label.data, label.length,
context.data, context.length,
x->global->encryption_key.data);
+
+ generate_random_buffer((uint8_t *)&x->nonce_high, sizeof(x->nonce_high));
+ x->nonce_low = 1;
}
x->global->application_key = data_blob_dup_talloc(x->global,
register_homes_share(session_info->unix_info->unix_name);
}
- if (!session_claim(smb2req->sconn, session->compat)) {
+ if (!session_claim(smb2req->sconn, session)) {
DEBUG(1, ("smb2: Failed to claim session "
"for vuid=%llu\n",
(unsigned long long)session->compat->vuid));
uint16_t out_session_flags;
DATA_BLOB out_security_buffer;
uint64_t out_session_id;
+ /* The following pointer is owned by state->session. */
+ struct smbd_smb2_session_setup_state **pp_self_ref;
};
+static int pp_self_ref_destructor(struct smbd_smb2_session_setup_state **pp_state)
+{
+ (*pp_state)->session = NULL;
+ /*
+ * To make things clearer, ensure the pp_self_ref
+ * pointer is nulled out. We're never going to
+ * access this again.
+ */
+ (*pp_state)->pp_self_ref = NULL;
+ return 0;
+}
+
static int smbd_smb2_session_setup_state_destructor(struct smbd_smb2_session_setup_state *state)
{
/*
static void smbd_smb2_session_setup_gensec_done(struct tevent_req *subreq);
static void smbd_smb2_session_setup_previous_done(struct tevent_req *subreq);
+/************************************************************************
+ We have to tag the state->session pointer with memory talloc'ed
+ on it to ensure it gets NULL'ed out if the underlying struct smbXsrv_session
+ is deleted by shutdown whilst this request is in flight.
+************************************************************************/
+
+static NTSTATUS tag_state_session_ptr(struct smbd_smb2_session_setup_state *state)
+{
+ state->pp_self_ref = talloc_zero(state->session,
+ struct smbd_smb2_session_setup_state *);
+ if (state->pp_self_ref == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ *state->pp_self_ref = state;
+ talloc_set_destructor(state->pp_self_ref, pp_self_ref_destructor);
+ return NT_STATUS_OK;
+}
+
static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct smbd_smb2_request *smb2req,
}
}
+ status = tag_state_session_ptr(state);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
if (state->session->gensec == NULL) {
status = auth_generic_prepare(state->session,
state->session->connection->remote_address,
if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
state->out_session_id = state->session->global->session_wire_id;
/* we want to keep the session */
- state->session = NULL;
+ TALLOC_FREE(state->pp_self_ref);
tevent_req_nterror(req, status);
return;
}
return;
}
/* we want to keep the session */
- state->session = NULL;
+ TALLOC_FREE(state->pp_self_ref);
tevent_req_done(req);
return;
}
}
/* we want to keep the session */
- state->session = NULL;
+ TALLOC_FREE(state->pp_self_ref);
tevent_req_done(req);
return;
}
return;
}
/* we want to keep the session */
- state->session = NULL;
+ TALLOC_FREE(state->pp_self_ref);
tevent_req_done(req);
return;
}
}
/* we want to keep the session */
- state->session = NULL;
+ TALLOC_FREE(state->pp_self_ref);
tevent_req_done(req);
return;
}