[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Wed May 6 17:22:05 MDT 2015


The branch, master has been updated
       via  c49ad3f s3:selftest: run smb2.notify with --signing=required
       via  f719414 s3:smb2_tcon: cancel pending requests on all connections on tdis
       via  5871d3d s3:smb2_sesssetup: remove unused smbd_smb2_session_setup_* destructors
       via  50aeb6b s3:smb2_sesssetup: add smbd_smb2_session_setup_wrap_send/recv()
       via  8f0d4d1 s3:smb2_sesssetup: always assign smb2req->session when a session was created.
       via  95057fe s3:smb2_sesssetup: let smbd_smb2_logoff_* use smbXsrv_session_shutdown_*
       via  cc9d52e s3:smbXsrv_session: cancel pending requests when we logoff a previous session
       via  4fceb45 s3:smbXsrv_session: add smb2srv_session_shutdown_send/recv helper functions
       via  b6c34a0 s3:smbXsrv_session: clear smb2req->session of pending requests in smbXsrv_session_logoff_all_callback()
       via  7fea421 s3:smbXsrv_session: clear smb2req->session of pending requests in smbXsrv_session_destructor()
       via  f435c89 s4:torture/smb2: add smb2.notify.session-reconnect test
       via  a8ec77e s4:torture/smb2: add smb2.notify.invalid-reauth test
       via  44f9e10 s4:torture/smb2: add smb2.notify.close test
       via  4bfa6b0 s4:torture/smb2: verify STATUS_NOTIFY_CLEANUP return value
       via  5169e9b s3:smbd: use STATUS_NOTIFY_CLEANUP on smb2 logoff (explicit and implicit) and tdis
       via  a5981d1 s3:smbd: use STATUS_NOTIFY_CLEANUP when closing a smb2 directory handle
       via  2c47fb1 s3:smbd: add a smbd_notify_cancel_by_map() helper function
      from  e8081af winbind: Fix CID 1035545 Uninitialized scalar variable

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit c49ad3f89530d078fdd6ffcd1a6dc8c38be9169b
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri May 1 20:26:41 2015 +0200

    s3:selftest: run smb2.notify with --signing=required
    
    This reproduces a bug withe implicit canceled requests.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Thu May  7 01:21:44 CEST 2015 on sn-devel-104

commit f71941491bbba20f394bd2f44425d7c21e90ba92
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri May 1 16:50:55 2015 +0200

    s3:smb2_tcon: cancel pending requests on all connections on tdis
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 5871d3da871349cba058bb91218ae58107cf05c8
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sat May 2 16:29:03 2015 +0200

    s3:smb2_sesssetup: remove unused smbd_smb2_session_setup_* destructors
    
    The cleanup of a failing session setup is now handled in
    smbd_smb2_session_setup_wrap_*().
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 50aeb6b38b14d6c26229834ece3c32eb50f9e56a
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sat May 2 16:21:25 2015 +0200

    s3:smb2_sesssetup: add smbd_smb2_session_setup_wrap_send/recv()
    
    The wrapper calls smbXsrv_session_shutdown_send/recv() in case of an error,
    this makes sure a failing reauth shuts down the session like an explicit logoff.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 8f0d4d1132b74615dc6198ab736590dec52effda
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sat May 2 16:27:26 2015 +0200

    s3:smb2_sesssetup: always assign smb2req->session when a session was created.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 95057fe375348b918cb2ca58109f4c110a4a5f77
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sat May 2 16:20:06 2015 +0200

    s3:smb2_sesssetup: let smbd_smb2_logoff_* use smbXsrv_session_shutdown_*
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit cc9d52e10f4f1b192171e03674061d4e8e6bcc84
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sat May 2 16:13:27 2015 +0200

    s3:smbXsrv_session: cancel pending requests when we logoff a previous session
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 4fceb4531ccd6bb1fd6ebd7b6eb5b894959bc010
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sat May 2 09:57:03 2015 +0200

    s3:smbXsrv_session: add smb2srv_session_shutdown_send/recv helper functions
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit b6c34a07760141bda3e78624d62eb556bb70da65
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sat May 2 16:17:34 2015 +0200

    s3:smbXsrv_session: clear smb2req->session of pending requests in smbXsrv_session_logoff_all_callback()
    
    smbXsrv_session_logoff_all_callback() is called when the last transport
    connection is gone, which means we won't need to sign any response...
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 7fea42110596e8e9da0155d726aaa72223107fbd
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sat May 2 16:09:40 2015 +0200

    s3:smbXsrv_session: clear smb2req->session of pending requests in smbXsrv_session_destructor()
    
