[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-396-gba9e2be

Jeremy Allison jra at samba.org
Thu Nov 29 21:25:29 GMT 2007


The branch, v3-2-test has been updated
       via  ba9e2be2b5a59684e854609f9d82ea1633448c62 (commit)
       via  ff06cc34e66a18ba71dd54f6c78b05a45b9f2d85 (commit)
       via  aff5a52136b85fe82c4acb08d12009187d1fe6c7 (commit)
       via  a261a61226248b41be22dd4f2873b5ed82bc2a24 (commit)
      from  988c5ff3f47b7508b229464bbed2ca1948d6e27c (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -----------------------------------------------------------------
commit ba9e2be2b5a59684e854609f9d82ea1633448c62
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Nov 29 13:24:54 2007 -0800

    Remove the explicit TALLOC_CTX * from cli_struct.
    Make us very explicit about how long a talloc ctx
    should last.
    Jeremy.

commit ff06cc34e66a18ba71dd54f6c78b05a45b9f2d85
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Nov 29 13:24:14 2007 -0800

    Remove pstrings. Ensure we validate offsets.
    Jeremy.

commit aff5a52136b85fe82c4acb08d12009187d1fe6c7
Merge: a261a61226248b41be22dd4f2873b5ed82bc2a24 988c5ff3f47b7508b229464bbed2ca1948d6e27c
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Nov 29 09:48:33 2007 -0800

    Merge branch 'v3-2-test' of ssh://jra@git.samba.org/data/git/samba into v3-2-test

commit a261a61226248b41be22dd4f2873b5ed82bc2a24
Author: Jeremy Allison <jra at samba.org>
Date:   Wed Nov 28 14:08:49 2007 -0800

    Remove unused code (and pstring).
    Jeremy.

-----------------------------------------------------------------------

Summary of changes:
 source/include/client.h            |    9 +-
 source/include/smb.h               |    1 +
 source/lib/time.c                  |    6 +-
 source/libsmb/cliconnect.c         |   18 +++-
 source/libsmb/clidfs.c             |    9 +-
 source/libsmb/clidgram.c           |   92 -----------------
 source/libsmb/clientgen.c          |    8 --
 source/libsmb/clierror.c           |    6 +
 source/libsmb/clilist.c            |  196 ++++++++++++++++++++++++------------
 source/libsmb/clioplock.c          |    5 +-
 source/libsmb/cliprint.c           |   64 ++++++------
 source/libsmb/clirap.c             |    2 +-
 source/libsmb/libsmbclient.c       |   28 ++++--
 source/libsmb/passchange.c         |    4 +-
 source/rpc_client/cli_pipe.c       |   35 +------
 source/rpc_server/srv_spoolss_nt.c |   12 ++-
 source/smbd/change_trust_pw.c      |    2 +-
 source/utils/smbcquotas.c          |    7 +-
 source/utils/smbtree.c             |   12 ++-
 source/winbindd/winbindd_cm.c      |   23 ++--
 20 files changed, 265 insertions(+), 274 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/include/client.h b/source/include/client.h
index dd8bb0d..c601e1a 100644
--- a/source/include/client.h
+++ b/source/include/client.h
@@ -135,7 +135,10 @@ struct cli_state {
 	uint32 posix_capabilities;
 	bool dfsroot;
 
-	TALLOC_CTX *mem_ctx;
+#if 0
+	TALLOC_CTX *longterm_mem_ctx;
+	TALLOC_CTX *call_mem_ctx;
+#endif
 
 	smb_sign_info sign_info;
 
@@ -170,8 +173,8 @@ typedef struct file_info {
 	struct timespec mtime_ts;
 	struct timespec atime_ts;
 	struct timespec ctime_ts;
-	pstring name;
-	pstring dir;
+	char name[1024];
+	char dir[1024]; /* Should use allocated PATH_MAX here.... */
 	char short_name[13*3]; /* the *3 is to cope with multi-byte */
 } file_info;
 
diff --git a/source/include/smb.h b/source/include/smb.h
index be339f2..f85c734 100644
--- a/source/include/smb.h
+++ b/source/include/smb.h
@@ -79,6 +79,7 @@ enum smb_read_errors {
 	SMB_READ_ERROR,
 	SMB_WRITE_ERROR, /* This error code can go into the client smb_rw_error. */
 	SMB_READ_BAD_SIG,
+	SMB_NO_MEMORY,
 	SMB_DO_NOT_DO_TDIS /* cli_close_connection() check for this when smbfs wants to keep tree connected */
 };
 
diff --git a/source/lib/time.c b/source/lib/time.c
index e29308f..5301e3a 100644
--- a/source/lib/time.c
+++ b/source/lib/time.c
@@ -1181,17 +1181,17 @@ void cli_put_dos_date3(struct cli_state *cli, char *buf, int offset, time_t unix
 	put_dos_date3(buf, offset, unixdate, cli->serverzone);
 }
 
