Changeset 105 for branches/samba-3.0/source/smbd
- Timestamp:
- Nov 26, 2007, 9:24:27 AM (18 years ago)
- Location:
- branches/samba-3.0/source/smbd
- Files:
-
- 10 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.0/source/smbd/lanman.c
r102 r105 83 83 buf, sizeof(buf)); 84 84 l = push_ascii(*dst,buf,*n, STR_TERMINATE); 85 if (l == -1) { 86 return 0; 87 } 85 88 (*dst) += l; 86 89 (*n) -= l; … … 95 98 } 96 99 l = push_ascii(*dst,src,*n, STR_TERMINATE); 100 if (l == -1) { 101 return 0; 102 } 97 103 (*dst) += l; 98 104 (*n) -= l; -
branches/samba-3.0/source/smbd/negprot.c
r22 r105 347 347 p += 8; 348 348 } 349 p += srvstr_push(outbuf, p, lp_workgroup(), -1,349 p += srvstr_push(outbuf, p, lp_workgroup(), BUFFER_SIZE - (p-outbuf), 350 350 STR_UNICODE|STR_TERMINATE|STR_NOALIGN); 351 351 DEBUG(3,("not using SPNEGO\n")); -
branches/samba-3.0/source/smbd/nttrans.c
r62 r105 544 544 pstring rel_fname; 545 545 files_struct *dir_fsp = file_fsp(inbuf,smb_ntcreate_RootDirectoryFid); 546 size_t dir_name_len;547 546 548 547 if(!dir_fsp) { … … 584 583 585 584 pstrcpy( fname, dir_fsp->fsp_name ); 586 dir_name_len = strlen(fname); 587 588 /* 589 * Ensure it ends in a '\'. 590 */ 591 592 if((fname[dir_name_len-1] != '\\') && (fname[dir_name_len-1] != '/')) { 593 pstrcat(fname, "/"); 594 dir_name_len++; 585 586 if (ISDOT(fname)) { 587 fname[0] = '\0'; 588 } else { 589 size_t dir_name_len = strlen(fname); 590 /* 591 * Ensure it ends in a '\'. 592 */ 593 594 if((fname[dir_name_len-1] != '\\') && (fname[dir_name_len-1] != '/')) { 595 pstrcat(fname, "/"); 596 } 595 597 } 596 598 … … 1245 1247 */ 1246 1248 files_struct *dir_fsp = file_fsp(params,4); 1247 size_t dir_name_len;1248 1249 1249 1250 if(!dir_fsp) { … … 1273 1274 1274 1275 pstrcpy( fname, dir_fsp->fsp_name ); 1275 dir_name_len = strlen(fname); 1276 1277 /* 1278 * Ensure it ends in a '\'. 1279 */ 1280 1281 if((fname[dir_name_len-1] != '\\') && (fname[dir_name_len-1] != '/')) { 1282 pstrcat(fname, "/"); 1283 dir_name_len++; 1276 1277 if (ISDOT(fname)) { 1278 fname[0] = '\0'; 1279 } else { 1280 size_t dir_name_len = strlen(fname); 1281 /* 1282 * Ensure it ends in a '\'. 1283 */ 1284 1285 if((fname[dir_name_len-1] != '\\') && (fname[dir_name_len-1] != '/')) { 1286 pstrcat(fname, "/"); 1287 } 1284 1288 } 1285 1289 -
branches/samba-3.0/source/smbd/open.c
r44 r105 1940 1940 const char *dirname; 1941 1941 NTSTATUS status; 1942 BOOL posix_open = False; 1942 1943 1943 1944 if(!CAN_WRITE(conn)) { … … 1958 1959 1959 1960 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) { 1961 posix_open = True; 1960 1962 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS); 1961 1963 } else { … … 1980 1982 name)); 1981 1983 return NT_STATUS_ACCESS_DENIED; 1984 } 1985 1986 if (lp_store_dos_attributes(SNUM(conn))) { 1987 if (!posix_open) { 1988 file_set_dosmode(conn, name, 1989 file_attributes | aDIR, NULL, 1990 parent_dir); 1991 } 1982 1992 } 1983 1993 -
branches/samba-3.0/source/smbd/posix_acls.c
