summaryrefslogtreecommitdiff
path: root/source4/smb_server
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2005-11-10 16:16:09 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:46:08 -0500
commit92b9b83b70aef5ec77f3944f495205c107c6921a (patch)
treebfca54e3ca1c1471c9a099862a1b1c34ea1cb688 /source4/smb_server
parent3b42d207efccbb31f94626f8fd98379e4a32cc35 (diff)
downloadsamba-92b9b83b70aef5ec77f3944f495205c107c6921a.tar.gz
samba-92b9b83b70aef5ec77f3944f495205c107c6921a.tar.bz2
samba-92b9b83b70aef5ec77f3944f495205c107c6921a.zip
r11650: - as every call that goes down to the ntvfs layer need a valid tcon and session
ntcancel also needs to have AS_USER - move the SIGNING_NO_REPLY logic as global option, because this needs to be set for the error replies too. - as we currently don't know how to generate signatures for ntcancel replies we just skip the sending of the reply - w2k3 first checks the VUID and then the TID, so we do now - ntcreateX also uses ERRbaduid when getting a wrong VUID metze (This used to be commit d677ebf43d0d7e679ff11862683c993d887d9441)
Diffstat (limited to 'source4/smb_server')
-rw-r--r--source4/smb_server/reply.c1
-rw-r--r--source4/smb_server/smb_server.c59
2 files changed, 51 insertions, 9 deletions
diff --git a/source4/smb_server/reply.c b/source4/smb_server/reply.c
index 85edbb530f..4526d6f7f3 100644
--- a/source4/smb_server/reply.c
+++ b/source4/smb_server/reply.c
@@ -2335,7 +2335,6 @@ void reply_ntcreate_and_X(struct smbsrv_request *req)
void reply_ntcancel(struct smbsrv_request *req)
{
/* NOTE: this request does not generate a reply */
- req_signing_no_reply(req);
ntvfs_cancel(req);
req_destroy(req);
}
diff --git a/source4/smb_server/smb_server.c b/source4/smb_server/smb_server.c
index 0a28023e46..1467beccac 100644
--- a/source4/smb_server/smb_server.c
+++ b/source4/smb_server/smb_server.c
@@ -114,6 +114,7 @@ static NTSTATUS receive_smb_request(void *private, DATA_BLOB blob)
These flags determine some of the permissions required to do an operation
*/
#define AS_USER (1<<0)
+#define SIGNING_NO_REPLY (1<<1)
/*
define a list of possible SMB messages and their corresponding
@@ -291,7 +292,7 @@ static const struct smb_message_struct
/* 0xa1 */ { "SMBnttranss", reply_nttranss, AS_USER},
/* 0xa2 */ { "SMBntcreateX", reply_ntcreate_and_X, AS_USER},
/* 0xa3 */ { NULL, NULL, 0 },
-/* 0xa4 */ { "SMBntcancel", reply_ntcancel, 0},
+/* 0xa4 */ { "SMBntcancel", reply_ntcancel, AS_USER|SIGNING_NO_REPLY},
/* 0xa5 */ { "SMBntrename", reply_ntrename, AS_USER},
/* 0xa6 */ { NULL, NULL, 0 },
/* 0xa7 */ { NULL, NULL, 0 },
@@ -411,6 +412,7 @@ static void switch_message(int type, struct smbsrv_request *req)
int flags;
struct smbsrv_connection *smb_conn = req->smb_conn;
uint16_t session_tag;
+ NTSTATUS status;
type &= 0xff;
@@ -448,23 +450,64 @@ static void switch_message(int type, struct smbsrv_request *req)
DEBUG(3,("switch message %s (task_id %d)\n",smb_fn_name(type), req->smb_conn->connection->server_id));
- /* does this protocol need a valid tree connection? */
- if ((flags & AS_USER) && !req->tcon) {
+ /* this must be called before we do any reply */
+ if (flags & SIGNING_NO_REPLY) {
+ req_signing_no_reply(req);
+ }
+
+ /* see if the vuid is valid */
+ if ((flags & AS_USER) && !req->session) {
/* amazingly, the error code depends on the command */
switch (type) {
case SMBntcreateX:
- req_reply_error(req, NT_STATUS_DOS(ERRSRV, ERRinvnid));
+ case SMBntcancel:
+ status = NT_STATUS_DOS(ERRSRV, ERRbaduid);
break;
default:
- req_reply_error(req, NT_STATUS_INVALID_HANDLE);
+ status = NT_STATUS_INVALID_HANDLE;
break;
}
+ /*
+ * TODO:
+ * don't know how to handle smb signing for this case
+ * so just skip the reply
+ */
+ if ((flags & SIGNING_NO_REPLY) &&
+ (req->smb_conn->signing.signing_state != SMB_SIGNING_ENGINE_OFF)) {
+ DEBUG(1,("SKIP ERROR REPLY: %s %s because of unknown smb signing case\n",
+ smb_fn_name(type), nt_errstr(status)));
+ req_destroy(req);
+ return;
+ }
+ req_reply_error(req, status);
return;
}
- /* see if the vuid is valid */
- if ((flags & AS_USER) && !req->session) {
- req_reply_error(req, NT_STATUS_INVALID_HANDLE);
+ /* does this protocol need a valid tree connection? */
+ if ((flags & AS_USER) && !req->tcon) {
+ /* amazingly, the error code depends on the command */
+ switch (type) {
+ case SMBntcreateX:
+ case SMBntcancel:
+ status = NT_STATUS_DOS(ERRSRV, ERRinvnid);
+ break;
+ default:
+ status = NT_STATUS_INVALID_HANDLE;
+ break;
+ }
+ /*
+ * TODO:
+ * don't know how to handle smb signing for this case
+ * so just skip the reply
+ */
+ if ((flags & SIGNING_NO_REPLY) &&
+ (req->smb_conn->signing.signing_state != SMB_SIGNING_ENGINE_OFF)) {
+ DEBUG(1,("SKIP ERROR REPLY: %s %s because of unknown smb signing case\n",
+ smb_fn_name(type), nt_errstr(status)));
+ req_destroy(req);
+ return;
+ }
+ req_reply_error(req, status);
return;
}