summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2009-03-18 07:56:51 +0100
committerStefan Metzmacher <metze@samba.org>2009-03-19 13:54:22 +0100
commit880fbc4e8cd67de73c4bcda94489eb1e1422a04b (patch)
treefb6459e1fed54287fc5f304d0acfcac8c485d5e7
parent0dfdb7b911ed4fe013fc4a22a8c3a28620277a67 (diff)
downloadsamba-880fbc4e8cd67de73c4bcda94489eb1e1422a04b.tar.gz
samba-880fbc4e8cd67de73c4bcda94489eb1e1422a04b.tar.bz2
samba-880fbc4e8cd67de73c4bcda94489eb1e1422a04b.zip
s3:libsmb: fix smb signing for fragmented trans/trans2/nttrans requests
Before we send the secondary requests we need to remove the old mid=>seqnum mapping and reset cli->mid and make the new mid=>seqnum mapping "persistent". The bug we had in cli_send_trans was this: The first cli_send_smb() incremented cli->mid and the secondary requests used the incremented mid, but as cli->outbuf still had the correct mid, we send the correct mid to the server. The real problem was that the cli_send_smb() function stored the seqnum under the wrong mid. cli_send_nttrans() was totally broken and now follows the same logic as cli_send_trans(). The good thing is that in practice the problem is unlikely to happen, because max_xmit is large enough to avoid secondary requests. metze
-rw-r--r--source3/libsmb/clitrans.c30
1 files changed, 7 insertions, 23 deletions
diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c
index 69e2be3af7..f5794ea04e 100644
--- a/source3/libsmb/clitrans.c
+++ b/source3/libsmb/clitrans.c
@@ -112,9 +112,6 @@ bool cli_send_trans(struct cli_state *cli, int trans,
this_lparam = MIN(lparam-tot_param,cli->max_xmit - 500); /* hack */
this_ldata = MIN(ldata-tot_data,cli->max_xmit - (500+this_lparam));
- client_set_trans_sign_state_off(cli, mid);
- client_set_trans_sign_state_on(cli, mid);
-
cli_set_message(cli->outbuf,trans==SMBtrans?8:9,0,True);
SCVAL(cli->outbuf,smb_com,(trans==SMBtrans ? SMBtranss : SMBtranss2));
@@ -138,20 +135,14 @@ bool cli_send_trans(struct cli_state *cli, int trans,
memcpy(outdata,data+tot_data,this_ldata);
cli_setup_bcc(cli, outdata+this_ldata);
- /*
- * Save the mid we're using. We need this for finding
- * signing replies.
- */
- mid = cli->mid;
-
show_msg(cli->outbuf);
+
+ client_set_trans_sign_state_off(cli, mid);
+ cli->mid = mid;
if (!cli_send_smb(cli)) {
- client_set_trans_sign_state_off(cli, mid);
return False;
}
-
- /* Ensure we use the same mid for the secondaries. */
- cli->mid = mid;
+ client_set_trans_sign_state_on(cli, mid);
tot_data += this_ldata;
tot_param += this_lparam;
@@ -461,21 +452,14 @@ bool cli_send_nt_trans(struct cli_state *cli,
memcpy(outdata,data+tot_data,this_ldata);
cli_setup_bcc(cli, outdata+this_ldata);
- /*
- * Save the mid we're using. We need this for finding
- * signing replies.
- */
- mid = cli->mid;
-
show_msg(cli->outbuf);
+ client_set_trans_sign_state_off(cli, mid);
+ cli->mid = mid;
if (!cli_send_smb(cli)) {
- client_set_trans_sign_state_off(cli, mid);
return False;
}
-
- /* Ensure we use the same mid for the secondaries. */
- cli->mid = mid;
+ client_set_trans_sign_state_on(cli, mid);
tot_data += this_ldata;
tot_param += this_lparam;