The branch, v3-0-test has been updated
via 660be616b85a32725841877041190a6ec0f122f1 (commit)
via 968ff01d5163b232e10276efbcfd6750f97d81a5 (commit)
from deefb1a4bcfdbbf7d045948598140c477591ea44 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test
- Log -----------------------------------------------------------------
commit 660be616b85a32725841877041190a6ec0f122f1
Author: Volker Lendecke <[EMAIL PROTECTED]>
Date: Tue May 13 16:23:19 2008 +0200
Fix signing problem in the client with transs requests
This is a different fix than Jeremy put into 3-0-test with 040db1ce85 and
other
branches with different hashes. Jeremy, I think your fix led to bug 5436,
so I
reverted your fix. This fixes the original problem I found with the transs
requests for large rpc queries in a different way. Please check!
Thanks,
Volker
commit 968ff01d5163b232e10276efbcfd6750f97d81a5
Author: Volker Lendecke <[EMAIL PROTECTED]>
Date: Tue May 13 16:41:23 2008 +0200
Revert "Fix signing bug found by Volker. That one was *subtle*."
This reverts commit 040db1ce851909704d093538ba063863fa11f73e.
-----------------------------------------------------------------------
Summary of changes:
source/libsmb/clitrans.c | 17 +++++++++
source/libsmb/smb_signing.c | 79 ++++++++++++++++++++++++++++++++++++++++---
2 files changed, 91 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/libsmb/clitrans.c b/source/libsmb/clitrans.c
index f43a2aa..441f5a0 100644
--- a/source/libsmb/clitrans.c
+++ b/source/libsmb/clitrans.c
@@ -95,9 +95,14 @@ BOOL cli_send_trans(struct cli_state *cli, int trans,
return False;
}
+ /* Note we're in a trans state. Save the sequence
+ * numbers for replies. */
+ client_set_trans_sign_state_on(cli, mid);
+
if (this_ldata < ldata || this_lparam < lparam) {
/* receive interim response */
if (!cli_receive_smb(cli) || cli_is_error(cli)) {
+ client_set_trans_sign_state_off(cli, mid);
return(False);
}
@@ -108,6 +113,9 @@ BOOL cli_send_trans(struct cli_state *cli, int trans,
this_lparam = MIN(lparam-tot_param,cli->max_xmit -
500); /* hack */
this_ldata = MIN(ldata-tot_data,cli->max_xmit -
(500+this_lparam));
+ client_set_trans_sign_state_off(cli, mid);
+ client_set_trans_sign_state_on(cli, mid);
+
set_message(cli->outbuf,trans==SMBtrans?8:9,0,True);
SCVAL(cli->outbuf,smb_com,(trans==SMBtrans ? SMBtranss
: SMBtranss2));
@@ -139,6 +147,7 @@ BOOL cli_send_trans(struct cli_state *cli, int trans,
show_msg(cli->outbuf);
if (!cli_send_smb(cli)) {
+ client_set_trans_sign_state_off(cli, mid);
return False;
}
@@ -317,6 +326,7 @@ BOOL cli_receive_trans(struct cli_state *cli,int trans,
out:
+ client_set_trans_sign_state_off(cli, SVAL(cli->inbuf,smb_mid));
return ret;
}
@@ -384,9 +394,14 @@ BOOL cli_send_nt_trans(struct cli_state *cli,
return False;
}
+ /* Note we're in a trans state. Save the sequence
+ * numbers for replies. */
+ client_set_trans_sign_state_on(cli, mid);
+
if (this_ldata < ldata || this_lparam < lparam) {
/* receive interim response */
if (!cli_receive_smb(cli) || cli_is_error(cli)) {
+ client_set_trans_sign_state_off(cli, mid);
return(False);
}
@@ -428,6 +443,7 @@ BOOL cli_send_nt_trans(struct cli_state *cli,
show_msg(cli->outbuf);
if (!cli_send_smb(cli)) {
+ client_set_trans_sign_state_off(cli, mid);
return False;
}
@@ -627,5 +643,6 @@ BOOL cli_receive_nt_trans(struct cli_state *cli,
