[SCM] Samba Shared Repository - branch master updated

Tue, 07 Aug 2012 22:33:30 -0700 

The branch, master has been updated
       via  528d3fe libcli/smb: do not set SMB2_TF_MSG_SIZE in the caller
       via  143fb84 libcli/smb: smb2_signing_[en|de]crypt_pdu() check and set 
SMB2_TF_MSG_SIZE
       via  6bfdca4 s3:smb2_sesssetup: remove unused code in 
smbd_smb2_reauth_generic_return()
       via  5f7d786 s3:smb2_sesssetup: remove TALLOC_FREE(session) from 
smbd_smb2_[re]auth_generic_return
       via  c9ecfd6 s3:smb2_server: sign the last request at the start of 
smbd_smb2_request_reply()
      from  64c0367 s3: Fix a crash in reply_lockingX_error

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 528d3fe2ae9691bc1c0b322bb3007524987f8b28
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed Aug 8 05:04:07 2012 +0200

    libcli/smb: do not set SMB2_TF_MSG_SIZE in the caller
    
    metze
    
    Autobuild-User(master): Stefan Metzmacher <me...@samba.org>
    Autobuild-Date(master): Wed Aug  8 07:32:55 CEST 2012 on sn-devel-104

commit 143fb8403a5b763224b078e67aa9e4ef005ec9ca
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed Aug 8 05:03:19 2012 +0200

    libcli/smb: smb2_signing_[en|de]crypt_pdu() check and set SMB2_TF_MSG_SIZE
    
    metze

commit 6bfdca4786cd6293650ecde784e316d2f0258a56
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed Aug 8 05:35:37 2012 +0200

    s3:smb2_sesssetup: remove unused code in smbd_smb2_reauth_generic_return()
    
    A reauth exchange is already signed, with the channel signing key.
    
    metze

commit 5f7d786b08f2d67d200fb473b12781174a69e776
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed Aug 8 05:33:50 2012 +0200

    s3:smb2_sesssetup: remove TALLOC_FREE(session) from 
smbd_smb2_[re]auth_generic_return
    
    The caller does this via the smbd_smb2_session_setup_state_destructor()
    
    metze

commit c9ecfd6f3df2714bfaabb77ceb987ce65c62e38a
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed Aug 8 04:35:15 2012 +0200

    s3:smb2_server: sign the last request at the start of 
smbd_smb2_request_reply()
    
    This means we correctly sign all responses in a compound chain.
    
    metze

-----------------------------------------------------------------------

Summary of changes:
 libcli/smb/smb2_signing.c     |   22 ++++++++++++++++------
 libcli/smb/smbXcli_base.c     |    3 ---
 source3/smbd/smb2_server.c    |   38 ++++++++++++++++----------------------
 source3/smbd/smb2_sesssetup.c |   18 ------------------
 4 files changed, 32 insertions(+), 49 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index bb621fd..97143f7 100644
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -238,13 +238,15 @@ NTSTATUS smb2_signing_encrypt_pdu(DATA_BLOB 
encryption_key,
                return NT_STATUS_ACCESS_DENIED;
        }
 
-       alg = SMB2_ENCRYPTION_AES128_CCM;
-       SSVAL(tf, SMB2_TF_ALGORITHM, alg);
-
        a_total = SMB2_TF_HDR_SIZE - SMB2_TF_NONCE;
        for (i=1; i < count; i++) {
                m_total += vector[i].iov_len;
        }
+
+       alg = SMB2_ENCRYPTION_AES128_CCM;
+       SSVAL(tf, SMB2_TF_ALGORITHM, alg);
+       SIVAL(tf, SMB2_TF_MSG_SIZE, m_total);
+
        ZERO_STRUCT(key);
        memcpy(key, encryption_key.data,
               MIN(encryption_key.length, AES_BLOCK_SIZE));
@@ -283,6 +285,7 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key,
        int i;
        size_t a_total;
        size_t m_total = 0;
+       uint32_t msg_size = 0;
        struct aes_ccm_128_context ctx;
        uint8_t key[AES_BLOCK_SIZE];
 