    This won't be needed typically needed as the caller is supposted to cancel
    the requests already, but this makes sure we don't keep dangling pointers.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit f435c89d61385272bf5b79f82f6e1373908d2b94
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sat May 2 09:57:03 2015 +0200

    s4:torture/smb2: add smb2.notify.session-reconnect test
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit a8ec77e86b17213eeb6a51a835639d79e9486223
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri May 1 20:20:50 2015 +0200

    s4:torture/smb2: add smb2.notify.invalid-reauth test
    
    An invalid reauth closes the session.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 44f9e1052de81a0a3052997e7e19a01813fbec43
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri May 1 20:20:50 2015 +0200

    s4:torture/smb2: add smb2.notify.close test
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 4bfa6b024e530694741c7c07171fa09762578389
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri May 1 20:19:42 2015 +0200

    s4:torture/smb2: verify STATUS_NOTIFY_CLEANUP return value
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 5169e9b20c69092d04b596f48ca0e69a46af438f
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri May 1 20:02:38 2015 +0200

    s3:smbd: use STATUS_NOTIFY_CLEANUP on smb2 logoff (explicit and implicit) and tdis
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit a5981d137461e5715c92a4fb4cdeaa650f34e999
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri May 1 20:02:38 2015 +0200

    s3:smbd: use STATUS_NOTIFY_CLEANUP when closing a smb2 directory handle
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 2c47fb16089602a42f62124520e58bdcd8c7d053
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri May 1 20:04:55 2015 +0200

    s3:smbd: add a smbd_notify_cancel_by_map() helper function
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 selftest/knownfail             |   1 -
 source3/selftest/tests.py      |   3 +
 source3/smbd/close.c           |  15 +-
 source3/smbd/globals.h         |   5 +
 source3/smbd/notify.c          |  33 +++-
 source3/smbd/smb2_sesssetup.c  | 361 +++++++++++++++++++++--------------------
 source3/smbd/smb2_tcon.c       |  66 ++++----
 source3/smbd/smbXsrv_session.c | 212 +++++++++++++++++++++++-
 source4/torture/smb2/notify.c  | 235 +++++++++++++++++++++++++++
 9 files changed, 708 insertions(+), 223 deletions(-)


Changeset truncated at 500 lines:

diff --git a/selftest/knownfail b/selftest/knownfail
index 3262c9c..26aed77 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -189,7 +189,6 @@
 ^samba3.smb2.create.blob
 ^samba3.smb2.create.open
 ^samba3.smb2.notify.valid-req
-^samba3.smb2.notify.dir
 ^samba3.smb2.notify.rec
 ^samba3.smb2.durable-open.delete_on_close2
 ^samba3.smb2.durable-v2-open.app-instance
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 7436d26..dd06e07 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -383,6 +383,9 @@ for t in tests:
     elif t == "local.nss":
         for env in ["nt4_dc:local", "ad_member:local", "nt4_member:local", "ad_dc:local", "ad_dc_ntvfs:local"]:
             plansmbtorture4testsuite(t, env, '//$SERVER/tmp -U$USERNAME%$PASSWORD')
+    elif t == "smb2.notify":
+        plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD --signing=required')
+        plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD --signing=required')
     else:
         plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
         plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD')
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 09be2e7..0e75bf0 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -1050,6 +1050,13 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp,
 	NTSTATUS status1 = NT_STATUS_OK;
 	const struct security_token *del_nt_token = NULL;
 	const struct security_unix_token *del_token = NULL;
+	NTSTATUS notify_status;
+
+	if (fsp->conn->sconn->using_smb2) {
+		notify_status = STATUS_NOTIFY_CLEANUP;
+	} else {
+		notify_status = NT_STATUS_OK;
+	}
 
 	/*
 	 * NT can set delete_on_close of the last open
@@ -1159,8 +1166,8 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp,
 		 * now fail as the directory has been deleted.
 		 */
 