-time_t cli_make_unix_date(struct cli_state *cli, void *date_ptr)
+time_t cli_make_unix_date(struct cli_state *cli, const void *date_ptr)
 {
 	return make_unix_date(date_ptr, cli->serverzone);
 }
 
-time_t cli_make_unix_date2(struct cli_state *cli, void *date_ptr)
+time_t cli_make_unix_date2(struct cli_state *cli, const void *date_ptr)
 {
 	return make_unix_date2(date_ptr, cli->serverzone);
 }
 
-time_t cli_make_unix_date3(struct cli_state *cli, void *date_ptr)
+time_t cli_make_unix_date3(struct cli_state *cli, const void *date_ptr)
 {
 	return make_unix_date3(date_ptr, cli->serverzone);
 }
diff --git a/source/libsmb/cliconnect.c b/source/libsmb/cliconnect.c
index f0b03a8..e3800bf 100644
--- a/source/libsmb/cliconnect.c
+++ b/source/libsmb/cliconnect.c
@@ -1803,13 +1803,18 @@ struct cli_state *get_ipc_connect(char *server,
  * entire network browse list)
  */
 
-struct cli_state *get_ipc_connect_master_ip(struct ip_service *mb_ip, pstring workgroup, struct user_auth_info *user_info)
+struct cli_state *get_ipc_connect_master_ip(TALLOC_CTX *ctx,
+				struct ip_service *mb_ip,
+				struct user_auth_info *user_info,
+				char **pp_workgroup_out)
 {
 	char addr[INET6_ADDRSTRLEN];
         fstring name;
 	struct cli_state *cli;
 	struct sockaddr_storage server_ss;
 
+	*pp_workgroup_out = NULL;
+
 	print_sockaddr(addr, sizeof(addr), &mb_ip->ss);
         DEBUG(99, ("Looking up name of master browser %s\n",
                    addr));
@@ -1838,7 +1843,7 @@ struct cli_state *get_ipc_connect_master_ip(struct ip_service *mb_ip, pstring wo
                 return NULL;
         }
 
-	pstrcpy(workgroup, name);
+	*pp_workgroup_out = talloc_strdup(ctx, name);
 
 	DEBUG(4, ("found master browser %s, %s\n", name, addr));
 
@@ -1853,12 +1858,16 @@ struct cli_state *get_ipc_connect_master_ip(struct ip_service *mb_ip, pstring wo
  * connect to it.
  */
 
-struct cli_state *get_ipc_connect_master_ip_bcast(pstring workgroup, struct user_auth_info *user_info)
+struct cli_state *get_ipc_connect_master_ip_bcast(TALLOC_CTX *ctx,
+					struct user_auth_info *user_info,
+					char **pp_workgroup_out)
 {
 	struct ip_service *ip_list;
 	struct cli_state *cli;
 	int i, count;
 
+	*pp_workgroup_out = NULL;
+
         DEBUG(99, ("Do broadcast lookup for workgroups on local network\n"));
 
         /* Go looking for workgroups by broadcasting on the local network */
@@ -1874,7 +1883,8 @@ struct cli_state *get_ipc_connect_master_ip_bcast(pstring workgroup, struct user
 		print_sockaddr(addr, sizeof(addr), &ip_list[i].ss);
 		DEBUG(99, ("Found master browser %s\n", addr));
 
