summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2012-08-08 04:35:15 +0200
committerStefan Metzmacher <metze@samba.org>2012-08-08 05:13:42 +0200
commitc9ecfd6f3df2714bfaabb77ceb987ce65c62e38a (patch)
treea437e951b4ae0419c974cf21d9caaef62c9aa656 /source3/smbd
parent64c0367335fab0137e65f8cfa35af77ff854f654 (diff)
downloadsamba-c9ecfd6f3df2714bfaabb77ceb987ce65c62e38a.tar.gz
samba-c9ecfd6f3df2714bfaabb77ceb987ce65c62e38a.tar.bz2
samba-c9ecfd6f3df2714bfaabb77ceb987ce65c62e38a.zip
s3:smb2_server: sign the last request at the start of smbd_smb2_request_reply()
This means we correctly sign all responses in a compound chain. metze
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/smb2_server.c38
1 files changed, 16 insertions, 22 deletions
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index afd001c291..19a1051f33 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1977,7 +1977,6 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
struct tevent_req *subreq;
struct iovec *outhdr = SMBD_SMB2_OUT_HDR_IOV(req);
struct iovec *outdyn = SMBD_SMB2_OUT_DYN_IOV(req);
- struct iovec *lasthdr = NULL;
req->subreq = NULL;
TALLOC_FREE(req->async_te);
@@ -1985,9 +1984,24 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
if ((req->current_idx > SMBD_SMB2_NUM_IOV_PER_REQ) &&
(req->last_key.length > 0)) {
int last_idx = req->current_idx - SMBD_SMB2_NUM_IOV_PER_REQ;
+ struct iovec *lasthdr = SMBD_SMB2_IDX_HDR_IOV(req,out,last_idx);
+ NTSTATUS status;
+
+ /*
+ * As we are sure the header of the last request in the
+ * compound chain will not change, we can to sign here
+ * with the last signing key we remembered.
+ */
- lasthdr = SMBD_SMB2_IDX_HDR_IOV(req,out,last_idx);
+ status = smb2_signing_sign_pdu(req->last_key,
+ conn->protocol,
+ lasthdr,
+ SMBD_SMB2_NUM_IOV_PER_REQ);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
}
+ data_blob_clear_free(&req->last_key);
req->current_idx += SMBD_SMB2_NUM_IOV_PER_REQ;
@@ -2005,8 +2019,6 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
return NT_STATUS_NO_MEMORY;
}
- data_blob_clear_free(&req->last_key);
-
if (req->do_signing) {
struct smbXsrv_session *x = req->session;
DATA_BLOB signing_key = x->global->channels[0].signing_key;
@@ -2041,24 +2053,6 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
smb2_calculate_credits(req, req);
/*
- * As we are sure the header of the last request in the
- * compound chain will not change, we can to sign here
- * with the last signing key we remembered.
- */
- if (lasthdr != NULL) {
- NTSTATUS status;
-
- status = smb2_signing_sign_pdu(req->last_key,
- conn->protocol,
- lasthdr,
- SMBD_SMB2_NUM_IOV_PER_REQ);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- }
- data_blob_clear_free(&req->last_key);
-
- /*
* now check if we need to sign the current response
*/
if (req->do_signing) {