From 63d0c5a0570908cee293cca3300a4b50f48f8afd Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 30 Jun 2006 11:07:47 +0000
Subject: r16708: the packet format of SMB2 SessionSetup has changed, there're
 8 more unknown bytes...

Note:
 - vista-CTP also support this as a server,
   but uses the old format as client
 - but vista-beta2 only uses and accept the new format

metze
(This used to be commit b3bdd4afdefc9ad3550f86a0aa6e6c90bf8ab416)
---
 source4/libcli/raw/interfaces.h     | 13 ++++++----
 source4/libcli/smb2/session.c       | 12 ++++++----
 source4/smb_server/smb2/sesssetup.c | 47 +++++++------------------------------
 3 files changed, 24 insertions(+), 48 deletions(-)

diff --git a/source4/libcli/raw/interfaces.h b/source4/libcli/raw/interfaces.h
index 3665af9548..c581978b81 100644
--- a/source4/libcli/raw/interfaces.h
+++ b/source4/libcli/raw/interfaces.h
@@ -372,13 +372,18 @@ union smb_sesssetup {
 		enum smb_sesssetup_level level;
 
 		struct {
-			/* static body buffer 16 (0x10) bytes */
-			/* uint16_t buffer_code;  0x11 = 0x10 + 1 */
+			/* NOTE: this was 0x11 = 0x10 + 1 in vista-CTP
+			 * and changed in vista-beta2, but both server's
+			 * can handle the 0x18 clients
+			 */
+			/* static body buffer 24 (0x18) bytes */
+			/* uint16_t buffer_code;  0x19 = 0x18 + 1 */
 			uint16_t _pad;
-			uint32_t unknown2; /* 0xF */
-			uint32_t unknown3; /* 0x00 */
+			uint32_t unknown2; /* 0x0000000F(vista-CTP) 0x00000007(vista-beta2) */
+			uint32_t unknown3; /* 0x0000000 */
 			/* uint16_t secblob_ofs */
 			/* uint16_t secblob_size */
+			uint64_t unknown4; /* 0x0000000000000000 only present in vista-beta2 */
 
 			/* dynamic body */
 			DATA_BLOB secblob;
diff --git a/source4/libcli/smb2/session.c b/source4/libcli/smb2/session.c
index 83e6d1ae00..7518a3d6d3 100644
--- a/source4/libcli/smb2/session.c
+++ b/source4/libcli/smb2/session.c
@@ -69,11 +69,11 @@ struct smb2_request *smb2_session_setup_send(struct smb2_session *session,
 	NTSTATUS status;
 	
 	req = smb2_request_init(session->transport, SMB2_OP_SESSSETUP, 
-				0x10, True, io->in.secblob.length);
+				0x18, True, io->in.secblob.length);
 	if (req == NULL) return NULL;
 
 	SBVAL(req->out.hdr,  SMB2_HDR_UID, session->uid);
-	SSVAL(req->out.body, 0x02, 0); /* pad */
+	SSVAL(req->out.body, 0x02, io->in._pad); /* pad */
 	SIVAL(req->out.body, 0x04, io->in.unknown2);
 	SIVAL(req->out.body, 0x08, io->in.unknown3);
 
@@ -84,6 +84,7 @@ struct smb2_request *smb2_session_setup_send(struct smb2_session *session,
 		talloc_free(req);
 		return NULL;
 	}
+	SBVAL(req->out.body, 0x10, io->in.unknown4);
 
 	smb2_transport_send(req);
 
@@ -209,9 +210,10 @@ struct composite_context *smb2_session_setup_spnego_send(struct smb2_session *se
 	c->event_ctx = session->transport->socket->event.ctx;
 
