diff options
author | Andrew Tridgell <tridge@samba.org> | 2010-09-12 22:24:46 +1000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2010-09-15 15:39:34 +1000 |
commit | 890a33c99bc0a468984c456647311db0a19528aa (patch) | |
tree | 4ad335f43116bcc0ce4191f2c2a84737249313cb /source4/smb_server | |
parent | ba2c394ed479bb121b7b20ddd724e92d71ac1518 (diff) | |
download | samba-890a33c99bc0a468984c456647311db0a19528aa.tar.gz samba-890a33c99bc0a468984c456647311db0a19528aa.tar.bz2 samba-890a33c99bc0a468984c456647311db0a19528aa.zip |
s4-smb: serialise session setup operations
the mixture of async and sync code in gensec makes a EOF on a socket
during a session setup cause a crash. The simplest solution is to
stop processing events on the socket until the session setup is
complete.
Diffstat (limited to 'source4/smb_server')
-rw-r--r-- | source4/smb_server/smb/sesssetup.c | 7 | ||||
-rw-r--r-- | source4/smb_server/smb2/sesssetup.c | 9 |
2 files changed, 16 insertions, 0 deletions
diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 419a8cbf79..6b50bcb48e 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -31,6 +31,7 @@ #include "smbd/service_stream.h" #include "param/param.h" #include "../lib/tsocket/tsocket.h" +#include "lib/stream/packet.h" struct sesssetup_context { struct auth_context *auth_context; @@ -371,6 +372,7 @@ static void sesssetup_spnego_send(struct tevent_req *subreq) DATA_BLOB session_key; status = gensec_update_recv(subreq, req, &sess->spnego.out.secblob); + packet_recv_enable(req->smb_conn->packet); TALLOC_FREE(subreq); if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { goto done; @@ -488,6 +490,11 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se if (!subreq) { goto nomem; } + /* disable receipt of more packets on this socket until we've + finished with the session setup. This avoids a problem with + crashes if we get EOF on the socket while processing a session + setup */ + packet_recv_disable(req->smb_conn->packet); tevent_req_set_callback(subreq, sesssetup_spnego_send, s); return; diff --git a/source4/smb_server/smb2/sesssetup.c b/source4/smb_server/smb2/sesssetup.c index 9b601d17c0..ddc161d80c 100644 --- a/source4/smb_server/smb2/sesssetup.c +++ b/source4/smb_server/smb2/sesssetup.c @@ -27,6 +27,7 @@ #include "smb_server/smb_server.h" #include "smb_server/smb2/smb2_server.h" #include "smbd/service_stream.h" +#include "lib/stream/packet.h" static void smb2srv_sesssetup_send(struct smb2srv_request *req, union smb_sesssetup *io) { @@ -68,6 +69,8 @@ static void smb2srv_sesssetup_callback(struct tevent_req *subreq) struct auth_session_info *session_info = NULL; NTSTATUS status; + packet_recv_enable(req->smb_conn->packet); + status = gensec_update_recv(subreq, req, &io->smb2.out.secblob); TALLOC_FREE(subreq); if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { @@ -199,6 +202,12 @@ static void smb2srv_sesssetup_backend(struct smb2srv_request *req, union smb_ses goto failed; } + /* disable receipt of more packets on this socket until we've + finished with the session setup. This avoids a problem with + crashes if we get EOF on the socket while processing a session + setup */ + packet_recv_disable(req->smb_conn->packet); + return; nomem: status = NT_STATUS_NO_MEMORY; |