The branch, master has been updated
via c4dc548171ba27b741669e364839a3c8e507be96 (commit)
via 2883c88ae46d3957564660213471e1d6f94cdb04 (commit)
via 48d3a1d2fb5569ab11ffef8b903af91d77d326a3 (commit)
via 1510b7b8c99ea64a8fabdb89c5868b2f5895fdbf (commit)
via ac647d03ac271b0a81b6c8041e2c6b84ada13aca (commit)
from c0de338394c9e2dd80a3ad06341fe95b1ea169ed (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c4dc548171ba27b741669e364839a3c8e507be96
Author: Volker Lendecke <[EMAIL PROTECTED]>
Date: Sun Oct 19 22:37:27 2008 +0200
Fix 64-bit printf warnings
commit 2883c88ae46d3957564660213471e1d6f94cdb04
Author: Volker Lendecke <[EMAIL PROTECTED]>
Date: Sun Oct 19 15:30:12 2008 +0200
Fix nonempty blank lines
commit 48d3a1d2fb5569ab11ffef8b903af91d77d326a3
Author: Volker Lendecke <[EMAIL PROTECTED]>
Date: Sun Oct 19 15:17:12 2008 +0200
"fn_new"->"fn" in smb_messages[], we got beyond that :-)
commit 1510b7b8c99ea64a8fabdb89c5868b2f5895fdbf
Author: Volker Lendecke <[EMAIL PROTECTED]>
Date: Sun Oct 19 14:50:55 2008 +0200
Use a direct compare instead of calling strncmp in valid_smb_header
commit ac647d03ac271b0a81b6c8041e2c6b84ada13aca
Author: Volker Lendecke <[EMAIL PROTECTED]>
Date: Sun Oct 19 13:44:11 2008 +0200
Move the global hosts_allow() check out of the processing loop
-----------------------------------------------------------------------
Summary of changes:
librpc/ndr/ndr_compression.c | 8 +-
source3/smbd/process.c | 53 +++++++-----
source3/smbd/reply.c | 182 +++++++++++++++++++++---------------------
3 files changed, 126 insertions(+), 117 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/ndr/ndr_compression.c b/librpc/ndr/ndr_compression.c
index afd397e..c73c3bb 100644
--- a/librpc/ndr/ndr_compression.c
+++ b/librpc/ndr/ndr_compression.c
@@ -260,7 +260,9 @@ static enum ndr_err_code
ndr_push_compression_mszip_chunk(struct ndr_push *ndrpu
ndrpush->offset = tmp_offset;
DEBUG(9,("MSZIP comp plain_chunk_size: %08X (%u) comp_chunk_size: %08X
(%u)\n",
- plain_chunk.length, plain_chunk.length, comp_chunk_size,
comp_chunk_size));
+ (unsigned int)plain_chunk.length,
+ (unsigned int)plain_chunk.length,
+ comp_chunk_size, comp_chunk_size));
ndrpush->offset += comp_chunk_size;
return NDR_ERR_SUCCESS;
@@ -307,7 +309,7 @@ static enum ndr_err_code
ndr_pull_compression_xpress_chunk(struct ndr_pull *ndrp
if (ret < 0) {
return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION,
"XPRESS lzxpress_decompress() returned
%d\n",
- ret);
+ (int)ret);
}
plain_chunk.length = ret;
@@ -361,7 +363,7 @@ static enum ndr_err_code
ndr_push_compression_xpress_chunk(struct ndr_push *ndrp
if (ret < 0) {
return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION,
"XPRESS lzxpress_compress() returned
%d\n",
- ret);
+ (int)ret);
}
comp_chunk.length = ret;
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index ceffd6f..a8b93d8 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -105,7 +105,11 @@ static bool valid_smb_header(const uint8_t *inbuf)
if (is_encrypted_packet(inbuf)) {
return true;
}
- return (strncmp(smb_base(inbuf),"\377SMB",4) == 0);
+ /*
+ * This used to be (strncmp(smb_base(inbuf),"\377SMB",4) == 0)
+ * but it just looks weird to call strncmp for this one.
+ */
+ return (IVAL(smb_base(inbuf), 0) == 0x424D53FF);
}
/* Socket functions for smbd packet processing. */
@@ -974,7 +978,7 @@ force write permissions on print services.
