diff options
author | Volker Lendecke <vl@samba.org> | 2008-05-13 16:41:23 +0200 |
---|---|---|
committer | Volker Lendecke <vl@samba.org> | 2008-05-13 16:54:55 +0200 |
commit | 968ff01d5163b232e10276efbcfd6750f97d81a5 (patch) | |
tree | 5c51f24dd1ea2a83561993a8aea8368b50cbede7 /source | |
parent | deefb1a4bcfdbbf7d045948598140c477591ea44 (diff) | |
download | samba-968ff01d5163b232e10276efbcfd6750f97d81a5.tar.gz |
Revert "Fix signing bug found by Volker. That one was *subtle*."
This reverts commit 040db1ce851909704d093538ba063863fa11f73e.
Diffstat (limited to 'source')
-rw-r--r-- | source/libsmb/clitrans.c | 14 | ||||
-rw-r--r-- | source/libsmb/smb_signing.c | 79 |
2 files changed, 88 insertions, 5 deletions
diff --git a/source/libsmb/clitrans.c b/source/libsmb/clitrans.c index f43a2aa0284..f212f499940 100644 --- a/source/libsmb/clitrans.c +++ b/source/libsmb/clitrans.c @@ -95,9 +95,14 @@ BOOL cli_send_trans(struct cli_state *cli, int trans, return False; } + /* Note we're in a trans state. Save the sequence + * numbers for replies. */ + client_set_trans_sign_state_on(cli, mid); + if (this_ldata < ldata || this_lparam < lparam) { /* receive interim response */ if (!cli_receive_smb(cli) || cli_is_error(cli)) { + client_set_trans_sign_state_off(cli, mid); return(False); } @@ -139,6 +144,7 @@ BOOL cli_send_trans(struct cli_state *cli, int trans, show_msg(cli->outbuf); if (!cli_send_smb(cli)) { + client_set_trans_sign_state_off(cli, mid); return False; } @@ -317,6 +323,7 @@ BOOL cli_receive_trans(struct cli_state *cli,int trans, out: + client_set_trans_sign_state_off(cli, SVAL(cli->inbuf,smb_mid)); return ret; } @@ -384,9 +391,14 @@ BOOL cli_send_nt_trans(struct cli_state *cli, return False; } + /* Note we're in a trans state. Save the sequence + * numbers for replies. */ + client_set_trans_sign_state_on(cli, mid); + if (this_ldata < ldata || this_lparam < lparam) { /* receive interim response */ if (!cli_receive_smb(cli) || cli_is_error(cli)) { + client_set_trans_sign_state_off(cli, mid); return(False); } @@ -428,6 +440,7 @@ BOOL cli_send_nt_trans(struct cli_state *cli, show_msg(cli->outbuf); if (!cli_send_smb(cli)) { + client_set_trans_sign_state_off(cli, mid); return False; } @@ -627,5 +640,6 @@ BOOL cli_receive_nt_trans(struct cli_state *cli, out: + client_set_trans_sign_state_off(cli, SVAL(cli->inbuf,smb_mid)); return ret; } diff --git a/source/libsmb/smb_signing.c b/source/libsmb/smb_signing.c index 6768c2accc6..df74b2db36a 100644 --- a/source/libsmb/smb_signing.c +++ b/source/libsmb/smb_signing.c @@ -26,6 +26,7 @@ struct outstanding_packet_lookup { struct outstanding_packet_lookup *prev, *next; uint16 mid; uint32 reply_seq_num; + BOOL can_delete; /* Set to False in trans state. */ }; struct smb_basic_signing_context { @@ -42,9 +43,7 @@ static BOOL store_sequence_for_reply(struct outstanding_packet_lookup **list, /* Ensure we only add a mid once. */ for (t = *list; t; t = t->next) { if (t->mid == mid) { - DLIST_REMOVE(*list, t); - SAFE_FREE(t); - break; + return False; } } @@ -53,6 +52,7 @@ static BOOL store_sequence_for_reply(struct outstanding_packet_lookup **list, t->mid = mid; t->reply_seq_num = reply_seq_num; + t->can_delete = True; /* * Add to the *start* of the list not the end of the list. @@ -79,8 +79,23 @@ static BOOL get_sequence_for_reply(struct outstanding_packet_lookup **list, *reply_seq_num = t->reply_seq_num; DEBUG(10,("get_sequence_for_reply: found seq = %u mid = %u\n", (unsigned int)t->reply_seq_num, (unsigned int)t->mid )); - DLIST_REMOVE(*list, t); - SAFE_FREE(t); + if (t->can_delete) { + DLIST_REMOVE(*list, t); + SAFE_FREE(t); + } + return True; + } + } + return False; +} + +static BOOL set_sequence_can_delete_flag(struct outstanding_packet_lookup **list, uint16 mid, BOOL can_delete_entry) +{ + struct outstanding_packet_lookup *t; + + for (t = *list; t; t = t->next) { + if (t->mid == mid) { + t->can_delete = can_delete_entry; return True; } } @@ -589,6 +604,60 @@ BOOL cli_check_sign_mac(struct cli_state *cli) } /*********************************************************** + Enter trans/trans2/nttrans state. +************************************************************/ + +BOOL client_set_trans_sign_state_on(struct cli_state *cli, uint16 mid) +{ + struct smb_sign_info *si = &cli->sign_info; + struct smb_basic_signing_context *data = (struct smb_basic_signing_context *)si->signing_context; + + if (!si->doing_signing) { + return True; + } + + if (!data) { + return False; + } + + if (!set_sequence_can_delete_flag(&data->outstanding_packet_list, mid, False)) { + return False; + } + + return True; +} + +/*********************************************************** + Leave trans/trans2/nttrans state. +************************************************************/ + +BOOL client_set_trans_sign_state_off(struct cli_state *cli, uint16 mid) +{ + uint32 reply_seq_num; + struct smb_sign_info *si = &cli->sign_info; + struct smb_basic_signing_context *data = (struct smb_basic_signing_context *)si->signing_context; + + if (!si->doing_signing) { + return True; + } + + if (!data) { + return False; + } + + if (!set_sequence_can_delete_flag(&data->outstanding_packet_list, mid, True)) { + return False; + } + + /* Now delete the stored mid entry. */ + if (!get_sequence_for_reply(&data->outstanding_packet_list, mid, &reply_seq_num)) { + return False; + } + + return True; +} + +/*********************************************************** SMB signing - Server implementation - send the MAC. ************************************************************/ |