Changeset 77 for trunk/samba/source/smbd/lanman.c

Timestamp:

Sep 30, 2007, 1:42:50 AM (13 years ago)

Author:

Paul Smedley

Message:

Update trunk to 3.2.0pre1

File:

• trunk/samba/source/smbd/lanman.c (modified) (72 diffs)

trunk/samba/source/smbd/lanman.c

@@ -10 +10 @@
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
+   the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
    
@@ -19 +19 @@
    
    You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
    */
 /*
@@ -51 +50 @@
 
 #define SHPWLEN 8               /* share password length */
+
+/* Limit size of ipc replies */
+
+static char *smb_realloc_limit(void *ptr, size_t size)
+{
+        char *val;
+
+        size = MAX((size),4*1024);
+        val = (char *)SMB_REALLOC(ptr,size);
+        if (val) {
+                memset(val,'\0',size);
+        }
+        return val;
+}
 
 static BOOL api_Unsupported(connection_struct *conn, uint16 vuid,
@@ -118 +131 @@
 static char *Expand(connection_struct *conn, int snum, char *s)
 {
-        static pstring buf;
+        pstring buf;
         if (!s) {
                 return NULL;
@@ -124 +137 @@
         StrnCpy(buf,s,sizeof(buf)/2);
         pstring_sub(buf,"%S",lp_servicename(snum));
-        standard_sub_advanced(lp_servicename(SNUM(conn)), conn->user,
-                              conn->connectpath, conn->gid,
-                              get_current_username(),
-                              current_user_info.domain,
-                              buf, sizeof(buf));
-        return &buf[0];
+        return talloc_sub_advanced(talloc_tos(), lp_servicename(SNUM(conn)),
+                                   conn->user, conn->connectpath, conn->gid,
+                                   get_current_username(),
+                                   current_user_info.domain, buf);
 }
 
@@ -405 +416 @@
         SIVAL(drivdata,4,1000); /* lVersion */
         memset(drivdata+8,0,32);        /* szDeviceName */
-        push_ascii(drivdata+8,"NULL",-1, STR_TERMINATE);
+        push_ascii(drivdata+8,"NULL",32, STR_TERMINATE);
         PACKl(desc,"l",drivdata,sizeof drivdata); /* pDriverData */
 }
@@ -828 +839 @@
                 *rdata_len = 0;
                 *rparam_len = 6;
-                *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+                *rparam = smb_realloc_limit(*rparam,*rparam_len);
                 if (!*rparam) {
                         return False;
@@ -850 +861 @@
 
         if (mdrcnt > 0) {
-                *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+                *rdata = smb_realloc_limit(*rdata,mdrcnt);
                 if (!*rdata) {
+                        SAFE_FREE(queue);
                         return False;
                 }
@@ -882 +894 @@
         *rdata_len = desc.usedlen;
         *rparam_len = 6;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
+                SAFE_FREE(queue);
+                SAFE_FREE(tmpdata);
                 return False;
         }
@@ -941 +955 @@
                 *rdata_len = 0;
                 *rparam_len = 6;
-                *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+                *rparam = smb_realloc_limit(*rparam,*rparam_len);
                 if (!*rparam) {
                         return False;
@@ -983 +997 @@
 
         if (mdrcnt > 0) {
-                *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+                *rdata = smb_realloc_limit(*rdata,mdrcnt);
                 if (!*rdata) {
                         goto err;
@@ -1009 +1023 @@
         *rdata_len = desc.usedlen;
         *rparam_len = 8;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 goto err;
@@ -1382 +1396 @@
 
         *rdata_len = fixed_len + string_len;
-        *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
+        *rdata = smb_realloc_limit(*rdata,*rdata_len);
         if (!*rdata) {
                 return False;
         }
-        memset(*rdata,'\0',*rdata_len);
   
         p2 = (*rdata) + fixed_len;      /* auxilliary data (strings) will go here */
@@ -1412 +1425 @@
   
         *rparam_len = 8;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -1461 +1474 @@
   
         *rparam_len = 8;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -1653 +1666 @@
         }
  
-        *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+        *rdata = smb_realloc_limit(*rdata,mdrcnt);
         if (!*rdata) {
                 return False;
@@ -1664 +1677 @@
  
         *rparam_len = 6;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -1721 +1734 @@
         /* Ensure all the usershares are loaded. */
         become_root();
+        load_registry_shares();
         count = load_usershare_shares();
         unbecome_root();
@@ -1746 +1760 @@
 