@@ -302,15 +305,22 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB 
decryption_key,
                return NT_STATUS_ACCESS_DENIED;
        }
 
+       a_total = SMB2_TF_HDR_SIZE - SMB2_TF_NONCE;
+       for (i=1; i < count; i++) {
+               m_total += vector[i].iov_len;
+       }
+
        alg = SVAL(tf, SMB2_TF_ALGORITHM);
+       msg_size = IVAL(tf, SMB2_TF_MSG_SIZE);
+
        if (alg != SMB2_ENCRYPTION_AES128_CCM) {
                return NT_STATUS_ACCESS_DENIED;
        }
 
-       a_total = SMB2_TF_HDR_SIZE - SMB2_TF_NONCE;
-       for (i=1; i < count; i++) {
-               m_total += vector[i].iov_len;
+       if (msg_size != m_total) {
+               return NT_STATUS_INTERNAL_ERROR;
        }
+
        ZERO_STRUCT(key);
        memcpy(key, decryption_key.data,
               MIN(decryption_key.length, AES_BLOCK_SIZE));
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index c6e3b2a..dad869c 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -2764,9 +2764,6 @@ skip_credits:
                                state->session->smb2->nonce_low += 1;
                        }
 
-                       SBVAL(state->smb2.transform, SMB2_TF_MSG_SIZE,
-                             reqlen);
-
                        buf = talloc_array(iov, uint8_t, reqlen);
                        if (buf == NULL) {
                                return NT_STATUS_NO_MEMORY;
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index afd001c..19a1051 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1977,7 +1977,6 @@ static NTSTATUS smbd_smb2_request_reply(struct 
smbd_smb2_request *req)
        struct tevent_req *subreq;
        struct iovec *outhdr = SMBD_SMB2_OUT_HDR_IOV(req);
        struct iovec *outdyn = SMBD_SMB2_OUT_DYN_IOV(req);
-       struct iovec *lasthdr = NULL;
 
        req->subreq = NULL;
        TALLOC_FREE(req->async_te);
@@ -1985,9 +1984,24 @@ static NTSTATUS smbd_smb2_request_reply(struct 
smbd_smb2_request *req)
        if ((req->current_idx > SMBD_SMB2_NUM_IOV_PER_REQ) &&
            (req->last_key.length > 0)) {
                int last_idx = req->current_idx - SMBD_SMB2_NUM_IOV_PER_REQ;
+               struct iovec *lasthdr = SMBD_SMB2_IDX_HDR_IOV(req,out,last_idx);
+               NTSTATUS status;
+
+               /*
+                * As we are sure the header of the last request in the
+                * compound chain will not change, we can to sign here
+                * with the last signing key we remembered.
+                */
 
-               lasthdr = SMBD_SMB2_IDX_HDR_IOV(req,out,last_idx);
+               status = smb2_signing_sign_pdu(req->last_key,
+                                              conn->protocol,
+                                              lasthdr,
+                                              SMBD_SMB2_NUM_IOV_PER_REQ);
+               if (!NT_STATUS_IS_OK(status)) {
+                       return status;
+               }
        }
+       data_blob_clear_free(&req->last_key);
 
        req->current_idx += SMBD_SMB2_NUM_IOV_PER_REQ;
 
@@ -2005,8 +2019,6 @@ static NTSTATUS smbd_smb2_request_reply(struct 
smbd_smb2_request *req)
                        return NT_STATUS_NO_MEMORY;
                }
 
-               data_blob_clear_free(&req->last_key);
-
                if (req->do_signing) {
                        struct smbXsrv_session *x = req->session;
                        DATA_BLOB signing_key = 
x->global->channels[0].signing_key;
@@ -2041,24 +2053,6 @@ static NTSTATUS smbd_smb2_request_reply(struct 
smbd_smb2_request *req)
        smb2_calculate_credits(req, req);
 
