|
|
bec1a9 |
From a57290580b7fcffea9b76991f2dd49ad480d3b64 Mon Sep 17 00:00:00 2001
|
|
|
bec1a9 |
From: Stefan Metzmacher <metze@samba.org>
|
|
|
bec1a9 |
Date: Wed, 15 Mar 2017 17:04:30 +0000
|
|
|
bec1a9 |
Subject: [PATCH 1/2] libcli/smb: Fix alignment problems of
|
|
|
bec1a9 |
smb_bytes_pull_str()
|
|
|
bec1a9 |
|
|
|
bec1a9 |
This function needs to get the whole smb buffer in order to get
|
|
|
bec1a9 |
the alignment for unicode correct.
|
|
|
bec1a9 |
|
|
|
bec1a9 |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12824
|
|
|
bec1a9 |
|
|
|
bec1a9 |
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
bec1a9 |
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
bec1a9 |
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
|
bec1a9 |
(cherry picked from commit e60e77a8afd095bfdb3d678aa48570ca159d9b24)
|
|
|
bec1a9 |
---
|
|
|
bec1a9 |
libcli/smb/smb1cli_session.c | 28 +++++++++++++-------------
|
|
|
bec1a9 |
libcli/smb/smb_util.h | 3 ++-
|
|
|
bec1a9 |
libcli/smb/util.c | 47 +++++++++++++++++++++++++++++---------------
|
|
|
bec1a9 |
3 files changed, 47 insertions(+), 31 deletions(-)
|
|
|
bec1a9 |
|
|
|
bec1a9 |
diff --git a/libcli/smb/smb1cli_session.c b/libcli/smb/smb1cli_session.c
|
|
|
bec1a9 |
index 9d92aa6aed4..11614df0ae4 100644
|
|
|
bec1a9 |
--- a/libcli/smb/smb1cli_session.c
|
|
|
bec1a9 |
+++ b/libcli/smb/smb1cli_session.c
|
|
|
bec1a9 |
@@ -210,16 +210,16 @@ static void smb1cli_session_setup_lm21_done(struct tevent_req *subreq)
|
|
|
bec1a9 |
p = bytes;
|
|
|
bec1a9 |
|
|
|
bec1a9 |
status = smb_bytes_pull_str(state, &state->out_native_os,
|
|
|
bec1a9 |
- use_unicode, p,
|
|
|
bec1a9 |
- bytes+num_bytes-p, &ret;;
|
|
|
bec1a9 |
+ use_unicode, bytes, num_bytes,
|
|
|
bec1a9 |
+ p, &ret;;
|
|
|
bec1a9 |
if (tevent_req_nterror(req, status)) {
|
|
|
bec1a9 |
return;
|
|
|
bec1a9 |
}
|
|
|
bec1a9 |
p += ret;
|
|
|
bec1a9 |
|
|
|
bec1a9 |
status = smb_bytes_pull_str(state, &state->out_native_lm,
|
|
|
bec1a9 |
- use_unicode, p,
|
|
|
bec1a9 |
- bytes+num_bytes-p, &ret;;
|
|
|
bec1a9 |
+ use_unicode, bytes, num_bytes,
|
|
|
bec1a9 |
+ p, &ret;;
|
|
|
bec1a9 |
if (tevent_req_nterror(req, status)) {
|
|
|
bec1a9 |
return;
|
|
|
bec1a9 |
}
|
|
|
bec1a9 |
@@ -493,24 +493,24 @@ static void smb1cli_session_setup_nt1_done(struct tevent_req *subreq)
|
|
|
bec1a9 |
p = bytes;
|
|
|
bec1a9 |
|
|
|
bec1a9 |
status = smb_bytes_pull_str(state, &state->out_native_os,