         *rdata_len = fixed_len + string_len;
-        *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
+        *rdata = smb_realloc_limit(*rdata,*rdata_len);
         if (!*rdata) {
                 return False;
         }
-        memset(*rdata,0,*rdata_len);
-  
+ 
         p2 = (*rdata) + fixed_len;      /* auxiliary data (strings) will go here */
         p = *rdata;
@@ -1772 +1785 @@
   
         *rparam_len = 8;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -1894 +1907 @@
                 } else {
                         SAFE_FREE(command);
-                        message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL);
+                        message_send_all(smbd_messaging_context(),
+                                         MSG_SMB_CONF_UPDATED, NULL, 0, NULL);
                 }
         } else {
@@ -1901 +1915 @@
 
         *rparam_len = 6;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -1915 +1929 @@
 
         *rparam_len = 4;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -1989 +2003 @@
 
         *rdata_len = cli_buf_size;
-        *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
+        *rdata = smb_realloc_limit(*rdata,*rdata_len);
         if (!*rdata) {
                 return False;
@@ -2019 +2033 @@
 
         *rparam_len = 8;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -2065 +2079 @@
 
         *rparam_len = 8;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
         }
-  
+
         /* check it's a supported varient */
-        
+
         if ( strcmp(str1,"zWrLeh") != 0 )
                 return False;
-                
+
         switch( uLevel ) {
                 case 0:
@@ -2087 +2101 @@
 
         *rdata_len = mdrcnt + 1024;
-        *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
+        *rdata = smb_realloc_limit(*rdata,*rdata_len);
         if (!*rdata) {
                 return False;
         }
+
         SSVAL(*rparam,0,NERR_Success);
         SSVAL(*rparam,2,0);             /* converter word */
@@ -2212 +2227 @@
 
         *rparam_len = 8;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -2222 +2237 @@
 
         *rdata_len = cli_buf_size;
-        *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
+        *rdata = smb_realloc_limit(*rdata,*rdata_len);
         if (!*rdata) {
                 return False;
@@ -2290 +2305 @@
 
         *rparam_len = 4;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -2296 +2311 @@
 
         *rdata_len = 21;
-        *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
+        *rdata = smb_realloc_limit(*rdata,*rdata_len);
         if (!*rdata) {
                 return False;
@@ -2380 +2395 @@
 
         *rparam_len = 4;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -2457 +2472 @@
         char *p = get_safe_str_ptr(param,tpscnt,param,2);
         *rparam_len = 2;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -2560 +2575 @@
 
         *rparam_len = 4;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);       
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -2632 +2647 @@
 
         *rparam_len = 4;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -2730 +2745 @@
                 return False;
         *rparam_len = 4;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -2855 +2870 @@
 
         *rdata_len = mdrcnt;
-        *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
+        *rdata = smb_realloc_limit(*rdata,*rdata_len);
         if (!*rdata) {
                 return False;
@@ -2863 +2878 @@
         p2 = p + struct_len;
         if (uLevel != 20) {
-                srvstr_push(NULL, p,global_myname(),16, 
+                srvstr_push(NULL, 0, p,global_myname(),16,
                         STR_ASCII|STR_UPPER|STR_TERMINATE);
         }
@@ -2914 +2929 @@
 
         *rparam_len = 6;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -2949 +2964 @@
 
         *rparam_len = 6;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -2960 +2975 @@
 
         *rdata_len = mdrcnt + 1024;
-        *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
+        *rdata = smb_realloc_limit(*rdata,*rdata_len);
         if (!*rdata) {
                 return False;
@@ -3228 +3243 @@
 
         *rparam_len = 6;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -3253 +3268 @@
 
         *rdata_len = mdrcnt + 1024;
-        *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
+        *rdata = smb_realloc_limit(*rdata,*rdata_len);
         if (!*rdata) {
                 return False;
@@ -3463 +3478 @@
         }
         if (mdrcnt > 0) {
-                *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+                *rdata = smb_realloc_limit(*rdata,mdrcnt);
                 if (!*rdata) {
                         return False;
@@ -3505 +3520 @@
         *rdata_len = desc.usedlen;
         *rparam_len = 6;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -3552 +3567 @@
 
         *rparam_len = 6;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -3624 +3639 @@
 
         if (mdrcnt > 0) {
-                *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+                *rdata = smb_realloc_limit(*rdata,mdrcnt);
                 if (!*rdata) {
                         return False;
@@ -3650 +3665 @@
 
         *rparam_len = 6;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -3720 +3735 @@
         count = print_queue_status(snum,&queue,&status);
         if (mdrcnt > 0) {
-                *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+                *rdata = smb_realloc_limit(*rdata,mdrcnt);
                 if (!*rdata) {
                         return False;
@@ -3741 +3756 @@
 