-		cli = get_ipc_connect_master_ip(&ip_list[i], workgroup, user_info);
+		cli = get_ipc_connect_master_ip(ctx, &ip_list[i],
+				user_info, pp_workgroup_out);
 		if (cli)
 			return(cli);
 	}
diff --git a/source/libsmb/clidfs.c b/source/libsmb/clidfs.c
index 037c0d6..469cb23 100644
--- a/source/libsmb/clidfs.c
+++ b/source/libsmb/clidfs.c
@@ -245,9 +245,12 @@ static struct cli_state *cli_cm_connect( const char *server,
 					bool show_hdr)
 {
 	struct client_connection *node;
-	
-	node = SMB_XMALLOC_P( struct client_connection );
-	
+
+	node = SMB_CALLOC_ARRAY( struct client_connection, 1);
+	if (!node) {
+		return NULL;
+	}
+
 	node->cli = do_connect( server, share, show_hdr );
 
 	if ( !node->cli ) {
diff --git a/source/libsmb/clidgram.c b/source/libsmb/clidgram.c
index 5b619b6..82f874f 100644
--- a/source/libsmb/clidgram.c
+++ b/source/libsmb/clidgram.c
@@ -113,95 +113,3 @@ bool cli_send_mailslot(struct messaging_context *msg_ctx,
 						  MSG_SEND_PACKET,
 						  (uint8 *)&p, sizeof(p)));
 }
-
-/*
- * cli_get_response: Get a response ...
- */
-bool cli_get_response(const char *mailslot, char *buf, int bufsiz)
-{
-	struct packet_struct *p;
-
-	p = receive_unexpected(DGRAM_PACKET, 0, mailslot);
-
-	if (p == NULL)
-		return False;
-
-	memcpy(buf, &p->packet.dgram.data[92],
-	       MIN(bufsiz, p->packet.dgram.datasize-92));
-
-	return True;
-}
-
-/*
- * cli_get_backup_list: Send a get backup list request ...
- */
-
-static char cli_backup_list[1024];
-
-int cli_get_backup_list(struct messaging_context *msg_ctx,
-			const char *myname, const char *send_to_name)
-{
-	pstring outbuf;
-	char *p;
-	struct sockaddr_storage sendto_ss;
-
-	if (!resolve_name(send_to_name, &sendto_ss, 0x1d)) {
-
-		DEBUG(0, ("Could not resolve name: %s<1D>\n", send_to_name));
-		return False;
-
-	}
-
-	memset(cli_backup_list, '\0', sizeof(cli_backup_list));
-	memset(outbuf, '\0', sizeof(outbuf));
-
-	p = outbuf;
-
-	SCVAL(p, 0, ANN_GetBackupListReq);
-	p++;
-
-	SCVAL(p, 0, 1); /* Count pointer ... */
-	p++;
-
-	SIVAL(p, 0, 1); /* The sender's token ... */
-	p += 4;
-
-	cli_send_mailslot(msg_ctx, True, "\\MAILSLOT\\BROWSE", 1, outbuf, 
-			  PTR_DIFF(p, outbuf), myname, 0, send_to_name, 
-			  0x1d, &sendto_ss);
-
-	/* We should check the error and return if we got one */
-
-	/* Now, get the response ... */
-
-	cli_get_response("\\MAILSLOT\\BROWSE",
-			 cli_backup_list, sizeof(cli_backup_list));
-
-	return True;
-
-}
-
-/*
- * cli_get_backup_server: Get the backup list and retrieve a server from it
- */
-
-int cli_get_backup_server(struct messaging_context *msg_ctx,
-			  char *my_name, char *target, char *servername,
-			  int namesize)
-{
-
-  /* Get the backup list first. We could pull this from the cache later */
-
-  cli_get_backup_list(msg_ctx, my_name, target);  /* FIXME: Check the response */
-
-  if (!cli_backup_list[0]) { /* Empty list ... try again */
-
-    cli_get_backup_list(msg_ctx, my_name, target);
-
-  }
-
-  strncpy(servername, cli_backup_list, MIN(16, namesize));
-
-  return True;
-
-}
diff --git a/source/libsmb/clientgen.c b/source/libsmb/clientgen.c
index ee1a0fe..1a6fb8f 100644
--- a/source/libsmb/clientgen.c
+++ b/source/libsmb/clientgen.c
@@ -492,9 +492,6 @@ struct cli_state *cli_initialise(void)
 	if (!cli->outbuf || !cli->inbuf)
                 goto error;
 
-	if ((cli->mem_ctx = talloc_init("cli based talloc")) == NULL)
-                goto error;
-
 	memset(cli->outbuf, 0, cli->bufsize);
 	memset(cli->inbuf, 0, cli->bufsize);
 
@@ -605,11 +602,6 @@ void cli_shutdown(struct cli_state *cli)
 	data_blob_free(&cli->secblob);
 	data_blob_free(&cli->user_session_key);
 
