diff options
author | Stefan Metzmacher <metze@samba.org> | 2012-08-08 04:35:15 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2012-08-08 05:13:42 +0200 |
commit | c9ecfd6f3df2714bfaabb77ceb987ce65c62e38a (patch) | |
tree | a437e951b4ae0419c974cf21d9caaef62c9aa656 /source3/smbd | |
parent | 64c0367335fab0137e65f8cfa35af77ff854f654 (diff) | |
download | samba-c9ecfd6f3df2714bfaabb77ceb987ce65c62e38a.tar.gz samba-c9ecfd6f3df2714bfaabb77ceb987ce65c62e38a.tar.bz2 samba-c9ecfd6f3df2714bfaabb77ceb987ce65c62e38a.zip |
s3:smb2_server: sign the last request at the start of smbd_smb2_request_reply()
This means we correctly sign all responses in a compound chain.
metze
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/smb2_server.c | 38 |
1 files changed, 16 insertions, 22 deletions
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index afd001c291..19a1051f33 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -1977,7 +1977,6 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req) struct tevent_req *subreq; struct iovec *outhdr = SMBD_SMB2_OUT_HDR_IOV(req); struct iovec *outdyn = SMBD_SMB2_OUT_DYN_IOV(req); - struct iovec *lasthdr = NULL; req->subreq = NULL; TALLOC_FREE(req->async_te); @@ -1985,9 +1984,24 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req) if ((req->current_idx > SMBD_SMB2_NUM_IOV_PER_REQ) && (req->last_key.length > 0)) { int last_idx = req->current_idx - SMBD_SMB2_NUM_IOV_PER_REQ; + struct iovec *lasthdr = SMBD_SMB2_IDX_HDR_IOV(req,out,last_idx); + NTSTATUS status; + + /* + * As we are sure the header of the last request in the + * compound chain will not change, we can to sign here + * with the last signing key we remembered. + */ - lasthdr = SMBD_SMB2_IDX_HDR_IOV(req,out,last_idx); + status = smb2_signing_sign_pdu(req->last_key, + conn->protocol, + lasthdr, + SMBD_SMB2_NUM_IOV_PER_REQ); + if (!NT_STATUS_IS_OK(status)) { + return status; + } } + data_blob_clear_free(&req->last_key); req->current_idx += SMBD_SMB2_NUM_IOV_PER_REQ; @@ -2005,8 +2019,6 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req) return NT_STATUS_NO_MEMORY; } - data_blob_clear_free(&req->last_key); - if (req->do_signing) { struct smbXsrv_session *x = req->session; DATA_BLOB signing_key = x->global->channels[0].signing_key; @@ -2041,24 +2053,6 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req) smb2_calculate_credits(req, req); /* - * As we are sure the header of the last request in the - * compound chain will not change, we can to sign here - * with the last signing key we remembered. - */ - if (lasthdr != NULL) { - NTSTATUS status; - - status = smb2_signing_sign_pdu(req->last_key, - conn->protocol, - lasthdr, - SMBD_SMB2_NUM_IOV_PER_REQ); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - } - data_blob_clear_free(&req->last_key); - - /* * now check if we need to sign the current response */ if (req->do_signing) { |