svn commit: samba r18363 - in branches/SAMBA_4_0/source/rpc_server: .

Mon Sep 11 06:17:13 GMT 2006

Author: abartlet
Date: 2006-09-11 06:17:12 +0000 (Mon, 11 Sep 2006)
New Revision: 18363

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=18363

Log:
Found a rather nasty bug in our fragment handling.

We were adding packet fragments onto the *reply* queue, not the
recieve queue.  This worked, as long as we got a whole packet before
we did any reply work, but failed once the backend called a remote
LDAP server (and I presume something invoked the event loop).

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c
   branches/SAMBA_4_0/source/rpc_server/dcerpc_server.h


Changeset:
Modified: branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c
===================================================================

--- branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c	2006-09-11 06:15:39 UTC (rev 18362)
+++ branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c	2006-09-11 06:17:12 UTC (rev 18363)
@@ -133,12 +133,12 @@
 }
 
 /*
-  find a call that is pending in our call list
+  find the earlier parts of a fragmented call awaiting reassembily
 */
-static struct dcesrv_call_state *dcesrv_find_call(struct dcesrv_connection *dce_conn, uint16_t call_id)
+static struct dcesrv_call_state *dcesrv_find_fragmented_call(struct dcesrv_connection *dce_conn, uint16_t call_id)
 {
 	struct dcesrv_call_state *c;
-	for (c=dce_conn->call_list;c;c=c->next) {
+	for (c=dce_conn->incoming_fragmented_call_list;c;c=c->next) {
 		if (c->pkt.call_id == call_id) {
 			return c;
 		}
@@ -1013,7 +1013,7 @@
 
 		/* this is a continuation of an existing call - find the call then
 		   tack it on the end */
-		call = dcesrv_find_call(dce_conn, call2->pkt.call_id);
+		call = dcesrv_find_fragmented_call(dce_conn, call2->pkt.call_id);
 		if (!call) {
 			return dcesrv_fault(call2, DCERPC_FAULT_OTHER);
 		}
@@ -1049,10 +1049,11 @@
 	}
 
 	/* this may not be the last pdu in the chain - if its isn't then
-	   just put it on the call_list and wait for the rest */
+	   just put it on the incoming_fragmented_call_list and wait for the rest */
 	if (call->pkt.ptype == DCERPC_PKT_REQUEST &&
 	    !(call->pkt.pfc_flags & DCERPC_PFC_FLAG_LAST)) {
-		DLIST_ADD_END(dce_conn->call_list, call, struct dcesrv_call_state *);
+		DLIST_ADD_END(dce_conn->incoming_fragmented_call_list, call, 
+			      struct dcesrv_call_state *);
 		return NT_STATUS_OK;
 	}
 

Modified: branches/SAMBA_4_0/source/rpc_server/dcerpc_server.h
===================================================================
--- branches/SAMBA_4_0/source/rpc_server/dcerpc_server.h	2006-09-11 06:15:39 UTC (rev 18362)
+++ branches/SAMBA_4_0/source/rpc_server/dcerpc_server.h	2006-09-11 06:17:12 UTC (rev 18363)
@@ -168,12 +168,15 @@
 	/* a list of established context_ids */
 	struct dcesrv_connection_context *contexts;
 
-	/* the state of the current calls */
-	struct dcesrv_call_state *call_list;
+	/* the state of the current incoming call fragments */
+	struct dcesrv_call_state *incoming_fragmented_call_list;
 
 	/* the state of the async pending calls */
 	struct dcesrv_call_state *pending_call_list;
 
+	/* the state of the current outgoing calls */
+	struct dcesrv_call_state *call_list;
+
 	/* the maximum size the client wants to receive */
 	uint32_t cli_max_recv_frag;
 

