLOC_ZERO_P(talloc_tos(), uint8_t); /* padding */
+ pad[0] = 0;
+ bytes = (uint8_t *)talloc_append_blob(talloc_tos(), bytes,
+ data_blob_const(pad, 1));
if (bytes == NULL) {
goto fail;
}
@@ -775,13 +767,14 @@ static struct async_req *cli_ship_trans(TALLOC_CTX
*mem_ctx,
param_offset += talloc_get_size(bytes);
break;
case SMBtrans2:
- bytes = TALLOC_ARRAY(talloc_tos(), uint8_t, 3); /* padding */
+ pad[0] = 0;
+ pad[1] = 'D'; /* Copy this from "old" 3.0 behaviour */
+ pad[2] = ' ';
+ bytes = (uint8_t *)talloc_append_blob(talloc_tos(), bytes,
+ data_blob_const(pad, 3));
if (bytes == NULL) {
goto fail;
}
- bytes[0] = 0;
- bytes[1] = 'D'; /* Copy this from "old" 3.0 behaviour */
- bytes[2] = ' ';
wct = 14 + state->num_setup;
param_offset += talloc_get_size(bytes);
break;
--
Samba Shared Repository
