The branch, master has been updated via 3e2d419 libcli/smb: remove unused SMB2_TF_ALGORITHM define via 72d3f93 libcli/smb: use SMB 3.10 flags for the transform header via d021a2d libcli/smb: pass tcon flags to the server for SMB 3.10 via 2a4290f libcli/smb: avoid validate info after tcon for SMB 3.10 via c290ece libcli/smb: implement SMB 3.10 session setup via 2f732db libcli/smb: implement SMB 3.10 negprot via a00fe90 libcli/smb: add smb2cli_req_get_send_iov() via 5c5a33c libcli/smb: add smb2_negotiate_context.c via 9d92074 libcli/smb: add SMB 3.10 related defines via 6db8a55 docs-xml: document SMB3_10 as available protocol for the client side via 50cf2c3 s3:torture: add PROTOCOL_SMB3_10 handling via 2fcf1b8 lib/param: add PROTOCOL_SMB3_10 handling via 664ca0e libcli/smb: negotiate SMB3_DIALECT_REVISION_310 if PROTOCOL_SMB3_10 is requested via d22fd00 libcli/smb: add PROTOCOL_SMB3_10 via 1fa8861 libcli/smb: add SMB3_DIALECT_REVISION_310 define via 3eef853 libcli/smb: fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02 from b376a82 printer_list: fix talloc tos leak of tdb record
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 3e2d4199c34352e2af5fb95b5ecb6f7c0b20cbff Author: Stefan Metzmacher <me...@samba.org> Date: Mon Oct 6 13:34:49 2014 +0200 libcli/smb: remove unused SMB2_TF_ALGORITHM define Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Wed Oct 8 01:08:40 CEST 2014 on sn-devel-104 commit 72d3f931d79d94cd017a60a5c7aac0a0de324748 Author: Stefan Metzmacher <me...@samba.org> Date: Mon Oct 6 13:33:24 2014 +0200 libcli/smb: use SMB 3.10 flags for the transform header Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit d021a2d90fcef537419347bbb679346f96313312 Author: Stefan Metzmacher <me...@samba.org> Date: Mon Sep 29 10:30:21 2014 +0200 libcli/smb: pass tcon flags to the server for SMB 3.10 Signed-off-by: Stefan Metzmacher <me...@samba.org> commit 2a4290fa00c3dd35772b28b9aabeaf26999f0219 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Sep 26 21:28:14 2014 +0200 libcli/smb: avoid validate info after tcon for SMB 3.10 Signed-off-by: Stefan Metzmacher <me...@samba.org> commit c290ece1f6bf1b8b6c11672eab692f418d738071 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Sep 24 22:58:49 2014 +0200 libcli/smb: implement SMB 3.10 session setup Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 2f732db74298a55bfdeeb560f81a147e2bcd5baa Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 23 04:09:16 2014 +0200 libcli/smb: implement SMB 3.10 negprot Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit a00fe90c3ce874defd876652196738be90a9b76e Author: Stefan Metzmacher <me...@samba.org> Date: Wed Sep 24 08:59:58 2014 +0200 libcli/smb: add smb2cli_req_get_send_iov() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 5c5a33cfcbab90430782169dcef259ca43620b5c Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 23 04:09:16 2014 +0200 libcli/smb: add smb2_negotiate_context.c Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 9d92074769a308d585404605613cf62079f779ca Author: Stefan Metzmacher <me...