-		if(NT_STATUS_IS_OK(status)) {
-			remove_pending_change_notify_requests_by_fid(fsp, NT_STATUS_DELETE_PENDING);
+		if (NT_STATUS_IS_OK(status)) {
+			notify_status = NT_STATUS_DELETE_PENDING;
 		}
 	} else {
 		if (!del_share_mode(lck, fsp)) {
@@ -1169,10 +1176,10 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp,
 		}
 
 		TALLOC_FREE(lck);
-		remove_pending_change_notify_requests_by_fid(
-			fsp, NT_STATUS_OK);
 	}
 
+	remove_pending_change_notify_requests_by_fid(fsp, notify_status);
+
 	status1 = fd_close(fsp);
 
 	if (!NT_STATUS_IS_OK(status1)) {
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index c7e2608..22cf5d6 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -537,6 +537,11 @@ struct smbXsrv_channel_global0;
 NTSTATUS smbXsrv_session_find_channel(const struct smbXsrv_session *session,
 				      const struct smbXsrv_connection *conn,
 				      struct smbXsrv_channel_global0 **_c);
+struct tevent_req *smb2srv_session_shutdown_send(TALLOC_CTX *mem_ctx,
+					struct tevent_context *ev,
+					struct smbXsrv_session *session,
+					struct smbd_smb2_request *current_req);
+NTSTATUS smb2srv_session_shutdown_recv(struct tevent_req *req);
 NTSTATUS smbXsrv_session_logoff(struct smbXsrv_session *session);
 NTSTATUS smbXsrv_session_logoff_all(struct smbXsrv_connection *conn);
 NTSTATUS smb1srv_session_table_init(struct smbXsrv_connection *conn);
diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c
index 3f2d07c..b3079d2 100644
--- a/source3/smbd/notify.c
+++ b/source3/smbd/notify.c
@@ -375,6 +375,31 @@ static void change_notify_remove_request(struct smbd_server_connection *sconn,
 	TALLOC_FREE(req);
 }
 
+static void smbd_notify_cancel_by_map(struct notify_mid_map *map)
+{
+	struct smb_request *smbreq = map->req->req;
+	struct smbd_server_connection *sconn = smbreq->sconn;
+	struct smbd_smb2_request *smb2req = smbreq->smb2req;
+	NTSTATUS notify_status = NT_STATUS_CANCELLED;
+
+	if (smb2req != NULL) {
+		if (smb2req->session == NULL) {
+			notify_status = STATUS_NOTIFY_CLEANUP;
+		} else if (!NT_STATUS_IS_OK(smb2req->session->status)) {
+			notify_status = STATUS_NOTIFY_CLEANUP;
+		}
+		if (smb2req->tcon == NULL) {
+			notify_status = STATUS_NOTIFY_CLEANUP;
+		} else if (!NT_STATUS_IS_OK(smb2req->tcon->status)) {
+			notify_status = STATUS_NOTIFY_CLEANUP;
+		}
+	}
+
+	change_notify_reply(smbreq, notify_status,
+			    0, NULL, map->req->reply_fn);
+	change_notify_remove_request(sconn, map->req);
+}
+
 /****************************************************************************
  Delete entries by mid from the change notify pending queue. Always send reply.
 *****************************************************************************/
@@ -394,9 +419,7 @@ void remove_pending_change_notify_requests_by_mid(
 		return;
 	}
 
-	change_notify_reply(map->req->req,
-			    NT_STATUS_CANCELLED, 0, NULL, map->req->reply_fn);
-	change_notify_remove_request(sconn, map->req);
+	smbd_notify_cancel_by_map(map);
 }
 
 void smbd_notify_cancel_by_smbreq(const struct smb_request *smbreq)
@@ -414,9 +437,7 @@ void smbd_notify_cancel_by_smbreq(const struct smb_request *smbreq)
 		return;
 	}
 
-	change_notify_reply(map->req->req,
-			    NT_STATUS_CANCELLED, 0, NULL, map->req->reply_fn);
-	change_notify_remove_request(sconn, map->req);
+	smbd_notify_cancel_by_map(map);
 }
 
 static struct files_struct *smbd_notify_cancel_deleted_fn(
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index fb7edce..c56e480 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -29,7 +29,7 @@
 #include "../libcli/security/security.h"
 #include "../lib/util/tevent_ntstatus.h"
 
