The branch, master has been updated via 7ffa732d828 s3: smbd: Move check_fsp_open() and check_fsp() to smb1_reply.c via 2fe95f6a302 s3: smbd: Ensure check_fsp_ntquota_handle() doesn't send SMB1 error packets. via 55f4ac65f91 s3: smbd: SMB1 check_fsp_open() implicitly calls reply_nterror(.., NT_STATUS_INVALID_HANDLE) on error so don't duplicate in reply_close(). from d7bab36ad11 tests/krb5: Use Python bindings for LZ77+Huffman compression
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 7ffa732d8280c2e88daab6c3b97de71a3cdfb3ba Author: Jeremy Allison <j...@samba.org> Date: Mon Jan 9 17:33:14 2023 -0800 s3: smbd: Move check_fsp_open() and check_fsp() to smb1_reply.c As these functions can implicitly call reply_nterror(..., NT_STATUS_INVALID_HANDLE) they should never be available to SMB2 code paths. Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> Autobuild-User(master): Volker Lendecke <v...@samba.org> Autobuild-Date(master): Wed Jan 11 08:17:04 UTC 2023 on sn-devel-184 commit 2fe95f6a3020ed2d582f94ab7640e8ef640a1c36 Author: Jeremy Allison <j...@samba.org> Date: Mon Jan 9 17:22:12 2023 -0800 s3: smbd: Ensure check_fsp_ntquota_handle() doesn't send SMB1 error packets. check_fsp_ntquota_handle() is called from SMB2 codepaths as well as from SMB1. Even in the SMB1 cases the callers of check_fsp_ntquota_handle() handle sendng the error packet when check_fsp_ntquota_handle returns false so on a 'return false' we'd end up sending an error packet twice. The SMB2 callers of check_fsp_ntquota_handle() already check that fsp is valid, so there's no danger of us sending an SMB1 error packet over the SMB2 stream (so I'm not classing this as a bug to be back-ported). Fix check_fsp_ntquota_handle() by inlineing the check_fsp_open() functionality without the reply_nterror() calls. This will allow the next commit to move check_fsp_open() with the implicit reply_nterror() and also check_fsp() (which calls check_fsp_open()) into the SMB1 smb1_reply.c file as SMB1-only code. Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> commit 55f4ac65f9120d12ed4059b5c3214e9a97f97205 Author: Jeremy Allison <j...@samba.org> Date: Mon Jan 9 17:28:06 2023 -0800 s3: smbd: SMB1 check_fsp_open() implicitly calls reply_nterror(.., NT_STATUS_INVALID_HANDLE) on error so don't duplicate in reply_close(). We'd end up sending 2 SMB1 error packets in this case. Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/smbd/smb1_reply.c | 41 ++++++++++++++++++++++++++++++++++++++++- source3/smbd/smb2_reply.c | 46 +++++----------------------------------------- 2 files changed, 45 insertions(+), 42 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/smb1_reply.c b/source3/smbd/smb1_reply.c index d53f5902da4..de6b4d99f79 100644 --- a/source3/smbd/smb1_reply.c +++ b/source3/smbd/smb1_reply.c @@ -52,6 +52,46 @@ #include "source3/printing/rap_jobid.h" #include "source3/lib/substitute.h" +/**************************************************************************** + Check if we have a correct fsp pointing to a file. Basic check for open fsp. +****************************************************************************/ + +bool check_fsp_open(connection_struct *conn, struct smb_request *req, + files_struct *fsp) +{ + if ((fsp == NULL) || (conn == NULL)) { + reply_nterror(req, NT_STATUS_INVALID_HANDLE); + return false; + } + if ((conn != fsp->conn) || (req->vuid != fsp->vuid)) { + reply_nterror(req, NT_STATUS_INVALID_HANDLE); + return false; + } + return true; +} + +/**************************************************************************** + Check if we have a correct fsp pointing to a file. +****************************************************************************/ + +bool check_fsp(connection_struct *conn, struct smb_request *req, + files_struct *fsp) +{ + if (!check_fsp_open(conn, req, fsp)) { + return false; + } + if (fsp->fsp_flags.is_directory) { + reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST); + return false; + } + if (fsp_get_pathref_fd(fsp) == -1) { + reply_nterror(req, NT_STATUS_ACCESS_DENIED); + return false; + } + fsp->num_smb_operations++; + return true; +} + /**************************************************************************** Reply to a tcon. conn POINTER CAN BE NULL HERE ! @@ -4744,7 +4784,6 @@ void reply_close(struct smb_request *smb1req) */ if (!check_fsp_open(conn, smb1req, fsp)) { - reply_nterror(smb1req, NT_STATUS_INVALID_HANDLE); END_PROFILE(SMBclose); return; } diff --git a/source3/smbd/smb2_reply.c b/source3/smbd/smb2_reply.c index 90aa92193b9..76e3cf789cd 100644 --- a/source3/smbd/smb2_reply.c +++ b/source3/smbd/smb2_reply.c @@ -524,46 +524,6 @@ size_t srvstr_pull_req_talloc(TALLOC_CTX *ctx, struct smb_request *req, bufrem, flags); } -/**************************************************************************** - Check if we have a correct fsp pointing to a file. Basic check for open fsp. -****************************************************************************/ - -bool check_fsp_open(connection_struct *conn, struct smb_request *req, - files_struct *fsp) -{ - if ((fsp == NULL) || (conn == NULL)) { - reply_nterror(req, NT_STATUS_INVALID_HANDLE); - return False; - } - if ((conn != fsp->conn) || (req->vuid != fsp->vuid)) { - reply_nterror(req, NT_STATUS_INVALID_HANDLE); - return False; - } - return True; -} - -/**************************************************************************** - Check if we have a correct fsp pointing to a file. -****************************************************************************/ - -bool check_fsp(connection_struct *conn, struct smb_request *req, - files_struct *fsp) -{ - if (!check_fsp_open(conn, req, fsp)) { - return False; - } - if (fsp->fsp_flags.is_directory) { - reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST); - return False; - } - if (fsp_get_pathref_fd(fsp) == -1) { - reply_nterror(req, NT_STATUS_ACCESS_DENIED); - return False; - } - fsp->num_smb_operations++; - return True; -} - /**************************************************************************** Check if we have a correct fsp pointing to a quota fake file. Replacement for the CHECK_NTQUOTA_HANDLE_OK macro. @@ -572,7 +532,11 @@ bool check_fsp(connection_struct *conn, struct smb_request *req, bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req, files_struct *fsp) { - if (!check_fsp_open(conn, req, fsp)) { + if ((fsp == NULL) || (conn == NULL)) { + return false; + } + + if ((conn != fsp->conn) || (req->vuid != fsp->vuid)) { return false; } -- Samba Shared Repository