@samba.org> Date: Mon Sep 29 10:14:08 2014 +0200 libcli/smb: add SMB 3.10 related defines Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 6db8a556013e828423057303957c4ac3497097b0 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 23 04:07:00 2014 +0200 docs-xml: document SMB3_10 as available protocol for the client side Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 50cf2c35438ccd5336a3a8dbd122ade95ab23f54 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 23 04:03:49 2014 +0200 s3:torture: add PROTOCOL_SMB3_10 handling Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 2fcf1b892044ff740bbf4c5dd0de4636efe640e8 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 23 04:02:40 2014 +0200 lib/param: add PROTOCOL_SMB3_10 handling Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 664ca0e3eed26abbbc724d8066877ed555cdc61a Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 23 04:01:01 2014 +0200 libcli/smb: negotiate SMB3_DIALECT_REVISION_310 if PROTOCOL_SMB3_10 is requested Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit d22fd000c94356c731ded51afc2b195d77993a64 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 23 03:58:48 2014 +0200 libcli/smb: add PROTOCOL_SMB3_10 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 1fa8861f159cc99d55dee26edfcce0414d908183 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 23 03:57:04 2014 +0200 libcli/smb: add SMB3_DIALECT_REVISION_310 define Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 3eef853f741d9349e45a1a87e453c52bf56c4774 Author: Stefan Metzmacher <me...@samba.org> Date: Mon Oct 6 14:19:39 2014 +0200 libcli/smb: fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02 If the connection starts with a SMB Negprot, the server only implies the selected dialect, but not the clients security mode. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> ----------------------------------------------------------------------- Summary of changes: docs-xml/manpages/smb.conf.5.xml | 2 +- docs-xml/smbdotconf/protocol/clientmaxprotocol.xml | 3 + lib/param/param_table.c | 1 + libcli/smb/smb2_constants.h | 19 +- libcli/smb/smb2_negotiate_context.c | 193 +++++++++ libcli/smb/smb2_negotiate_context.h | 54 +++ libcli/smb/smb2_signing.c | 10 +- libcli/smb/smb2cli_session.c | 19 +- libcli/smb/smb2cli_tcon.c | 10 + libcli/smb/smbXcli_base.c | 447 ++++++++++++++++++-- libcli/smb/smbXcli_base.h | 12 + libcli/smb/smb_constants.h | 5 +- libcli/smb/wscript | 1 + source3/torture/test_smb2.c | 3 + 14 files changed, 740 insertions(+), 39 deletions(-) create mode 100644 libcli/smb/smb2_negotiate_context.c create mode 100644 libcli/smb/smb2_negotiate_context.h Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/smb.conf.5.xml b/docs-xml/manpages/smb.conf.5.xml index 5cf5adf..e98d183 100644 --- a/docs-xml/manpages/smb.conf.5.xml +++ b/docs-xml/manpages/smb.conf.5.xml @@ -471,7 +471,7 @@ chmod 1770 /usr/local/samba/lib/usershares <varlistentry> <term>%R</term> <listitem><para>the selected protocol level after protocol negotiation. It can be one of CORE, COREPLUS, - LANMAN1, LANMAN2, NT1, SMB2_02, SMB2_10, SMB2_22, SMB2_24, SMB3_00, SMB3_02 or SMB2_FF.</para></listitem> + LANMAN1, LANMAN2, NT1, SMB2_02, SMB2_10, SMB2_22, SMB2_24, SMB3_00, SMB3_02, SMB3_10 or SMB2_FF.