[SCM] Samba Shared Repository - branch master updated

[Günther Deschner]

The branch, master has been updated
       via  4b6cfbb... s4-lsa: Fix dcesrv_lsa_EnumTrustDom() and avoid infite windows client loop.
       via  209a65b... s3-lsa: Fix _lsa_EnumTrustDom() and avoid infite windows client loop.
      from  48520b2... s4-smbtorture: test whether an lsa_EnumTrustDom implementation would hang up a client.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 4b6cfbb6d27eea07400d0eacb08b2f69724b19ca
Author: Günther Deschner <gd at samba.org>
Date:   Wed Oct 21 02:18:54 2009 +0200

    s4-lsa: Fix dcesrv_lsa_EnumTrustDom() and avoid infite windows client loop.
    
    Found by RPC-LSA-TRUSTED-DOMAIN torture test.
    
    Guenther

commit 209a65bc6f783055f3f6a8cea3fb36587d346511
Author: Günther Deschner <gd at samba.org>
Date:   Wed Oct 21 02:17:32 2009 +0200

    s3-lsa: Fix _lsa_EnumTrustDom() and avoid infite windows client loop.
    
    Found by RPC-LSA-TRUSTED-DOMAIN torture test.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 source3/rpc_server/srv_lsa_nt.c     |    9 +++++++++
 source4/rpc_server/lsa/dcesrv_lsa.c |    9 +++++++++
 2 files changed, 18 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 23ea045..a9a4fa5 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -477,6 +477,15 @@ NTSTATUS _lsa_EnumTrustDom(pipes_struct *p,
 		return STATUS_MORE_ENTRIES;
 	}
 
+	/* according to MS-LSAD 3.1.4.7.8 output resume handle MUST
+	 * always be larger than the previous input resume handle, in
+	 * particular when hitting the last query it is vital to set the
+	 * resume handle correctly to avoid infinite client loops, as
+	 * seen e.g. with Windows XP SP3 when resume handle is 0 and
+	 * status is NT_STATUS_OK - gd */
+
+	*r->out.resume_handle = (uint32_t)-1;
+
 	return NT_STATUS_OK;
 }
 
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 0e6a55e..e35f2d8 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -1660,6 +1660,15 @@ static NTSTATUS dcesrv_lsa_EnumTrustDom(struct dcesrv_call_state *dce_call, TALL
 		return STATUS_MORE_ENTRIES;
 	}
 
+	/* according to MS-LSAD 3.1.4.7.8 output resume handle MUST
+	 * always be larger than the previous input resume handle, in
+	 * particular when hitting the last query it is vital to set the
+	 * resume handle correctly to avoid infinite client loops, as
+	 * seen e.g. with Windows XP SP3 when resume handle is 0 and
+	 * status is NT_STATUS_OK - gd */
+
+	*r->out.resume_handle = (uint32_t)-1;
+
 	return NT_STATUS_OK;
 }
 


-- 
Samba Shared Repository