From: Ralph Boehme Date: Mon, 6 Jan 2020 07:19:18 +0000 (+0100) Subject: smbd: add get_valid_smbXsrv_session() X-Git-Tag: ldb-2.1.0~33 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dd9735b1da73b6c27feda32230e3fc843746fd2b;p=thirdparty%2Fsamba.git smbd: add get_valid_smbXsrv_session() In memory of get_valid_user_struct() and functionally equivalent it only returns the session if session setup was successfully completed and session->global->auth_session_info is valid. This function is similar to smbXsrv_session_local_lookup() and it's wrappers, but it doesn't implement the state checks of those. get_valid_smbXsrv_session() is NOT meant to be called to validate the session wire-id of incoming SMB requests, it MUST only be used in later internal processing where the session wire-id has already been validated. Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison --- diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index d91d174a776..57300dd02ae 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -583,6 +583,9 @@ NTSTATUS smb2srv_session_lookup_conn(struct smbXsrv_connection *conn, NTSTATUS smb2srv_session_lookup_client(struct smbXsrv_client *client, uint64_t session_id, NTTIME now, struct smbXsrv_session **session); +NTSTATUS get_valid_smbXsrv_session(struct smbXsrv_client *client, + uint64_t session_wire_id, + struct smbXsrv_session **session); struct smbXsrv_session_global0; NTSTATUS smbXsrv_session_global_traverse( int (*fn)(struct smbXsrv_session_global0 *, void *), diff --git a/source3/smbd/smbXsrv_session.c b/source3/smbd/smbXsrv_session.c index 14a2d6c8ca2..b2d36d380be 100644 --- a/source3/smbd/smbXsrv_session.c +++ b/source3/smbd/smbXsrv_session.c @@ -1895,6 +1895,60 @@ NTSTATUS smbXsrv_session_info_lookup(struct smbXsrv_client *client, return NT_STATUS_OK; } +/* + * In memory of get_valid_user_struct() + * + * This function is similar to smbXsrv_session_local_lookup() and it's wrappers, + * but it doesn't implement the state checks of + * those. get_valid_smbXsrv_session() is NOT meant to be called to validate the + * session wire-id of incoming SMB requests, it MUST only be used in later + * internal processing where the session wire-id has already been validated. + */ +NTSTATUS get_valid_smbXsrv_session(struct smbXsrv_client *client, + uint64_t session_wire_id, + struct smbXsrv_session **session) +{ + struct smbXsrv_session_table *table = client->session_table; + uint8_t key_buf[SMBXSRV_SESSION_LOCAL_TDB_KEY_SIZE]; + struct smbXsrv_session_local_fetch_state state = { + .session = NULL, + .status = NT_STATUS_INTERNAL_ERROR, + }; + TDB_DATA key; + NTSTATUS status; + + if (session_wire_id == 0) { + return NT_STATUS_USER_SESSION_DELETED; + } + + if (table == NULL) { + /* this might happen before the end of negprot */ + return NT_STATUS_USER_SESSION_DELETED; + } + + if (table->local.db_ctx == NULL) { + return NT_STATUS_INTERNAL_ERROR; + } + + key = smbXsrv_session_local_id_to_key(session_wire_id, key_buf); + + status = dbwrap_parse_record(table->local.db_ctx, key, + smbXsrv_session_local_fetch_parser, + &state); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + if (!NT_STATUS_IS_OK(state.status)) { + return state.status; + } + if (state.session->global->auth_session_info == NULL) { + return NT_STATUS_USER_SESSION_DELETED; + } + + *session = state.session; + return NT_STATUS_OK; +} + NTSTATUS smb2srv_session_table_init(struct smbXsrv_connection *conn) { /*