</para></listitem> </varlistentry> <varlistentry> diff --git a/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml index 6693cd3..d541425 100644 --- a/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml +++ b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml @@ -63,6 +63,9 @@ <listitem> <para><constant>SMB3_02</constant>: Windows 8.1 SMB3 version.</para> </listitem> + <listitem> + <para><constant>SMB3_10</constant>: Windows 10 technical preview SMB3 version.</para> + </listitem> </itemizedlist> <para>By default SMB3 selects the SMB3_00 variant.</para> </listitem> diff --git a/lib/param/param_table.c b/lib/param/param_table.c index d3f60c3..bdc6b85 100644 --- a/lib/param/param_table.c +++ b/lib/param/param_table.c @@ -40,6 +40,7 @@ static const struct enum_list enum_protocol[] = { {PROTOCOL_SMB2_10, "SMB2"}, /* for now keep PROTOCOL_SMB2_10 */ {PROTOCOL_SMB3_00, "SMB3"}, /* for now keep PROTOCOL_SMB3_00 */ + {PROTOCOL_SMB3_10, "SMB3_10"}, {PROTOCOL_SMB3_02, "SMB3_02"}, {PROTOCOL_SMB3_00, "SMB3_00"}, {PROTOCOL_SMB2_24, "SMB2_24"}, diff --git a/libcli/smb/smb2_constants.h b/libcli/smb/smb2_constants.h index 0b34723..191de2b 100644 --- a/libcli/smb/smb2_constants.h +++ b/libcli/smb/smb2_constants.h @@ -28,14 +28,14 @@ #define SMB2_TF_NONCE 0x14 /* 16 bytes */ #define SMB2_TF_MSG_SIZE 0x24 /* 4 bytes */ #define SMB2_TF_RESERVED 0x28 /* 2 bytes */ -#define SMB2_TF_ALGORITHM 0x2A /* 2 bytes */ +#define SMB2_TF_FLAGS 0x2A /* 2 bytes */ #define SMB2_TF_SESSION_ID 0x2C /* 8 bytes */ #define SMB2_TF_HDR_SIZE 0x34 /* 52 bytes */ #define SMB2_TF_MAGIC 0x424D53FD /* 0xFD 'S' 'M' 'B' */ -#define SMB2_ENCRYPTION_AES128_CCM 0x0001 +#define SMB2_TF_FLAGS_ENCRYPTED 0x0001 /* offsets into header elements for a sync SMB2 request */ #define SMB2_HDR_PROTOCOL_ID 0x00 @@ -97,6 +97,7 @@ #define SMB2_DIALECT_REVISION_224 0x0224 #define SMB3_DIALECT_REVISION_300 0x0300 #define SMB3_DIALECT_REVISION_302 0x0302 +#define SMB3_DIALECT_REVISION_310 0x0310 #define SMB2_DIALECT_REVISION_2FF 0x02FF /* SMB2 negotiate security_mode */ @@ -122,15 +123,29 @@ SMB2_CAP_DIRECTORY_LEASING | \ SMB2_CAP_ENCRYPTION) +/* Types of SMB2 Negotiate Contexts - only in dialect >= 0x310 */ +#define SMB2_PREAUTH_INTEGRITY_CAPABILITIES 0x0001 +#define SMB2_ENCRYPTION_CAPABILITIES 0x0002 + +/* Values for the SMB2_PREAUTH_INTEGRITY_CAPABILITIES Context (>= 0x310) */ +#define SMB2_PREAUTH_INTEGRITY_SHA512 0x0001 + +/* Values for the SMB2_ENCRYPTION_CAPABILITIES Context (>= 0x310) */ +#define SMB2_ENCRYPTION_AES128_CCM 0x0001 /* only in dialect >= 0x224 */ +#define SMB2_ENCRYPTION_AES128_GCM 0x0002 /* only in dialect >= 0x310 */ /* SMB2 session (request) flags */ #define SMB2_SESSION_FLAG_BINDING 0x01 +/* SMB2_SESSION_FLAG_ENCRYPT_DATA 0x04 only in dialect >= 0x310 */ /* SMB2 session (response) flags */ #define SMB2_SESSION_FLAG_IS_GUEST 0x0001 #define SMB2_SESSION_FLAG_IS_NULL 0x0002 #define SMB2_SESSION_FLAG_ENCRYPT_DATA 0x0004 /* in dialect >= 0x224 */ +/* SMB2 tree connect (request) flags */ +#define SMB2_SHAREFLAG_CLUSTER_RECONNECT 0x0001 /* only in dialect >= 0x310 */ + /* SMB2 sharetype flags */ #define SMB2_SHARE_TYPE_DISK 0x1 #define SMB2_SHARE_TYPE_PIPE 0x2 diff --git a/libcli/smb/smb2_negotiate_context.c b/libcli/smb/smb2_negotiate_context.c new