-static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
+static struct tevent_req *smbd_smb2_session_setup_wrap_send(TALLOC_CTX *mem_ctx,
 					struct tevent_context *ev,
 					struct smbd_smb2_request *smb2req,
 					uint64_t in_session_id,
@@ -37,7 +37,7 @@ static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
 					uint8_t in_security_mode,
 					uint64_t in_previous_session_id,
 					DATA_BLOB in_security_buffer);
-static NTSTATUS smbd_smb2_session_setup_recv(struct tevent_req *req,
+static NTSTATUS smbd_smb2_session_setup_wrap_recv(struct tevent_req *req,
 					uint16_t *out_session_flags,
 					TALLOC_CTX *mem_ctx,
 					DATA_BLOB *out_security_buffer,
@@ -87,14 +87,14 @@ NTSTATUS smbd_smb2_request_process_sesssetup(struct smbd_smb2_request *smb2req)
 	in_security_buffer.data = SMBD_SMB2_IN_DYN_PTR(smb2req);
 	in_security_buffer.length = in_security_length;
 
-	subreq = smbd_smb2_session_setup_send(smb2req,
-					      smb2req->sconn->ev_ctx,
-					      smb2req,
-					      in_session_id,
-					      in_flags,
-					      in_security_mode,
-					      in_previous_session_id,
-					      in_security_buffer);
+	subreq = smbd_smb2_session_setup_wrap_send(smb2req,
+						   smb2req->sconn->ev_ctx,
+						   smb2req,
+						   in_session_id,
+						   in_flags,
+						   in_security_mode,
+						   in_previous_session_id,
+						   in_security_buffer);
 	if (subreq == NULL) {
 		return smbd_smb2_request_error(smb2req, NT_STATUS_NO_MEMORY);
 	}
@@ -118,11 +118,11 @@ static void smbd_smb2_request_sesssetup_done(struct tevent_req *subreq)
 	NTSTATUS status;
 	NTSTATUS error; /* transport error */
 
-	status = smbd_smb2_session_setup_recv(subreq,
-					      &out_session_flags,
-					      smb2req,
-					      &out_security_buffer,
-					      &out_session_id);
+	status = smbd_smb2_session_setup_wrap_recv(subreq,
+						   &out_session_flags,
+						   smb2req,
+						   &out_security_buffer,
+						   &out_session_id);
 	TALLOC_FREE(subreq);
 	if (!NT_STATUS_IS_OK(status) &&
 	    !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
@@ -368,7 +368,6 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
 	 * we attach the session to the request
 	 * so that the response can be signed
 	 */
-	smb2req->session = session;
 	if (!guest) {
 		smb2req->do_signing = true;
 	}
@@ -449,94 +448,12 @@ struct smbd_smb2_session_setup_state {
 	uint16_t out_session_flags;
 	DATA_BLOB out_security_buffer;
 	uint64_t out_session_id;
-	/* The following pointer is owned by state->session. */
-	struct smbd_smb2_session_setup_state **pp_self_ref;
 };
 
