mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
s3:smbd: move pending_auth_data list to struct smbd_server_connection
metze
This commit is contained in:
parent
b3491df2f9
commit
f20ded603b
@ -1767,15 +1767,6 @@ struct node_status_extra {
|
||||
/* There really is more here ... */
|
||||
};
|
||||
|
||||
/* For split krb5 SPNEGO blobs. */
|
||||
struct pending_auth_data {
|
||||
struct pending_auth_data *prev, *next;
|
||||
uint16 vuid; /* Tag for this entry. */
|
||||
uint16 smbpid; /* Alternate tag for this entry. */
|
||||
size_t needed_len;
|
||||
DATA_BLOB partial_data;
|
||||
};
|
||||
|
||||
typedef struct user_struct {
|
||||
struct user_struct *next, *prev;
|
||||
uint16 vuid; /* Tag for this entry. */
|
||||
|
@ -154,10 +154,6 @@ struct db_context *session_db_ctx_ptr = NULL;
|
||||
|
||||
uint32_t global_client_caps = 0;
|
||||
bool done_sesssetup = false;
|
||||
/****************************************************************************
|
||||
List to store partial SPNEGO auth fragments.
|
||||
****************************************************************************/
|
||||
struct pending_auth_data *pd_list = NULL;
|
||||
|
||||
uint16_t fnf_handle = 257;
|
||||
|
||||
|
@ -159,11 +159,6 @@ extern struct db_context *session_db_ctx_ptr;
|
||||
|
||||
extern uint32_t global_client_caps;
|
||||
extern bool done_sesssetup;
|
||||
/****************************************************************************
|
||||
List to store partial SPNEGO auth fragments.
|
||||
****************************************************************************/
|
||||
struct pending_auth_data;
|
||||
extern struct pending_auth_data *pd_list;
|
||||
|
||||
extern uint16_t fnf_handle;
|
||||
|
||||
@ -328,12 +323,16 @@ struct smbd_smb2_tcon {
|
||||
int snum;
|
||||
};
|
||||
|
||||
struct pending_auth_data;
|
||||
|
||||
struct smbd_server_connection {
|
||||
bool allow_smb2;
|
||||
struct {
|
||||
struct fd_event *fde;
|
||||
uint64_t num_requests;
|
||||
struct smb_signing_state *signing_state;
|
||||
/* List to store partial SPNEGO auth fragments. */
|
||||
struct pending_auth_data *pd_list;
|
||||
} smb1;
|
||||
struct {
|
||||
struct tevent_context *event_ctx;
|
||||
|
@ -27,6 +27,15 @@
|
||||
|
||||
extern enum protocol_types Protocol;
|
||||
|
||||
/* For split krb5 SPNEGO blobs. */
|
||||
struct pending_auth_data {
|
||||
struct pending_auth_data *prev, *next;
|
||||
uint16 vuid; /* Tag for this entry. */
|
||||
uint16 smbpid; /* Alternate tag for this entry. */
|
||||
size_t needed_len;
|
||||
DATA_BLOB partial_data;
|
||||
};
|
||||
|
||||
/*
|
||||
on a logon error possibly map the error to success if "map to guest"
|
||||
is set approriately
|
||||
@ -920,12 +929,13 @@ static void reply_spnego_auth(struct smb_request *req,
|
||||
Delete an entry on the list.
|
||||
****************************************************************************/
|
||||
|
||||
static void delete_partial_auth(struct pending_auth_data *pad)
|
||||
static void delete_partial_auth(struct smbd_server_connection *sconn,
|
||||
struct pending_auth_data *pad)
|
||||
{
|
||||
if (!pad) {
|
||||
return;
|
||||
}
|
||||
DLIST_REMOVE(pd_list, pad);
|
||||
DLIST_REMOVE(sconn->smb1.pd_list, pad);
|
||||
data_blob_free(&pad->partial_data);
|
||||
SAFE_FREE(pad);
|
||||
}
|
||||
@ -934,11 +944,17 @@ static void delete_partial_auth(struct pending_auth_data *pad)
|
||||
Search for a partial SPNEGO auth fragment matching an smbpid.
|
||||
****************************************************************************/
|
||||
|
||||
static struct pending_auth_data *get_pending_auth_data(uint16 smbpid)
|
||||
static struct pending_auth_data *get_pending_auth_data(
|
||||
struct smbd_server_connection *sconn,
|
||||
uint16_t smbpid)
|
||||
{
|
||||
struct pending_auth_data *pad;
|
||||
|
||||
for (pad = pd_list; pad; pad = pad->next) {
|
||||
/*
|
||||
* NOTE: using the smbpid here is completely wrong...
