diff options
| author | Stefan Metzmacher <metze@samba.org> | 2022-08-30 20:45:50 +0200 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2022-09-02 20:59:15 +0000 |
| commit | 8591d9424371e173b079d5c8a267ea4c2cb266ad (patch) | |
| tree | b03aafd5bb574bac16063a0f986c50053fc538e8 /python/samba | |
| parent | 21ef01e7b8368caa050ed82b9d787d1679220b2b (diff) | |
| download | samba-8591d9424371e173b079d5c8a267ea4c2cb266ad.tar.gz samba-8591d9424371e173b079d5c8a267ea4c2cb266ad.tar.bz2 samba-8591d9424371e173b079d5c8a267ea4c2cb266ad.zip | |
smbXsrv_client: notify a different node to drop a connection by client guid.
If a client disconnected all its interfaces and reconnects when
the come back, it will likely start from any ip address returned
dns, which means it can try to connect to a different ctdb node.
The old node may not have noticed the disconnect and still holds
the client_guid based smbd.
Up unil now the new node returned NT_STATUS_NOT_SUPPORTED to
the SMB2 Negotiate request, as messaging_send_iov[_from]() will
return -1/ENOSYS if a file descriptor os passed to a process on
a different node.
Now we tell the other node to teardown all client connections
belonging to the client-guid.
Note that this is not authenticated, but if an attacker can
capture the client-guid, he can also inject TCP resets anyway,
to get the same effect.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15159
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 2 20:59:15 UTC 2022 on sn-devel-184
Diffstat (limited to 'python/samba')
0 files changed, 0 insertions, 0 deletions