|
|
|
bec1a9 |
- use_unicode, p,
|
|
|
bec1a9 |
- bytes+num_bytes-p, &ret;;
|
|
|
bec1a9 |
+ use_unicode, bytes, num_bytes,
|
|
|
bec1a9 |
+ p, &ret;;
|
|
|
bec1a9 |
if (tevent_req_nterror(req, status)) {
|
|
|
bec1a9 |
return;
|
|
|
bec1a9 |
}
|
|
|
bec1a9 |
p += ret;
|
|
|
bec1a9 |
|
|
|
bec1a9 |
status = smb_bytes_pull_str(state, &state->out_native_lm,
|
|
|
bec1a9 |
- use_unicode, p,
|
|
|
bec1a9 |
- bytes+num_bytes-p, &ret;;
|
|
|
bec1a9 |
+ use_unicode, bytes, num_bytes,
|
|
|
bec1a9 |
+ p, &ret;;
|
|
|
bec1a9 |
if (tevent_req_nterror(req, status)) {
|
|
|
bec1a9 |
return;
|
|
|
bec1a9 |
}
|
|
|
bec1a9 |
p += ret;
|
|
|
bec1a9 |
|
|
|
bec1a9 |
status = smb_bytes_pull_str(state, &state->out_primary_domain,
|
|
|
bec1a9 |
- use_unicode, p,
|
|
|
bec1a9 |
- bytes+num_bytes-p, &ret;;
|
|
|
bec1a9 |
+ use_unicode, bytes, num_bytes,
|
|
|
bec1a9 |
+ p, &ret;;
|
|
|
bec1a9 |
if (tevent_req_nterror(req, status)) {
|
|
|
bec1a9 |
return;
|
|
|
bec1a9 |
}
|
|
|
bec1a9 |
@@ -754,16 +754,16 @@ static void smb1cli_session_setup_ext_done(struct tevent_req *subreq)
|
|
|
bec1a9 |
p += out_security_blob_length;
|
|
|
bec1a9 |
|
|
|
bec1a9 |
status = smb_bytes_pull_str(state, &state->out_native_os,
|
|
|
bec1a9 |
- use_unicode, p,
|
|
|
bec1a9 |
- bytes+num_bytes-p, &ret;;
|
|
|
bec1a9 |
+ use_unicode, bytes, num_bytes,
|
|
|
bec1a9 |
+ p, &ret;;
|
|
|
bec1a9 |
if (tevent_req_nterror(req, status)) {
|
|
|
bec1a9 |
return;
|
|
|
bec1a9 |
}
|
|
|
bec1a9 |
p += ret;
|
|
|
bec1a9 |
|
|
|
bec1a9 |
status = smb_bytes_pull_str(state, &state->out_native_lm,
|
|
|
bec1a9 |
- use_unicode, p,
|
|
|
bec1a9 |
- bytes+num_bytes-p, &ret;;
|
|
|
bec1a9 |
+ use_unicode, bytes, num_bytes,
|
|
|
bec1a9 |
+ p, &ret;;
|
|
|
bec1a9 |
if (tevent_req_nterror(req, status)) {
|
|
|
bec1a9 |
return;
|
|
|
bec1a9 |
}
|
|
|
bec1a9 |
diff --git a/libcli/smb/smb_util.h b/libcli/smb/smb_util.h
|
|
|
bec1a9 |
index 7e6f0a4ebc4..2884786339d 100644
|
|
|
bec1a9 |
--- a/libcli/smb/smb_util.h
|
|
|
bec1a9 |
+++ b/libcli/smb/smb_util.h
|
|
|
bec1a9 |
@@ -38,4 +38,5 @@ uint8_t *trans2_bytes_push_bytes(uint8_t *buf,
|
|
|
bec1a9 |
const uint8_t *bytes, size_t num_bytes);
|
|
|
bec1a9 |
NTSTATUS smb_bytes_pull_str(TALLOC_CTX *mem_ctx, char **_str, bool ucs2,
|
|
|
bec1a9 |
const uint8_t *buf, size_t buf_len,
|
|
|
bec1a9 |
- size_t *pbuf_consumed);
|
|
|
bec1a9 |
+ const uint8_t *position,
|
|
|
bec1a9 |
+ size_t *_consumed);
