smbXsrv_client: notify a different node to drop a connection by client guid.

If a client disconnected all its interfaces and reconnects when
the come back, it will likely start from any ip address returned
dns, which means it can try to connect to a different ctdb node.
The old node may not have noticed the disconnect and still holds
the client_guid based smbd.

Up unil now the new node returned NT_STATUS_NOT_SUPPORTED to
the SMB2 Negotiate request, as messaging_send_iov[_from]() will
return -1/ENOSYS if a file descriptor os passed to a process on
a different node.

Now we tell the other node to teardown all client connections
belonging to the client-guid.

Note that this is not authenticated, but if an attacker can
capture the client-guid, he can also inject TCP resets anyway,
to get the same effect.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15159

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep  2 20:59:15 UTC 2022 on sn-devel-184

1 files changed, 1 insertions, 0 deletions

diff --git a/librpc/idl/messaging.idl b/librpc/idl/messaging.idl
index d6929c799ad..5d217c03f5b 100644
--- a/librpc/idl/messaging.idl
+++ b/librpc/idl/messaging.idl
@@ -138,6 +138,7 @@ interface messaging
 		MSG_SMBXSRV_SESSION_CLOSE	= 0x0600,
 		MSG_SMBXSRV_CONNECTION_PASS	= 0x0601,
 		MSG_SMBXSRV_CONNECTION_PASSED	= 0x0602,
+		MSG_SMBXSRV_CONNECTION_DROP	= 0x0603,
 
 		/* source4 and NTVFS smb server messages */
 		MSG_BRL_RETRY                   = 0x0700,