r71 r105 4146 4146 4147 4147 /**************************************************************************** 4148 Check for POSIX group ACLs. If none use stat entry. 4149 Return -1 if no match, 0 if match and denied, 1 if match and allowed. 4150 ****************************************************************************/ 4151 4152 static int check_posix_acl_group_access(connection_struct *conn, const char *fname, SMB_STRUCT_STAT *psbuf, uint32 access_mask) 4153 { 4154 SMB_ACL_T posix_acl = NULL; 4155 int entry_id = SMB_ACL_FIRST_ENTRY; 4156 SMB_ACL_ENTRY_T entry; 4157 int i; 4158 BOOL seen_mask = False; 4159 BOOL seen_owning_group = False; 4160 int ret = -1; 4161 gid_t cu_gid; 4162 4163 DEBUG(10,("check_posix_acl_group_access: requesting 0x%x on file %s\n", 4164 (unsigned int)access_mask, fname )); 4165 4166 if ((posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, fname, SMB_ACL_TYPE_ACCESS)) == NULL) { 4167 goto check_stat; 4168 } 4169 4170 /* First ensure the group mask allows group access. */ 4171 /* Also check any user entries (these take preference over group). */ 4172 4173 while ( SMB_VFS_SYS_ACL_GET_ENTRY(conn, posix_acl, entry_id, &entry) == 1) { 4174 SMB_ACL_TAG_T tagtype; 4175 SMB_ACL_PERMSET_T permset; 4176 int have_write = -1; 4177 int have_read = -1; 4178 4179 /* get_next... */ 4180 if (entry_id == SMB_ACL_FIRST_ENTRY) 4181 entry_id = SMB_ACL_NEXT_ENTRY; 4182 4183 if (SMB_VFS_SYS_ACL_GET_TAG_TYPE(conn, entry, &tagtype) == -1) { 4184 goto check_stat; 4185 } 4186 4187 if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, entry, &permset) == -1) { 4188 goto check_stat; 4189 } 4190 4191 have_read = SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_READ); 4192 if (have_read == -1) { 4193 goto check_stat; 4194 } 4195 4196 have_write = SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_WRITE); 4197 if (have_write == -1) { 4198 goto check_stat; 4199 } 4200 4201 /* 4202 * Solaris returns 2 for this if write is available. 4203 * canonicalize to 0 or 1. 4204 */ 4205 have_write = (have_write ? 1 : 0); 4206 have_read = (have_read ? 1 : 0); 4207 4208 switch(tagtype) { 4209 case SMB_ACL_MASK: 4210 seen_mask = True; 4211 switch (access_mask) { 4212 case FILE_READ_DATA: 4213 if (!have_read) { 4214 ret = -1; 4215 DEBUG(10,("check_posix_acl_group_access: file %s " 4216 "refusing read due to mask.\n", fname)); 4217 goto done; 4218 } 4219 break; 4220 case FILE_WRITE_DATA: 4221 if (!have_write) { 4222 ret = -1; 4223 DEBUG(10,("check_posix_acl_group_access: file %s " 4224 "refusing write due to mask.\n", fname)); 4225 goto done; 4226 } 4227 break; 4228 default: /* FILE_READ_DATA|FILE_WRITE_DATA */ 4229 if (!have_write || !have_read) { 4230 ret = -1; 4231 DEBUG(10,("check_posix_acl_group_access: file %s " 4232 "refusing read/write due to mask.\n", fname)); 4233 goto done; 4234 } 4235 break; 4236 } 4237 break; 4238 case SMB_ACL_USER: 4239 { 4240 /* Check against current_user.ut.uid. */ 4241 uid_t *puid = (uid_t *)SMB_VFS_SYS_ACL_GET_QUALIFIER(conn, entry); 4242 if (puid == NULL) { 4243 goto check_stat; 4244 } 4245 if (current_user.ut.uid == *puid) { 4246 /* We have a uid match but we must ensure we have seen the acl mask. */ 4247 switch (access_mask) { 4248 case FILE_READ_DATA: 4249 ret = have_read; 4250 break; 4251 case FILE_WRITE_DATA: 4252 ret = have_write; 4253 break; 4254 default: /* FILE_READ_DATA|FILE_WRITE_DATA */ 4255 ret = (have_write & have_read); 4256 break; 4257 } 4258 DEBUG(10,("check_posix_acl_group_access: file %s " 4259 "match on user %u -> %s.