My algorithm for determining whan an incoming sequence number can be allowed is incor...

(I based it on the text in MS-SMB2, silly me :-). Fix it so incoming sequence numbers
can range over the entire allowable bitmap range. This fixes a repeatable
disconnect against Win7.

Jeremy.

diff --git a/source3/include/local.h b/source3/include/local.h
index 3014f613b2a65ac184b6789bfe6aa6ca63ea63d3..a8889af376676254cdfb0108a071c6425f622af5 100644 (file)
--- a/source3/include/local.h
+++ b/source3/include/local.h
@@ -269,5 +269,6 @@
 #define DEFAULT_SMB2_MAX_WRITE (1024*1024)
 #define DEFAULT_SMB2_MAX_TRANSACT (1024*1024)
 #define DEFAULT_SMB2_MAX_CREDITS 128
+#define DEFAULT_SMB2_MAX_CREDIT_BITMAP_FACTOR 2
 
 #endif

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 025f4036fc712bf57281417f24a576dcb936c02e..38f221c5978d2e795d5f28d0c53ebfc90b759c5e 100644 (file)
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -113,7 +113,8 @@ static NTSTATUS smbd_initialize_smb2(struct smbd_server_connection *sconn)
        sconn->smb2.seqnum_low = 0;
        sconn->smb2.credits_granted = 0;
        sconn->smb2.max_credits = lp_smb2_max_credits();
-       sconn->smb2.credits_bitmap = bitmap_talloc(sconn, 2*sconn->smb2.max_credits);
+       sconn->smb2.credits_bitmap = bitmap_talloc(sconn,
+                       DEFAULT_SMB2_MAX_CREDIT_BITMAP_FACTOR*sconn->smb2.max_credits);
        if (sconn->smb2.credits_bitmap == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
@@ -306,12 +307,12 @@ static bool smb2_validate_message_id(struct smbd_server_connection *sconn,
 
        if (message_id < sconn->smb2.seqnum_low ||
                        message_id > (sconn->smb2.seqnum_low +
-                       (2*sconn->smb2.credits_granted))) {
+                       (sconn->smb2.max_credits * DEFAULT_SMB2_MAX_CREDIT_BITMAP_FACTOR))) {
                DEBUG(0,("smb2_validate_message_id: bad message_id "
-                       "%llu (low = %llu, granted = %lu)\n",
+                       "%llu (low = %llu, max = %lu)\n",
                        (unsigned long long)message_id,
                        (unsigned long long)sconn->smb2.seqnum_low,
-                       (unsigned long)sconn->smb2.credits_granted ));
+                       (unsigned long)sconn->smb2.max_credits ));
                return false;
        }
 
@@ -321,7 +322,7 @@ static bool smb2_validate_message_id(struct smbd_server_connection *sconn,
 
        /* Mark the message_id as seen in the bitmap. */
        bitmap_offset = (unsigned int)(message_id %
-                       (uint64_t)(sconn->smb2.max_credits * 2));
+                       (uint64_t)(sconn->smb2.max_credits * DEFAULT_SMB2_MAX_CREDIT_BITMAP_FACTOR));
        if (bitmap_query(credits_bm, bitmap_offset)) {
                DEBUG(0,("smb2_validate_message_id: duplicate message_id "
                        "%llu (bm offset %u)\n",
@@ -342,7 +343,7 @@ static bool smb2_validate_message_id(struct smbd_server_connection *sconn,
                        bitmap_clear(credits_bm, bitmap_offset);
                        sconn->smb2.seqnum_low += 1;
                        bitmap_offset = (bitmap_offset + 1) %
-                               (sconn->smb2.max_credits * 2);
+                               (sconn->smb2.max_credits * DEFAULT_SMB2_MAX_CREDIT_BITMAP_FACTOR);
                }
        }