         *rparam_len = 8;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -3868 +3883 @@
         } else {
                 if (mdrcnt > 0) {
-                        *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+                        *rdata = smb_realloc_limit(*rdata,mdrcnt);
                         if (!*rdata) {
                                 return False;
@@ -3889 +3904 @@
 
         *rparam_len = 6;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -3945 +3960 @@
 
         if (mdrcnt > 0) {
-                *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+                *rdata = smb_realloc_limit(*rdata,mdrcnt);
                 if (!*rdata) {
                         return False;
@@ -3970 +3985 @@
 
         *rparam_len = 8;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -4017 +4032 @@
 
         if (mdrcnt > 0) {
-                *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+                *rdata = smb_realloc_limit(*rdata,mdrcnt);
                 if (!*rdata) {
                         return False;
@@ -4033 +4048 @@
 
         *rparam_len = 8;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -4079 +4094 @@
 
         if (mdrcnt > 0) {
-                *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+                *rdata = smb_realloc_limit(*rdata,mdrcnt);
                 if (!*rdata) {
                         return False;
@@ -4096 +4111 @@
 
         *rparam_len = 8;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -4143 +4158 @@
 
         if (mdrcnt > 0) {
-                *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+                *rdata = smb_realloc_limit(*rdata,mdrcnt);
                 if (!*rdata) {
                         return False;
@@ -4161 +4176 @@
 
         *rparam_len = 8;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -4192 +4207 @@
         int uLevel;
         struct pack_desc desc;
-        struct sessionid *session_list = NULL;
+        struct sessionid *session_list;
         int i, num_sessions;
 
@@ -4215 +4230 @@
         }
 
-        num_sessions = list_sessions(&session_list);
+        num_sessions = list_sessions(talloc_tos(), &session_list);
 
         if (mdrcnt > 0) {
-                *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+                *rdata = smb_realloc_limit(*rdata,mdrcnt);
                 if (!*rdata) {
-                        SAFE_FREE(session_list);
                         return False;
                 }
@@ -4229 +4243 @@
         desc.format = str2;
         if (!init_package(&desc,num_sessions,0)) {
-                SAFE_FREE(session_list);
                 return False;
         }
@@ -4248 +4261 @@
 
         *rparam_len = 8;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
-                SAFE_FREE(session_list);
                 return False;
         }
@@ -4259 +4271 @@
         DEBUG(4,("RNetSessionEnum: errorcode %d\n",desc.errcode));
 
-        SAFE_FREE(session_list);
         return True;
 }
@@ -4274 +4285 @@
 {
         *rparam_len = MIN(*rparam_len,mprcnt);
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -4300 +4311 @@
 {
         *rparam_len = 4;
-        *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+        *rparam = smb_realloc_limit(*rparam,*rparam_len);
         if (!*rparam) {
                 return False;
@@ -4366 +4377 @@
 
 /****************************************************************************
- Handle remote api calls
- ****************************************************************************/
-
-int api_reply(connection_struct *conn,uint16 vuid,char *outbuf,char *data,char *params,
-                     int tdscnt,int tpscnt,int mdrcnt,int mprcnt)
+ Handle remote api calls.
+****************************************************************************/
+
+void api_reply(connection_struct *conn, uint16 vuid,
+               struct smb_request *req,
+               char *data, char *params,
+               int tdscnt, int tpscnt,
+               int mdrcnt, int mprcnt)
 {
         int api_command;
@@ -4384 +4398 @@
         if (!params) {
                 DEBUG(0,("ERROR: NULL params in api_reply()\n"));
-                return 0;
+                reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+                return;
         }
 
         if (tpscnt < 2) {
-                return 0;
+                reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+                return;
         }
         api_command = SVAL(params,0);
@@ -4421 +4437 @@
 
                 if (!user || user->guest) {
-                        return ERROR_NT(NT_STATUS_ACCESS_DENIED);
+                        reply_nterror(req, NT_STATUS_ACCESS_DENIED);
+                        return;
                 }
         }
@@ -4439 +4456 @@
                 SAFE_FREE(rdata);
                 SAFE_FREE(rparam);
-                return -1;
+                reply_nterror(req, NT_STATUS_NO_MEMORY);
+                return;
         }
 
@@ -4463 +4481 @@
         /* If api_Unsupported returns false we can't return anything. */
         if (reply) {
-                send_trans_reply(outbuf, rparam, rparam_len, rdata, rdata_len, False);
+                send_trans_reply(req, rparam, rparam_len,
+                                 rdata, rdata_len, False);
         }
 
         SAFE_FREE(rdata);
         SAFE_FREE(rparam);
-        return -1;
-}
+        return;
+}