*/
static const struct smb_message_struct {
const char *name;
- void (*fn_new)(struct smb_request *req);
+ void (*fn)(struct smb_request *req);
int flags;
} smb_messages[256] = {
@@ -1350,7 +1354,7 @@ static connection_struct *switch_message(uint8 type,
struct smb_request *req, in
exit_server_cleanly("Non-SMB packet");
}
- if (smb_messages[type].fn_new == NULL) {
+ if (smb_messages[type].fn == NULL) {
DEBUG(0,("Unknown message type %d!\n",type));
smb_dump("Unknown", 1, (char *)req->inbuf, size);
reply_unknown_new(req, type);
@@ -1472,7 +1476,7 @@ static connection_struct *switch_message(uint8 type,
struct smb_request *req, in
return conn;
}
- smb_messages[type].fn_new(req);
+ smb_messages[type].fn(req);
return req->conn;
}
@@ -1534,25 +1538,6 @@ static void process_smb(char *inbuf, size_t nread,
size_t unread_bytes, bool enc
DO_PROFILE_INC(smb_count);
- if (trans_num == 0) {
- char addr[INET6_ADDRSTRLEN];
-
- /* on the first packet, check the global hosts allow/ hosts
- deny parameters before doing any parsing of the packet
- passed to us by the client. This prevents attacks on our
- parsing code from hosts not in the hosts allow list */
-
- if (!check_access(smbd_server_fd(), lp_hostsallow(-1),
- lp_hostsdeny(-1))) {
- /* send a negative session response "not listening on
calling name" */
- static unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
- DEBUG( 1, ( "Connection denied from %s\n",
- client_addr(get_client_fd(),addr,sizeof(addr))
) );
- (void)srv_send_smb(smbd_server_fd(),(char *)buf,false);
- exit_server_cleanly("connection denied");
- }
- }
-
DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type,
smb_len(inbuf) ) );
DEBUG( 3, ( "Transaction %d of length %d (%u toread)\n", trans_num,
@@ -1893,6 +1878,28 @@ void smbd_process(void)
unsigned int num_smbs = 0;
size_t unread_bytes = 0;
+ char addr[INET6_ADDRSTRLEN];
+
+ /*
+ * Before the first packet, check the global hosts allow/ hosts deny
+ * parameters before doing any parsing of packets passed to us by the
+ * client. This prevents attacks on our parsing code from hosts not in
+ * the hosts allow list.
+ */
+
+ if (!check_access(smbd_server_fd(), lp_hostsallow(-1),
+ lp_hostsdeny(-1))) {
+ /*
+ * send a negative session response "not listening on calling
+ * name"
+ */
+ unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
+ DEBUG( 1, ("Connection denied from %s\n",
+ client_addr(get_client_fd(),addr,sizeof(addr)) ) );
+ (void)srv_send_smb(smbd_server_fd(),(char *)buf,false);
+ exit_server_cleanly("connection denied");
+ }
+
max_recv = MIN(lp_maxxmit(),BUFFER_SIZE);
while (True) {
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index b7763cb..25480c6 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -424,22 +424,22 @@ void reply_special(char *inbuf)
* header.
*/
char outbuf[smb_size];
-
+
static bool already_got_session = False;
*name1 = *name2 = 0;
-
+
memset(outbuf, '\0', sizeof(outbuf));
smb_setlen(outbuf,0);
-
+
switch (msg_type) {
case 0x81: /* session request */
-
+
if (already_got_session) {
exit_server_cleanly("multiple session request not
permitted");
}
-
+
SCVAL(outbuf,0,0x82);
SCVAL(outbuf,3,0);
if (name_len(inbuf+4) > 50 ||
@@ -478,24 +478,24 @@ void reply_special(char *inbuf)
already_got_session = True;
break;
-
+
case 0x89: /* session keepalive request
(some old clients produce this?) */
SCVAL(outbuf,0,SMBkeepalive);
SCVAL(outbuf,3,0);
break;
-
+
case 0x82: /* positive session response */
case 0x83: /* negative session response */
case 0x84: /* retarget session response */
DEBUG(0,("Unexpected session response\n"));
break;
-
+
case SMBkeepalive: /* session keepalive */
default:
return;
}
-
+
DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
msg_type, msg_flags));
@@ -1062,7 +1062,7 @@ void reply_getatr(struct smb_request *req)
SSVAL(req->outbuf, smb_flg2,
SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
