diff --git a/CMakeLists.txt b/CMakeLists.txt index 562b8e26..4601a014 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,9 +1,9 @@ if(NOT ESP_PLATFORM) - + if(CMAKE_SYSTEM_NAME MATCHES NintendoSwitch OR CMAKE_SYSTEM_NAME MATCHES Nintendo3DS OR CMAKE_SYSTEM_NAME MATCHES Dreamcast OR CMAKE_SYSTEM_NAME MATCHES NintendoGameCube OR CMAKE_SYSTEM_NAME MATCHES NintendoDS OR CMAKE_SYSTEM_NAME MATCHES NintendoWii OR CMAKE_SYSTEM_NAME MATCHES CafeOS) cmake_minimum_required(VERSION 3.13) elseif(VITA) - cmake_minimum_required(VERSION 3.2) + cmake_minimum_required(VERSION 3.2) elseif(PICO_BOARD) cmake_minimum_required(VERSION 3.12) message(STATUS "Configuring libsmb2 for ${PICO_BOARD}") @@ -16,7 +16,7 @@ if(NOT ESP_PLATFORM) LANGUAGES C VERSION 2.3.0 ) - set(VERSION 2.3.0) + set(VERSION 2.3.0) set(PACKAGE "smb2man") set(PACKAGE_BUGREPORT "ronniesahlberg@gmail.com or andregui17@outlook.com") set(PACKAGE_NAME "smb2man") @@ -30,7 +30,7 @@ if(NOT ESP_PLATFORM) project(libsmb2 LANGUAGES C VERSION 6.1.0 - ) + ) set(VERSION 6.1.0) set(PACKAGE "libsmb2") set(PACKAGE_BUGREPORT "ronniesahlberg@gmail.com") @@ -52,7 +52,7 @@ endif() set(INSTALL_CMAKE_DIR "${CMAKE_INSTALL_PREFIX}/lib${LIB_SUFFIX}/cmake/libsmb2" CACHE PATH "Installation directory for cmake (.cmake) files") endif() if(CMAKE_SYSTEM_NAME MATCHES NintendoSwitch OR CMAKE_SYSTEM_NAME MATCHES Nintendo3DS OR PS4 OR PS2 OR VITA OR CMAKE_SYSTEM_NAME MATCHES Dreamcast OR CMAKE_SYSTEM_NAME MATCHES NintendoGameCube OR CMAKE_SYSTEM_NAME MATCHES NintendoDS OR CMAKE_SYSTEM_NAME MATCHES NintendoWii OR CMAKE_SYSTEM_NAME MATCHES CafeOS) - option(BUILD_SHARED_LIBS "Build shared libraries" OFF) + option(BUILD_SHARED_LIBS "Build shared libraries" OFF) else() option(BUILD_SHARED_LIBS "Build shared libraries" ON) endif() @@ -68,7 +68,7 @@ endif() endif() elseif(IOS) if (ENABLE_GSSAPI) - find_package(GSSAPI) + find_package(GSSAPI) endif() endif() @@ -98,14 +98,14 @@ endif() include/smb2 ) endif() - + if(CMAKE_SYSTEM_NAME MATCHES Linux) if (ENABLE_LIBKRB5) - set(core_DEPENDS ${LIBKRB5_LIBRARY} CACHE STRING "" FORCE) + set(core_DEPENDS ${LIBKRB5_LIBRARY} CACHE STRING "" FORCE) endif() elseif(IOS) if (ENABLE_GSSAPI) - set(core_DEPENDS ${GSSAPI_LIBRARIES} CACHE STRING "" FORCE) + set(core_DEPENDS ${GSSAPI_LIBRARIES} CACHE STRING "" FORCE) endif() endif() @@ -139,36 +139,36 @@ endif() add_compile_options("${CMAKE_C_FLAGS} ${CMAKE_LDFLAGS}") elseif(CMAKE_SYSTEM_NAME MATCHES NintendoDS) add_definitions(-DARM9 -D__NDS__ -DNEED_READV -DHAVE_SOCKADDR_STORAGE -DNEED_WRITEV -DNEED_GETLOGIN_R -DNEED_GETADDRINFO -DNEED_FREEADDRINFO -DNEED_POLL) - set(CMAKE_C_FLAGS "-Wno-format -Wpointer-arith") + set(CMAKE_C_FLAGS "-Wno-format -Wpointer-arith") set(CMAKE_CXX_FLAGS "${CMAKE_C_FLAGS} -fno-rtti -fno-exceptions -std=gnu11") set(CMAKE_C_LDFLAGS "${CMAKE_C_FLAGS} -specs=ds_arm9.specs -g") - add_compile_options("${CMAKE_C_FLAGS} ${CMAKE_LDFLAGS}") - elseif(CMAKE_SYSTEM_NAME MATCHES