-static int pp_self_ref_destructor(struct smbd_smb2_session_setup_state **pp_state)
-{
-	(*pp_state)->session = NULL;
-	/*
-	 * To make things clearer, ensure the pp_self_ref
-	 * pointer is nulled out. We're never going to
-	 * access this again.
-	 */
-	(*pp_state)->pp_self_ref = NULL;
-	return 0;
-}
-
-static int smbd_smb2_session_setup_state_destructor(struct smbd_smb2_session_setup_state *state)
-{
-	struct smbXsrv_connection *xconn;
-	struct smbd_smb2_request *preq;
-
-	/*
-	 * If state->session is not NULL,
-	 * we move the session from the session table to the request on failure
-	 * so that the error response can be correctly signed, but the session
-	 * is then really deleted when the request is done.
-	 */
-
-	if (state->session == NULL) {
-		return 0;
-	}
-
-	state->session->status = NT_STATUS_USER_SESSION_DELETED;
-	state->smb2req->session = talloc_move(state->smb2req, &state->session);
-
-	/*
-	 * We own the session now - we don't need the
-	 * tag talloced on session that keeps track of session independently.
-	 */
-	TALLOC_FREE(state->pp_self_ref);
-
-	/*
-	 * We've made this session owned by the current request.
-	 * Ensure that any outstanding requests don't also refer
-	 * to it.
-	 */
-	xconn = state->smb2req->xconn;
-
-	for (preq = xconn->smb2.requests; preq != NULL; preq = preq->next) {
-		if (preq == state->smb2req) {
-			continue;
-		}
-		if (preq->session == state->smb2req->session) {
-			preq->session = NULL;
-			/*
-			 * If we no longer have a session we can't
-			 * sign or encrypt replies.
-			 */
-			preq->do_signing = false;
-			preq->do_encryption = false;
-		}
-	}
-
-	return 0;
-}
-
 static void smbd_smb2_session_setup_gensec_done(struct tevent_req *subreq);
 static void smbd_smb2_session_setup_previous_done(struct tevent_req *subreq);
 static void smbd_smb2_session_setup_auth_return(struct tevent_req *req);
 
-/************************************************************************
- We have to tag the state->session pointer with memory talloc'ed
- on it to ensure it gets NULL'ed out if the underlying struct smbXsrv_session
- is deleted by shutdown whilst this request is in flight.
-************************************************************************/
-
-static NTSTATUS tag_state_session_ptr(struct smbd_smb2_session_setup_state *state)
-{
-	state->pp_self_ref = talloc_zero(state->session,
-			struct smbd_smb2_session_setup_state *);
-	if (state->pp_self_ref == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
-	*state->pp_self_ref = state;
-	talloc_set_destructor(state->pp_self_ref, pp_self_ref_destructor);
-	return NT_STATUS_OK;
-}
-
 static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
 					struct tevent_context *ev,
 					struct smbd_smb2_request *smb2req,
@@ -578,8 +495,6 @@ static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
 		return tevent_req_post(req, ev);
 	}
 
-	talloc_set_destructor(state, smbd_smb2_session_setup_state_destructor);
-
 	if (state->in_session_id == 0) {
 		/* create a new session */
 		status = smbXsrv_session_create(state->smb2req->xconn,
@@ -587,6 +502,7 @@ static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
 		if (tevent_req_nterror(req, status)) {
 			return tevent_req_post(req, ev);
 		}
+		smb2req->session = state->session;
 	} else {
 		if (smb2req->session == NULL) {
 			tevent_req_nterror(req, NT_STATUS_USER_SESSION_DELETED);
@@ -609,11 +525,6 @@ static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
 		}
 	}
 
-	status = tag_state_session_ptr(state);
-	if (tevent_req_nterror(req, status)) {
-		return tevent_req_post(req, ev);
-	}
-
 	if (state->session->gensec == NULL) {
 		status = auth_generic_prepare(state->session,
 					      state->smb2req->xconn->remote_address,
@@ -668,9 +579,6 @@ static void smbd_smb2_session_setup_gensec_done(struct tevent_req *subreq)
 
 	if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 		state->out_session_id = state->session->global->session_wire_id;
-		/* we want to keep the session */
-		state->session = NULL;
-		TALLOC_FREE(state->pp_self_ref);
 		tevent_req_nterror(req, status);
 		return;
 	}
@@ -735,9 +643,6 @@ static void smbd_smb2_session_setup_auth_return(struct tevent_req *req)
 		if (tevent_req_nterror(req, status)) {
 			return;
 		}
-		/* we want to keep the session */
-		state->session = NULL;
-		TALLOC_FREE(state->pp_self_ref);
 		tevent_req_done(req);
 		return;
 	}
@@ -752,9 +657,6 @@ static void smbd_smb2_session_setup_auth_return(struct tevent_req *req)
 		return;
 	}
 
-	/* we want to keep the session */
-	state->session = NULL;
-	TALLOC_FREE(state->pp_self_ref);
 	tevent_req_done(req);
 	return;
 }
@@ -788,6 +690,162 @@ static NTSTATUS smbd_smb2_session_setup_recv(struct tevent_req *req,
 	return status;
 }
 