        /*
-        * As we are sure the header of the last request in the
-        * compound chain will not change, we can to sign here
-        * with the last signing key we remembered.
-        */
-       if (lasthdr != NULL) {
-               NTSTATUS status;
-
-               status = smb2_signing_sign_pdu(req->last_key,
-                                              conn->protocol,
-                                              lasthdr,
-                                              SMBD_SMB2_NUM_IOV_PER_REQ);
-               if (!NT_STATUS_IS_OK(status)) {
-                       return status;
-               }
-       }
-       data_blob_clear_free(&req->last_key);
-
-       /*
         * now check if we need to sign the current response
         */
        if (req->do_signing) {
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 474c04b..07a168f 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -208,7 +208,6 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct 
smbXsrv_session *session,
                                                  sizeof(session_key));
        if (x->global->signing_key.data == NULL) {
                ZERO_STRUCT(session_key);
-               TALLOC_FREE(session);
                return NT_STATUS_NO_MEMORY;
        }
 
@@ -226,7 +225,6 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct 
smbXsrv_session *session,
                                                x->global->signing_key);
        if (x->global->application_key.data == NULL) {
                ZERO_STRUCT(session_key);
-               TALLOC_FREE(session);
                return NT_STATUS_NO_MEMORY;
        }
 
@@ -244,7 +242,6 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct 
smbXsrv_session *session,
        x->global->channels[0].signing_key = 
data_blob_dup_talloc(x->global->channels,
                                                x->global->signing_key);
        if (x->global->channels[0].signing_key.data == NULL) {
-               TALLOC_FREE(session);
                return NT_STATUS_NO_MEMORY;
        }
 
@@ -252,13 +249,11 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct 
smbXsrv_session *session,
        session_info->session_key = data_blob_dup_talloc(session_info,
                                                x->global->application_key);
        if (session_info->session_key.data == NULL) {
-               TALLOC_FREE(session);
                return NT_STATUS_NO_MEMORY;
        }
 
        session->compat = talloc_zero(session, struct user_struct);
        if (session->compat == NULL) {
-               TALLOC_FREE(session);
                return NT_STATUS_NO_MEMORY;
        }
        session->compat->session = session;
@@ -278,7 +273,6 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct 
smbXsrv_session *session,
                DEBUG(1, ("smb2: Failed to claim session "
                        "for vuid=%llu\n",
                        (unsigned long long)session->compat->vuid));
-               TALLOC_FREE(session);
                return NT_STATUS_LOGON_FAILURE;
        }
 
@@ -300,7 +294,6 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct 
smbXsrv_session *session,
                DEBUG(0, ("smb2: Failed to update session for vuid=%llu - %s\n",
                          (unsigned long long)session->compat->vuid,
                          nt_errstr(status)));
-               TALLOC_FREE(session);
                return NT_STATUS_LOGON_FAILURE;
        }
 
@@ -334,7 +327,6 @@ static NTSTATUS smbd_smb2_reauth_generic_return(struct 
smbXsrv_session *session,
        session_info->session_key = data_blob_dup_talloc(session_info,
                                                x->global->application_key);
        if (session_info->session_key.data == NULL) {
-               TALLOC_FREE(session);
                return NT_STATUS_NO_MEMORY;
        }
 
@@ -363,21 +355,11 @@ static NTSTATUS smbd_smb2_reauth_generic_return(struct 
smbXsrv_session *session,
                DEBUG(0, ("smb2: Failed to update session for vuid=%llu - %s\n",
                          (unsigned long long)session->compat->vuid,
                          nt_errstr(status)));
-               TALLOC_FREE(session);
                return NT_STATUS_LOGON_FAILURE;
        }
 
        conn_clear_vuid_caches(conn->sconn, session->compat->vuid);
 
-       /*
-        * we attach the session to the request
-        * so that the response can be signed
-        */
-       smb2req->session = session;
-       smb2req->do_signing = true;
-
-       global_client_caps |= (CAP_LEVEL_II_OPLOCKS|CAP_STATUS32);
-
        *out_session_id = session->global->session_wire_id;
 
        return NT_STATUS_OK;


-- 
Samba Shared Repository

Reply via email to