}
-
+
DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n", fname, mode,
(unsigned int)size ) );
END_PROFILE(SMBgetatr);
@@ -1169,9 +1169,9 @@ void reply_setatr(struct smb_request *req)
}
reply_outbuf(req, 0, 0);
-
+
DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
-
+
END_PROFILE(SMBsetatr);
return;
}
@@ -1193,7 +1193,7 @@ void reply_dskattr(struct smb_request *req)
}
reply_outbuf(req, 5, 0);
-
+
if (Protocol <= PROTOCOL_LANMAN2) {
double total_space, free_space;
/* we need to scale this to a number that DOS6 can handle. We
@@ -1207,7 +1207,7 @@ void reply_dskattr(struct smb_request *req)
dsize = (uint64_t)((total_space+63*512) / (64*512));
dfree = (uint64_t)((free_space+63*512) / (64*512));
-
+
if (dsize > 0xFFFF) dsize = 0xFFFF;
if (dfree > 0xFFFF) dfree = 0xFFFF;
@@ -1713,7 +1713,7 @@ void reply_open(struct smb_request *req)
SCVAL(req->outbuf,smb_flg,
CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
}
-
+
if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
SCVAL(req->outbuf,smb_flg,
CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
@@ -2201,7 +2201,7 @@ void reply_ctemp(struct smb_request *req)
SCVAL(req->outbuf, smb_flg,
CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
}
-
+
if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
SCVAL(req->outbuf, smb_flg,
CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
@@ -2914,14 +2914,14 @@ void reply_readbraw(struct smb_request *req)
if (nread < mincount)
nread = 0;
#endif
-
+
DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
"min=%lu nread=%lu\n",
fsp->fnum, (double)startpos,
(unsigned long)maxcount,
(unsigned long)mincount,
(unsigned long)nread ) );
-
+
send_file_readbraw(conn, fsp, startpos, nread, mincount);
DEBUG(5,("reply_readbraw finished\n"));
@@ -2978,7 +2978,7 @@ void reply_lockread(struct smb_request *req)
reply_outbuf(req, 5, numtoread + 3);
data = smb_buf(req->outbuf) + 3;
-
+
/*
* NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
* protocol request that predates the read/write lock concept.
@@ -2986,7 +2986,7 @@ void reply_lockread(struct smb_request *req)
* for a write lock. JRA.
* Note that the requested lock size is unaffected by max_recv.
*/
-
+
br_lck = do_lock(smbd_messaging_context(),
fsp,
req->smbpid,
@@ -3022,7 +3022,7 @@ Returning short read of maximum allowed for compatibility
with Windows 2000.\n",
END_PROFILE(SMBlockread);
return;
}
-
+
srv_set_message((char *)req->outbuf, 5, nread+3, False);
SSVAL(req->outbuf,smb_vwv0,nread);
@@ -3030,7 +3030,7 @@ Returning short read of maximum allowed for compatibility
with Windows 2000.\n",
p = smb_buf(req->outbuf);
SCVAL(p,0,0); /* pad byte. */
SSVAL(p,1,nread);
-
+
DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
fsp->fnum, (int)numtoread, (int)nread));
@@ -3094,7 +3094,7 @@ Returning short read of maximum allowed for compatibility
with Windows 2000.\n",
reply_outbuf(req, 5, numtoread+3);
data = smb_buf(req->outbuf) + 3;
-
+
if (is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtoread,
(uint64_t)startpos, READ_LOCK)) {
reply_doserror(req, ERRDOS,ERRlock);
@@ -3117,7 +3117,7 @@ Returning short read of maximum allowed for compatibility
with Windows 2000.\n",
SSVAL(req->outbuf,smb_vwv5,nread+3);
SCVAL(smb_buf(req->outbuf),0,1);
SSVAL(smb_buf(req->outbuf),1,nread);
-
+
DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
fsp->fnum, (int)numtoread, (int)nread ) );
@@ -3659,7 +3659,7 @@ void reply_writeunlock(struct smb_request *req)
END_PROFILE(SMBwriteunlock);
return;
}
-
+
fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0));
if (!check_fsp(conn, req, fsp)) {
@@ -3676,7 +3676,7 @@ void reply_writeunlock(struct smb_request *req)
numtowrite = SVAL(req->inbuf,smb_vwv1);
startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
data = smb_buf(req->inbuf) + 3;
-
+
if (numtowrite
