svn commit: samba r12226 - in trunk/source: libsmb rpc_client
jra at samba.org
jra at samba.org
Wed Dec 14 06:26:06 GMT 2005
Author: jra
Date: 2005-12-14 06:26:03 +0000 (Wed, 14 Dec 2005)
New Revision: 12226
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12226
Log:
Janitor for derrell:
1. Fix a crash bug which should have reared its ugly head ages ago, but for
some reason, remained dormant until recently. The bug pertained to
libsmbclient doing a structure assignment of a cli after having opened a
pipe. The pipe open code makes a copy of the cli pointer that was passed
to it. If the cli is later copied (and that cli pointer that was saved
is no longer valid), the pipe code will cause a crash during shutdown or
when the copied cli is closed.
2. The 'type' field in enumerated shares was not being set correctly with
the new RPC-based mechanism for enumerating shares.
Jeremy.
Modified:
trunk/source/libsmb/clientgen.c
trunk/source/libsmb/libsmbclient.c
trunk/source/rpc_client/cli_pipe.c
Changeset:
Modified: trunk/source/libsmb/clientgen.c
===================================================================
--- trunk/source/libsmb/clientgen.c 2005-12-14 04:00:58 UTC (rev 12225)
+++ trunk/source/libsmb/clientgen.c 2005-12-14 06:26:03 UTC (rev 12226)
@@ -358,11 +358,13 @@
void cli_rpc_pipe_close(struct rpc_pipe_client *cli)
{
if (!cli_close(cli->cli, cli->fnum)) {
- DEBUG(0,("cli_rpc_pipe_close: cli_close failed on pipe %s "
- "to machine %s. Error was %s\n",
- cli->pipe_name,
- cli->cli->desthost,
- cli_errstr(cli->cli)));
+ DEBUG(0,("cli_rpc_pipe_close: cli_close failed on pipe %s, "
+ "fnum 0x%x "
+ "to machine %s. Error was %s\n",
+ cli->pipe_name,
+ (int) cli->fnum,
+ cli->cli->desthost,
+ cli_errstr(cli->cli)));
}
if (cli->auth.cli_auth_data_free_func) {
Modified: trunk/source/libsmb/libsmbclient.c
===================================================================
--- trunk/source/libsmb/libsmbclient.c 2005-12-14 04:00:58 UTC (rev 12225)
+++ trunk/source/libsmb/libsmbclient.c 2005-12-14 06:26:03 UTC (rev 12226)
@@ -82,7 +82,6 @@
/*
* Find an lsa pipe handle associated with a cli struct.
*/
-
static struct rpc_pipe_client *find_lsa_pipe_hnd(struct cli_state *ipc_cli)
{
struct rpc_pipe_client *pipe_hnd;
@@ -855,14 +854,27 @@
return NULL;
}
+ ipc_srv = SMB_MALLOC_P(SMBCSRV);
+ if (!ipc_srv) {
+ errno = ENOMEM;
+ cli_shutdown(ipc_cli);
+ return NULL;
+ }
+
+ ZERO_STRUCTP(ipc_srv);
+ ipc_srv->cli = *ipc_cli;
+
+ free(ipc_cli);
+
if (pol) {
- pipe_hnd = cli_rpc_pipe_open_noauth(ipc_cli,
+ pipe_hnd = cli_rpc_pipe_open_noauth(&ipc_srv->cli,
PI_LSARPC,
&nt_status);
if (!pipe_hnd) {
DEBUG(1, ("cli_nt_session_open fail!\n"));
errno = ENOTSUP;
- cli_shutdown(ipc_cli);
+ cli_shutdown(&ipc_srv->cli);
+ free(ipc_srv);
return NULL;
}
@@ -874,30 +886,18 @@
nt_status = rpccli_lsa_open_policy(
pipe_hnd,
- ipc_cli->mem_ctx,
+ ipc_srv->cli.mem_ctx,
True,
GENERIC_EXECUTE_ACCESS,
pol);
if (!NT_STATUS_IS_OK(nt_status)) {
- errno = smbc_errno(context, ipc_cli);
- cli_shutdown(ipc_cli);
+ errno = smbc_errno(context, &ipc_srv->cli);
+ cli_shutdown(&ipc_srv->cli);
return NULL;
}
}
- ipc_srv = SMB_MALLOC_P(SMBCSRV);
- if (!ipc_srv) {
- errno = ENOMEM;
- cli_shutdown(ipc_cli);
- return NULL;
- }
-
- ZERO_STRUCTP(ipc_srv);
- ipc_srv->cli = *ipc_cli;
-
- free(ipc_cli);
-
/* now add it to the cache (internal or external) */
errno = 0; /* let cache function set errno if it likes */
@@ -2191,12 +2191,23 @@
SMBCFILE *dir = (SMBCFILE *)state;
int dirent_type;
- /* We need to process the type a little ... */
-
+ /*
+ * We need to process the type a little ...