file mode 100644 index 0000000..61c9e55 --- /dev/null +++ b/libcli/smb/smb2_negotiate_context.c @@ -0,0 +1,193 @@ +/* + Unix SMB/CIFS implementation. + + Copyright (C) Stefan Metzmacher 2014 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "../libcli/smb/smb_common.h" +#include "libcli/smb/smb2_negotiate_context.h" + +static size_t smb2_negotiate_context_padding(uint32_t offset, size_t n) +{ + if ((offset & (n-1)) == 0) return 0; + return n - (offset & (n-1)); +} + +/* + parse a set of SMB2 create contexts +*/ +NTSTATUS smb2_negotiate_context_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB buffer, + struct smb2_negotiate_contexts *contexts) +{ + const uint8_t *data = buffer.data; + uint32_t remaining = buffer.length; + + while (true) { + uint16_t data_length; + uint16_t type; + DATA_BLOB b; + NTSTATUS status; + size_t pad; + uint32_t next_offset; + + if (remaining < 8) { + return NT_STATUS_INVALID_PARAMETER; + } + type = SVAL(data, 0x00); + data_length = SVAL(data, 0x02); +#if 0 + reserved = IVAL(data, 0x04); +#endif + + next_offset = 0x08 + data_length; + if (remaining < next_offset) { + return NT_STATUS_INVALID_PARAMETER; + } + + b = data_blob_const(data+0x08, data_length); + status = smb2_negotiate_context_add(mem_ctx, contexts, type, b); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + remaining -= next_offset; + data += next_offset; + + if (remaining == 0) { + break; + } + + pad = smb2_negotiate_context_padding(next_offset, 8); + if (remaining < pad) { + return NT_STATUS_INVALID_PARAMETER; + } + remaining -= pad; + data += pad; + } + + return NT_STATUS_OK; +} + +/* + add a context to a smb2_negotiate attribute context +*/ +static NTSTATUS smb2_negotiate_context_push_one(TALLOC_CTX *mem_ctx, DATA_BLOB *buffer, + const struct smb2_negotiate_context *context, + bool last) +{ + uint32_t ofs = buffer->length; + size_t next_offset = 0; + size_t next_pad = 0; + bool ok; + + if (context->data.length > UINT16_MAX) { + return NT_STATUS_INVALID_PARAMETER_MIX; + } + + next_offset = 0x08 + context->data.length; + if (!last) { + next_pad = smb2_negotiate_context_padding(next_offset, 8); + } + + ok = data_blob_realloc(mem_ctx, buffer, + buffer->length + next_offset + next_pad); + if (!ok) { + return NT_STATUS_NO_MEMORY; + } + + SSVAL(buffer->data, ofs+0x00, context->type); + SIVAL(buffer->data, ofs+0x02, context->data.length); + SIVAL(buffer->data, ofs+0x04, 0); + memcpy(buffer->data+ofs+0x08, context->data.data, context->data.length); + if (next_pad > 0) { + memset(buffer->data+ofs+next_offset, 0, next_pad); + next_offset += next_pad; + } + + return NT_STATUS_OK; +} + +/* + create a buffer of a set of create contexts +*/ +NTSTATUS smb2_negotiate_context_push(TALLOC_CTX *mem_ctx, DATA_BLOB *buffer, + const struct smb2_negotiate_contexts contexts) +{ + int i; + NTSTATUS status; + + *buffer = data_blob(NULL, 0); + for (i=0; i < contexts.num_contexts; i++) { + bool last = false; + const struct smb2_negotiate_context *c; + + if ((i + 1) == contexts.num_contexts) { + last = true; + } + + c = &contexts.contexts[i]; + status = smb2_negotiate_context_push_one(mem_ctx, buffer, c, last); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } + return