[SCM] Samba Shared Repository - branch master updated
Michael Adam
obnox at samba.org
Wed Jul 29 19:32:03 UTC 2015
The branch, master has been updated
via 8c41cbb s3:smb2_server: defer channel/session validation to the session setup code.
via 8ab4b05 s3:smb2_sesssetup: check that the connection belongs to the session in sess.setup
via 19ec5f3 smbXsrv: use smb2srv_session_lookup_client in smbXsrv_session_close_loop
via f6816ae smbXsrv: add smb2srv_session_lookup_client().
via d6acf95 smbXsrv: rename smb2srv_session_lookup -> smb2srv_session_lookup_conn
via c765d11 smbXsrv: add a smbXsrv_connection argument to smb2srv_session_lookup_raw
via 66bf0e5 smbXsrv: add a smbXsrv_connection argument to smbXsrv_session_local_lookup()
from d57e4ac build: fix build with gpfs support - add missing dependency to samba-debug
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8c41cbbf9ea9527b7482ec3ec44ef195dc0917c2
Author: Michael Adam <obnox at samba.org>
Date: Mon Jul 27 09:01:55 2015 +0200
s3:smb2_server: defer channel/session validation to the session setup code.
For session bind, and the channel is only to be bound to the given
session just now, so it is not valid. The early request validation
code can hence not check it, and hence validation is defered to the
actual session setup code, which can look at the session binding flags.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Michael Adam <obnox at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Michael Adam <obnox at samba.org>
Autobuild-Date(master): Wed Jul 29 21:31:09 CEST 2015 on sn-devel-104
commit 8ab4b05d3302d543037973e26609e2d27bb6bc15
Author: Michael Adam <obnox at samba.org>
Date: Wed Jul 29 11:19:55 2015 +0200
s3:smb2_sesssetup: check that the connection belongs to the session in sess.setup
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit 19ec5f3474efa5ce62f78ae723f1e41b87a7c51a
Author: Michael Adam <obnox at samba.org>
Date: Wed Jul 29 10:35:08 2015 +0200
smbXsrv: use smb2srv_session_lookup_client in smbXsrv_session_close_loop
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Michael Adam <obnox at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit f6816ae5bdaa0aceca154c16ad845afe781beb30
Author: Michael Adam <obnox at samba.org>
Date: Mon Jul 27 08:59:57 2015 +0200
smbXsrv: add smb2srv_session_lookup_client().
This is a variant of smb2srv_session_lookup_conn() that does
not verify the session on the channel.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Michael Adam <obnox at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit d6acf950e4bbff294fe8d6cabadee39717910d1e
Author: Michael Adam <obnox at samba.org>
Date: Wed Jul 29 10:23:14 2015 +0200
smbXsrv: rename smb2srv_session_lookup -> smb2srv_session_lookup_conn
This is in preparation of adding a variant that operates
on the client and does in particular not verify that the
connection belongs to a session as a channel.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Michael Adam <obnox at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit c765d11347048c46dc0e1cb5cc1e0da747b73524
Author: Michael Adam <obnox at samba.org>
Date: Fri May 8 23:15:51 2015 +0200
smbXsrv: add a smbXsrv_connection argument to smb2srv_session_lookup_raw
This way, we can verify that the session is valid on a channel.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Michael Adam <obnox at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 66bf0e51bc864d87ef1db5b52dd54da28b75af52
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri May 8 23:12:19 2015 +0200
smbXsrv: add a smbXsrv_connection argument to smbXsrv_session_local_lookup()
This way, we can verify that a session is valid on the channel.
