summaryrefslogtreecommitdiff
path: root/source
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2008-05-13 16:41:23 +0200
committerVolker Lendecke <vl@samba.org>2008-05-13 16:54:55 +0200
commit968ff01d5163b232e10276efbcfd6750f97d81a5 (patch)
tree5c51f24dd1ea2a83561993a8aea8368b50cbede7 /source
parentdeefb1a4bcfdbbf7d045948598140c477591ea44 (diff)
downloadsamba-968ff01d5163b232e10276efbcfd6750f97d81a5.tar.gz
Revert "Fix signing bug found by Volker. That one was *subtle*."
This reverts commit 040db1ce851909704d093538ba063863fa11f73e.
Diffstat (limited to 'source')
-rw-r--r--source/libsmb/clitrans.c14
-rw-r--r--source/libsmb/smb_signing.c79
2 files changed, 88 insertions, 5 deletions
diff --git a/source/libsmb/clitrans.c b/source/libsmb/clitrans.c
index f43a2aa0284..f212f499940 100644
--- a/source/libsmb/clitrans.c
+++ b/source/libsmb/clitrans.c
@@ -95,9 +95,14 @@ BOOL cli_send_trans(struct cli_state *cli, int trans,
return False;
}
+ /* Note we're in a trans state. Save the sequence
+ * numbers for replies. */
+ client_set_trans_sign_state_on(cli, mid);
+
if (this_ldata < ldata || this_lparam < lparam) {
/* receive interim response */
if (!cli_receive_smb(cli) || cli_is_error(cli)) {
+ client_set_trans_sign_state_off(cli, mid);
return(False);
}
@@ -139,6 +144,7 @@ BOOL cli_send_trans(struct cli_state *cli, int trans,
show_msg(cli->outbuf);
if (!cli_send_smb(cli)) {
+ client_set_trans_sign_state_off(cli, mid);
return False;
}
@@ -317,6 +323,7 @@ BOOL cli_receive_trans(struct cli_state *cli,int trans,
out:
+ client_set_trans_sign_state_off(cli, SVAL(cli->inbuf,smb_mid));
return ret;
}
@@ -384,9 +391,14 @@ BOOL cli_send_nt_trans(struct cli_state *cli,
return False;
}
+ /* Note we're in a trans state. Save the sequence
+ * numbers for replies. */
+ client_set_trans_sign_state_on(cli, mid);
+
if (this_ldata < ldata || this_lparam < lparam) {
/* receive interim response */
if (!cli_receive_smb(cli) || cli_is_error(cli)) {
+ client_set_trans_sign_state_off(cli, mid);
return(False);
}
@@ -428,6 +440,7 @@ BOOL cli_send_nt_trans(struct cli_state *cli,
show_msg(cli->outbuf);
if (!cli_send_smb(cli)) {
+ client_set_trans_sign_state_off(cli, mid);
return False;
}
@@ -627,5 +640,6 @@ BOOL cli_receive_nt_trans(struct cli_state *cli,
out:
+ client_set_trans_sign_state_off(cli, SVAL(cli->inbuf,smb_mid));
return ret;
}
diff --git a/source/libsmb/smb_signing.c b/source/libsmb/smb_signing.c
index 6768c2accc6..df74b2db36a 100644
--- a/source/libsmb/smb_signing.c
+++ b/source/libsmb/smb_signing.c
@@ -26,6 +26,7 @@ struct outstanding_packet_lookup {
struct outstanding_packet_lookup *prev, *next;
uint16 mid;
uint32 reply_seq_num;
+ BOOL can_delete; /* Set to False in trans state. */
};
struct smb_basic_signing_context {
@@ -42,9 +43,7 @@ static BOOL store_sequence_for_reply(struct outstanding_packet_lookup **list,
/* Ensure we only add a mid once. */
for (t = *list; t; t = t->next) {
if (t->mid == mid) {
- DLIST_REMOVE(*list, t);
- SAFE_FREE(t);
- break;
+ return False;
}
}
@@ -53,6 +52,7 @@ static BOOL store_sequence_for_reply(struct outstanding_packet_lookup **list,
t->mid = mid;
t->reply_seq_num = reply_seq_num;
+ t->can_delete = True;
/*
* Add to the *start* of the list not the end of the list.
@@ -79,8 +79,23 @@ static BOOL get_sequence_for_reply(struct outstanding_packet_lookup **list,
*reply_seq_num = t->reply_seq_num;
DEBUG(10,("get_sequence_for_reply: found seq = %u mid = %u\n",
(unsigned int)t->reply_seq_num, (unsigned int)t->mid ));
- DLIST_REMOVE(*list, t);
- SAFE_FREE(t);
+ if (t->can_delete) {
+ DLIST_REMOVE(*list, t);
+ SAFE_FREE(t);
+ }
+ return True;
+ }
+ }
+ return False;
+}
+
+static BOOL set_sequence_can_delete_flag(struct outstanding_packet_lookup **list, uint16 mid, BOOL can_delete_entry)
+{
+ struct outstanding_packet_lookup *t;
+
+ for (t = *list; t; t = t->next) {
+ if (t->mid == mid) {
+ t->can_delete = can_delete_entry;
return True;
}
}
@@ -589,6 +604,60 @@ BOOL cli_check_sign_mac(struct cli_state *cli)
}
/***********************************************************
+ Enter trans/trans2/nttrans state.
+************************************************************/
+
+BOOL client_set_trans_sign_state_on(struct cli_state *cli, uint16 mid)
+{
+ struct smb_sign_info *si = &cli->sign_info;
+ struct smb_basic_signing_context *data = (struct smb_basic_signing_context *)si->signing_context;
+
+ if (!si->doing_signing) {
+ return True;
+ }
+
+ if (!data) {
+ return False;
+ }
+
+ if (!set_sequence_can_delete_flag(&data->outstanding_packet_list, mid, False)) {
+ return False;
+ }
+
+ return True;
+}
+
+/***********************************************************
+ Leave trans/trans2/nttrans state.
+************************************************************/
+
+BOOL client_set_trans_sign_state_off(struct cli_state *cli, uint16 mid)
+{
+ uint32 reply_seq_num;
+ struct smb_sign_info *si = &cli->sign_info;
+ struct smb_basic_signing_context *data = (struct smb_basic_signing_context *)si->signing_context;
+
+ if (!si->doing_signing) {
+ return True;
+ }
+
+ if (!data) {
+ return False;
+ }
+
+ if (!set_sequence_can_delete_flag(&data->outstanding_packet_list, mid, True)) {
+ return False;
+ }
+
+ /* Now delete the stored mid entry. */
+ if (!get_sequence_for_reply(&data->outstanding_packet_list, mid, &reply_seq_num)) {
+ return False;
+ }
+
+ return True;
+}
+
+/***********************************************************
SMB signing - Server implementation - send the MAC.
************************************************************/