The branch, v3-2-test has been updated via 6200e8886b29469cb1dbbe441e4f642fb28b83f2 (commit) via 67f90361a07841972a01a4faf575da25ebbbb29c (commit) from ac935a80ceb61d23070bf82c2193e8389e752aaf (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log ----------------------------------------------------------------- commit 6200e8886b29469cb1dbbe441e4f642fb28b83f2 Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Tue May 13 16:23:19 2008 +0200 Fix signing problem in the client with transs requests This is a different fix than Jeremy put into 3-0-test with 040db1ce85 and other branches with different hashes. Jeremy, I think your fix led to bug 5436, so I reverted your fix. This fixes the original problem I found with the transs requests for large rpc queries in a different way. Please check! Thanks, Volker commit 67f90361a07841972a01a4faf575da25ebbbb29c Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Tue May 13 16:56:06 2008 +0200 Revert "Fix signing bug found by Volker. That one was *subtle*." This reverts commit 816aea6c1a426eb2450061b847729e22bdac33a0. ----------------------------------------------------------------------- Summary of changes: source/libsmb/clitrans.c | 17 +++++++++ source/libsmb/smb_signing.c | 79 ++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 91 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source/libsmb/clitrans.c b/source/libsmb/clitrans.c index bfb31fd..4bb70f1 100644 --- a/source/libsmb/clitrans.c +++ b/source/libsmb/clitrans.c @@ -94,9 +94,14 @@ bool cli_send_trans(struct cli_state *cli, int trans, return False; } + /* Note we're in a trans state. Save the sequence + * numbers for replies. */ + client_set_trans_sign_state_on(cli, mid); + if (this_ldata < ldata || this_lparam < lparam) { /* receive interim response */ if (!cli_receive_smb(cli) || cli_is_error(cli)) { + client_set_trans_sign_state_off(cli, mid); return(False); } @@ -107,6 +112,9 @@ bool cli_send_trans(struct cli_state *cli, int trans, this_lparam = MIN(lparam-tot_param,cli->max_xmit - 500); /* hack */ this_ldata = MIN(ldata-tot_data,cli->max_xmit - (500+this_lparam)); + client_set_trans_sign_state_off(cli, mid); + client_set_trans_sign_state_on(cli, mid); + cli_set_message(cli->outbuf,trans==SMBtrans?8:9,0,True); SCVAL(cli->outbuf,smb_com,(trans==SMBtrans ? SMBtranss : SMBtranss2)); @@ -138,6 +146,7 @@ bool cli_send_trans(struct cli_state *cli, int trans, show_msg(cli->outbuf); if (!cli_send_smb(cli)) { + client_set_trans_sign_state_off(cli, mid); return False; } @@ -344,6 +353,7 @@ bool cli_receive_trans(struct cli_state *cli,int trans, } } + client_set_trans_sign_state_off(cli, SVAL(cli->inbuf,smb_mid)); return ret; } @@ -411,9 +421,14 @@ bool cli_send_nt_trans(struct cli_state *cli, return False; } + /* Note we're in a trans state. Save the sequence + * numbers for replies. */ + client_set_trans_sign_state_on(cli, mid); + if (this_ldata < ldata || this_lparam < lparam) { /* receive interim response */ if (!cli_receive_smb(cli) || cli_is_error(cli)) { + client_set_trans_sign_state_off(cli, mid); return(False); } @@ -455,6 +470,7 @@ bool cli_send_nt_trans(struct cli_state *cli, show_msg(cli->outbuf); if (!cli_send_smb(cli)) { + client_set_trans_sign_state_off(cli, mid); return False; } @@ -682,5 +698,6 @@ bool cli_receive_nt_trans(struct cli_state *cli, } } + client_set_trans_sign_state_off(cli, SVAL(cli->inbuf,smb_mid)); return ret; } diff --git a/source/libsmb/smb_signing.c b/source/libsmb/smb_signing.c index bd6d971..ea1eb05 100644 --- a/source/libsmb/smb_signing.c +++ b/source/libsmb/smb_signing.c @@ -25,6 +25,7 @@ struct outstanding_packet_lookup { struct outstanding_packet_lookup *prev, *next; uint16 mid; uint32 reply_seq_num; + bool can_delete; /* Set to False in trans state. */ }; struct smb_basic_signing_context { @@ -41,9 +42,7 @@ static bool store_sequence_for_reply(struct outstanding_packet_lookup **list, /* Ensure we only add a mid once. */ for (t = *list; t; t = t->next) { if (t->mid == mid) { - DLIST_REMOVE(*list, t); - SAFE_FREE(t); - break; + return False; } } @@ -52,6 +51,7 @@ static bool store_sequence_for_reply(struct outstanding_packet_lookup **list, t->mid = mid; t->reply_seq_num = reply_seq_num; + t->can_delete = True; /* * Add to the *start* of the list not the end of the list. @@ -78,8 +78,23 @@ static bool get_sequence_for_reply(struct outstanding_packet_lookup **list, *reply_seq_num = t->reply_seq_num; DEBUG(10,("get_sequence_for_reply: found seq = %u mid = %u\n", (unsigned int)t->reply_seq_num, (unsigned int)t->mid )); - DLIST_REMOVE(*list, t); - SAFE_FREE(t); + if (t->can_delete) { + DLIST_REMOVE(*list, t); + SAFE_FREE(t); + } + return True; + } + } + return False; +} + +static bool set_sequence_can_delete_flag(struct outstanding_packet_lookup **list, uint16 mid, bool can_delete_entry) +{ + struct outstanding_packet_lookup *t; + + for (t = *list; t; t = t->next) { + if (t->mid == mid) { + t->can_delete = can_delete_entry; return True; } } @@ -594,6 +609,60 @@ bool cli_check_sign_mac(struct cli_state *cli, char *buf) } /*********************************************************** + Enter trans/trans2/nttrans state. +************************************************************/ + +bool client_set_trans_sign_state_on(struct cli_state *cli, uint16 mid) +{ + struct smb_sign_info *si = &cli->sign_info; + struct smb_basic_signing_context *data = (struct smb_basic_signing_context *)si->signing_context; + + if (!si->doing_signing) { + return True; + } + + if (!data) { + return False; + } + + if (!set_sequence_can_delete_flag(&data->outstanding_packet_list, mid, False)) { + return False; + } + + return True; +} + +/*********************************************************** + Leave trans/trans2/nttrans state. +************************************************************/ + +bool client_set_trans_sign_state_off(struct cli_state *cli, uint16 mid) +{ + uint32 reply_seq_num; + struct smb_sign_info *si = &cli->sign_info; + struct smb_basic_signing_context *data = (struct smb_basic_signing_context *)si->signing_context; + + if (!si->doing_signing) { + return True; + } + + if (!data) { + return False; + } + + if (!set_sequence_can_delete_flag(&data->outstanding_packet_list, mid, True)) { + return False; + } + + /* Now delete the stored mid entry. */ + if (!get_sequence_for_reply(&data->outstanding_packet_list, mid, &reply_seq_num)) { + return False; + } + + return True; +} + +/*********************************************************** Is client signing on ? ************************************************************/ -- Samba Shared Repository