From a1a92688ba0a811400b4d12920988c62fa0efdf4 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 23 Sep 2008 08:06:33 +0200 Subject: s4-nbt: use ../libcli/nbt Guenther --- source4/libcli/raw/clitransport.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/libcli/raw') diff --git a/source4/libcli/raw/clitransport.c b/source4/libcli/raw/clitransport.c index e95ae3271e..f8ef343e3a 100644 --- a/source4/libcli/raw/clitransport.c +++ b/source4/libcli/raw/clitransport.c @@ -28,7 +28,7 @@ #include "lib/stream/packet.h" #include "librpc/gen_ndr/ndr_nbt.h" #include "param/param.h" -#include "libcli/nbt/libnbt.h" +#include "../libcli/nbt/libnbt.h" /* -- cgit From 781d7c4c1cbd34413450f251d4078a9cb8055831 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 9 Sep 2008 17:50:30 +0200 Subject: libcli/raw: give the caller the chance to prevent the talloc_free(req) in the _recv functions metze --- source4/libcli/raw/libcliraw.h | 3 +++ source4/libcli/raw/rawrequest.c | 6 +++++- 2 files changed, 8 insertions(+), 1 deletion(-) (limited to 'source4/libcli/raw') diff --git a/source4/libcli/raw/libcliraw.h b/source4/libcli/raw/libcliraw.h index d55b4cc42c..c9cafedd4c 100644 --- a/source4/libcli/raw/libcliraw.h +++ b/source4/libcli/raw/libcliraw.h @@ -261,6 +261,9 @@ struct smbcli_request { counter by one */ uint_t sign_single_increment:1; + /* give the caller a chance to prevent the talloc_free() in the _recv() function */ + bool do_not_free; + /* the mid of this packet - used to match replies */ uint16_t mid; diff --git a/source4/libcli/raw/rawrequest.c b/source4/libcli/raw/rawrequest.c index a0e6452748..dd9b1f3e96 100644 --- a/source4/libcli/raw/rawrequest.c +++ b/source4/libcli/raw/rawrequest.c @@ -72,7 +72,11 @@ _PUBLIC_ NTSTATUS smbcli_request_destroy(struct smbcli_request *req) } status = req->status; - talloc_free(req); + + if (!req->do_not_free) { + talloc_free(req); + } + return status; } -- cgit From e00ab641b4aeafa70d035c66baf31b965a7e5734 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 9 Sep 2008 17:54:13 +0200 Subject: libcli/raw: give the caller the chance to do the signing checks on its own. metze --- source4/libcli/raw/libcliraw.h | 3 +++ source4/libcli/raw/smb_signing.c | 7 +++++++ 2 files changed, 10 insertions(+) (limited to 'source4/libcli/raw') diff --git a/source4/libcli/raw/libcliraw.h b/source4/libcli/raw/libcliraw.h index c9cafedd4c..bd9bda0db1 100644 --- a/source4/libcli/raw/libcliraw.h +++ b/source4/libcli/raw/libcliraw.h @@ -261,6 +261,9 @@ struct smbcli_request { counter by one */ uint_t sign_single_increment:1; + /* the caller wants to do the signing check */ + bool sign_caller_checks; + /* give the caller a chance to prevent the talloc_free() in the _recv() function */ bool do_not_free; diff --git a/source4/libcli/raw/smb_signing.c b/source4/libcli/raw/smb_signing.c index 1d03686d9a..ae17dadf33 100644 --- a/source4/libcli/raw/smb_signing.c +++ b/source4/libcli/raw/smb_signing.c @@ -298,6 +298,13 @@ bool smbcli_request_check_sign_mac(struct smbcli_request *req) { bool good; + if (!req->transport->negotiate.sign_info.doing_signing && + req->sign_caller_checks) { + return true; + } + + req->sign_caller_checks = false; + switch (req->transport->negotiate.sign_info.signing_state) { case SMB_SIGNING_ENGINE_OFF: -- cgit From 7deacc615e92221548fea940b0e90fe03a3ec098 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 9 Sep 2008 17:56:11 +0200 Subject: libcli/raw: in SMB_SIGNING_ENGINE_BSRSPYL state it's ok to accept any signature Even if signing is mandatory. With NTLMSSP this happens for the session setup: request1 => BSRSPYL response1 => BSRSPYL request2 => BSRSPYL response2 => and with krb5: request1 => BSRSPYL response1 => metze --- source4/libcli/raw/smb_signing.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/libcli/raw') diff --git a/source4/libcli/raw/smb_signing.c b/source4/libcli/raw/smb_signing.c index ae17dadf33..c23fb16128 100644 --- a/source4/libcli/raw/smb_signing.c +++ b/source4/libcli/raw/smb_signing.c @@ -310,6 +310,8 @@ bool smbcli_request_check_sign_mac(struct smbcli_request *req) case SMB_SIGNING_ENGINE_OFF: return true; case SMB_SIGNING_ENGINE_BSRSPYL: + return true; + case SMB_SIGNING_ENGINE_ON: { if (req->in.size < (HDR_SS_FIELD + 8)) { -- cgit From 8c3d96993421e8e6a9fc5d265e4caa71acbd80c8 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 23 Sep 2008 02:29:20 +0200 Subject: libcli/raw: real signing starts at seqnumber 2 metze --- source4/libcli/raw/smb_signing.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/libcli/raw') diff --git a/source4/libcli/raw/smb_signing.c b/source4/libcli/raw/smb_signing.c index c23fb16128..826d7dd56b 100644 --- a/source4/libcli/raw/smb_signing.c +++ b/source4/libcli/raw/smb_signing.c @@ -359,6 +359,7 @@ bool smbcli_simple_set_signing(TALLOC_CTX *mem_ctx, dump_data_pw("Started Signing with key:\n", sign_info->mac_key.data, sign_info->mac_key.length); sign_info->signing_state = SMB_SIGNING_ENGINE_ON; + sign_info->next_seq_num = 2; return true; } -- cgit