|
|
|
bec1a9 |
diff --git a/libcli/smb/util.c b/libcli/smb/util.c
|
|
|
bec1a9 |
index ef8c9fafa35..7ef909c6077 100644
|
|
|
bec1a9 |
--- a/libcli/smb/util.c
|
|
|
bec1a9 |
+++ b/libcli/smb/util.c
|
|
|
bec1a9 |
@@ -319,29 +319,43 @@ uint8_t *trans2_bytes_push_bytes(uint8_t *buf,
|
|
|
bec1a9 |
static NTSTATUS internal_bytes_pull_str(TALLOC_CTX *mem_ctx, char **_str,
|
|
|
bec1a9 |
bool ucs2, bool align_odd,
|
|
|
bec1a9 |
const uint8_t *buf, size_t buf_len,
|
|
|
bec1a9 |
- size_t *pbuf_consumed)
|
|
|
bec1a9 |
+ const uint8_t *position,
|
|
|
bec1a9 |
+ size_t *p_consumed)
|
|
|
bec1a9 |
{
|
|
|
bec1a9 |
size_t pad = 0;
|
|
|
bec1a9 |
+ size_t offset;
|
|
|
bec1a9 |
char *str = NULL;
|
|
|
bec1a9 |
size_t str_len = 0;
|
|
|
bec1a9 |
bool ok;
|
|
|
bec1a9 |
|
|
|
bec1a9 |
*_str = NULL;
|
|
|
bec1a9 |
- if (pbuf_consumed != NULL) {
|
|
|
bec1a9 |
- *pbuf_consumed = 0;
|
|
|
bec1a9 |
+ if (p_consumed != NULL) {
|
|
|
bec1a9 |
+ *p_consumed = 0;
|
|
|
bec1a9 |
+ }
|
|
|
bec1a9 |
+
|
|
|
bec1a9 |
+ if (position < buf) {
|
|
|
bec1a9 |
+ return NT_STATUS_INTERNAL_ERROR;
|
|
|
bec1a9 |
+ }
|
|
|
bec1a9 |
+
|
|
|
bec1a9 |
+ offset = PTR_DIFF(position, buf);
|
|
|
bec1a9 |
+ if (offset > buf_len) {
|
|
|
bec1a9 |
+ return NT_STATUS_BUFFER_TOO_SMALL;
|
|
|
bec1a9 |
}
|
|
|
bec1a9 |
|
|
|
bec1a9 |
if (ucs2 &&
|
|
|
bec1a9 |
- ((align_odd && (buf_len % 2 == 0)) ||
|
|
|
bec1a9 |
- (!align_odd && (buf_len % 2 == 1)))) {
|
|
|
bec1a9 |
- if (buf_len < 1) {
|
|
|
bec1a9 |
- return NT_STATUS_BUFFER_TOO_SMALL;
|
|
|
bec1a9 |
- }
|
|
|
bec1a9 |
- pad = 1;
|
|
|
bec1a9 |
- buf_len -= pad;
|
|
|
bec1a9 |
- buf += pad;
|
|
|
bec1a9 |
+ ((align_odd && (offset % 2 == 0)) ||
|
|
|
bec1a9 |
+ (!align_odd && (offset % 2 == 1)))) {
|
|
|
bec1a9 |
+ pad += 1;
|
|
|
bec1a9 |
+ offset += 1;
|
|
|
bec1a9 |
+ }
|
|
|
bec1a9 |
+
|
|
|
bec1a9 |
+ if (offset > buf_len) {
|
|
|
bec1a9 |
+ return NT_STATUS_BUFFER_TOO_SMALL;
|
|
|
bec1a9 |
}
|
|
|
bec1a9 |
|
|
|
bec1a9 |
+ buf_len -= offset;
|
|
|
bec1a9 |
+ buf += offset;
|
|
|
bec1a9 |
+
|
|
|
bec1a9 |
if (ucs2) {
|
|
|
bec1a9 |
buf_len = utf16_len_n(buf, buf_len);
|
|
|
bec1a9 |
} else {
|
|
|
bec1a9 |
@@ -361,17 +375,18 @@ static NTSTATUS internal_bytes_pull_str(TALLOC_CTX *mem_ctx, char **_str,
|
|
|
bec1a9 |
return map_nt_error_from_unix_common(errno);
|
|
|
bec1a9 |
}
|
|
|
bec1a9 |
|
|
|
bec1a9 |
- if (pbuf_consumed != NULL) {
|
|
|
bec1a9 |
