Changeset 587 for vendor/current/source3/smbd

Timestamp:

Jun 29, 2011, 7:36:41 AM (14 years ago)

Author:

Herwig Bauernfeind

Message:

Samba 3.5: Update vendor to version 3.5.6

Location:

vendor/current/source3/smbd

Files:

• fileio.c (modified) (1 diff)
• notify.c (modified) (3 diffs)
• open.c (modified) (4 diffs)
• oplock.c (modified) (1 diff)
• process.c (modified) (1 diff)
• reply.c (modified) (6 diffs)
• sesssetup.c (modified) (1 diff)
• trans2.c (modified) (3 diffs)

vendor/current/source3/smbd/fileio.c

@@ -313 +313 @@
 
                 if (SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) == 0) {
-                        int dosmode;
                         trigger_write_time_update(fsp);
-                        dosmode = dos_mode(fsp->conn, fsp->fsp_name);
-                        if ((lp_store_dos_attributes(SNUM(fsp->conn)) ||
-                                        MAP_ARCHIVE(fsp->conn)) &&
-                                        !IS_DOS_ARCHIVE(dosmode)) {
-                                file_set_dosmode(fsp->conn, fsp->fsp_name,
+                        if (!fsp->posix_open &&
+                                        (lp_store_dos_attributes(SNUM(fsp->conn)) ||
+                                        MAP_ARCHIVE(fsp->conn))) {
+                                int dosmode = dos_mode(fsp->conn, fsp->fsp_name);
+                                if (!IS_DOS_ARCHIVE(dosmode)) {
+                                        file_set_dosmode(fsp->conn, fsp->fsp_name,
                                                  dosmode | aARCH, NULL, false);
+                                }
                         }
 

vendor/current/source3/smbd/notify.c

@@ -77 +77 @@
                 struct notify_change *c;
                 size_t namelen;
+                int    rem = 0;
                 uint32 u32_tmp; /* Temp arg to prs_uint32 to avoid
                                  * signed/unsigned issues */
@@ -102 +103 @@
 
                 u32_tmp = (i == num_changes-1) ? 0 : namelen + 12;
+
+                /* Align on 4-byte boundary according to MS-CIFS 2.2.7.4.2 */
+                if ((rem = u32_tmp % 4 ) != 0)
+                        u32_tmp += 4 - rem;
+
                 if (!prs_uint32("offset", ps, 1, &u32_tmp)) goto fail;
 
@@ -116 +122 @@
                  */
                 prs_set_offset(ps, prs_offset(ps)-2);
+
+                if (rem != 0) {
+                        if (!prs_align_custom(ps, 4)) goto fail;
+                }
 
                 TALLOC_FREE(uni_name.buffer);

vendor/current/source3/smbd/open.c

@@ -50 +50 @@
 ****************************************************************************/
 
-NTSTATUS smb1_file_se_access_check(const struct security_descriptor *sd,
+NTSTATUS smb1_file_se_access_check(connection_struct *conn,
+                          const struct security_descriptor *sd,
                           const NT_USER_TOKEN *token,
                           uint32_t access_desired,
                           uint32_t *access_granted)
 {
+        *access_granted = 0;
+
+        if (conn->server_info->utok.uid == 0 || conn->admin_user) {
+                /* I'm sorry sir, I didn't know you were root... */
+                *access_granted = access_desired;
+                if (access_desired & SEC_FLAG_MAXIMUM_ALLOWED) {
+                        *access_granted |= FILE_GENERIC_ALL;
+                }
+                return NT_STATUS_OK;
+        }
+
         return se_access_check(sd,
                                 token,
@@ -74 +86 @@
         struct security_descriptor *sd = NULL;
 
-        *access_granted = 0;
-
-        if (conn->server_info->utok.uid == 0 || conn->admin_user) {
-                /* I'm sorry sir, I didn't know you were root... */
-                *access_granted = access_mask;
-                if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
-                        *access_granted |= FILE_GENERIC_ALL;
-                }
-                return NT_STATUS_OK;
-        }
-
         status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
                         (OWNER_SECURITY_INFORMATION |
@@ -98 +99 @@
         }
 
-        status = smb1_file_se_access_check(sd,
+        status = smb1_file_se_access_check(conn,
+                                sd,
                                 conn->server_info->ptok,
                                 access_mask,
@@ -1413 +1415 @@
                         }
 
-                        status = smb1_file_se_access_check(sd,
+                        status = smb1_file_se_access_check(conn,
+                                        sd,
                                         conn->server_info->ptok,
                                         access_mask,

vendor/current/source3/smbd/oplock.c

@@ -119 +119 @@
 
         flush_write_cache(fsp, OPLOCK_RELEASE_FLUSH);
+        delete_write_cache(fsp);
 
