diff options
-rw-r--r-- | source3/smbd/smb2_sesssetup.c | 20 | ||||
-rw-r--r-- | source3/smbd/smb2_tcon.c | 19 |
2 files changed, 39 insertions, 0 deletions
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 0df4bd6c56..b3ea3fae9f 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -338,15 +338,29 @@ static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *req, NTSTATUS smbd_smb2_request_check_session(struct smbd_smb2_request *req) { const uint8_t *inhdr; + const uint8_t *outhdr; int i = req->current_idx; uint64_t in_session_id; void *p; struct smbd_smb2_session *session; + bool chained_fixup = false; inhdr = (const uint8_t *)req->in.vector[i+0].iov_base; in_session_id = BVAL(inhdr, SMB2_HDR_SESSION_ID); + if (i > 2 && in_session_id == (0xFFFFFFFFFFFFFFFFLL)) { + /* + * Chained request - fill in session_id from + * the previous request out.vector[].iov_base. + * We can't modify the inhdr here as we have + * yet to check signing. + */ + outhdr = (const uint8_t *)req->out.vector[i-3].iov_base; + in_session_id = BVAL(outhdr, SMB2_HDR_SESSION_ID); + chained_fixup = true; + } + /* lookup an existing session */ p = idr_find(req->sconn->smb2.sessions.idtree, in_session_id); if (p == NULL) { @@ -363,6 +377,12 @@ NTSTATUS smbd_smb2_request_check_session(struct smbd_smb2_request *req) pdb_get_domain(session->server_info->sam_account)); req->session = session; + + if (chained_fixup) { + /* Fix up our own outhdr. */ + outhdr = (const uint8_t *)req->out.vector[i].iov_base; + SBVAL(outhdr, SMB2_HDR_SESSION_ID, in_session_id); + } return NT_STATUS_OK; } diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c index bd33007c18..3eb9da29a0 100644 --- a/source3/smbd/smb2_tcon.c +++ b/source3/smbd/smb2_tcon.c @@ -220,15 +220,27 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, NTSTATUS smbd_smb2_request_check_tcon(struct smbd_smb2_request *req) { const uint8_t *inhdr; + const uint8_t *outhdr; int i = req->current_idx; uint32_t in_tid; void *p; struct smbd_smb2_tcon *tcon; + bool chained_fixup = false; inhdr = (const uint8_t *)req->in.vector[i+0].iov_base; in_tid = IVAL(inhdr, SMB2_HDR_TID); + if (i > 2 && in_tid == (0xFFFFFFFF)) { + /* + * Chained request - fill in tid from + * the previous request out.vector[].iov_base. + */ + outhdr = (const uint8_t *)req->out.vector[i-3].iov_base; + in_tid = IVAL(outhdr, SMB2_HDR_TID); + chained_fixup = true; + } + /* lookup an existing session */ p = idr_find(req->session->tcons.idtree, in_tid); if (p == NULL) { @@ -246,6 +258,13 @@ NTSTATUS smbd_smb2_request_check_tcon(struct smbd_smb2_request *req) } req->tcon = tcon; + + if (chained_fixup) { + /* Fix up our own outhdr. */ + outhdr = (const uint8_t *)req->out.vector[i].iov_base; + SIVAL(outhdr, SMB2_HDR_TID, in_tid); + } + return NT_STATUS_OK; } |