NintendoGameCube) + add_compile_options("${CMAKE_C_FLAGS} ${CMAKE_LDFLAGS}") + elseif(CMAKE_SYSTEM_NAME MATCHES NintendoGameCube) add_definitions(-DGEKKO -D__GC__ -DNEED_READV -DNEED_WRITEV -DNEED_GETLOGIN_R -DNEED_GETADDRINFO -DNEED_FREEADDRINFO -DNEED_POLL) set(CMAKE_C_FLAGS "-g") - #-O3 -Wall - add_compile_options("${CMAKE_C_FLAGS}") + #-O3 -Wall + add_compile_options("${CMAKE_C_FLAGS}") elseif(CMAKE_SYSTEM_NAME MATCHES NintendoWii) add_definitions(-DGEKKO -D__WII__ -DNEED_READV -DNEED_WRITEV -DNEED_GETLOGIN_R -DNEED_GETADDRINFO -DNEED_FREEADDRINFO -DNEED_POLL) set(CMAKE_C_FLAGS "-g") - #-O3 -Wall + #-O3 -Wall add_compile_options("${CMAKE_C_FLAGS}") elseif(CMAKE_SYSTEM_NAME MATCHES CafeOS) add_definitions(-D__WIIU__ -DNEED_READV -DNEED_WRITEV -DNEED_GETLOGIN_R) set(CMAKE_C_FLAGS "-g") - #-O3 -Wall - add_compile_options("${CMAKE_C_FLAGS}") + #-O3 -Wall + add_compile_options("${CMAKE_C_FLAGS}") elseif(PS4) add_definitions(-DPS4_PLATFORM) set(CMAKE_C_FLAGS "-funwind-tables") #-fuse-init-array -emit-llvm broken... - set(CMAKE_CXX_FLAGS "${CMAKE_C_FLAGS}") + set(CMAKE_CXX_FLAGS "${CMAKE_C_FLAGS}") add_compile_options("${CMAKE_C_FLAGS}") elseif(EE) add_definitions(-DNEED_BE64TOH -DNEED_POLL -DNEED_WRITEV -DNEED_READV -DNEED_GETLOGIN_R) if(EE AND PS2RPC) add_definitions(-DPS2RPC) - endif() + endif() elseif(IOP) add_definitions(-DHAVE_CONFIG_H -DNEED_BE64TOH -DNEED_STRDUP -DNEED_READV -DNEED_WRITEV -DNEED_POLL -DNEED_GETPID -DNEED_RANDOM -DNEED_SRANDOM -DNEED_GETLOGIN_R -DHAVE_STRING_H -DHAVE_SYS_FCNTL_H) if(IOP AND BUILD_IRX) @@ -177,22 +177,22 @@ endif() add_definitions(-DDEBUG) endif() set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -fno-builtin") - set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -s") + set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -s") endif() - set(CMAKE_C_FLAGS "-Wall") + set(CMAKE_C_FLAGS "-Wall") include_directories(${CMAKE_CURRENT_BINARY_DIR} include/ps2) add_compile_options("${CMAKE_C_FLAGS}") elseif(VITA) - add_definitions(-DNEED_READV -DNEED_WRITEV -DNEED_GETLOGIN_R) + add_definitions(-DNEED_READV -DNEED_WRITEV -DNEED_GETLOGIN_R) elseif(PICO_BOARD) add_definitions(-DNEED_BE64TOH -DNEED_POLL -DNEED_GETLOGIN_R) - elseif(ESP_PLATFORM) + elseif(ESP_PLATFORM) if(NOT CMAKE_BUILD_EARLY_EXPANSION) add_definitions(-DHAVE_CONFIG_H) endif() - add_definitions(-DNEED_READV -DNEED_WRITEV -DNEED_GETLOGIN_R -DNEED_RANDOM -DNEED_SRANDOM) + add_definitions(-DNEED_READV -DNEED_WRITEV -DNEED_GETLOGIN_R -DNEED_RANDOM -DNEED_SRANDOM) elseif(CMAKE_SYSTEM_NAME MATCHES Dreamcast) - add_definitions(-DNEED_WRITEV -DNEED_READV -DHAVE_CONFIG_H -DNEED_GETLOGIN_R) + add_definitions(-DNEED_WRITEV -DNEED_READV -DHAVE_CONFIG_H -DNEED_GETLOGIN_R) elseif(CMAKE_SYSTEM_NAME STREQUAL Solaris) find_library(SOCKET_LIBRARY socket) find_library(NSL_LIBRARY nsl) @@ -225,5 +225,5 @@ endif() install(FILES ${CMAKE_CURRENT_BINARY_DIR}/libsmb2.pc DESTINATION ${INSTALL_PKGCONFIG_DIR}) endif() - endif() + endif() diff --git a/examples/smb2-lsa-lookupsids.c