summaryrefslogtreecommitdiff
path: root/source4/smb_server
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2010-09-12 22:24:46 +1000
committerAndrew Tridgell <tridge@samba.org>2010-09-15 15:39:34 +1000
commit890a33c99bc0a468984c456647311db0a19528aa (patch)
tree4ad335f43116bcc0ce4191f2c2a84737249313cb /source4/smb_server
parentba2c394ed479bb121b7b20ddd724e92d71ac1518 (diff)
downloadsamba-890a33c99bc0a468984c456647311db0a19528aa.tar.gz
samba-890a33c99bc0a468984c456647311db0a19528aa.tar.bz2
samba-890a33c99bc0a468984c456647311db0a19528aa.zip
s4-smb: serialise session setup operations
the mixture of async and sync code in gensec makes a EOF on a socket during a session setup cause a crash. The simplest solution is to stop processing events on the socket until the session setup is complete.
Diffstat (limited to 'source4/smb_server')
-rw-r--r--source4/smb_server/smb/sesssetup.c7
-rw-r--r--source4/smb_server/smb2/sesssetup.c9
2 files changed, 16 insertions, 0 deletions
diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c
index 419a8cbf79..6b50bcb48e 100644
--- a/source4/smb_server/smb/sesssetup.c
+++ b/source4/smb_server/smb/sesssetup.c
@@ -31,6 +31,7 @@
#include "smbd/service_stream.h"
#include "param/param.h"
#include "../lib/tsocket/tsocket.h"
+#include "lib/stream/packet.h"
struct sesssetup_context {
struct auth_context *auth_context;
@@ -371,6 +372,7 @@ static void sesssetup_spnego_send(struct tevent_req *subreq)
DATA_BLOB session_key;
status = gensec_update_recv(subreq, req, &sess->spnego.out.secblob);
+ packet_recv_enable(req->smb_conn->packet);
TALLOC_FREE(subreq);
if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
goto done;
@@ -488,6 +490,11 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se
if (!subreq) {
goto nomem;
}
+ /* disable receipt of more packets on this socket until we've
+ finished with the session setup. This avoids a problem with
+ crashes if we get EOF on the socket while processing a session
+ setup */
+ packet_recv_disable(req->smb_conn->packet);
tevent_req_set_callback(subreq, sesssetup_spnego_send, s);
return;
diff --git a/source4/smb_server/smb2/sesssetup.c b/source4/smb_server/smb2/sesssetup.c
index 9b601d17c0..ddc161d80c 100644
--- a/source4/smb_server/smb2/sesssetup.c
+++ b/source4/smb_server/smb2/sesssetup.c
@@ -27,6 +27,7 @@
#include "smb_server/smb_server.h"
#include "smb_server/smb2/smb2_server.h"
#include "smbd/service_stream.h"
+#include "lib/stream/packet.h"
static void smb2srv_sesssetup_send(struct smb2srv_request *req, union smb_sesssetup *io)
{
@@ -68,6 +69,8 @@ static void smb2srv_sesssetup_callback(struct tevent_req *subreq)
struct auth_session_info *session_info = NULL;
NTSTATUS status;
+ packet_recv_enable(req->smb_conn->packet);
+
status = gensec_update_recv(subreq, req, &io->smb2.out.secblob);
TALLOC_FREE(subreq);
if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
@@ -199,6 +202,12 @@ static void smb2srv_sesssetup_backend(struct smb2srv_request *req, union smb_ses
goto failed;
}
+ /* disable receipt of more packets on this socket until we've
+ finished with the session setup. This avoids a problem with
+ crashes if we get EOF on the socket while processing a session
+ setup */
+ packet_recv_disable(req->smb_conn->packet);
+
return;
nomem:
status = NT_STATUS_NO_MEMORY;