mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
s3:smb2_server: sign the last request at the start of smbd_smb2_request_reply()
This means we correctly sign all responses in a compound chain. metze
This commit is contained in:
parent
64c0367335
commit
c9ecfd6f3d
@ -1977,7 +1977,6 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
|
||||
struct tevent_req *subreq;
|
||||
struct iovec *outhdr = SMBD_SMB2_OUT_HDR_IOV(req);
|
||||
struct iovec *outdyn = SMBD_SMB2_OUT_DYN_IOV(req);
|
||||
struct iovec *lasthdr = NULL;
|
||||
|
||||
req->subreq = NULL;
|
||||
TALLOC_FREE(req->async_te);
|
||||
@ -1985,9 +1984,24 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
|
||||
if ((req->current_idx > SMBD_SMB2_NUM_IOV_PER_REQ) &&
|
||||
(req->last_key.length > 0)) {
|
||||
int last_idx = req->current_idx - SMBD_SMB2_NUM_IOV_PER_REQ;
|
||||
struct iovec *lasthdr = SMBD_SMB2_IDX_HDR_IOV(req,out,last_idx);
|
||||
NTSTATUS status;
|
||||
|
||||
lasthdr = SMBD_SMB2_IDX_HDR_IOV(req,out,last_idx);
|
||||
/*
|
||||
* As we are sure the header of the last request in the
|
||||
* compound chain will not change, we can to sign here
|
||||
* with the last signing key we remembered.
|
||||
*/
|
||||
|
||||
status = smb2_signing_sign_pdu(req->last_key,
|
||||
conn->protocol,
|
||||
lasthdr,
|
||||
SMBD_SMB2_NUM_IOV_PER_REQ);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
}
|
||||
data_blob_clear_free(&req->last_key);
|
||||
|
||||
req->current_idx += SMBD_SMB2_NUM_IOV_PER_REQ;
|
||||
|
||||
@ -2005,8 +2019,6 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
data_blob_clear_free(&req->last_key);
|
||||
|
||||
if (req->do_signing) {
|
||||
struct smbXsrv_session *x = req->session;
|
||||
DATA_BLOB signing_key = x->global->channels[0].signing_key;
|
||||
@ -2040,24 +2052,6 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
|
||||
is a final reply for an async operation). */
|
||||
smb2_calculate_credits(req, req);
|
||||
|
||||
/*
|
||||
* As we are sure the header of the last request in the
|
||||
* compound chain will not change, we can to sign here
|
||||
* with the last signing key we remembered.
|
||||
*/
|
||||
if (lasthdr != NULL) {
|
||||
NTSTATUS status;
|
||||
|
||||
status = smb2_signing_sign_pdu(req->last_key,
|
||||
conn->protocol,
|
||||
lasthdr,
|
||||
SMBD_SMB2_NUM_IOV_PER_REQ);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
}
|
||||
data_blob_clear_free(&req->last_key);
|
||||
|
||||
/*
|
||||
* now check if we need to sign the current response
|
||||
*/
|
||||
|
Loading…
Reference in New Issue
Block a user