\n", 4260 fname, (unsigned int)*puid, 4261 ret ? "can access" : "cannot access")); 4262 if (seen_mask) { 4263 goto done; 4264 } 4265 } 4266 break; 4267 } 4268 default: 4269 continue; 4270 } 4271 } 4272 4273 /* If ret is anything other than -1 we matched on a user entry. */ 4274 if (ret != -1) { 4148 Helper function that gets a security descriptor by connection and 4149 file name. 4150 NOTE: This is transitional, in the sense that SMB_VFS_GET_NT_ACL really 4151 should *not* get a files_struct pointer but a connection_struct ptr 4152 (automatic by the vfs handle) and the file name and _use_ that! 4153 ****************************************************************************/ 4154 static NTSTATUS conn_get_nt_acl(TALLOC_CTX *mem_ctx, 4155 struct connection_struct *conn, 4156 const char *fname, 4157 SMB_STRUCT_STAT *psbuf, 4158 struct security_descriptor_info **psd) 4159 { 4160 NTSTATUS status; 4161 struct files_struct *fsp = NULL; 4162 struct security_descriptor_info *secdesc = NULL; 4163 size_t secdesc_size; 4164 4165 if (!VALID_STAT(*psbuf)) { 4166 if (SMB_VFS_STAT(conn, fname, psbuf) != 0) { 4167 return map_nt_error_from_unix(errno); 4168 } 4169 } 4170 4171 /* fake a files_struct ptr: */ 4172 4173 if (S_ISDIR(psbuf->st_mode)) { 4174 status = open_directory(conn, fname, psbuf, 4175 READ_CONTROL_ACCESS, 4176 FILE_SHARE_READ|FILE_SHARE_WRITE, 4177 FILE_OPEN, 4178 0, 4179 FILE_ATTRIBUTE_DIRECTORY, 4180 NULL, &fsp); 4181 } 4182 else { 4183 status = open_file_stat(conn, fname, psbuf, &fsp); 4184 } 4185 4186 if (!NT_STATUS_IS_OK(status)) { 4187 DEBUG(3, ("Unable to open file %s: %s\n", fname, 4188 nt_errstr(status))); 4189 return status; 4190 } 4191 4192 secdesc_size = SMB_VFS_GET_NT_ACL(fsp, fname, 4193 (OWNER_SECURITY_INFORMATION | 4194 GROUP_SECURITY_INFORMATION | 4195 DACL_SECURITY_INFORMATION), 4196 &secdesc); 4197 if (secdesc_size == 0) { 4198 DEBUG(5, ("Unable to get NT ACL for file %s\n", fname)); 4199 status = NT_STATUS_ACCESS_DENIED; 4275 4200 goto done; 4276 4201 } 4277 4202 4278 /* Next check all group entries. */ 4279 entry_id = SMB_ACL_FIRST_ENTRY; 4280 while ( SMB_VFS_SYS_ACL_GET_ENTRY(conn, posix_acl, entry_id, &entry) == 1) { 4281 SMB_ACL_TAG_T tagtype; 4282 SMB_ACL_PERMSET_T permset; 4283 int have_write = -1; 4284 int have_read = -1; 4285 4286 /* get_next... */ 4287 if (entry_id == SMB_ACL_FIRST_ENTRY) 4288 entry_id = SMB_ACL_NEXT_ENTRY; 4289 4290 if (SMB_VFS_SYS_ACL_GET_TAG_TYPE(conn, entry, &tagtype) == -1) { 4291 goto check_stat; 4292 } 4293 4294 if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, entry, &permset) == -1) { 4295 goto check_stat; 4296 } 4297 4298 have_read = SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_READ); 4299 if (have_read == -1) { 4300 goto check_stat; 4301 } 4302 4303 have_write = SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_WRITE); 4304 if (have_write == -1) { 4305 goto check_stat; 4306 } 4307 4308 /* 4309 * Solaris returns 2 for this if write is available. 4310 * canonicalize to 0 or 1. 4311 */ 4312 have_write = (have_write ? 1 : 0); 4313 have_read = (have_read ? 