summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/libcli/raw/interfaces.h13
-rw-r--r--source4/libcli/smb2/session.c12
-rw-r--r--source4/smb_server/smb2/sesssetup.c47
3 files changed, 24 insertions, 48 deletions
diff --git a/source4/libcli/raw/interfaces.h b/source4/libcli/raw/interfaces.h
index 3665af9548..c581978b81 100644
--- a/source4/libcli/raw/interfaces.h
+++ b/source4/libcli/raw/interfaces.h
@@ -372,13 +372,18 @@ union smb_sesssetup {
enum smb_sesssetup_level level;
struct {
- /* static body buffer 16 (0x10) bytes */
- /* uint16_t buffer_code; 0x11 = 0x10 + 1 */
+ /* NOTE: this was 0x11 = 0x10 + 1 in vista-CTP
+ * and changed in vista-beta2, but both server's
+ * can handle the 0x18 clients
+ */
+ /* static body buffer 24 (0x18) bytes */
+ /* uint16_t buffer_code; 0x19 = 0x18 + 1 */
uint16_t _pad;
- uint32_t unknown2; /* 0xF */
- uint32_t unknown3; /* 0x00 */
+ uint32_t unknown2; /* 0x0000000F(vista-CTP) 0x00000007(vista-beta2) */
+ uint32_t unknown3; /* 0x0000000 */
/* uint16_t secblob_ofs */
/* uint16_t secblob_size */
+ uint64_t unknown4; /* 0x0000000000000000 only present in vista-beta2 */
/* dynamic body */
DATA_BLOB secblob;
diff --git a/source4/libcli/smb2/session.c b/source4/libcli/smb2/session.c
index 83e6d1ae00..7518a3d6d3 100644
--- a/source4/libcli/smb2/session.c
+++ b/source4/libcli/smb2/session.c
@@ -69,11 +69,11 @@ struct smb2_request *smb2_session_setup_send(struct smb2_session *session,
NTSTATUS status;
req = smb2_request_init(session->transport, SMB2_OP_SESSSETUP,
- 0x10, True, io->in.secblob.length);
+ 0x18, True, io->in.secblob.length);
if (req == NULL) return NULL;
SBVAL(req->out.hdr, SMB2_HDR_UID, session->uid);
- SSVAL(req->out.body, 0x02, 0); /* pad */
+ SSVAL(req->out.body, 0x02, io->in._pad); /* pad */
SIVAL(req->out.body, 0x04, io->in.unknown2);
SIVAL(req->out.body, 0x08, io->in.unknown3);
@@ -84,6 +84,7 @@ struct smb2_request *smb2_session_setup_send(struct smb2_session *session,
talloc_free(req);
return NULL;
}
+ SBVAL(req->out.body, 0x10, io->in.unknown4);
smb2_transport_send(req);
@@ -209,9 +210,10 @@ struct composite_context *smb2_session_setup_spnego_send(struct smb2_session *se
c->event_ctx = session->transport->socket->event.ctx;
ZERO_STRUCT(state->io);
- state->io.in._pad = 0x0;
- state->io.in.unknown2 = 0xF;
- state->io.in.unknown3 = 0x00;
+ state->io.in._pad = 0x0000;
+ state->io.in.unknown2 = 0x0000000F;
+ state->io.in.unknown3 = 0x00000000;
+ state->io.in.unknown4 = 0; /* uint64_t */
c->status = gensec_set_credentials(session->gensec, credentials);
if (!NT_STATUS_IS_OK(c->status)) {
diff --git a/source4/smb_server/smb2/sesssetup.c b/source4/smb_server/smb2/sesssetup.c
index 31ad9a7fe4..6d472c26d4 100644
--- a/source4/smb_server/smb2/sesssetup.c
+++ b/source4/smb_server/smb2/sesssetup.c
@@ -126,22 +126,12 @@ static void smb2srv_sesssetup_send(struct smb2srv_request *req, union smb_sessse
return;
}
- status = smb2srv_setup_reply(req, 0x08, True, io->smb2.out.secblob.length);
- if (!NT_STATUS_IS_OK(status)) {
- smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
- talloc_free(req);
- return;
- }
+ SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x08, True, io->smb2.out.secblob.length));
SBVAL(req->out.hdr, SMB2_HDR_UID, io->smb2.out.uid);
SSVAL(req->out.body, 0x02, io->smb2.out._pad);
- status = smb2_push_o16s16_blob(&req->out, 0x04, io->smb2.out.secblob);
- if (!NT_STATUS_IS_OK(status)) {
- smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
- talloc_free(req);
- return;
- }
+ SMB2SRV_CHECK(smb2_push_o16s16_blob(&req->out, 0x04, io->smb2.out.secblob));
smb2srv_send_reply(req);
}
@@ -151,31 +141,18 @@ void smb2srv_sesssetup_recv(struct smb2srv_request *req)
union smb_sesssetup *io;
NTSTATUS status;
- if (req->in.body_size < 0x10) {
- smb2srv_send_error(req, NT_STATUS_FOOBAR);
- return;
- }
- io = talloc(req, union smb_sesssetup);
- if (!io) {
- smbsrv_terminate_connection(req->smb_conn, nt_errstr(NT_STATUS_NO_MEMORY));
- talloc_free(req);
- return;
- }
+ SMB2SRV_CHECK_BODY_SIZE(req, 0x18, True);
+ SMB2SRV_TALLOC_IO_PTR(io, union smb_sesssetup);
io->smb2.level = RAW_SESSSETUP_SMB2;
io->smb2.in._pad = SVAL(req->in.body, 0x02);
io->smb2.in.unknown2 = IVAL(req->in.body, 0x04);
io->smb2.in.unknown3 = IVAL(req->in.body, 0x08);
- status = smb2_pull_o16s16_blob(&req->in, io, req->in.body+0x0C, &io->smb2.in.secblob);
- if (!NT_STATUS_IS_OK(status)) {
- smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
- talloc_free(req);
- return;
- }
+ SMB2SRV_CHECK(smb2_pull_o16s16_blob(&req->in, io, req->in.body+0x0C, &io->smb2.in.secblob));
+ io->smb2.in.unknown4 = BVAL(req->in.body, 0x10);
req->status = smb2srv_sesssetup_backend(req, io);
-
if (req->control_flags & SMB2SRV_REQ_CTRL_FLAG_NOT_REPLY) {
talloc_free(req);
return;
@@ -200,12 +177,7 @@ static void smb2srv_logoff_send(struct smb2srv_request *req)
return;
}
- status = smb2srv_setup_reply(req, 0x04, False, 0);
- if (!NT_STATUS_IS_OK(status)) {
- smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
- talloc_free(req);
- return;
- }
+ SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x04, False, 0));
SSVAL(req->out.body, 0x02, 0);
@@ -216,10 +188,7 @@ void smb2srv_logoff_recv(struct smb2srv_request *req)
{
uint16_t _pad;
- if (req->in.body_size < 0x04) {
- smb2srv_send_error(req, NT_STATUS_FOOBAR);
- return;
- }
+ SMB2SRV_CHECK_BODY_SIZE(req, 0x04, False);
_pad = SVAL(req->in.body, 0x02);