b/examples/smb2-lsa-lookupsids.c index db8cdf2d..d78ecbb3 100644 --- a/examples/smb2-lsa-lookupsids.c +++ b/examples/smb2-lsa-lookupsids.c @@ -63,7 +63,7 @@ void cl_cb(struct dcerpc_context *dce, int status, void *command_data, void *cb_data) { struct lsa_close_rep *rep = command_data; - + if (status) { dcerpc_free_data(dce, rep); printf("failed to close policy handle (%s) %s\n", @@ -287,6 +287,6 @@ int main(int argc, char *argv[]) smb2_disconnect_share(smb2); smb2_destroy_url(url); smb2_destroy_context(smb2); - + return 0; } diff --git a/include/libsmb2-private.h b/include/libsmb2-private.h index d73bbc5d..71819740 100644 --- a/include/libsmb2-private.h +++ b/include/libsmb2-private.h @@ -32,7 +32,7 @@ extern "C" { #include #include #endif /* __APPLE__ */ -#endif /* HAVE_LIBKRB5 */ +#endif /* HAVE_LIBKRB5 */ #define MIN(a,b) (((a)<(b))?(a):(b)) @@ -341,7 +341,7 @@ struct smb2dir { int index; }; - + #define smb2_is_server(ctx) ((ctx)->owning_server != NULL) void smb2_set_nterror(struct smb2_context *smb2, int nterror, diff --git a/include/smb2/libsmb2.h b/include/smb2/libsmb2.h index 8fd24425..8969aea0 100644 --- a/include/smb2/libsmb2.h +++ b/include/smb2/libsmb2.h @@ -24,7 +24,7 @@ extern "C" { #endif #define LIBSMB2_SHARE_ENUM_V2 1 - + struct smb2_iovec { uint8_t *buf; size_t len; @@ -382,6 +382,18 @@ void smb2_set_user(struct smb2_context *smb2, const char *user); */ const char *smb2_get_user(struct smb2_context *smb2); +/* + * Get the workstation associated with a context. + * returns NULL if none + */ +const char *smb2_get_workstation(struct smb2_context *smb2); + +/* + * Get the domain associated with a context. + * returns NULL if none + */ +const char *smb2_get_domain(struct smb2_context *smb2); + /* * Set the password that we will try to authenticate as. * This function is only needed when libsmb2 is built --without-libkrb5 diff --git a/lib/krb5-wrapper.c b/lib/krb5-wrapper.c index 1d7ae023..ccb83bfb 100644 --- a/lib/krb5-wrapper.c +++ b/lib/krb5-wrapper.c @@ -600,13 +600,6 @@ krb5_init_server_cred(struct smb2_server *server, struct smb2_context *smb2, con if (auth_data->get_proxy_cred) { /* do constrained delegation */ cred_usage = GSS_C_BOTH; -#ifndef __APPLE__ - /* get a proxy ticket when user is known in session reply. note that this - * isnt absolutely required if the accept returns a delegatable cred but it - * does help find issues - */ - auth_data->s4u2self = 1; -#endif } else { cred_usage = GSS_C_ACCEPT; } @@ -777,15 +770,20 @@ krb5_session_reply(struct smb2_context *smb2, free(user); } - if (auth_data->get_proxy_cred) { - gss_cred_id_t impersonator_cred_handle = GSS_C_NO_CREDENTIAL; + if (auth_data->get_proxy_cred && (!