NT_STATUS_OK; +} + +NTSTATUS smb2_negotiate_context_add(TALLOC_CTX *mem_ctx, struct smb2_negotiate_contexts *c, + uint16_t type, DATA_BLOB data) +{ + struct smb2_negotiate_context *array; + + array = talloc_realloc(mem_ctx, c->contexts, + struct smb2_negotiate_context, + c->num_contexts + 1); + NT_STATUS_HAVE_NO_MEMORY(array); + c->contexts = array; + + c->contexts[c->num_contexts].type = type; + + if (data.data) { + c->contexts[c->num_contexts].data = data_blob_talloc(c->contexts, + data.data, + data.length); + NT_STATUS_HAVE_NO_MEMORY(c->contexts[c->num_contexts].data.data); + } else { + c->contexts[c->num_contexts].data = data_blob_null; + } + + c->num_contexts += 1; + + return NT_STATUS_OK; +} + +/* + * return the first blob with the given tag + */ +struct smb2_negotiate_context *smb2_negotiate_context_find(const struct smb2_negotiate_contexts *c, + uint16_t type) +{ + uint32_t i; + + for (i=0; i < c->num_contexts; i++) { + if (c->contexts[i].type == type) { + return &c->contexts[i]; + } + } + + return NULL; +} diff --git a/libcli/smb/smb2_negotiate_context.h b/libcli/smb/smb2_negotiate_context.h new file mode 100644 index 0000000..d98104a --- /dev/null +++ b/libcli/smb/smb2_negotiate_context.h @@ -0,0 +1,54 @@ +/* + Unix SMB/CIFS implementation. + + Copyright (C) Stefan Metzmacher 2014 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _LIBCLI_SMB_SMB2_NEGOTIATE_BLOB_H_ +#define _LIBCLI_SMB_SMB2_NEGOTIATE_BLOB_H_ + +struct smb2_negotiate_context { + uint16_t type; + DATA_BLOB data; +}; + +struct smb2_negotiate_contexts { + uint32_t num_contexts; + struct smb2_negotiate_context *contexts; +}; + +/* + parse a set of SMB2 negotiate contexts +*/ +NTSTATUS smb2_negotiate_context_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB buffer, + struct smb2_negotiate_contexts *contexts); + +/* + negotiate a buffer of a set of negotiate contexts +*/ +NTSTATUS smb2_negotiate_context_push(TALLOC_CTX *mem_ctx, DATA_BLOB *buffer, + const struct smb2_negotiate_contexts contexts); + +NTSTATUS smb2_negotiate_context_add(TALLOC_CTX *mem_ctx, struct smb2_negotiate_contexts *c, + uint16_t type, DATA_BLOB data); + +/* + * return the first context with the given tag + */ +struct smb2_negotiate_context *smb2_negotiate_context_find(const struct smb2_negotiate_contexts *b, + uint16_t type); + +#endif /* _LIBCLI_SMB_SMB2_NEGOTIATE_BLOB_H_ */ diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c index 97143f7..72c2c2f 100644 --- a/libcli/smb/smb2_signing.c +++ b/libcli/smb/smb2_signing.c @@ -214,7 +214,6 @@ NTSTATUS smb2_signing_encrypt_pdu(DATA_BLOB encryption_key, int count) { uint8_t *tf; - uint16_t alg; uint8_t sig[16]; int i; size_t a_total; @@ -243,8 +242,7 @@ NTSTATUS smb2_signing_encrypt_pdu(DATA_BLOB encryption_key, m_total += vector[i].iov_len; } - alg = SMB2_ENCRYPTION_AES128_CCM; - SSVAL(tf, SMB2_TF_ALGORITHM, alg); + SSVAL(tf, SMB2_TF_FLAGS, SMB2_TF_FLAGS_ENCRYPTED); SIVAL(tf, SMB2_TF_MSG_SIZE, m_total); ZERO_STRUCT(key); @@ -279,7 +277,7 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key, int count) { uint8_t *tf; - uint16_t alg; + uint16_t flags; uint8_t *sig_ptr = NULL; uint8_t sig[16]; int i; @@ -310,10 +308,10 