+ *
+ * Disk share = 0x00000000
+ * Print share = 0x00000001
+ * Comms share = 0x00000002 (obsolete?)
+ * IPC$ share = 0x00000003
+ *
+ * administrative shares:
+ * ADMIN$, IPC$, C$, D$, E$ ... are type |= 0x80000000
+ */
+
if (dir->dir_type == SMBC_FILE_SHARE) {
switch (type) {
- case 0: /* Directory tree */
+ case 0 | 0x80000000:
+ case 0:
dirent_type = SMBC_FILE_SHARE;
break;
@@ -2208,6 +2219,7 @@
dirent_type = SMBC_COMMS_SHARE;
break;
+ case 3 | 0x80000000:
case 3:
dirent_type = SMBC_IPC_SHARE;
break;
@@ -2217,7 +2229,9 @@
break;
}
}
- else dirent_type = dir->dir_type;
+ else {
+ dirent_type = dir->dir_type;
+ }
if (add_dirent(dir, name, comment, dirent_type) < 0) {
@@ -2252,15 +2266,16 @@
{
int i;
WERROR result;
- NTSTATUS nt_status;
ENUM_HND enum_hnd;
uint32 info_level = 1;
uint32 preferred_len = 0xffffffff;
+ uint32 type;
SRV_SHARE_INFO_CTR ctr;
fstring name = "";
fstring comment = "";
void *mem_ctx;
struct rpc_pipe_client *pipe_hnd;
+ NTSTATUS nt_status;
/* Open the server service pipe */
pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SRVSVC, &nt_status);
@@ -2273,6 +2288,7 @@
mem_ctx = talloc_init("libsmbclient: net_share_enum_rpc");
if (mem_ctx == NULL) {
DEBUG(0, ("out of memory for net_share_enum_rpc!\n"));
+ cli_rpc_pipe_close(pipe_hnd);
return -1;
}
@@ -2302,14 +2318,17 @@
rpcstr_pull_unistr2_fstring(
comment, &ctr.share.info1[i].info_1_str.uni_remark);
+ /* Get the type value */
+ type = ctr.share.info1[i].info_1.type;
+
/* Add this share to the list */
- (*fn)(name, SMBC_FILE_SHARE, comment, state);
+ (*fn)(name, type, comment, state);
}
- /* We're done with the pipe */
+done:
+ /* Close the server service pipe */
cli_rpc_pipe_close(pipe_hnd);
-
-done:
+
/* Free all memory which was allocated for this request */
talloc_free(mem_ctx);
Modified: trunk/source/rpc_client/cli_pipe.c
===================================================================
--- trunk/source/rpc_client/cli_pipe.c 2005-12-14 04:00:58 UTC (rev 12225)
+++ trunk/source/rpc_client/cli_pipe.c 2005-12-14 06:26:03 UTC (rev 12226)
@@ -2150,6 +2150,15 @@
/****************************************************************************
Open a named pipe over SMB to a remote server.
+ *
+ * CAVEAT CALLER OF THIS FUNCTION:
+ * The returned rpc_pipe_client saves a copy of the cli_state cli pointer,
+ * so be sure that this function is called AFTER any structure (vs pointer)
+ * assignment of the cli. In particular, libsmbclient does structure
+ * assignments of cli, which invalidates the data in the returned
+ * rpc_pipe_client if this function is called before the structure assignment
+ * of cli.
+ *
****************************************************************************/
static struct rpc_pipe_client *cli_rpc_pipe_open(struct cli_state *cli, int pipe_idx, NTSTATUS *perr)
More information about the samba-cvs
mailing list