- *pbuf_consumed = buf_len + pad;
|
|
|
bec1a9 |
+ if (p_consumed != NULL) {
|
|
|
bec1a9 |
+ *p_consumed = buf_len + pad;
|
|
|
bec1a9 |
}
|
|
|
bec1a9 |
*_str = str;
|
|
|
bec1a9 |
- return NT_STATUS_OK;;
|
|
|
bec1a9 |
+ return NT_STATUS_OK;
|
|
|
bec1a9 |
}
|
|
|
bec1a9 |
|
|
|
bec1a9 |
NTSTATUS smb_bytes_pull_str(TALLOC_CTX *mem_ctx, char **_str, bool ucs2,
|
|
|
bec1a9 |
const uint8_t *buf, size_t buf_len,
|
|
|
bec1a9 |
- size_t *_buf_consumed)
|
|
|
bec1a9 |
+ const uint8_t *position,
|
|
|
bec1a9 |
+ size_t *_consumed)
|
|
|
bec1a9 |
{
|
|
|
bec1a9 |
return internal_bytes_pull_str(mem_ctx, _str, ucs2, true,
|
|
|
bec1a9 |
- buf, buf_len, _buf_consumed);
|
|
|
bec1a9 |
+ buf, buf_len, position, _consumed);
|
|
|
bec1a9 |
}
|
|
|
bec1a9 |
--
|
|
|
bec1a9 |
2.13.1
|
|
|
bec1a9 |
|
|
|
bec1a9 |
|
|
|
bec1a9 |
From 460941fe916d787057437412eef64c0ffdd1f65d Mon Sep 17 00:00:00 2001
|
|
|
bec1a9 |
From: Stefan Metzmacher <metze@samba.org>
|
|
|
bec1a9 |
Date: Wed, 15 Mar 2017 17:04:44 +0000
|
|
|
bec1a9 |
Subject: [PATCH 2/2] s3:libsmb: add cli_state_update_after_sesssetup() helper
|
|
|
bec1a9 |
function
|
|
|
bec1a9 |
|
|
|
bec1a9 |
This function updates cli->server_{os,type,domain} to valid values
|
|
|
bec1a9 |
after a session setup.
|
|
|
bec1a9 |
|
|
|
bec1a9 |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12779
|
|
|
bec1a9 |
|
|
|
bec1a9 |
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
bec1a9 |
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
|
bec1a9 |
(cherry picked from commit e0069bd2a4820eca17c59d91bd1853f2f053a7a3)
|
|
|
bec1a9 |
---
|
|
|
bec1a9 |
source3/libsmb/cliconnect.c | 74 +++++++++++++++++++++++++++++++--------------
|
|
|
bec1a9 |
1 file changed, 52 insertions(+), 22 deletions(-)
|
|
|
bec1a9 |
|
|
|
bec1a9 |
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
|
|
|
bec1a9 |
index a2362ceb863..ef03da17eec 100644
|
|
|
bec1a9 |
--- a/source3/libsmb/cliconnect.c
|
|
|
bec1a9 |
+++ b/source3/libsmb/cliconnect.c
|
|
|
bec1a9 |
@@ -372,6 +372,38 @@ NTSTATUS cli_session_creds_prepare_krb5(struct cli_state *cli,
|
|
|
bec1a9 |
return NT_STATUS_OK;
|
|
|
bec1a9 |
}
|
|
|
bec1a9 |
|
|
|
bec1a9 |
+static NTSTATUS cli_state_update_after_sesssetup(struct cli_state *cli,
|
|
|
bec1a9 |
+ const char *native_os,
|
|
|
bec1a9 |
+ const char *native_lm,
|
|
|
bec1a9 |
+ const char *primary_domain)
|
|
|
bec1a9 |
+{
|
|
|
bec1a9 |
