session setup bugfix and torture test

[Michael Adam]

Hi Jeremy,

I'm going to look into it.
Thanks and have a safe trip!

Cheers - Michael

On 2013-09-23 at 14:13 -0700, Jeremy Allison wrote:
> On Mon, Sep 23, 2013 at 11:46:15AM -0700, Jeremy Allison wrote:
> > 
> > I think we can do this as a separate patch on
> > top of this existing patchset, so I'm ok with
> > you adding my "Reviewed-by: Jeremy Allison <jra at samba.org>"
> > on this patchset and pushing to autobuild if
> > metze is also happy.
> 
> And here is that separate patch that sits on top
> of Michael's patchset. As it was written
> in the airport lounge, it compiles but I'm hoping
> Michael and Metze can test it :-).
> 
> I'm off on a plane now - be back online once I'm
> in Europe !
> 
> Cheers,
> 
> 	Jeremy.

> From 12fc029c6be574bd438c1065fa88bbddc08d4032 Mon Sep 17 00:00:00 2001
> From: Jeremy Allison <jra at samba.org>
> Date: Mon, 23 Sep 2013 14:10:27 -0700
> Subject: [PATCH] When a session is invalidated then we must also ensure it
>  isn't used in any pending requests being processed.
> 
> Signed-off-by: Jeremy Allison <jra at samba.org>
> ---
>  source3/smbd/smb2_sesssetup.c | 23 +++++++++++++++++++++++
>  1 file changed, 23 insertions(+)
> 
> diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
> index dd243c9..cb8f847 100644
> --- a/source3/smbd/smb2_sesssetup.c
> +++ b/source3/smbd/smb2_sesssetup.c
> @@ -457,6 +457,8 @@ static int pp_self_ref_destructor(struct smbd_smb2_session_setup_state **pp_stat
>  
>  static int smbd_smb2_session_setup_state_destructor(struct smbd_smb2_session_setup_state *state)
>  {
> +	struct smbd_smb2_request *preq;
> +
>  	/*
>  	 * If state->session is not NULL,
>  	 * we move the session from the session table to the request on failure
> @@ -471,6 +473,27 @@ static int smbd_smb2_session_setup_state_destructor(struct smbd_smb2_session_set
>  	state->session->status = NT_STATUS_USER_SESSION_DELETED;
>  	state->smb2req->session = talloc_move(state->smb2req, &state->session);
>  
> +	/*
> +	 * We've made this session owned by the current request.
> +	 * Ensure that any outstanding requests don't also refer
> +	 * to it.
> +	 */
> +
> +	for (preq = state->smb2req->sconn->smb2.requests; preq != NULL; preq = preq->next) {
> +		if (preq == state->smb2req) {
> +			continue;
> +		}
> +		if (preq->session == state->smb2req->session) {
> +			preq->session = NULL;
> +			/*
> +			 * If we no longer have a session we can't
> +			 * sign or encrypt replies.
> +			 */
> +			preq->do_signing = false;
> +			preq->do_encryption = false;
> +		}
> +	}
> +
>  	return 0;
>  }
>  
> -- 
> 1.8.1.2
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 215 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130923/14aaeb72/attachment.pgp>