1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

s3:smb2_server: sign the last request at the start of smbd_smb2_request_reply()

This means we correctly sign all responses in a compound chain.

metze
This commit is contained in:
Stefan Metzmacher 2012-08-08 04:35:15 +02:00
parent 64c0367335
commit c9ecfd6f3d

View File

@ -1977,7 +1977,6 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
struct tevent_req *subreq;
struct iovec *outhdr = SMBD_SMB2_OUT_HDR_IOV(req);
struct iovec *outdyn = SMBD_SMB2_OUT_DYN_IOV(req);
struct iovec *lasthdr = NULL;
req->subreq = NULL;
TALLOC_FREE(req->async_te);
@ -1985,9 +1984,24 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
if ((req->current_idx > SMBD_SMB2_NUM_IOV_PER_REQ) &&
(req->last_key.length > 0)) {
int last_idx = req->current_idx - SMBD_SMB2_NUM_IOV_PER_REQ;
struct iovec *lasthdr = SMBD_SMB2_IDX_HDR_IOV(req,out,last_idx);
NTSTATUS status;
lasthdr = SMBD_SMB2_IDX_HDR_IOV(req,out,last_idx);
/*
* As we are sure the header of the last request in the
* compound chain will not change, we can to sign here
* with the last signing key we remembered.
*/
status = smb2_signing_sign_pdu(req->last_key,
conn->protocol,
lasthdr,
SMBD_SMB2_NUM_IOV_PER_REQ);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
}
data_blob_clear_free(&req->last_key);
req->current_idx += SMBD_SMB2_NUM_IOV_PER_REQ;
@ -2005,8 +2019,6 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
return NT_STATUS_NO_MEMORY;
}
data_blob_clear_free(&req->last_key);
if (req->do_signing) {
struct smbXsrv_session *x = req->session;
DATA_BLOB signing_key = x->global->channels[0].signing_key;
@ -2040,24 +2052,6 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
is a final reply for an async operation). */
smb2_calculate_credits(req, req);
/*
* As we are sure the header of the last request in the
* compound chain will not change, we can to sign here
* with the last signing key we remembered.
*/
if (lasthdr != NULL) {
NTSTATUS status;
status = smb2_signing_sign_pdu(req->last_key,
conn->protocol,
lasthdr,
SMBD_SMB2_NUM_IOV_PER_REQ);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
}
data_blob_clear_free(&req->last_key);
/*
* now check if we need to sign the current response
*/