diff options
author | Stefan Metzmacher <metze@samba.org> | 2009-03-18 07:56:51 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2009-03-27 13:06:54 +0100 |
commit | 7301736f82de4e48fe2ca1491631c12ab4099db6 (patch) | |
tree | 15868a704d274d4340b69319f58778caf77305b0 | |
parent | 6d743ddcaf9876f5f43feb402c782ea7a47ee411 (diff) | |
download | samba-7301736f82de4e48fe2ca1491631c12ab4099db6.tar.gz samba-7301736f82de4e48fe2ca1491631c12ab4099db6.tar.xz samba-7301736f82de4e48fe2ca1491631c12ab4099db6.zip |
s3:libsmb: fix smb signing for fragmented trans/trans2/nttrans requests
Before we send the secondary requests we need to remove the
old mid=>seqnum mapping and reset cli->mid and make the new
mid=>seqnum mapping "persistent".
The bug we had in cli_send_trans was this:
The first cli_send_smb() incremented cli->mid
and the secondary requests used the incremented mid,
but as cli->outbuf still had the correct mid,
we send the correct mid to the server. The real problem
was that the cli_send_smb() function stored the seqnum
under the wrong mid.
cli_send_nttrans() was totally broken and now follows the
same logic as cli_send_trans().
The good thing is that in practice the problem is unlikely to happen,
because max_xmit is large enough to avoid secondary requests.
metze
(cherry picked from commit 880fbc4e8cd67de73c4bcda94489eb1e1422a04b)
(cherry picked from commit 70466990b4b7c68ae95dbbcf741cd3f41f2dd0b3)
(cherry picked from commit d01cca5e3ddb925696d49a1ea728013ec1032372)
(cherry picked from commit 6c13360e195189f7afc70c5fda6ef27f46145b0b)
-rw-r--r-- | source/libsmb/clitrans.c | 30 |
1 files changed, 7 insertions, 23 deletions
diff --git a/source/libsmb/clitrans.c b/source/libsmb/clitrans.c index 4bb70f1a088..b42cde9b5cf 100644 --- a/source/libsmb/clitrans.c +++ b/source/libsmb/clitrans.c @@ -112,9 +112,6 @@ bool cli_send_trans(struct cli_state *cli, int trans, this_lparam = MIN(lparam-tot_param,cli->max_xmit - 500); /* hack */ this_ldata = MIN(ldata-tot_data,cli->max_xmit - (500+this_lparam)); - client_set_trans_sign_state_off(cli, mid); - client_set_trans_sign_state_on(cli, mid); - cli_set_message(cli->outbuf,trans==SMBtrans?8:9,0,True); SCVAL(cli->outbuf,smb_com,(trans==SMBtrans ? SMBtranss : SMBtranss2)); @@ -138,20 +135,14 @@ bool cli_send_trans(struct cli_state *cli, int trans, memcpy(outdata,data+tot_data,this_ldata); cli_setup_bcc(cli, outdata+this_ldata); - /* - * Save the mid we're using. We need this for finding - * signing replies. - */ - mid = cli->mid; - show_msg(cli->outbuf); + + client_set_trans_sign_state_off(cli, mid); + cli->mid = mid; if (!cli_send_smb(cli)) { - client_set_trans_sign_state_off(cli, mid); return False; } - - /* Ensure we use the same mid for the secondaries. */ - cli->mid = mid; + client_set_trans_sign_state_on(cli, mid); tot_data += this_ldata; tot_param += this_lparam; @@ -461,21 +452,14 @@ bool cli_send_nt_trans(struct cli_state *cli, memcpy(outdata,data+tot_data,this_ldata); cli_setup_bcc(cli, outdata+this_ldata); - /* - * Save the mid we're using. We need this for finding - * signing replies. - */ - mid = cli->mid; - show_msg(cli->outbuf); + client_set_trans_sign_state_off(cli, mid); + cli->mid = mid; if (!cli_send_smb(cli)) { - client_set_trans_sign_state_off(cli, mid); return False; } - - /* Ensure we use the same mid for the secondaries. */ - cli->mid = mid; + client_set_trans_sign_state_on(cli, mid); tot_data += this_ldata; tot_param += this_lparam; |