|
||||
* see [MS-SMB]
|
||||
* 3.3.5.3 Receiving an SMB_COM_SESSION_SETUP_ANDX Request
|
||||
*/
|
||||
for (pad = sconn->smb1.pd_list; pad; pad = pad->next) {
|
||||
if (pad->smbpid == smbpid) {
|
||||
break;
|
||||
}
|
||||
@ -952,20 +968,21 @@ static struct pending_auth_data *get_pending_auth_data(uint16 smbpid)
|
||||
the blob to be more than 64k.
|
||||
****************************************************************************/
|
||||
|
||||
static NTSTATUS check_spnego_blob_complete(uint16 smbpid, uint16 vuid,
|
||||
DATA_BLOB *pblob)
|
||||
static NTSTATUS check_spnego_blob_complete(struct smbd_server_connection *sconn,
|
||||
uint16 smbpid, uint16 vuid,
|
||||
DATA_BLOB *pblob)
|
||||
{
|
||||
struct pending_auth_data *pad = NULL;
|
||||
ASN1_DATA *data;
|
||||
size_t needed_len = 0;
|
||||
|
||||
pad = get_pending_auth_data(smbpid);
|
||||
pad = get_pending_auth_data(sconn, smbpid);
|
||||
|
||||
/* Ensure we have some data. */
|
||||
if (pblob->length == 0) {
|
||||
/* Caller can cope. */
|
||||
DEBUG(2,("check_spnego_blob_complete: zero blob length !\n"));
|
||||
delete_partial_auth(pad);
|
||||
delete_partial_auth(sconn, pad);
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
@ -986,7 +1003,7 @@ static NTSTATUS check_spnego_blob_complete(uint16 smbpid, uint16 vuid,
|
||||
(unsigned int)pad->partial_data.length,
|
||||
(unsigned int)copy_len ));
|
||||
|
||||
delete_partial_auth(pad);
|
||||
delete_partial_auth(sconn, pad);
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
@ -1022,7 +1039,7 @@ static NTSTATUS check_spnego_blob_complete(uint16 smbpid, uint16 vuid,
|
||||
data_blob_free(pblob);
|
||||
*pblob = pad->partial_data;
|
||||
ZERO_STRUCT(pad->partial_data);
|
||||
delete_partial_auth(pad);
|
||||
delete_partial_auth(sconn, pad);
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
@ -1107,7 +1124,7 @@ static NTSTATUS check_spnego_blob_complete(uint16 smbpid, uint16 vuid,
|
||||
}
|
||||
pad->smbpid = smbpid;
|
||||
pad->vuid = vuid;
|
||||
DLIST_ADD(pd_list, pad);
|
||||
DLIST_ADD(sconn->smb1.pd_list, pad);
|
||||
|
||||
return NT_STATUS_MORE_PROCESSING_REQUIRED;
|
||||
}
|
||||
@ -1133,6 +1150,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
|
||||
user_struct *vuser = NULL;
|
||||
NTSTATUS status = NT_STATUS_OK;
|
||||
uint16 smbpid = req->smbpid;
|
||||
struct smbd_server_connection *sconn = smbd_server_conn;
|
||||
|
||||
DEBUG(3,("Doing spnego session setup\n"));
|
||||
|
||||
@ -1198,7 +1216,8 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
|
||||
if (!is_partial_auth_vuid(vuid)) {
|
||||
/* No, then try and see if this is an intermediate sessionsetup
|
||||
* for a large SPNEGO packet. */
|
||||
struct pending_auth_data *pad = get_pending_auth_data(smbpid);
|
||||
struct pending_auth_data *pad;
|
||||
pad = get_pending_auth_data(sconn, smbpid);
|
||||
if (pad) {
|
||||
DEBUG(10,("reply_sesssetup_and_X_spnego: found "
|
||||
"pending vuid %u\n",
|
||||
@ -1230,7 +1249,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
|
||||
* field is 4k. Bug #4400. JRA.
|
||||
*/
|
||||
|
||||
status = check_spnego_blob_complete(smbpid, vuid, &blob1);
|
||||
status = check_spnego_blob_complete(sconn, smbpid, vuid, &blob1);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
if (!NT_STATUS_EQUAL(status,
|
||||
NT_STATUS_MORE_PROCESSING_REQUIRED)) {
|
||||
|
Loading…
Reference in New Issue
Block a user