+struct smbd_smb2_session_setup_wrap_state {
+	struct tevent_context *ev;
+	struct smbd_smb2_request *smb2req;
+	uint64_t in_session_id;
+	uint8_t in_flags;
+	uint8_t in_security_mode;
+	uint64_t in_previous_session_id;
+	DATA_BLOB in_security_buffer;
+	uint16_t out_session_flags;
+	DATA_BLOB out_security_buffer;
+	uint64_t out_session_id;
+	NTSTATUS error;
+};
+
+static void smbd_smb2_session_setup_wrap_setup_done(struct tevent_req *subreq);
+static void smbd_smb2_session_setup_wrap_shutdown_done(struct tevent_req *subreq);
+
+static struct tevent_req *smbd_smb2_session_setup_wrap_send(TALLOC_CTX *mem_ctx,
+					struct tevent_context *ev,
+					struct smbd_smb2_request *smb2req,
+					uint64_t in_session_id,
+					uint8_t in_flags,
+					uint8_t in_security_mode,
+					uint64_t in_previous_session_id,
+					DATA_BLOB in_security_buffer)
+{
+	struct tevent_req *req;
+	struct smbd_smb2_session_setup_wrap_state *state;
+	struct tevent_req *subreq;
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct smbd_smb2_session_setup_wrap_state);
+	if (req == NULL) {
+		return NULL;
+	}
+	state->ev = ev;
+	state->smb2req = smb2req;
+	state->in_session_id = in_session_id;
+	state->in_flags = in_flags;
+	state->in_security_mode = in_security_mode;
+	state->in_previous_session_id = in_previous_session_id;
+	state->in_security_buffer = in_security_buffer;
+
+	subreq = smbd_smb2_session_setup_send(state, state->ev,
+					      state->smb2req,
+					      state->in_session_id,
+					      state->in_flags,
+					      state->in_security_mode,
+					      state->in_previous_session_id,
+					      state->in_security_buffer);
+	if (tevent_req_nomem(subreq, req)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq,
+				smbd_smb2_session_setup_wrap_setup_done, req);
+
+	return req;
+}
+
+static void smbd_smb2_session_setup_wrap_setup_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req =
+		tevent_req_callback_data(subreq,
+		struct tevent_req);
+	struct smbd_smb2_session_setup_wrap_state *state =
+		tevent_req_data(req,
+		struct smbd_smb2_session_setup_wrap_state);
+	NTSTATUS status;
+
+	status = smbd_smb2_session_setup_recv(subreq,
+					      &state->out_session_flags,
+					      state,
+					      &state->out_security_buffer,
+					      &state->out_session_id);
+	TALLOC_FREE(subreq);
+	if (NT_STATUS_IS_OK(status)) {
+		tevent_req_done(req);
+		return;
+	}
+	if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	if (state->smb2req->session == NULL) {
+		tevent_req_nterror(req, status);
+		return;
+	}
+
+	state->error = status;
+
+	subreq = smb2srv_session_shutdown_send(state, state->ev,
+					       state->smb2req->session,
+					       state->smb2req);
+	if (tevent_req_nomem(subreq, req)) {
+		return;
+	}
+	tevent_req_set_callback(subreq,
+				smbd_smb2_session_setup_wrap_shutdown_done,
+				req);
+}
+
+static void smbd_smb2_session_setup_wrap_shutdown_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req =
+		tevent_req_callback_data(subreq,
+		struct tevent_req);
+	struct smbd_smb2_session_setup_wrap_state *state =
+		tevent_req_data(req,
+		struct smbd_smb2_session_setup_wrap_state);
+	NTSTATUS status;
+
+	status = smb2srv_session_shutdown_recv(subreq);
+	TALLOC_FREE(subreq);
+	if (tevent_req_nterror(req, status)) {
+		return;
+	}
+
+	/*
+	 * we may need to sign the response, so we need to keep
+	 * the session until the response is sent to the wire.
+	 */
+	talloc_steal(state->smb2req, state->smb2req->session);
+
+	tevent_req_nterror(req, state->error);
+}
+
+static NTSTATUS smbd_smb2_session_setup_wrap_recv(struct tevent_req *req,
+					uint16_t *out_session_flags,
+					TALLOC_CTX *mem_ctx,


-- 
Samba Shared Repository


More information about the samba-cvs mailing list