1 : 0); 4314 4315 switch(tagtype) { 4316 case SMB_ACL_GROUP: 4317 case SMB_ACL_GROUP_OBJ: 4318 { 4319 gid_t *pgid = NULL; 4320 4321 if (tagtype == SMB_ACL_GROUP) { 4322 pgid = (gid_t *)SMB_VFS_SYS_ACL_GET_QUALIFIER(conn, entry); 4323 } else { 4324 seen_owning_group = True; 4325 pgid = &psbuf->st_gid; 4326 } 4327 if (pgid == NULL) { 4328 goto check_stat; 4329 } 4330 4331 /* 4332 * Does it match the current effective group 4333 * or supplementary groups ? 4334 */ 4335 for (cu_gid = get_current_user_gid_first(&i); cu_gid != (gid_t)-1; 4336 cu_gid = get_current_user_gid_next(&i)) { 4337 if (cu_gid == *pgid) { 4338 switch (access_mask) { 4339 case FILE_READ_DATA: 4340 ret = have_read; 4341 break; 4342 case FILE_WRITE_DATA: 4343 ret = have_write; 4344 break; 4345 default: /* FILE_READ_DATA|FILE_WRITE_DATA */ 4346 ret = (have_write & have_read); 4347 break; 4348 } 4349 4350 DEBUG(10,("check_posix_acl_group_access: file %s " 4351 "match on group %u -> can access.\n", 4352 fname, (unsigned int)cu_gid )); 4353 4354 /* If we don't have access permission this entry doesn't 4355 terminate the enumeration of the entries. */ 4356 if (ret) { 4357 goto done; 4358 } 4359 /* But does terminate the group iteration. */ 4360 break; 4361 } 4362 } 4363 break; 4364 } 4365 default: 4366 continue; 4367 } 4368 } 4369 4370 /* If ret is -1 here we didn't match on the user entry or 4371 supplemental group entries. */ 4372 4373 DEBUG(10,("check_posix_acl_group_access: ret = %d before check_stat:\n", ret)); 4374 4375 check_stat: 4376 4377 /* 4378 * We only check the S_I[RW]GRP permissions if we haven't already 4379 * seen an owning group SMB_ACL_GROUP_OBJ ace entry. If there is an 4380 * SMB_ACL_GROUP_OBJ ace entry then the group bits in st_gid are 4381 * the same as the SMB_ACL_MASK bits, not the SMB_ACL_GROUP_OBJ 4382 * bits. Thanks to Marc Cousin <mcousin@sigma.fr> for pointing 4383 * this out. JRA. 4384 */ 4385 4386 if (!seen_owning_group) { 4387 /* Do we match on the owning group entry ? */ 4388 /* 4389 * Does it match the current effective group 4390 * or supplementary groups ? 4391 */ 4392 for (cu_gid = get_current_user_gid_first(&i); cu_gid != (gid_t)-1; 4393 cu_gid = get_current_user_gid_next(&i)) { 4394 if (cu_gid == psbuf->st_gid) { 4395 switch (access_mask) { 4396 case FILE_READ_DATA: 4397 ret = (psbuf->st_mode & S_IRGRP) ? 1 : 0; 4398 break; 4399 case FILE_WRITE_DATA: 4400 ret = (psbuf->st_mode & S_IWGRP) ? 1 : 0; 4401 break; 4402 default: /* FILE_READ_DATA|FILE_WRITE_DATA */ 4403 if ((psbuf->st_mode & (S_IWGRP|S_IRGRP)) == (S_IWGRP|S_IRGRP)) { 4404 ret = 1; 4405 } else { 4406 ret = 0; 4407 } 4408 break; 4409 } 4410 DEBUG(10,("check_posix_acl_group_access: file %s " 4411 "match on owning group %u -> %s.\n", 4412 fname, (unsigned int)psbuf->st_gid, 4413 ret ? "can access" : "cannot access")); 4414 break; 4415 } 4416 } 4417 4418 if (cu_gid == (gid_t)-1) { 4419 DEBUG(10,("check_posix_acl_group_access: file %s " 4420 "failed to match on user or group in token (ret = %d).\n", 4421 fname, ret )); 4422 } 4423 } 4424 4425 done: 4426 4427 if (posix_acl) { 4428 SMB_VFS_SYS_ACL_FREE_ACL(conn, posix_acl); 4429 } 4430 4431 DEBUG(10,("check_posix_acl_group_access: file %s returning (ret = %d).