Pair-Programmed-With: Michael Adam <obnox at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Michael Adam <obnox at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/globals.h | 9 +++++---
source3/smbd/smb2_break.c | 8 +++----
source3/smbd/smb2_server.c | 27 ++++++++++++++++++-----
source3/smbd/smb2_sesssetup.c | 8 +++++++
source3/smbd/smbXsrv_session.c | 49 ++++++++++++++++++++++++++++++++++--------
5 files changed, 80 insertions(+), 21 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index 35a3ee9..1885629 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -553,9 +553,12 @@ NTSTATUS smb1srv_session_lookup(struct smbXsrv_connection *conn,
uint16_t vuid, NTTIME now,
struct smbXsrv_session **session);
NTSTATUS smb2srv_session_table_init(struct smbXsrv_connection *conn);
-NTSTATUS smb2srv_session_lookup(struct smbXsrv_connection *conn,
- uint64_t session_id, NTTIME now,
- struct smbXsrv_session **session);
+NTSTATUS smb2srv_session_lookup_conn(struct smbXsrv_connection *conn,
+ uint64_t session_id, NTTIME now,
+ struct smbXsrv_session **session);
+NTSTATUS smb2srv_session_lookup_client(struct smbXsrv_client *client,
+ uint64_t session_id, NTTIME now,
+ struct smbXsrv_session **session);
struct smbXsrv_session_global0;
NTSTATUS smbXsrv_session_global_traverse(
int (*fn)(struct smbXsrv_session_global0 *, void *),
diff --git a/source3/smbd/smb2_break.c b/source3/smbd/smb2_break.c
index 5eab0a1..4c5d62e 100644
--- a/source3/smbd/smb2_break.c
+++ b/source3/smbd/smb2_break.c
@@ -450,10 +450,10 @@ void send_break_message_smb2(files_struct *fsp,
*/
xconn = fsp->conn->sconn->client->connections;
- status = smb2srv_session_lookup(xconn,
- fsp->vuid,
- now,
- &session);
+ status = smb2srv_session_lookup_conn(xconn,
+ fsp->vuid,
+ now,
+ &session);
if (NT_STATUS_EQUAL(status, NT_STATUS_USER_SESSION_DELETED) ||
(session == NULL))
{
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 2ea997e..a0b1bfc 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -393,7 +393,8 @@ static NTSTATUS smbd_smb2_inbuf_parse_compound(struct smbXsrv_connection *xconn,
goto inval;
}
- status = smb2srv_session_lookup(xconn, uid, now, &s);
+ status = smb2srv_session_lookup_conn(xconn, uid, now,
+ &s);
if (s == NULL) {
DEBUG(1, ("invalid session[%llu] in "
"SMB2_TRANSFORM header\n",
@@ -1832,10 +1833,26 @@ static NTSTATUS smbd_smb2_request_check_session(struct smbd_smb2_request *req)
req->last_session_id = 0;
- /* lookup an existing session */
- status = smb2srv_session_lookup(req->xconn,
- in_session_id, now,
- &session);
+ /* look an existing session up */
+ switch (in_opcode) {
+ case SMB2_OP_SESSSETUP:
+ /*
+ * For a session bind request, we don't have the
+ * channel set up at this point yet, so we defer
+ * the verification that the connection belongs
+ * to the session to the session setup code, which
+ * can look at the session binding flags.
+ */
+ status = smb2srv_session_lookup_client(req->xconn->client,
+ in_session_id, now,
+ &session);
+ break;
+ default:
+ status = smb2srv_session_lookup_conn(req->xconn,
+ in_session_id, now,
+ &session);
+ break;
+ }
if (session) {
req->session = session;
req->last_session_id = in_session_id;
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 11d381f..3233846 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -561,6 +561,7 @@ static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
NTSTATUS status;
NTTIME now = timeval_to_nttime(&smb2req->request_time);
struct tevent_req *subreq;
+ struct smbXsrv_channel_global0 *c = NULL;
req = tevent_req_create(mem_ctx, &state,
struct smbd_smb2_session_setup_state);
@@ -618,6 +619,13 @@ static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
}
}
+ status = smbXsrv_session_find_channel(smb2req->session,
+ smb2req->xconn, &c);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return tevent_req_post(req, ev);
