Changeset 751 for trunk/server/source3/smbd/smb2_sesssetup.c

Timestamp:

Nov 29, 2012, 1:59:04 PM (13 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: updated trunk to 3.6.9

File:

• trunk/server/source3/smbd/smb2_sesssetup.c (modified) (13 diffs)

trunk/server/source3/smbd/smb2_sesssetup.c

@@ -48 +48 @@
         DATA_BLOB outbody;
         DATA_BLOB outdyn;
-        size_t expected_body_size = 0x19;
-        size_t body_size;
         uint64_t in_session_id;
         uint8_t in_security_mode;
@@ -58 +56 @@
         uint64_t out_session_id;
         uint16_t out_security_offset;
-        DATA_BLOB out_security_buffer;
+        DATA_BLOB out_security_buffer = data_blob_null;
         NTSTATUS status;
 
+        status = smbd_smb2_request_verify_sizes(smb2req, 0x19);
+        if (!NT_STATUS_IS_OK(status)) {
+                return smbd_smb2_request_error(smb2req, status);
+        }
         inhdr = (const uint8_t *)smb2req->in.vector[i+0].iov_base;
-
-        if (smb2req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) {
-                return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
-        }
-
         inbody = (const uint8_t *)smb2req->in.vector[i+1].iov_base;
-
-        body_size = SVAL(inbody, 0x00);
-        if (body_size != expected_body_size) {
-                return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
-        }
 
         in_security_offset = SVAL(inbody, 0x0C);
         in_security_length = SVAL(inbody, 0x0E);
 
-        if (in_security_offset != (SMB2_HDR_BODY + (body_size & 0xFFFFFFFE))) {
+        if (in_security_offset != (SMB2_HDR_BODY + smb2req->in.vector[i+1].iov_len)) {
                 return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
         }
@@ -196 +188 @@
         bool username_was_mapped = false;
         bool map_domainuser_to_guest = false;
+        bool guest = false;
 
         if (!spnego_parse_krb5_wrap(talloc_tos(), *secblob, &ticket, tok_id)) {
@@ -272 +265 @@
                 /* force no signing */
                 session->do_signing = false;
+                guest = true;
         }
 
@@ -324 +318 @@
          */
         smb2req->session = session;
-        if (session->do_signing) {
+        if (!guest) {
                 smb2req->do_signing = true;
         }
@@ -478 +472 @@
 {
         fstring tmp;
+        bool guest = false;
 
         if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
@@ -490 +485 @@
                 /* force no signing */
                 session->do_signing = false;
+                guest = true;
         }
 
@@ -537 +533 @@
          */
         smb2req->session = session;
-        if (session->do_signing) {
+        if (!guest) {
                 smb2req->do_signing = true;
         }
@@ -565 +561 @@
         }
 
-        if (auth.data[0] == ASN1_APPLICATION(0)) {
+        if (auth.length > 0 && auth.data[0] == ASN1_APPLICATION(0)) {
                 /* Might be a second negTokenTarg packet */
                 DATA_BLOB secblob_in = data_blob_null;
@@ -679 +675 @@
         NTSTATUS status;
         DATA_BLOB secblob_out = data_blob_null;
+
+        *out_security_buffer = data_blob_null;
 
         if (session->auth_ntlmssp_state == NULL) {
@@ -820 +818 @@
 {
         const uint8_t *inhdr;
-        const uint8_t *outhdr;
         int i = req->current_idx;
+        uint32_t in_flags;
         uint64_t in_session_id;
         void *p;
         struct smbd_smb2_session *session;
-        bool chained_fixup = false;
+
+        req->session = NULL;
+        req->tcon = NULL;
 
         inhdr = (const uint8_t *)req->in.vector[i+0].iov_base;
 
+        in_flags = IVAL(inhdr, SMB2_HDR_FLAGS);
         in_session_id = BVAL(inhdr, SMB2_HDR_SESSION_ID);
 
-        if (in_session_id == (0xFFFFFFFFFFFFFFFFLL)) {
-                if (req->async) {
-                        /*
-                         * async request - fill in session_id from
-                         * already setup request out.vector[].iov_base.
-                         */
-                        outhdr = (const uint8_t *)req->out.vector[i].iov_base;
-                        in_session_id = BVAL(outhdr, SMB2_HDR_SESSION_ID);
-                } else if (i > 2) {
-                        /*
-                         * Chained request - fill in session_id from
-                         * the previous request out.vector[].iov_base.
-                         */
-                        outhdr = (const uint8_t *)req->out.vector[i-3].iov_base;
-                        in_session_id = BVAL(outhdr, SMB2_HDR_SESSION_ID);
-                        chained_fixup = true;
-                }
-        }
+        if (in_flags & SMB2_HDR_FLAG_CHAINED) {
+                in_session_id = req->last_session_id;
+        }
+
+        req->last_session_id = UINT64_MAX;
 
         /* lookup an existing session */
@@ -866 +854 @@
 
         req->session = session;
-
-        if (chained_fixup) {
-                /* Fix up our own outhdr. */
-                outhdr = (const uint8_t *)req->out.vector[i].iov_base;
-                SBVAL(outhdr, SMB2_HDR_SESSION_ID, in_session_id);
-        }
+        req->last_session_id = in_session_id;
+
         return NT_STATUS_OK;
 }
@@ -877 +861 @@
 NTSTATUS smbd_smb2_request_process_logoff(struct smbd_smb2_request *req)
 {
-        const uint8_t *inbody;
-        int i = req->current_idx;
+        NTSTATUS status;
         DATA_BLOB outbody;
-        size_t expected_body_size = 0x04;
-        size_t body_size;
-
-        if (req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) {
-                return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
-        }
-
-        inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
-
-        body_size = SVAL(inbody, 0x00);
-        if (body_size != expected_body_size) {
-                return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
+
+        status = smbd_smb2_request_verify_sizes(req, 0x04);
+        if (!NT_STATUS_IS_OK(status)) {
+                return smbd_smb2_request_error(req, status);
         }