\n", fname, ret )); 4432 return ret; 4203 *psd = talloc_move(mem_ctx, &secdesc); 4204 status = NT_STATUS_OK; 4205 4206 done: 4207 close_file(fsp, NORMAL_CLOSE); 4208 return status; 4209 } 4210 4211 static BOOL can_access_file_acl(struct connection_struct *conn, 4212 const char * fname, SMB_STRUCT_STAT *psbuf, 4213 uint32_t access_mask) 4214 { 4215 BOOL result; 4216 NTSTATUS status; 4217 uint32_t access_granted; 4218 struct security_descriptor_info *secdesc = NULL; 4219 4220 status = conn_get_nt_acl(tmp_talloc_ctx(), conn, fname, psbuf, &secdesc); 4221 if (!NT_STATUS_IS_OK(status)) { 4222 DEBUG(5, ("Could not get acl: %s\n", nt_errstr(status))); 4223 return False; 4224 } 4225 4226 result = se_access_check(secdesc, current_user.nt_user_token, 4227 access_mask, &access_granted, &status); 4228 TALLOC_FREE(secdesc); 4229 return result; 4433 4230 } 4434 4231 … … 4442 4239 SMB_STRUCT_STAT sbuf; 4443 4240 pstring dname; 4444 int ret;4445 4241 4446 4242 if (!CAN_WRITE(conn)) { … … 4453 4249 return False; 4454 4250 } 4251 4252 /* fast paths first */ 4253 4455 4254 if (!S_ISDIR(sbuf.st_mode)) { 4456 4255 return False; … … 4489 4288 #endif 4490 4289 4491 /* Check group or explicit user acl entry write access. */ 4492 ret = check_posix_acl_group_access(conn, dname, &sbuf, FILE_WRITE_DATA); 4493 if (ret == 0 || ret == 1) { 4494 return ret ? True : False; 4495 } 4496 4497 /* Finally check other write access. */ 4498 return (sbuf.st_mode & S_IWOTH) ? True : False; 4290 /* now for ACL checks */ 4291 4292 return can_access_file_acl(conn, dname, &sbuf, FILE_WRITE_DATA); 4499 4293 } 4500 4294 … … 4507 4301 BOOL can_access_file(connection_struct *conn, const char *fname, SMB_STRUCT_STAT *psbuf, uint32 access_mask) 4508 4302 { 4509 int ret;4510 4511 4303 if (!(access_mask & (FILE_READ_DATA|FILE_WRITE_DATA))) { 4512 4304 return False; 4513 4305 } 4514 4306 access_mask &= (FILE_READ_DATA|FILE_WRITE_DATA); 4307 4308 /* some fast paths first */ 4515 4309 4516 4310 DEBUG(10,("can_access_file: requesting 0x%x on file %s\n", … … 4550 4344 } 4551 4345 4552 /* Check group or explicit user acl entry access. */ 4553 ret = check_posix_acl_group_access(conn, fname, psbuf, access_mask); 4554 if (ret == 0 || ret == 1) { 4555 return ret ? True : False; 4556 } 4557 4558 /* Finally check other access. */ 4559 switch (access_mask) { 4560 case FILE_READ_DATA: 4561 return (psbuf->st_mode & S_IROTH) ? True : False; 4562 4563 case FILE_WRITE_DATA: 4564 return (psbuf->st_mode & S_IWOTH) ? True : False; 4565 4566 default: /* FILE_READ_DATA|FILE_WRITE_DATA */ 4567 4568 if ((psbuf->st_mode & (S_IWOTH|S_IROTH)) == (S_IWOTH|S_IROTH)) { 4569 return True; 4570 } 4571 } 4572 return False; 4346 /* now for ACL checks */ 4347 4348 return can_access_file_acl(conn, fname, psbuf, access_mask); 4573 4349 } 4574 4350 -
branches/samba-3.0/source/smbd/quotas.c
r30 r105 1226 1226 D.dqb_bsoftlimit = user_quota.bsoft; 1227 1227 D.dqb_bhardlimit = user_quota.bhard; 1228 D.dqb_curfiles = user_quota.iused; 1229 D.dqb_fsoftlimit = user_quota.isoft; 1230 D.dqb_fhardlimit = user_quota.ihard; 1228 1231 } 1229 1232 else if(statbuf.f_vfstype == MNT_JFS) -
branches/samba-3.0/source/smbd/reply.c