-	if (cli->mem_ctx) {
-		talloc_destroy(cli->mem_ctx);
-		cli->mem_ctx = NULL;
-	}
-
 	if (cli->fd != -1) {
 		close(cli->fd);
 	}
diff --git a/source/libsmb/clierror.c b/source/libsmb/clierror.c
index c9c5a6c..587abad 100644
--- a/source/libsmb/clierror.c
+++ b/source/libsmb/clierror.c
@@ -84,6 +84,8 @@ static NTSTATUS cli_smb_rw_error_to_ntstatus(struct cli_state *cli)
 			return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
 	        case SMB_READ_BAD_SIG:
 			return NT_STATUS_INVALID_PARAMETER;
+		case SMB_NO_MEMORY:
+			return NT_STATUS_NO_MEMORY;
 	        default:
 			break;
 	}
@@ -133,6 +135,10 @@ const char *cli_errstr(struct cli_state *cli)
 				slprintf(cli_error_message, sizeof(cli_error_message) - 1,
 					"Server packet had invalid SMB signature!");
 				break;
+		        case SMB_NO_MEMORY:
+				slprintf(cli_error_message, sizeof(cli_error_message) - 1,
+					"Out of memory");
+				break;
 		        default:
 				slprintf(cli_error_message, sizeof(cli_error_message) - 1,
 					"Unknown error code %d\n", cli->smb_rw_error );
diff --git a/source/libsmb/clilist.c b/source/libsmb/clilist.c
index fd0c380..64cb3e8 100644
--- a/source/libsmb/clilist.c
+++ b/source/libsmb/clilist.c
@@ -1,18 +1,18 @@
-/* 
+/*
    Unix SMB/CIFS implementation.
    client directory list routines
    Copyright (C) Andrew Tridgell 1994-1998
-   
+
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -22,18 +22,41 @@
 extern file_info def_finfo;
 
 /****************************************************************************
+ Calculate a safe next_entry_offset.
+****************************************************************************/
+
+static size_t calc_next_entry_offset(const char *base, const char *pdata_end)
+{
+	size_t next_entry_offset = (size_t)IVAL(base,0);
+
+	if (next_entry_offset == 0 ||
+			base + next_entry_offset < base ||
+			base + next_entry_offset > pdata_end) {
+		next_entry_offset = pdata_end - base;
+	}
+	return next_entry_offset;
+}
+
+/****************************************************************************
  Interpret a long filename structure - this is mostly guesses at the moment.
  The length of the structure is returned
  The structure of a long filename depends on the info level. 260 is used
  by NT and 2 is used by OS/2
 ****************************************************************************/
 
-static size_t interpret_long_filename(struct cli_state *cli, int level,char *p,file_info *finfo,
-					uint32 *p_resume_key, DATA_BLOB *p_last_name_raw, uint32 *p_last_name_raw_len)
+static size_t interpret_long_filename(struct cli_state *cli,
+					int level,
+					const char *p,
+					const char *pdata_end,
+					file_info *finfo,
+					uint32 *p_resume_key,
+					DATA_BLOB *p_last_name_raw)
 {
 	file_info finfo2;
 	int len;
-	char *base = p;
+	const char *base = p;
+
+	data_blob_free(p_last_name_raw);
 
 	if (!finfo) {
 		finfo = &finfo2;
@@ -49,6 +72,9 @@ static size_t interpret_long_filename(struct cli_state *cli, int level,char *p,f
 		case 1: /* OS/2 understands this */
 			/* these dates are converted to GMT by
                            make_unix_date */
+			if (pdata_end - base < 27) {
+				return pdata_end - base;
+			}
 			finfo->ctime_ts = convert_time_t_to_timespec(cli_make_unix_date2(cli, p+4));
 			finfo->atime_ts = convert_time_t_to_timespec(cli_make_unix_date2(cli, p+8));
 			finfo->mtime_ts = convert_time_t_to_timespec(cli_make_unix_date2(cli, p+12));
@@ -57,19 +83,25 @@ static size_t interpret_long_filename(struct cli_state *cli, int level,char *p,f
 			len = CVAL(p, 26);
 			p += 27;
 			p += clistr_align_in(cli, p, 0);
+			if (p + len + 2 > pdata_end) {
+				return pdata_end - base;
+			}
 			/* the len+2 below looks strange but it is
 			   important to cope with the differences
 			   between win2000 and win9x for this call
 			   (tridge) */
 			p += clistr_pull(cli, finfo->name, p,
 					 sizeof(finfo->name),
-					 len+2, 
+					 len+2,
 					 STR_TERMINATE);
 			return PTR_DIFF(p, base);
 