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key, m_total += vector[i].iov_len; } - alg = SVAL(tf, SMB2_TF_ALGORITHM); + flags = SVAL(tf, SMB2_TF_FLAGS); msg_size = IVAL(tf, SMB2_TF_MSG_SIZE); - if (alg != SMB2_ENCRYPTION_AES128_CCM) { + if (flags != SMB2_TF_FLAGS_ENCRYPTED) { return NT_STATUS_ACCESS_DENIED; } diff --git a/libcli/smb/smb2cli_session.c b/libcli/smb/smb2cli_session.c index 4418a0d..65a604a 100644 --- a/libcli/smb/smb2cli_session.c +++ b/libcli/smb/smb2cli_session.c @@ -120,6 +120,7 @@ static void smb2cli_session_setup_done(struct tevent_req *subreq) tevent_req_data(req, struct smb2cli_session_setup_state); NTSTATUS status; + NTSTATUS preauth_status; uint64_t current_session_id; uint64_t session_id; uint16_t session_flags; @@ -127,6 +128,7 @@ static void smb2cli_session_setup_done(struct tevent_req *subreq) uint16_t security_buffer_offset; uint16_t security_buffer_length; uint8_t *security_buffer_data = NULL; + struct iovec sent_iov[3]; const uint8_t *hdr; const uint8_t *body; static const struct smb2cli_req_expected_response expected[] = { @@ -142,13 +144,28 @@ static void smb2cli_session_setup_done(struct tevent_req *subreq) status = smb2cli_req_recv(subreq, state, &state->recv_iov, expected, ARRAY_SIZE(expected)); - TALLOC_FREE(subreq); if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + TALLOC_FREE(subreq); tevent_req_nterror(req, status); return; } + smb2cli_req_get_sent_iov(subreq, sent_iov); + preauth_status = smb2cli_session_update_preauth(state->session, sent_iov); + TALLOC_FREE(subreq); + if (tevent_req_nterror(req, preauth_status)) { + return; + } + + if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + preauth_status = smb2cli_session_update_preauth(state->session, + state->recv_iov); + if (tevent_req_nterror(req, preauth_status)) { + return; + } + } + hdr = (const uint8_t *)state->recv_iov[0].iov_base; body = (const uint8_t *)state->recv_iov[1].iov_base; diff --git a/libcli/smb/smb2cli_tcon.c b/libcli/smb/smb2cli_tcon.c index dd31043..8863bae 100644 --- a/libcli/smb/smb2cli_tcon.c +++ b/libcli/smb/smb2cli_tcon.c @@ -76,6 +76,11 @@ struct tevent_req *smb2cli_tcon_send(TALLOC_CTX *mem_ctx, fixed = state->fixed; SSVAL(fixed, 0, 9); + if (smbXcli_conn_protocol(conn) >= PROTOCOL_SMB3_10) { + SSVAL(fixed, 2, flags); + } else { + SSVAL(fixed, 2, 0); /* Reserved */ + } SSVAL(fixed, 4, SMB2_HDR_BODY + 8); SSVAL(fixed, 6, dyn_len); @@ -156,6 +161,11 @@ static void smb2cli_tcon_done(struct tevent_req *subreq) return; } + if (smbXcli_conn_protocol(state->conn) >= PROTOCOL_SMB3_10) { + tevent_req_done(req); + return; + } + subreq = smb2cli_validate_negotiate_info_send(state, state->ev, state->conn, state->timeout_msec, diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index ac81f7a..ad405a2 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -31,6 +31,8 @@ #include "../libcli/smb/read_smb.h" #include "smbXcli_base.h" #include "librpc/ndr/libndr.h" +#include "libcli/smb/smb2_negotiate_context.h" +#include <hcrypto/sha.h> struct smbXcli_conn; struct smbXcli_req; @@ -120,11 +122,14 @@ struct smbXcli_conn { NTTIME system_time; NTTIME start_time; DATA_BLOB gss_blob; + uint16_t cipher; } server; uint64_t mid; -- Samba Shared Repository