From 196a5d038886bdea678ac9ae97bdf9dab825e23f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 6 Mar 2009 07:45:06 +0100 Subject: s3:signing: the seqnum should only be decremented by 1 for ntcancel requests [MS-SMB] 3.3.5.1 Receiving Any Message says that the seqnum is incremented by only for ntcancel requests for any other request it's by incremented by 2, even if it doesn't expect a response. metze --- source3/include/proto.h | 2 +- source3/libsmb/smb_signing.c | 6 ++++-- source3/smbd/aio.c | 8 ++++---- source3/smbd/nttrans.c | 2 +- 4 files changed, 10 insertions(+), 8 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index ffdef43d19..6376d8af8a 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -3209,7 +3209,7 @@ bool srv_oplock_set_signing(bool onoff); bool srv_check_sign_mac(const char *inbuf, bool must_be_ok); void srv_calculate_sign_mac(char *outbuf); void srv_defer_sign_response(uint16 mid); -void srv_cancel_sign_response(uint16 mid); +void srv_cancel_sign_response(uint16 mid, bool cancel); void srv_set_signing_negotiated(void); bool srv_is_signing_active(void); bool srv_is_signing_negotiated(void); diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c index ea1eb05cfb..55b30d476f 100644 --- a/source3/libsmb/smb_signing.c +++ b/source3/libsmb/smb_signing.c @@ -865,7 +865,7 @@ void srv_defer_sign_response(uint16 mid) cancelled by mid. This should never find one.... ************************************************************/ -void srv_cancel_sign_response(uint16 mid) +void srv_cancel_sign_response(uint16 mid, bool cancel) { struct smb_basic_signing_context *data; uint32 dummy_seq; @@ -884,7 +884,9 @@ void srv_cancel_sign_response(uint16 mid) ; /* cancel doesn't send a reply so doesn't burn a sequence number. */ - data->send_seq_num -= 1; + if (cancel) { + data->send_seq_num -= 1; + } } /*********************************************************** diff --git a/source3/smbd/aio.c b/source3/smbd/aio.c index 6b19e098e5..cfa4b430eb 100644 --- a/source3/smbd/aio.c +++ b/source3/smbd/aio.c @@ -347,7 +347,7 @@ static int handle_aio_read_complete(struct aio_extra *aio_ex) /* If errno is ECANCELED then don't return anything to the * client. */ if (errno == ECANCELED) { - srv_cancel_sign_response(aio_ex->req->mid); + srv_cancel_sign_response(aio_ex->req->mid, false); return 0; } @@ -441,7 +441,7 @@ static int handle_aio_write_complete(struct aio_extra *aio_ex) /* If errno is ECANCELED then don't return anything to the * client. */ if (errno == ECANCELED) { - srv_cancel_sign_response(aio_ex->req->mid); + srv_cancel_sign_response(aio_ex->req->mid, false); return 0; } @@ -534,7 +534,7 @@ void smbd_aio_complete_mid(unsigned int mid) if (!aio_ex) { DEBUG(3,("smbd_aio_complete_mid: Can't find record to " "match mid %u.\n", mid)); - srv_cancel_sign_response(mid); + srv_cancel_sign_response(mid, false); return; } @@ -544,7 +544,7 @@ void smbd_aio_complete_mid(unsigned int mid) * ignore. */ DEBUG( 3,( "smbd_aio_complete_mid: file closed whilst " "aio outstanding (mid[%u]).\n", mid)); - srv_cancel_sign_response(mid); + srv_cancel_sign_response(mid, false); return; } diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 86a46505a2..9c7fb1914e 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1131,7 +1131,7 @@ void reply_ntcancel(struct smb_request *req) START_PROFILE(SMBntcancel); remove_pending_change_notify_requests_by_mid(req->mid); remove_pending_lock_requests_by_mid(req->mid); - srv_cancel_sign_response(req->mid); + srv_cancel_sign_response(req->mid, true); DEBUG(3,("reply_ntcancel: cancel called on mid = %d.\n", req->mid)); -- cgit