 		case 2: /* this is what OS/2 uses mostly */
 			/* these dates are converted to GMT by
                            make_unix_date */
+			if (pdata_end - base < 31) {
+				return pdata_end - base;
+			}
 			finfo->ctime_ts = convert_time_t_to_timespec(cli_make_unix_date2(cli, p+4));
 			finfo->atime_ts = convert_time_t_to_timespec(cli_make_unix_date2(cli, p+8));
 			finfo->mtime_ts = convert_time_t_to_timespec(cli_make_unix_date2(cli, p+12));
@@ -78,22 +110,30 @@ static size_t interpret_long_filename(struct cli_state *cli, int level,char *p,f
 			len = CVAL(p, 30);
 			p += 31;
 			/* check for unisys! */
+			if (p + len + 1 > pdata_end) {
+				return pdata_end - base;
+			}
 			p += clistr_pull(cli, finfo->name, p,
 					 sizeof(finfo->name),
-					 len, 
+					 len,
 					 STR_NOALIGN);
 			return PTR_DIFF(p, base) + 1;
-			
+
 		case 260: /* NT uses this, but also accepts 2 */
 		{
 			size_t namelen, slen;
+
+			if (pdata_end - base < 94) {
+				return pdata_end - base;
+			}
+
 			p += 4; /* next entry offset */
 
 			if (p_resume_key) {
 				*p_resume_key = IVAL(p,0);
 			}
 			p += 4; /* fileindex */
-				
+
 			/* Offset zero is "create time", not "change time". */
 			p += 8;
 			finfo->atime_ts = interpret_long_date(p);
@@ -111,7 +151,11 @@ static size_t interpret_long_filename(struct cli_state *cli, int level,char *p,f
 			p += 4;
 			p += 4; /* EA size */
 			slen = SVAL(p, 0);
-			p += 2; 
+			if (slen > 24) {
+				/* Bad short name length. */
+				return pdata_end - base;
+			}
+			p += 2;
 			{
 				/* stupid NT bugs. grr */
 				int flags = 0;
@@ -120,7 +164,10 @@ static size_t interpret_long_filename(struct cli_state *cli, int level,char *p,f
 					    sizeof(finfo->short_name),
 					    slen, flags);
 			}
-			p += 24; /* short name? */	  
+			p += 24; /* short name? */
+			if (p + namelen < p || p + namelen > pdata_end) {
+				return pdata_end - base;
+			}
 			clistr_pull(cli, finfo->name, p,
 				    sizeof(finfo->name),
 				    namelen, 0);
@@ -130,29 +177,24 @@ static size_t interpret_long_filename(struct cli_state *cli, int level,char *p,f
 			   Namelen doesn't include the terminating unicode null, so
 			   copy it here. */
 
-			if (p_last_name_raw && p_last_name_raw_len) {
-				if (namelen + 2 > p_last_name_raw->length) {
-					memset(p_last_name_raw->data, '\0', sizeof(p_last_name_raw->length));
-					*p_last_name_raw_len = 0;
-				} else {
-					memcpy(p_last_name_raw->data, p, namelen);
-					SSVAL(p_last_name_raw->data, namelen, 0);
-					*p_last_name_raw_len = namelen + 2;
-				}
+			if (p_last_name_raw) {
+				*p_last_name_raw = data_blob(NULL, namelen+2);
+				memcpy(p_last_name_raw->data, p, namelen);
+				SSVAL(p_last_name_raw->data, namelen, 0);
 			}
-			return (size_t)IVAL(base, 0);
+			return calc_next_entry_offset(base, pdata_end);
 		}
 	}
-	
+
 	DEBUG(1,("Unknown long filename format %d\n",level));
-	return (size_t)IVAL(base,0);
+	return calc_next_entry_offset(base, pdata_end);
 }
 
 /****************************************************************************
  Do a directory listing, calling fn on each file found.
 ****************************************************************************/
 
-int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute, 
+int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
 		 void (*fn)(const char *, file_info *, const char *, void *), void *state)
 {


-- 
Samba Shared Repository


More information about the samba-cvs mailing list