(ret_flags & GSS_C_DELEG_FLAG) || + (ret_delegated_cred_handle == GSS_C_NO_CREDENTIAL))) { gss_cred_id_t user_cred_handle = GSS_C_NO_CREDENTIAL; gss_OID mech; OM_uint32 xmin; - #ifdef __APPLE__ - mech = auth_data->use_spnego ? GSS_SPNEGO_MECHANISM : GSS_KRB5_MECHANISM; - #else + /* did not got a proxy credential when accepting the + * the client context, so attempt an s4u2self + * with user-name to get one + */ +#ifdef __APPLE__ + smb2_set_error(smb2, "Apple has no way to proxy credentials"); + return -1; +#else gss_OID_set mechs = GSS_C_NO_OID_SET; gss_OID_set_desc mechlist; @@ -797,58 +795,31 @@ krb5_session_reply(struct smb2_context *smb2, mechlist.elements = discard_const(mech); mechs = &mechlist; } - #endif - - (void)gss_release_cred(&min, &ret_delegated_cred_handle); + maj = gss_acquire_cred_impersonate_name(&min, + auth_data->cred, + auth_data->user_name, + GSS_C_INDEFINITE, + mechs, + GSS_C_INITIATE, + &user_cred_handle, + NULL, + NULL); + if (maj != GSS_S_COMPLETE) { + krb5_set_gss_error(smb2, "gss_acquire_cred_impersonate_name", maj, min); + return -1; + } maj = init_accept_sec_context(smb2, mech, user_cred_handle, auth_data->cred, &ret_delegated_cred_handle); - (void)gss_release_cred(&xmin, &impersonator_cred_handle); (void)gss_release_cred(&xmin, &user_cred_handle); if (maj != GSS_S_COMPLETE) { - krb5_set_gss_error(smb2, "init_accept_sec_context (proxy ctx)", maj, min); + krb5_set_gss_error(smb2, "init_accept_sec_context (impersonate)", maj, min); return -1; } - - if (auth_data->s4u2self) { -#ifdef __APPLE__ - if (!((ret_flags & GSS_C_DELEG_FLAG) && (ret_delegated_cred_handle))) { - smb2_set_error(smb2, "Apple has no way to proxy credentials"); - return -1; - } -#else - (void)gss_release_cred(&min, &ret_delegated_cred_handle); - - maj = gss_acquire_cred_impersonate_name(&min, - auth_data->cred, - auth_data->user_name, - GSS_C_INDEFINITE, - mechs, - GSS_C_INITIATE, - &user_cred_handle, - NULL, - NULL); - - if (maj != GSS_S_COMPLETE) { - krb5_set_gss_error(smb2, "gss_acquire_cred_impersonate_name", maj, min); - return -1; - } - - maj = init_accept_sec_context(smb2, mech, - user_cred_handle, auth_data->cred, - &ret_delegated_cred_handle); - - (void)gss_release_cred(&xmin, &user_cred_handle); - - if (maj != GSS_S_COMPLETE) { - krb5_set_gss_error(smb2, "init_accept_sec_context (impersonate)", maj, min); - return -1; - } #endif - } } /* if the client credential is delegatable and the client is pass-through * save the client's cred for use in a proxy client diff --git a/lib/krb5-wrapper.h b/lib/krb5-wrapper.h index 996d51c8..f4adcee8 100644 --- a/lib/krb5-wrapper.h +++ b/lib/krb5-wrapper.h @@ -62,7 +62,6 @@ struct private_auth_data { uint32_t req_flags; gss_buffer_desc output_token; int get_proxy_cred; - int s4u2self; int use_spnego; char *g_server; krb5_context krb5_cctx; diff --git a/lib/libsmb2.c b/lib/libsmb2.c index 23c6f3fa..4eef9373 100644 --- a/lib/libsmb2.c +++ b/lib/libsmb2.c @@ -3206,12 +3206,10 @@ smb2_query_directory_request_cb(struct smb2_server *server, struct smb2_context pdu = smb2_cmd_query_directory_reply_async(smb2, req, &rep, NULL, cb_data); } } + if (req->name) { + smb2_free_data(smb2, discard_const(req->name)); + } if (pdu != NULL) { - if (req->name) { - /* this