r62 r105 526 526 set_message(outbuf,2,0,True); 527 527 p = smb_buf(outbuf); 528 p += srvstr_push(outbuf, p, server_devicetype, -1,528 p += srvstr_push(outbuf, p, server_devicetype, BUFFER_SIZE - (p - outbuf), 529 529 STR_TERMINATE|STR_ASCII); 530 530 set_message_end(outbuf,p); … … 556 556 557 557 p = smb_buf(outbuf); 558 p += srvstr_push(outbuf, p, server_devicetype, -1,558 p += srvstr_push(outbuf, p, server_devicetype, BUFFER_SIZE - (p - outbuf), 559 559 STR_TERMINATE|STR_ASCII); 560 p += srvstr_push(outbuf, p, fstype, -1,560 p += srvstr_push(outbuf, p, fstype, BUFFER_SIZE - (p - outbuf), 561 561 STR_TERMINATE); 562 562 … … 1768 1768 SSVALS(p, 0, -1); /* what is this? not in spec */ 1769 1769 #endif 1770 namelen = srvstr_push(outbuf, p, s, -1, STR_ASCII|STR_TERMINATE);1770 namelen = srvstr_push(outbuf, p, s, BUFFER_SIZE - (p - outbuf), STR_ASCII|STR_TERMINATE); 1771 1771 p += namelen; 1772 1772 outsize = set_message_end(outbuf, p); -
branches/samba-3.0/source/smbd/sesssetup.c
r58 r105 70 70 71 71 #ifndef __OS2__ 72 p += srvstr_push(outbuf, p, "Unix", -1, STR_TERMINATE);72 p += srvstr_push(outbuf, p, "Unix", BUFFER_SIZE - (p - outbuf), STR_TERMINATE); 73 73 #else 74 p += srvstr_push(outbuf, p, "OS/2-eComStation", -1, STR_TERMINATE);74 p += srvstr_push(outbuf, p, "OS/2-eComStation", BUFFER_SIZE - (p - outbuf), STR_TERMINATE); 75 75 #endif 76 p += srvstr_push(outbuf, p, lanman, -1, STR_TERMINATE);77 p += srvstr_push(outbuf, p, lp_workgroup(), -1, STR_TERMINATE);76 p += srvstr_push(outbuf, p, lanman, BUFFER_SIZE - (p - outbuf), STR_TERMINATE); 77 p += srvstr_push(outbuf, p, lp_workgroup(), BUFFER_SIZE - (p - outbuf), STR_TERMINATE); 78 78 79 79 return PTR_DIFF(p, start); -
branches/samba-3.0/source/smbd/srvstr.c
r1 r105 29 29 const char *src, int dest_len, int flags) 30 30 { 31 size_t buf_used = PTR_DIFF(dest, base_ptr); 32 if (dest_len == -1) { 33 if (((ptrdiff_t)dest < (ptrdiff_t)base_ptr) || (buf_used > (size_t)max_send)) { 34 #if 0 35 DEBUG(0, ("Pushing string of 'unlimited' length into non-SMB buffer!\n")); 36 #endif 37 return push_string_fn(function, line, base_ptr, dest, src, -1, flags); 38 } 39 return push_string_fn(function, line, base_ptr, dest, src, max_send - buf_used, flags); 31 if (dest_len < 0) { 32 return 0; 40 33 } 41 34 42 35 /* 'normal' push into size-specified buffer */ 43 36 return push_string_fn(function, line, base_ptr, dest, src, dest_len, flags); -
branches/samba-3.0/source/smbd/trans2.c
r99 r105 1104 1104 int requires_resume_key, 1105 1105 BOOL dont_descend,char **ppdata, 1106 char *base_data, int space_remaining,1106 char *base_data, char *end_data, int space_remaining, 1107 1107 BOOL *out_of_space, BOOL *got_exact_match, 1108 1108 int *last_entry_off, struct ea_list *name_list, TALLOC_CTX *ea_ctx) … … 1294 1294 nameptr = p; 1295 1295 p += align_string(outbuf, p, 0); 1296 len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE);1296 len = srvstr_push(outbuf, p, fname, PTR_DIFF(end_data, p), STR_TERMINATE); 1297 1297 if (SVAL(outbuf, smb_flg2) & FLAGS2_UNICODE_STRINGS) { 1298 1298 if (len > 2) { … … 1329 1329 p += 27; 1330 1330 nameptr = p - 1; 1331 len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE | STR_NOALIGN);1331 len = srvstr_push(outbuf, p, fname, PTR_DIFF(end_data, p), STR_TERMINATE | STR_NOALIGN); 1332 1332 if (SVAL(outbuf, smb_flg2) & FLAGS2_UNICODE_STRINGS) { 1333 1333 if (len > 2) { … … 1383 1383 1384 1384 /* Push the ea_data followed by the name. */ 1385 p += fill_ea_buffer(ea_ctx, p, space_remaining , conn, name_list);1385 p += fill_ea_buffer(ea_ctx, p, space_remaining - (p - pdata), conn, name_list); 1386 1386 nameptr = p; 1387 len = srvstr_push(outbuf, p + 1, fname, -1, STR_TERMINATE | STR_NOALIGN);1387 len = srvstr_push(outbuf, p + 1, fname, PTR_DIFF(end_data, p+1), STR_TERMINATE | STR_NOALIGN); 1388 1388 if (SVAL(outbuf, smb_flg2) & FLAGS2_UNICODE_STRINGS) { 1389 1389 if (len > 2) { … … 1442 1442 } 1443 1443 p += 2 + 24; 1444 len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE_ASCII);1444 len = srvstr_push(outbuf, p, fname, PTR_DIFF(end_data, p), STR_TERMINATE_ASCII); 1445 1445 SIVAL(q,0,len); 1446 1446 p += len; … … 1463 1463 SOFF_T(p,0,allocation_size); p += 8; 1464 1464 SIVAL(p,0,nt_extmode); p += 4; 1465 len = srvstr_push(outbuf, p + 4, fname, -1, STR_TERMINATE_ASCII);1465 len = srvstr_push(outbuf, p + 4, fname, PTR_DIFF(end_data, p+4), STR_TERMINATE_ASCII); 1466 1466 SIVAL(p,0,len); 1467 1467 p += 4 + len; … … 1490 1490 p +=4; 1491 1491 } 1492 len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE_ASCII);1492 len = srvstr_push(outbuf, p, fname, PTR_DIFF(end_data, p), STR_TERMINATE_ASCII); 1493 1493 SIVAL(q, 0, len); 1494 1494 p += len; … … 1508 1508 /* this must *not* be null terminated or w2k gets in a loop trying to set an 1509 1509 acl on a dir (tridge) */ 1510 len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE_ASCII);1510 len = srvstr_push(outbuf, p, fname, PTR_DIFF(end_data, p), STR_TERMINATE_ASCII); 1511 1511 SIVAL(p, -4, len); 1512 1512 p += len; … … 1538 1538 SIVAL(p,0,sbuf.st_ino); p += 4; /* FileIndexLow */ 1539 1539 SIVAL(p,0,sbuf.st_dev); p += 4; /* FileIndexHigh */ 1540 len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE_ASCII);1540 len = srvstr_push(outbuf, p, fname, PTR_DIFF(end_data, p), STR_TERMINATE_ASCII); 1541 1541 SIVAL(q, 0, len); 1542 1542 p += len; … … 1589 1589 SIVAL(p,0,sbuf.st_ino); p += 4; /* FileIndexLow */ 1590 1590 SIVAL(p,0,sbuf.st_dev); p += 4; /* FileIndexHigh */ 1591 len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE_ASCII);1591 len = srvstr_push(outbuf, p, fname, PTR_DIFF(end_data, p), STR_TERMINATE_ASCII); 1592 1592 SIVAL(q,0,len); 1593 1593 p += len; … … 1612 1612 p = store_file_unix_basic(conn, p, 1613 1613 NULL, &sbuf); 1614 len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE);1614 len = srvstr_push(outbuf, p, fname, PTR_DIFF(end_data, p), STR_TERMINATE); 1615 1615 } else { 1616 1616 DEBUG(10,("get_lanman2_dir_entry: SMB_FIND_FILE_UNIX_INFO2\n")); … … 1619 1619 nameptr = p; 1620 1620 p += 4; 1621 len = srvstr_push(outbuf, p, fname, -1, 0);1621 len = srvstr_push(outbuf, p, fname, PTR_DIFF(end_data, p), 0); 1622 1622 SIVAL(nameptr, 0, len); 1623 1623 } … … 1670 1670 char *params = *pparams; 1671 1671 char *pdata = *ppdata; 1672 char *data_end; 1672 1673 uint32 dirtype; 1673 1674 int maxentries; … … 1815 1816 } 1816 1817 pdata = *ppdata; 1818 data_end = pdata + max_data_bytes + DIR_ENTRY_SAFETY_MARGIN - 1; 1817 1819 1818 1820 /* Realloc the params space */ … … 1869 1871 mask,dirtype,info_level, 1870 1872 requires_resume_key,dont_descend, 1871 &p,pdata, space_remaining, &out_of_space, &got_exact_match,1873 &p,pdata,data_end,space_remaining, &out_of_space, &got_exact_match, 