out:
+ client_set_trans_sign_state_off(cli, SVAL(cli->inbuf,smb_mid));
return ret;
}
diff --git a/source/libsmb/smb_signing.c b/source/libsmb/smb_signing.c
index 6768c2a..df74b2d 100644
--- a/source/libsmb/smb_signing.c
+++ b/source/libsmb/smb_signing.c
@@ -26,6 +26,7 @@ struct outstanding_packet_lookup {
struct outstanding_packet_lookup *prev, *next;
uint16 mid;
uint32 reply_seq_num;
+ BOOL can_delete; /* Set to False in trans state. */
};
struct smb_basic_signing_context {
@@ -42,9 +43,7 @@ static BOOL store_sequence_for_reply(struct
outstanding_packet_lookup **list,
/* Ensure we only add a mid once. */
for (t = *list; t; t = t->next) {
if (t->mid == mid) {
- DLIST_REMOVE(*list, t);
- SAFE_FREE(t);
- break;
+ return False;
}
}
@@ -53,6 +52,7 @@ static BOOL store_sequence_for_reply(struct
outstanding_packet_lookup **list,
t->mid = mid;
t->reply_seq_num = reply_seq_num;
+ t->can_delete = True;
/*
* Add to the *start* of the list not the end of the list.
@@ -79,8 +79,23 @@ static BOOL get_sequence_for_reply(struct
outstanding_packet_lookup **list,
*reply_seq_num = t->reply_seq_num;
DEBUG(10,("get_sequence_for_reply: found seq = %u mid =
%u\n",
(unsigned int)t->reply_seq_num, (unsigned
int)t->mid ));
- DLIST_REMOVE(*list, t);
- SAFE_FREE(t);
+ if (t->can_delete) {
+ DLIST_REMOVE(*list, t);
+ SAFE_FREE(t);
+ }
+ return True;
+ }
+ }
+ return False;
+}
+
+static BOOL set_sequence_can_delete_flag(struct outstanding_packet_lookup
**list, uint16 mid, BOOL can_delete_entry)
+{
+ struct outstanding_packet_lookup *t;
+
+ for (t = *list; t; t = t->next) {
+ if (t->mid == mid) {
+ t->can_delete = can_delete_entry;
return True;
}
}
@@ -589,6 +604,60 @@ BOOL cli_check_sign_mac(struct cli_state *cli)
}
/***********************************************************
+ Enter trans/trans2/nttrans state.
+************************************************************/
+
+BOOL client_set_trans_sign_state_on(struct cli_state *cli, uint16 mid)
+{
+ struct smb_sign_info *si = &cli->sign_info;
+ struct smb_basic_signing_context *data = (struct
smb_basic_signing_context *)si->signing_context;
+
+ if (!si->doing_signing) {
+ return True;
+ }
+
+ if (!data) {
+ return False;
+ }
+
+ if (!set_sequence_can_delete_flag(&data->outstanding_packet_list, mid,
False)) {
+ return False;
+ }
+
+ return True;
+}
+
+/***********************************************************
+ Leave trans/trans2/nttrans state.
+************************************************************/
+
+BOOL client_set_trans_sign_state_off(struct cli_state *cli, uint16 mid)
+{
+ uint32 reply_seq_num;
+ struct smb_sign_info *si = &cli->sign_info;
+ struct smb_basic_signing_context *data = (struct
smb_basic_signing_context *)si->signing_context;
+
+ if (!si->doing_signing) {
+ return True;
+ }
+
+ if (!data) {
+ return False;
+ }
+
+ if (!set_sequence_can_delete_flag(&data->outstanding_packet_list, mid,
True)) {
+ return False;
+ }
+
+ /* Now delete the stored mid entry. */
+ if (!get_sequence_for_reply(&data->outstanding_packet_list, mid,
&reply_seq_num)) {
+ return False;
+ }
+
+ return True;
+}
+
+/***********************************************************
SMB signing - Server implementation - send the MAC.
************************************************************/
--
Samba Shared Repository