+ }
+
if (state->session->gensec == NULL) {
status = auth_generic_prepare(state->session,
state->smb2req->xconn->remote_address,
diff --git a/source3/smbd/smbXsrv_session.c b/source3/smbd/smbXsrv_session.c
index 3201670..ff4f14f 100644
--- a/source3/smbd/smbXsrv_session.c
+++ b/source3/smbd/smbXsrv_session.c
@@ -52,6 +52,8 @@ struct smbXsrv_session_table {
};
static NTSTATUS smb2srv_session_lookup_raw(struct smbXsrv_session_table *table,
+ /* conn: optional */
+ struct smbXsrv_connection *conn,
uint64_t session_id, NTTIME now,
struct smbXsrv_session **session);
@@ -280,9 +282,9 @@ static void smbXsrv_session_close_loop(struct tevent_req *subreq)
goto next;
}
- status = smb2srv_session_lookup_raw(client->session_table,
- close_info0->old_session_wire_id,
- now, &session);
+ status = smb2srv_session_lookup_client(client,
+ close_info0->old_session_wire_id,
+ now, &session);
if (NT_STATUS_EQUAL(status, NT_STATUS_USER_SESSION_DELETED)) {
DEBUG(4,("smbXsrv_session_close_loop: "
"old_session_wire_id %llu not found\n",
@@ -584,6 +586,8 @@ static void smbXsrv_session_local_fetch_parser(TDB_DATA key, TDB_DATA data,
}
static NTSTATUS smbXsrv_session_local_lookup(struct smbXsrv_session_table *table,
+ /* conn: optional */
+ struct smbXsrv_connection *conn,
uint32_t session_local_id,
NTTIME now,
struct smbXsrv_session **_session)
@@ -629,6 +633,19 @@ static NTSTATUS smbXsrv_session_local_lookup(struct smbXsrv_session_table *table
return NT_STATUS_USER_SESSION_DELETED;
}
+ /*
+ * If a connection is specified check if the session is
+ * valid on the channel.
+ */
+ if (conn != NULL) {
+ struct smbXsrv_channel_global0 *c = NULL;
+
+ status = smbXsrv_session_find_channel(state.session, conn, &c);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ }
+
state.session->idle_time = now;
if (!NT_STATUS_IS_OK(state.session->status)) {
@@ -1719,7 +1736,8 @@ NTSTATUS smb1srv_session_lookup(struct smbXsrv_connection *conn,
struct smbXsrv_session_table *table = conn->client->session_table;
uint32_t local_id = vuid;
- return smbXsrv_session_local_lookup(table, local_id, now, session);
+ return smbXsrv_session_local_lookup(table, conn, local_id, now,
+ session);
}
NTSTATUS smb2srv_session_table_init(struct smbXsrv_connection *conn)
@@ -1732,6 +1750,8 @@ NTSTATUS smb2srv_session_table_init(struct smbXsrv_connection *conn)
}
static NTSTATUS smb2srv_session_lookup_raw(struct smbXsrv_session_table *table,
+ /* conn: optional */
+ struct smbXsrv_connection *conn,
uint64_t session_id, NTTIME now,
struct smbXsrv_session **session)
{
@@ -1742,15 +1762,26 @@ static NTSTATUS smb2srv_session_lookup_raw(struct smbXsrv_session_table *table,
return NT_STATUS_USER_SESSION_DELETED;
}
- return smbXsrv_session_local_lookup(table, local_id, now, session);
+ return smbXsrv_session_local_lookup(table, conn, local_id, now,
+ session);
}
-NTSTATUS smb2srv_session_lookup(struct smbXsrv_connection *conn,
- uint64_t session_id, NTTIME now,
- struct smbXsrv_session **session)
+NTSTATUS smb2srv_session_lookup_conn(struct smbXsrv_connection *conn,
+ uint64_t session_id, NTTIME now,
+ struct smbXsrv_session **session)
{
struct smbXsrv_session_table *table = conn->client->session_table;
- return smb2srv_session_lookup_raw(table, session_id, now, session);
+ return smb2srv_session_lookup_raw(table, conn, session_id, now,
+ session);
+}
+
+NTSTATUS smb2srv_session_lookup_client(struct smbXsrv_client *client,
+ uint64_t session_id, NTTIME now,
+ struct smbXsrv_session **session)
+{
+ struct smbXsrv_session_table *table = client->session_table;
+ return smb2srv_session_lookup_raw(table, NULL, session_id, now,
+ session);
}
struct smbXsrv_session_global_traverse_state {
--
Samba Shared Repository
More information about the samba-cvs
mailing list