r11649: - add support for ntcancel replies (they only happen in error cases,

  e.g when you supply an invalid TID or VUID)
- as we don't yet understand how to check the smb_signing of this
  replies, we just ignore the whole packet

abartlet,jra,tridge:
can someone try to find out how to create and verify
the signatures for this replies.
what I noticed is that still use the increment by one for the request,
and later requests are still generated fine, only the generating and verifying
of the ntcancel replies make problems

metze
(This used to be commit e6eb0fd2c2f45d6f612d74c6b527c7b17094c907)

diff --git a/source4/libcli/raw/clitransport.c b/source4/libcli/raw/clitransport.c
index f579457252ccae848497b7fa0ead00c502be65cf..2580df4aeb81fc141efd2a7d3ade865c3ae6c560 100644 (file)
--- a/source4/libcli/raw/clitransport.c
+++ b/source4/libcli/raw/clitransport.c
@@ -391,6 +391,9 @@ static NTSTATUS smbcli_transport_finish_recv(void *private, DATA_BLOB blob)
                if (req->mid == mid) break;
        }
 
+       /* see if it's a ntcancel reply for the current MID */
+       req = smbcli_handle_ntcancel_reply(req, len, hdr);
+
        if (!req) {
                DEBUG(1,("Discarding unmatched reply with mid %d op %d\n", mid, op));
                goto error;

diff --git a/source4/libcli/raw/libcliraw.h b/source4/libcli/raw/libcliraw.h
index a853bd177c116a1cd6b3d19936b90db60f0d8513..dfc4dc37b5dba076755989102e2f8937fb138724 100644 (file)
--- a/source4/libcli/raw/libcliraw.h
+++ b/source4/libcli/raw/libcliraw.h
@@ -231,6 +231,9 @@ struct smbcli_request {
        /* the sequence number of this packet - used for signing */
        uint_t seq_num;
 
+       /* list of ntcancel request for this requests */
+       struct smbcli_request *ntcancel;
+
        /* set if this is a one-way request, meaning we are not
           expecting a reply from the server. */
        uint_t one_way_request:1;

diff --git a/source4/libcli/raw/rawnotify.c b/source4/libcli/raw/rawnotify.c
index e48545419fd332f4b920997da4803dff85903354..1215a93f59b12b7ca60fe2abbdbac5980d06a743 100644 (file)
--- a/source4/libcli/raw/rawnotify.c
+++ b/source4/libcli/raw/rawnotify.c
@@ -20,6 +20,7 @@
 
 #include "includes.h"
 #include "libcli/raw/libcliraw.h"
+#include "dlinklist.h"
 
 /****************************************************************************
 change notify (async send)
@@ -89,6 +90,37 @@ NTSTATUS smb_raw_changenotify_recv(struct smbcli_request *req,
        return NT_STATUS_OK;
 }
 
+/****************************************************************************
+  handle ntcancel replies from the server,
+  as the MID of the real reply and the ntcancel reply is the same
+  we need to do find out to what request the reply belongs
+****************************************************************************/
+struct smbcli_request *smbcli_handle_ntcancel_reply(struct smbcli_request *req,
+                                                   uint_t len, const uint8_t *hdr)
+{
+       struct smbcli_request *ntcancel;
+
+       if (!req) return req;
+
+       if (!req->ntcancel) return req;
+
+       if (len >= MIN_SMB_SIZE + NBT_HDR_SIZE &&
+           (CVAL(hdr, HDR_FLG) & FLAG_REPLY) &&
+            CVAL(hdr,HDR_COM) == SMBntcancel) {
+               ntcancel = req->ntcancel;
+               DLIST_REMOVE(req->ntcancel, ntcancel);
+
+               /*
+                * TODO: untill we understand how the 
+                *       smb_signing works for this case we 
+                *       return NULL, to just ignore the packet
+                */
+               /*return ntcancel;*/
+               return NULL;
+       }
+
+       return req;
+}
 
 /****************************************************************************
  Send a NT Cancel request - used to hurry along a pending request. Usually
@@ -111,7 +143,18 @@ NTSTATUS smb_raw_ntcancel(struct smbcli_request *oldreq)
        req->sign_single_increment = 1;
        req->one_way_request = 1;
 
+       /* 
+        * smbcli_request_send() free's oneway requests
+        * but we want to keep it under oldreq->ntcancel
+        */
+       if (!talloc_reference(oldreq, req)) {
+               talloc_free(req);
+               return NT_STATUS_NO_MEMORY;
+       }
+
        smbcli_request_send(req);
 
+       DLIST_ADD_END(oldreq->ntcancel, req, struct smbcli_request *);
+
        return NT_STATUS_OK;
 }