+#define _VALID_STR(p) ((p) != NULL && (p)[0] != '\0')
|
|
|
bec1a9 |
+
|
|
|
bec1a9 |
+ if (!_VALID_STR(cli->server_os) && _VALID_STR(native_os)) {
|
|
|
bec1a9 |
+ cli->server_os = talloc_strdup(cli, native_os);
|
|
|
bec1a9 |
+ if (cli->server_os == NULL) {
|
|
|
bec1a9 |
+ return NT_STATUS_NO_MEMORY;
|
|
|
bec1a9 |
+ }
|
|
|
bec1a9 |
+ }
|
|
|
bec1a9 |
+
|
|
|
bec1a9 |
+ if (!_VALID_STR(cli->server_type) && _VALID_STR(native_lm)) {
|
|
|
bec1a9 |
+ cli->server_type = talloc_strdup(cli, native_lm);
|
|
|
bec1a9 |
+ if (cli->server_type == NULL) {
|
|
|
bec1a9 |
+ return NT_STATUS_NO_MEMORY;
|
|
|
bec1a9 |
+ }
|
|
|
bec1a9 |
+ }
|
|
|
bec1a9 |
+
|
|
|
bec1a9 |
+ if (!_VALID_STR(cli->server_domain) && _VALID_STR(primary_domain)) {
|
|
|
bec1a9 |
+ cli->server_domain = talloc_strdup(cli, primary_domain);
|
|
|
bec1a9 |
+ if (cli->server_domain == NULL) {
|
|
|
bec1a9 |
+ return NT_STATUS_NO_MEMORY;
|
|
|
bec1a9 |
+ }
|
|
|
bec1a9 |
+ }
|
|
|
bec1a9 |
+
|
|
|
bec1a9 |
+#undef _VALID_STRING
|
|
|
bec1a9 |
+ return NT_STATUS_OK;
|
|
|
bec1a9 |
+}
|
|
|
bec1a9 |
+
|
|
|
bec1a9 |
/********************************************************
|
|
|
bec1a9 |
Utility function to ensure we always return at least
|
|
|
bec1a9 |
a valid char * pointer to an empty string for the
|
|
|
bec1a9 |
@@ -762,7 +794,6 @@ static void cli_sesssetup_blob_done(struct tevent_req *subreq)
|
|
|
bec1a9 |
subreq, struct tevent_req);
|
|
|
bec1a9 |
struct cli_sesssetup_blob_state *state = tevent_req_data(
|
|
|
bec1a9 |
req, struct cli_sesssetup_blob_state);
|
|
|
bec1a9 |
- struct cli_state *cli = state->cli;
|
|
|
bec1a9 |
NTSTATUS status;
|
|
|
bec1a9 |
|
|
|
bec1a9 |
if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
|
|
|
bec1a9 |
@@ -784,15 +815,16 @@ static void cli_sesssetup_blob_done(struct tevent_req *subreq)
|
|
|
bec1a9 |
return;
|
|
|
bec1a9 |
}
|
|
|
bec1a9 |
|
|
|
bec1a9 |
- if (cli->server_os == NULL) {
|
|
|
bec1a9 |
- cli->server_os = talloc_move(cli, &state->out_native_os);
|
|
|
bec1a9 |
- }
|
|
|
bec1a9 |
- if (cli->server_type == NULL) {
|
|
|
bec1a9 |
- cli->server_type = talloc_move(cli, &state->out_native_lm);
|
|
|
bec1a9 |
- }
|
|
|
bec1a9 |
-
|
|
|
bec1a9 |
state->status = status;
|
|
|
bec1a9 |
|
|
|
bec1a9 |
+ status = cli_state_update_after_sesssetup(state->cli,
|
|
|
bec1a9 |
+ state->out_native_os,
|
|
|
bec1a9 |
+ state->out_native_lm,
|
|
|
bec1a9 |
+ NULL);
|
|
|
bec1a9 |
