s3:libsmb: fix smb signing for fragmented trans/trans2/nttrans requests

Before we send the secondary requests we need to remove the
old mid=>seqnum mapping and reset cli->mid and make the new
mid=>seqnum mapping "persistent".

The bug we had in cli_send_trans was this:
The first cli_send_smb() incremented cli->mid
and the secondary requests used the incremented mid,
but as cli->outbuf still had the correct mid,
we send the correct mid to the server. The real problem
was that the cli_send_smb() function stored the seqnum
under the wrong mid.

cli_send_nttrans() was totally broken and now follows the
same logic as cli_send_trans().

The good thing is that in practice the problem is unlikely to happen,
because max_xmit is large enough to avoid secondary requests.

metze
(cherry picked from commit 880fbc4e8cd67de73c4bcda94489eb1e1422a04b)
(cherry picked from commit 70466990b4b7c68ae95dbbcf741cd3f41f2dd0b3)

diff --git a/source/libsmb/clitrans.c b/source/libsmb/clitrans.c
index 4bb70f1a088d831481cc8bef2c412eb4f3bcfaaf..b42cde9b5cf0f336f1393e97c35914e8426cbb21 100644 (file)
--- a/source/libsmb/clitrans.c
+++ b/source/libsmb/clitrans.c
@@ -112,9 +112,6 @@ bool cli_send_trans(struct cli_state *cli, int trans,
                        this_lparam = MIN(lparam-tot_param,cli->max_xmit - 500); /* hack */
                        this_ldata = MIN(ldata-tot_data,cli->max_xmit - (500+this_lparam));
 
-                       client_set_trans_sign_state_off(cli, mid);
-                       client_set_trans_sign_state_on(cli, mid);
-
                        cli_set_message(cli->outbuf,trans==SMBtrans?8:9,0,True);
                        SCVAL(cli->outbuf,smb_com,(trans==SMBtrans ? SMBtranss : SMBtranss2));
 
@@ -138,20 +135,14 @@ bool cli_send_trans(struct cli_state *cli, int trans,
                                memcpy(outdata,data+tot_data,this_ldata);
                        cli_setup_bcc(cli, outdata+this_ldata);
 
-                       /*
-                        * Save the mid we're using. We need this for finding
-                        * signing replies.
-                        */
-                       mid = cli->mid;
-
                        show_msg(cli->outbuf);
+
+                       client_set_trans_sign_state_off(cli, mid);
+                       cli->mid = mid;
                        if (!cli_send_smb(cli)) {
-                               client_set_trans_sign_state_off(cli, mid);
                                return False;
                        }
-
-                       /* Ensure we use the same mid for the secondaries. */
-                       cli->mid = mid;
+                       client_set_trans_sign_state_on(cli, mid);
 
                        tot_data += this_ldata;
                        tot_param += this_lparam;
@@ -461,21 +452,14 @@ bool cli_send_nt_trans(struct cli_state *cli,
                                memcpy(outdata,data+tot_data,this_ldata);
                        cli_setup_bcc(cli, outdata+this_ldata);
 
-                       /*
-                        * Save the mid we're using. We need this for finding
-                        * signing replies.
-                        */
-                       mid = cli->mid;
-
                        show_msg(cli->outbuf);
 
+                       client_set_trans_sign_state_off(cli, mid);
+                       cli->mid = mid;
                        if (!cli_send_smb(cli)) {
-                               client_set_trans_sign_state_off(cli, mid);
                                return False;
                        }
-
-                       /* Ensure we use the same mid for the secondaries. */
-                       cli->mid = mid;
+                       client_set_trans_sign_state_on(cli, mid);
 
                        tot_data += this_ldata;
                        tot_param += this_lparam;