         TALLOC_FREE(fsp->oplock_timeout);

vendor/current/source3/smbd/process.c

@@ -1489 +1489 @@
                  * NetBIOS session request, keepalive, etc.
                  */
-                reply_special((char *)inbuf);
+                reply_special((char *)inbuf, nread);
                 goto done;
         }

vendor/current/source3/smbd/reply.c

@@ -496 +496 @@
 ****************************************************************************/
 
-void reply_special(char *inbuf)
+void reply_special(char *inbuf, size_t inbuf_size)
 {
         int msg_type = CVAL(inbuf,0);
         int msg_flags = CVAL(inbuf,1);
-        fstring name1,name2;
-        char name_type1, name_type2;
         struct smbd_server_connection *sconn = smbd_server_conn;
-
         /*
          * We only really use 4 bytes of the outbuf, but for the smb_setlen
@@ -511 +508 @@
         char outbuf[smb_size];
 
-        *name1 = *name2 = 0;
-
         memset(outbuf, '\0', sizeof(outbuf));
 
@@ -519 +514 @@
         switch (msg_type) {
         case 0x81: /* session request */
+        {
+                /* inbuf_size is guarenteed to be at least 4. */
+                fstring name1,name2;
+                int name_type1, name_type2;
+                int name_len1, name_len2;
+
+                *name1 = *name2 = 0;
 
                 if (sconn->nbt.got_session) {
@@ -526 +528 @@
                 SCVAL(outbuf,0,0x82);
                 SCVAL(outbuf,3,0);
-                if (name_len(inbuf+4) > 50 || 
-                    name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
+
+                /* inbuf_size is guaranteed to be at least 4. */
+                name_len1 = name_len((unsigned char *)(inbuf+4),inbuf_size - 4);
+                if (name_len1 <= 0 || name_len1 > inbuf_size - 4) {
                         DEBUG(0,("Invalid name length in session request\n"));
                         return;
                 }
-                name_type1 = name_extract(inbuf,4,name1);
-                name_type2 = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
+                name_len2 = name_len((unsigned char *)(inbuf+4+name_len1),inbuf_size - 4 - name_len1);
+                if (name_len2 <= 0 || name_len2 > inbuf_size - 4 - name_len1) {
+                        DEBUG(0,("Invalid name length in session request\n"));
+                        return;
+                }
+
+                name_type1 = name_extract((unsigned char *)inbuf,
+                                inbuf_size,(unsigned int)4,name1);
+                name_type2 = name_extract((unsigned char *)inbuf,
+                                inbuf_size,(unsigned int)(4 + name_len1),name2);
+
+                if (name_type1 == -1 || name_type2 == -1) {
+                        DEBUG(0,("Invalid name type in session request\n"));
+                        return;
+                }
+
                 DEBUG(2,("netbios connect: name1=%s0x%x name2=%s0x%x\n",
                          name1, name_type1, name2, name_type2));
@@ -566 +584 @@
                 sconn->nbt.got_session = true;
                 break;
+        }
 
         case 0x89: /* session keepalive request 
@@ -5847 +5866 @@
                           smb_fname_str_dbg(smb_fname_dst)));
 
-                if (lp_map_archive(SNUM(conn)) ||
-                    lp_store_dos_attributes(SNUM(conn))) {
+                if (!lp_posix_pathnames() &&
+                    (lp_map_archive(SNUM(conn)) ||
+                    lp_store_dos_attributes(SNUM(conn)))) {
                         /* We must set the archive bit on the newly
                            renamed file. */

vendor/current/source3/smbd/sesssetup.c

@@ -726 +726 @@
 
         /* parse out the OIDs and the first sec blob */
-        if (!parse_negTokenTarg(blob_in, OIDs, pblob_out)) {
+        if (!parse_negTokenTarg(blob_in, OIDs, pblob_out) ||
+                        OIDs[0] == NULL) {
                 return NT_STATUS_LOGON_FAILURE;
         }

vendor/current/source3/smbd/trans2.c

@@ -6595 +6595 @@
         bool modify_mtime = true;
         struct file_id id;
+        struct smb_filename *smb_fname_tmp = NULL;
         SMB_STRUCT_STAT sbuf;
 
@@ -6647 +6648 @@
 
         if (!VALID_STAT(sbuf)) {
-                struct smb_filename *smb_fname_tmp = NULL;
                 /*
                  * The only valid use of this is to create character and block
@@ -6676 +6676 @@
 
                 sbuf = smb_fname_tmp->st;
-                TALLOC_FREE(smb_fname_tmp);
+                smb_fname = smb_fname_tmp;
 
                 /* Ensure we don't try and change anything else. */