diff options
-rw-r--r-- | source4/libcli/raw/interfaces.h | 13 | ||||
-rw-r--r-- | source4/libcli/smb2/session.c | 12 | ||||
-rw-r--r-- | source4/smb_server/smb2/sesssetup.c | 47 |
3 files changed, 24 insertions, 48 deletions
diff --git a/source4/libcli/raw/interfaces.h b/source4/libcli/raw/interfaces.h index 3665af9548..c581978b81 100644 --- a/source4/libcli/raw/interfaces.h +++ b/source4/libcli/raw/interfaces.h @@ -372,13 +372,18 @@ union smb_sesssetup { enum smb_sesssetup_level level; struct { - /* static body buffer 16 (0x10) bytes */ - /* uint16_t buffer_code; 0x11 = 0x10 + 1 */ + /* NOTE: this was 0x11 = 0x10 + 1 in vista-CTP + * and changed in vista-beta2, but both server's + * can handle the 0x18 clients + */ + /* static body buffer 24 (0x18) bytes */ + /* uint16_t buffer_code; 0x19 = 0x18 + 1 */ uint16_t _pad; - uint32_t unknown2; /* 0xF */ - uint32_t unknown3; /* 0x00 */ + uint32_t unknown2; /* 0x0000000F(vista-CTP) 0x00000007(vista-beta2) */ + uint32_t unknown3; /* 0x0000000 */ /* uint16_t secblob_ofs */ /* uint16_t secblob_size */ + uint64_t unknown4; /* 0x0000000000000000 only present in vista-beta2 */ /* dynamic body */ DATA_BLOB secblob; diff --git a/source4/libcli/smb2/session.c b/source4/libcli/smb2/session.c index 83e6d1ae00..7518a3d6d3 100644 --- a/source4/libcli/smb2/session.c +++ b/source4/libcli/smb2/session.c @@ -69,11 +69,11 @@ struct smb2_request *smb2_session_setup_send(struct smb2_session *session, NTSTATUS status; req = smb2_request_init(session->transport, SMB2_OP_SESSSETUP, - 0x10, True, io->in.secblob.length); + 0x18, True, io->in.secblob.length); if (req == NULL) return NULL; SBVAL(req->out.hdr, SMB2_HDR_UID, session->uid); - SSVAL(req->out.body, 0x02, 0); /* pad */ + SSVAL(req->out.body, 0x02, io->in._pad); /* pad */ SIVAL(req->out.body, 0x04, io->in.unknown2); SIVAL(req->out.body, 0x08, io->in.unknown3); @@ -84,6 +84,7 @@ struct smb2_request *smb2_session_setup_send(struct smb2_session *session, talloc_free(req); return NULL; } + SBVAL(req->out.body, 0x10, io->in.unknown4); smb2_transport_send(req); @@ -209,9 +210,10 @@ struct composite_context *smb2_session_setup_spnego_send(struct smb2_session *se c->event_ctx = session->transport->socket->event.ctx; ZERO_STRUCT(state->io); - state->io.in._pad = 0x0; - state->io.in.unknown2 = 0xF; - state->io.in.unknown3 = 0x00; + state->io.in._pad = 0x0000; + state->io.in.unknown2 = 0x0000000F; + state->io.in.unknown3 = 0x00000000; + state->io.in.unknown4 = 0; /* uint64_t */ c->status = gensec_set_credentials(session->gensec, credentials); if (!NT_STATUS_IS_OK(c->status)) { diff --git a/source4/smb_server/smb2/sesssetup.c b/source4/smb_server/smb2/sesssetup.c index 31ad9a7fe4..6d472c26d4 100644 --- a/source4/smb_server/smb2/sesssetup.c +++ b/source4/smb_server/smb2/sesssetup.c @@ -126,22 +126,12 @@ static void smb2srv_sesssetup_send(struct smb2srv_request *req, union smb_sessse return; } - status = smb2srv_setup_reply(req, 0x08, True, io->smb2.out.secblob.length); - if (!NT_STATUS_IS_OK(status)) { - smbsrv_terminate_connection(req->smb_conn, nt_errstr(status)); - talloc_free(req); - return; - } + SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x08, True, io->smb2.out.secblob.length)); SBVAL(req->out.hdr, SMB2_HDR_UID, io->smb2.out.uid); SSVAL(req->out.body, 0x02, io->smb2.out._pad); - status = smb2_push_o16s16_blob(&req->out, 0x04, io->smb2.out.secblob); - if (!NT_STATUS_IS_OK(status)) { - smbsrv_terminate_connection(req->smb_conn, nt_errstr(status)); - talloc_free(req); - return; - } + SMB2SRV_CHECK(smb2_push_o16s16_blob(&req->out, 0x04, io->smb2.out.secblob)); smb2srv_send_reply(req); } @@ -151,31 +141,18 @@ void smb2srv_sesssetup_recv(struct smb2srv_request *req) union smb_sesssetup *io; NTSTATUS status; - if (req->in.body_size < 0x10) { - smb2srv_send_error(req, NT_STATUS_FOOBAR); - return; - } - io = talloc(req, union smb_sesssetup); - if (!io) { - smbsrv_terminate_connection(req->smb_conn, nt_errstr(NT_STATUS_NO_MEMORY)); - talloc_free(req); - return; - } + SMB2SRV_CHECK_BODY_SIZE(req, 0x18, True); + SMB2SRV_TALLOC_IO_PTR(io, union smb_sesssetup); io->smb2.level = RAW_SESSSETUP_SMB2; io->smb2.in._pad = SVAL(req->in.body, 0x02); io->smb2.in.unknown2 = IVAL(req->in.body, 0x04); io->smb2.in.unknown3 = IVAL(req->in.body, 0x08); - status = smb2_pull_o16s16_blob(&req->in, io, req->in.body+0x0C, &io->smb2.in.secblob); - if (!NT_STATUS_IS_OK(status)) { - smbsrv_terminate_connection(req->smb_conn, nt_errstr(status)); - talloc_free(req); - return; - } + SMB2SRV_CHECK(smb2_pull_o16s16_blob(&req->in, io, req->in.body+0x0C, &io->smb2.in.secblob)); + io->smb2.in.unknown4 = BVAL(req->in.body, 0x10); req->status = smb2srv_sesssetup_backend(req, io); - if (req->control_flags & SMB2SRV_REQ_CTRL_FLAG_NOT_REPLY) { talloc_free(req); return; @@ -200,12 +177,7 @@ static void smb2srv_logoff_send(struct smb2srv_request *req) return; } - status = smb2srv_setup_reply(req, 0x04, False, 0); - if (!NT_STATUS_IS_OK(status)) { - smbsrv_terminate_connection(req->smb_conn, nt_errstr(status)); - talloc_free(req); - return; - } + SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x04, False, 0)); SSVAL(req->out.body, 0x02, 0); @@ -216,10 +188,7 @@ void smb2srv_logoff_recv(struct smb2srv_request *req) { uint16_t _pad; - if (req->in.body_size < 0x04) { - smb2srv_send_error(req, NT_STATUS_FOOBAR); - return; - } + SMB2SRV_CHECK_BODY_SIZE(req, 0x04, False); _pad = SVAL(req->in.body, 0x02); |