+ if (tevent_req_nterror(req, status)) {
|
|
|
bec1a9 |
+ return;
|
|
|
bec1a9 |
+ }
|
|
|
bec1a9 |
+
|
|
|
bec1a9 |
if (state->blob.length != 0) {
|
|
|
bec1a9 |
/*
|
|
|
bec1a9 |
* More to send
|
|
|
bec1a9 |
@@ -1667,14 +1699,12 @@ static void cli_session_setup_creds_done_nt1(struct tevent_req *subreq)
|
|
|
bec1a9 |
return;
|
|
|
bec1a9 |
}
|
|
|
bec1a9 |
|
|
|
bec1a9 |
- if (cli->server_os == NULL) {
|
|
|
bec1a9 |
- cli->server_os = talloc_move(cli, &state->out_native_os);
|
|
|
bec1a9 |
- }
|
|
|
bec1a9 |
- if (cli->server_type == NULL) {
|
|
|
bec1a9 |
- cli->server_type = talloc_move(cli, &state->out_native_lm);
|
|
|
bec1a9 |
- }
|
|
|
bec1a9 |
- if (cli->server_domain == NULL) {
|
|
|
bec1a9 |
- cli->server_domain = talloc_move(cli, &state->out_primary_domain);
|
|
|
bec1a9 |
+ status = cli_state_update_after_sesssetup(state->cli,
|
|
|
bec1a9 |
+ state->out_native_os,
|
|
|
bec1a9 |
+ state->out_native_lm,
|
|
|
bec1a9 |
+ state->out_primary_domain);
|
|
|
bec1a9 |
+ if (tevent_req_nterror(req, status)) {
|
|
|
bec1a9 |
+ return;
|
|
|
bec1a9 |
}
|
|
|
bec1a9 |
|
|
|
bec1a9 |
ok = smb1cli_conn_activate_signing(cli->conn,
|
|
|
bec1a9 |
@@ -1707,7 +1737,6 @@ static void cli_session_setup_creds_done_lm21(struct tevent_req *subreq)
|
|
|
bec1a9 |
subreq, struct tevent_req);
|
|
|
bec1a9 |
struct cli_session_setup_creds_state *state = tevent_req_data(
|
|
|
bec1a9 |
req, struct cli_session_setup_creds_state);
|
|
|
bec1a9 |
- struct cli_state *cli = state->cli;
|
|
|
bec1a9 |
NTSTATUS status;
|
|
|
bec1a9 |
|
|
|
bec1a9 |
status = smb1cli_session_setup_lm21_recv(subreq, state,
|
|
|
bec1a9 |
@@ -1720,11 +1749,12 @@ static void cli_session_setup_creds_done_lm21(struct tevent_req *subreq)
|
|
|
bec1a9 |
return;
|
|
|
bec1a9 |
}
|
|
|
bec1a9 |
|
|
|
bec1a9 |
- if (cli->server_os == NULL) {
|
|
|
bec1a9 |
- cli->server_os = talloc_move(cli, &state->out_native_os);
|
|
|
bec1a9 |
- }
|
|
|
bec1a9 |
- if (cli->server_type == NULL) {
|
|
|
bec1a9 |
- cli->server_type = talloc_move(cli, &state->out_native_lm);
|
|
|
bec1a9 |
+ status = cli_state_update_after_sesssetup(state->cli,
|
|
|
bec1a9 |
+ state->out_native_os,
|
|
|
bec1a9 |
+ state->out_native_lm,
|
|
|
bec1a9 |
+ NULL);
|
|
|
bec1a9 |
+ if (tevent_req_nterror(req, status)) {
|
|
|
bec1a9 |
+ return;
|
|
|
bec1a9 |
}
|
|
|
bec1a9 |
|
|
|
bec1a9 |
tevent_req_done(req);
|
|
|
bec1a9 |
--
|
|
|
bec1a9 |
2.13.1
|
|
|
bec1a9 |
|