 	ZERO_STRUCT(state->io);
-	state->io.in._pad = 0x0;
-	state->io.in.unknown2 = 0xF;
-	state->io.in.unknown3 = 0x00;
+	state->io.in._pad = 0x0000;
+	state->io.in.unknown2 = 0x0000000F;
+	state->io.in.unknown3 = 0x00000000;
+	state->io.in.unknown4 = 0; /* uint64_t */
 
 	c->status = gensec_set_credentials(session->gensec, credentials);
 	if (!NT_STATUS_IS_OK(c->status)) {
diff --git a/source4/smb_server/smb2/sesssetup.c b/source4/smb_server/smb2/sesssetup.c
index 31ad9a7fe4..6d472c26d4 100644
--- a/source4/smb_server/smb2/sesssetup.c
+++ b/source4/smb_server/smb2/sesssetup.c
@@ -126,22 +126,12 @@ static void smb2srv_sesssetup_send(struct smb2srv_request *req, union smb_sessse
 		return;
 	}
 
-	status = smb2srv_setup_reply(req, 0x08, True, io->smb2.out.secblob.length);
-	if (!NT_STATUS_IS_OK(status)) {
-		smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
-		talloc_free(req);
-		return;
-	}
+	SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x08, True, io->smb2.out.secblob.length));
 
 	SBVAL(req->out.hdr, SMB2_HDR_UID,    io->smb2.out.uid);
 
 	SSVAL(req->out.body, 0x02, io->smb2.out._pad);
-	status = smb2_push_o16s16_blob(&req->out, 0x04, io->smb2.out.secblob);
-	if (!NT_STATUS_IS_OK(status)) {
-		smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
-		talloc_free(req);
-		return;
-	}
+	SMB2SRV_CHECK(smb2_push_o16s16_blob(&req->out, 0x04, io->smb2.out.secblob));
 
 	smb2srv_send_reply(req);
 }
@@ -151,31 +141,18 @@ void smb2srv_sesssetup_recv(struct smb2srv_request *req)
 	union smb_sesssetup *io;
 	NTSTATUS status;
 
-	if (req->in.body_size < 0x10) {
-		smb2srv_send_error(req,  NT_STATUS_FOOBAR);
-		return;
-	}
 
-	io = talloc(req, union smb_sesssetup);
-	if (!io) {
-		smbsrv_terminate_connection(req->smb_conn, nt_errstr(NT_STATUS_NO_MEMORY));
-		talloc_free(req);
-		return;
-	}
+	SMB2SRV_CHECK_BODY_SIZE(req, 0x18, True);
+	SMB2SRV_TALLOC_IO_PTR(io, union smb_sesssetup);
 
 	io->smb2.level		= RAW_SESSSETUP_SMB2;
 	io->smb2.in._pad	= SVAL(req->in.body, 0x02);
 	io->smb2.in.unknown2	= IVAL(req->in.body, 0x04);
 	io->smb2.in.unknown3	= IVAL(req->in.body, 0x08);
-	status = smb2_pull_o16s16_blob(&req->in, io, req->in.body+0x0C, &io->smb2.in.secblob);
-	if (!NT_STATUS_IS_OK(status)) {
-		smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
-		talloc_free(req);
-		return;
-	}
+	SMB2SRV_CHECK(smb2_pull_o16s16_blob(&req->in, io, req->in.body+0x0C, &io->smb2.in.secblob));
+	io->smb2.in.unknown4	= BVAL(req->in.body, 0x10);
 
 	req->status = smb2srv_sesssetup_backend(req, io);
-
 	if (req->control_flags & SMB2SRV_REQ_CTRL_FLAG_NOT_REPLY) {
 		talloc_free(req);
 		return;
@@ -200,12 +177,7 @@ static void smb2srv_logoff_send(struct smb2srv_request *req)
 		return;
 	}
 
-	status = smb2srv_setup_reply(req, 0x04, False, 0);
-	if (!NT_STATUS_IS_OK(status)) {
-		smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
-		talloc_free(req);
-		return;
-	}
+	SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x04, False, 0));
 
 	SSVAL(req->out.body, 0x02, 0);
 
@@ -216,10 +188,7 @@ void smb2srv_logoff_recv(struct smb2srv_request *req)
 {
 	uint16_t _pad;
 
-	if (req->in.body_size < 0x04) {
-		smb2srv_send_error(req,  NT_STATUS_FOOBAR);
-		return;
-	}
+	SMB2SRV_CHECK_BODY_SIZE(req, 0x04, False);
 
 	_pad	= SVAL(req->in.body, 0x02);
 
-- 
cgit