mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
52dd57d4b3
If a client disconnected all its interfaces and reconnects when
the come back, it will likely start from any ip address returned
dns, which means it can try to connect to a different ctdb node.
The old node may not have noticed the disconnect and still holds
the client_guid based smbd.
Up unil now the new node returned NT_STATUS_NOT_SUPPORTED to
the SMB2 Negotiate request, as messaging_send_iov[_from]() will
return -1/ENOSYS if a file descriptor os passed to a process on
a different node.
Now we tell the other node to teardown all client connections
belonging to the client-guid.
Note that this is not authenticated, but if an attacker can
capture the client-guid, he can also inject TCP resets anyway,
to get the same effect.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15159
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 2 20:59:15 UTC 2022 on sn-devel-184
(cherry picked from commit
|
||
---|---|---|
.. | ||
IDL_LICENSE.txt | ||
leases_db.idl | ||
libnet_join.idl | ||
libnetapi.idl | ||
open_files.idl | ||
perfcount.idl | ||
rpc_host.idl | ||
secrets.idl | ||
smbXsrv.idl | ||
wscript_build |