1872 1874 &last_entry_off, ea_list, ea_ctx); 1873 1875 } … … 1963 1965 char *params = *pparams; 1964 1966 char *pdata = *ppdata; 1967 char *data_end; 1965 1968 int dptr_num; 1966 1969 int maxentries; … … 2089 2092 2090 2093 pdata = *ppdata; 2094 data_end = pdata + max_data_bytes + DIR_ENTRY_SAFETY_MARGIN - 1; 2091 2095 2092 2096 /* Realloc the params space */ … … 2181 2185 mask,dirtype,info_level, 2182 2186 requires_resume_key,dont_descend, 2183 &p,pdata, space_remaining, &out_of_space, &got_exact_match,2187 &p,pdata,data_end,space_remaining, &out_of_space, &got_exact_match, 2184 2188 &last_entry_off, ea_list, ea_ctx); 2185 2189 } … … 2320 2324 * the pushed string. The change here was adding the STR_TERMINATE. JRA. 2321 2325 */ 2322 len = srvstr_push(outbuf, pdata+l2_vol_szVolLabel, vname, -1, STR_NOALIGN|STR_TERMINATE);2326 len = srvstr_push(outbuf, pdata+l2_vol_szVolLabel, vname, max_data_bytes - l2_vol_szVolLabel, STR_NOALIGN|STR_TERMINATE); 2323 2327 SCVAL(pdata,l2_vol_cch,len); 2324 2328 data_len = l2_vol_szVolLabel + len; … … 2342 2346 /* NOTE! the fstype must *not* be null terminated or win98 won't recognise it 2343 2347 and will think we can't do long filenames */ 2344 len = srvstr_push(outbuf, pdata+12, fstype, -1, STR_UNICODE);2348 len = srvstr_push(outbuf, pdata+12, fstype, max_data_bytes - 12, STR_UNICODE); 2345 2349 SIVAL(pdata,8,len); 2346 2350 data_len = 12 + len; … … 2349 2353 case SMB_QUERY_FS_LABEL_INFO: 2350 2354 case SMB_FS_LABEL_INFORMATION: 2351 len = srvstr_push(outbuf, pdata+4, vname, -1, 0);2355 len = srvstr_push(outbuf, pdata+4, vname, max_data_bytes - 4, 0); 2352 2356 data_len = 4 + len; 2353 2357 SIVAL(pdata,0,len); … … 2365 2369 2366 2370 /* Max label len is 32 characters. */ 2367 len = srvstr_push(outbuf, pdata+18, vname, -1, STR_UNICODE);2371 len = srvstr_push(outbuf, pdata+18, vname, max_data_bytes - 18, STR_UNICODE); 2368 2372 SIVAL(pdata,12,len); 2369 2373 data_len = 18+len; … … 3600 3604 mangle_map(short_name,True,True,conn->params); 3601 3605 } 3602 len = srvstr_push(outbuf, pdata+4, short_name, -1, STR_UNICODE);3606 len = srvstr_push(outbuf, pdata+4, short_name, max_data_bytes - 4, STR_UNICODE); 3603 3607 data_size = 4 + len; 3604 3608 SIVAL(pdata,0,len); … … 3610 3614 this must be *exactly* right for ACLs on mapped drives to work 3611 3615 */ 3612 len = srvstr_push(outbuf, pdata+4, dos_fname, -1, STR_UNICODE);3616 len = srvstr_push(outbuf, pdata+4, dos_fname, max_data_bytes - 4, STR_UNICODE); 3613 3617 DEBUG(10,("call_trans2qfilepathinfo: SMB_QUERY_FILE_NAME_INFO\n")); 3614 3618 data_size = 4 + len; … … 3651 3655 SIVAL(pdata,0,ea_size); 3652 3656 pdata += 4; /* EA info */ 3653 len = srvstr_push(outbuf, pdata+4, dos_fname, -1, STR_UNICODE);3657 len = srvstr_push(outbuf, pdata+4, dos_fname, max_data_bytes - (pdata+4 - *ppdata), STR_UNICODE); 3654 3658 SIVAL(pdata,0,len); 3655 3659 pdata += 4 + len; … … 3813 3817 return(UNIXERROR(ERRDOS,ERRnoaccess)); 3814 3818 buffer[len] = 0; 3815 len = srvstr_push(outbuf, pdata, buffer, -1, STR_TERMINATE);3819 len = srvstr_push(outbuf, pdata, buffer, max_data_bytes, STR_TERMINATE); 3816 3820 pdata += len; 3817 3821 data_size = PTR_DIFF(pdata,(*ppdata));
Note:
See TracChangeset
for help on using the changeset viewer.