will get auto-free when context is closed - * if we dont do it here, so not required */ - smb2_free_data(smb2, discard_const(req->name)); - } smb2_queue_pdu(smb2, pdu); } } @@ -3319,7 +3317,7 @@ smb2_general_client_request_cb(struct smb2_context *smb2, int status, void *comm smb2_close_context(smb2); return; } - if (status == SMB2_STATUS_CANCELLED) { + if (status == SMB2_STATUS_CANCELLED || status == SMB2_STATUS_SHUTDOWN) { return; } diff --git a/lib/ntlmssp.c b/lib/ntlmssp.c index 3f1b5965..09cd6466 100644 --- a/lib/ntlmssp.c +++ b/lib/ntlmssp.c @@ -483,7 +483,7 @@ NTOWFv2(const char *user, const char *password, const char *domain, if (user == NULL || password == NULL) { return -1; } - + /* ntlm:F638EDF864C4805DC65D9BF2BB77E4C0 */ if ((strlen(password) == 37) && (strncmp(password, "ntlm:", 5) == 0)) { if (ntlm_convert_password_hash(password + 5, ntlm_hash) < 0) { diff --git a/lib/smb2-cmd-write.c b/lib/smb2-cmd-write.c index 25988c6a..2c5decf6 100644 --- a/lib/smb2-cmd-write.c +++ b/lib/smb2-cmd-write.c @@ -91,7 +91,7 @@ smb2_encode_write_request(struct smb2_context *smb2, if (smb2->passthrough) { req->write_channel_info_offset = (SMB2_READ_REQUEST_SIZE & 0xfffffffe) + SMB2_HEADER_SIZE; - smb2_set_uint16(iov, 44, req->write_channel_info_offset); + smb2_set_uint16(iov, 40, req->write_channel_info_offset); len = PAD_TO_64BIT(req->write_channel_info_length); buf = malloc(len); @@ -262,10 +262,11 @@ smb2_process_write_request_fixed(struct smb2_context *smb2, smb2_get_uint32(iov, 4, &req->length); smb2_get_uint64(iov, 8, &req->offset); memcpy(req->file_id, iov->buf + 16, SMB2_FD_SIZE); - smb2_get_uint32(iov, 24, &req->channel); - smb2_get_uint32(iov, 28, &req->remaining_bytes); - smb2_get_uint16(iov, 32, &req->write_channel_info_offset); - smb2_get_uint16(iov, 34, &req->write_channel_info_length); + smb2_get_uint32(iov, 32, &req->channel); + smb2_get_uint32(iov, 36, &req->remaining_bytes); + smb2_get_uint16(iov, 40, &req->write_channel_info_offset); + smb2_get_uint16(iov, 42, &req->write_channel_info_length); + smb2_get_uint32(iov, 44, &req->flags); req->buf = NULL; if (req->write_channel_info_length) { diff --git a/packaging/RPM/libsmb2.spec.in b/packaging/RPM/libsmb2.spec.in index 70163f9b..79014f29 100644 --- a/packaging/RPM/libsmb2.spec.in +++ b/packaging/RPM/libsmb2.spec.in @@ -96,7 +96,7 @@ development libraries for LibSMB2 * Mon Dec 16 2024 : Version 6.1.0 - Fix return code for smb2-ls on failure - Fix memory errors in smb2_opendir() - - Add a macro te test for the version of the share-enum api + - Add a macro to test for the version of the share-enum api * Wed Dec 11 2024 : Version 6.0.0 - Major rewrites to DCE-RPC - Initial support for building servers @@ -111,7 +111,7 @@ development libraries for LibSMB2 - Add support for 3.1.1 signing - Add support for PS2(EE) and PS3 - Fixes to UCS2 when compose characters are used. - + - Various MacOS fixes - Fix a few NULL dereferences * Mon Jun 10 2019 : Version 3.0.0