&& is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtowrite,
(uint64_t)startpos, WRITE_LOCK)) {
@@ -3693,7 +3693,7 @@ void reply_writeunlock(struct smb_request *req)
} else {
nwritten = write_file(req,fsp,data,startpos,numtowrite);
}
-
+
status = sync_file(conn, fsp, False /* write through */);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
@@ -3725,12 +3725,12 @@ void reply_writeunlock(struct smb_request *req)
}
reply_outbuf(req, 1, 0);
-
+
SSVAL(req->outbuf,smb_vwv0,nwritten);
-
+
DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
fsp->fnum, (int)numtowrite, (int)nwritten));
-
+
END_PROFILE(SMBwriteunlock);
return;
}
@@ -3783,7 +3783,7 @@ void reply_write(struct smb_request *req)
numtowrite = SVAL(req->inbuf,smb_vwv1);
startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
data = smb_buf(req->inbuf) + 3;
-
+
if (is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtowrite,
(uint64_t)startpos, WRITE_LOCK)) {
reply_doserror(req, ERRDOS, ERRlock);
@@ -3834,14 +3834,14 @@ void reply_write(struct smb_request *req)
}
reply_outbuf(req, 1, 0);
-
+
SSVAL(req->outbuf,smb_vwv0,nwritten);
if (nwritten < (ssize_t)numtowrite) {
SCVAL(req->outbuf,smb_rcls,ERRHRD);
SSVAL(req->outbuf,smb_err,ERRdiskfull);
}
-
+
DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite,
(int)nwritten));
END_PROFILE(SMBwrite);
@@ -4062,7 +4062,7 @@ void reply_write_and_X(struct smb_request *req)
END_PROFILE(SMBwriteX);
return;
}
-
+
nwritten = write_file(req,fsp,data,startpos,numtowrite);
}
@@ -4178,7 +4178,7 @@ void reply_lseek(struct smb_request *req)
reply_outbuf(req, 2, 0);
SIVAL(req->outbuf,smb_vwv0,res);
-
+
DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
fsp->fnum, (double)startpos, (double)res, mode));
@@ -4209,7 +4209,7 @@ void reply_flush(struct smb_request *req)
if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) {
return;
}
-
+
if (!fsp) {
file_sync_all(conn);
} else {
@@ -4222,7 +4222,7 @@ void reply_flush(struct smb_request *req)
return;
}
}
-
+
reply_outbuf(req, 0, 0);
DEBUG(3,("flush\n"));
@@ -4293,7 +4293,7 @@ void reply_close(struct smb_request *req)
DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
fsp->fh->fd, fsp->fnum,
conn->num_files_open));
-
+
/*
* Take care of any time sent in the close.
*/
@@ -4306,7 +4306,7 @@ void reply_close(struct smb_request *req)
* was detected on close - normally this is due to
* a disk full error. If not then it was probably an I/O error.
*/
-
+
status = close_file(req, fsp, NORMAL_CLOSE);
}
@@ -4361,7 +4361,7 @@ void reply_writeclose(struct smb_request *req)
mtime = convert_time_t_to_timespec(srv_make_unix_date3(
req->inbuf+smb_vwv4));
data = smb_buf(req->inbuf) + 1;
-
+
if (numtowrite
&& is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtowrite,
(uint64_t)startpos, WRITE_LOCK)) {
@@ -4369,7 +4369,7 @@ void reply_writeclose(struct smb_request *req)
END_PROFILE(SMBwriteclose);
return;
}
-
+
nwritten = write_file(req,fsp,data,startpos,numtowrite);
set_close_write_time(fsp, mtime);
@@ -4388,13 +4388,13 @@ void reply_writeclose(struct smb_request *req)
DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
fsp->fnum, (int)numtowrite, (int)nwritten,
conn->num_files_open));
-
+
if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
reply_doserror(req, ERRHRD, ERRdiskfull);
END_PROFILE(SMBwriteclose);
return;
}
-
+
if(!NT_STATUS_IS_OK(close_status)) {
reply_nterror(req, close_status);
END_PROFILE(SMBwriteclose);
@@ -4402,7 +4402,7 @@ void reply_writeclose(struct smb_request *req)
}
reply_outbuf(req, 1, 0);
-
+
SSVAL(req->outbuf,smb_vwv0,nwritten);
END_PROFILE(SMBwriteclose);
return;
@@ -4496,10 +4496,10 @@ void reply_unlock(struct smb_request *req)
END_PROFILE(SMBunlock);
return;
}
-
+
count = (uint64_t)IVAL(req->inbuf,smb_vwv1);
offset = (uint64_t)IVAL(req->inbuf,smb_vwv3);
-
+
status = do_unlock(smbd_messaging_context(),
fsp,
req->smbpid,
--
Samba Shared Repository
