[SCM] Samba Shared Repository - branch v3-devel updated - release-3-2-0pre2-3813-g4ed73cb

Volker Lendecke vlendec at samba.org
Sat Aug 23 13:36:23 GMT 2008


The branch, v3-devel has been updated
       via  4ed73cbbbeff4b554cc8d28252b756241396b3a1 (commit)
       via  541e088656773d2b3b56a5a8bdc8dea6c9edec86 (commit)
      from  79103000b13c95325534db749a0da638a3eb1807 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-devel


- Log -----------------------------------------------------------------
commit 4ed73cbbbeff4b554cc8d28252b756241396b3a1
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Aug 13 19:57:19 2008 +0200

    Protect against short read&x replies

commit 541e088656773d2b3b56a5a8bdc8dea6c9edec86
Author: Volker Lendecke <vl at samba.org>
Date:   Tue Aug 19 10:14:59 2008 +0200

    Fix some nonempty blank lines

-----------------------------------------------------------------------

Summary of changes:
 source/libsmb/clireadwrite.c  |    4 +++
 source/winbindd/winbindd_cm.c |   52 ++++++++++++++++++++--------------------
 2 files changed, 30 insertions(+), 26 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/libsmb/clireadwrite.c b/source/libsmb/clireadwrite.c
index a57f1e0..4d30276 100644
--- a/source/libsmb/clireadwrite.c
+++ b/source/libsmb/clireadwrite.c
@@ -138,6 +138,10 @@ NTSTATUS cli_read_andx_recv(struct async_req *req, ssize_t *received,
 		return status;
 	}
 
+	if (wct < 12) {
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
 	/* size is the number of bytes the server returned.
 	 * Might be zero. */
 	size = SVAL(cli_req->inbuf, smb_vwv5);
diff --git a/source/winbindd/winbindd_cm.c b/source/winbindd/winbindd_cm.c
index a8c0166..71f1a56 100644
--- a/source/winbindd/winbindd_cm.c
+++ b/source/winbindd/winbindd_cm.c
@@ -8,17 +8,17 @@
    Copyright (C) Gerald (Jerry) Carter     2003-2005.
    Copyright (C) Volker Lendecke           2004-2005
    Copyright (C) Jeremy Allison		   2006
-   
+
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -27,14 +27,14 @@
    We need to manage connections to domain controllers without having to
    mess up the main winbindd code with other issues.  The aim of the
    connection manager is to:
-  
+
        - make connections to domain controllers and cache them
        - re-establish connections when networks or servers go down
        - centralise the policy on connection timeouts, domain controller
 	 selection etc
        - manage re-entrancy for when winbindd becomes able to handle
 	 multiple outstanding rpc requests
-  
+
    Why not have connection management as part of the rpc layer like tng?
    Good question.  This code may morph into libsmb/rpc_cache.c or something
    like that but at the moment it's simply staying as part of winbind.	I
@@ -383,7 +383,7 @@ void set_domain_offline(struct winbindd_domain *domain)
 
 	if ( domain->primary ) {
 		struct winbindd_child *idmap = idmap_child();
-		
+
 		if ( idmap->pid != 0 ) {
 			messaging_send_buf(winbind_messaging_context(),
 					   pid_to_procid(idmap->pid), 
@@ -462,7 +462,7 @@ static void set_domain_online(struct winbindd_domain *domain)
 
 	if ( domain->primary ) {
 		struct winbindd_child *idmap = idmap_child();
-		
+
 		if ( idmap->pid != 0 ) {
 			messaging_send_buf(winbind_messaging_context(),
 					   pid_to_procid(idmap->pid), 
@@ -553,7 +553,7 @@ void winbind_add_failed_connection_entry(const struct winbindd_domain *domain,
    an authenticated connection if DCs have the RestrictAnonymous registry
    entry set > 0, or the "Additional restrictions for anonymous
    connections" set in the win2k Local Security Policy. 
-   
+
    Caller to free() result in domain, username, password
 */
 
@@ -562,12 +562,12 @@ static void cm_get_ipc_userpass(char **username, char **domain, char **password)
 	*username = (char *)secrets_fetch(SECRETS_AUTH_USER, NULL);
 	*domain = (char *)secrets_fetch(SECRETS_AUTH_DOMAIN, NULL);
 	*password = (char *)secrets_fetch(SECRETS_AUTH_PASSWORD, NULL);
-	
+
 	if (*username && **username) {
 
 		if (!*domain || !**domain)
 			*domain = smb_xstrdup(lp_workgroup());
-		
+
 		if (!*password || !**password)
 			*password = smb_xstrdup("");
 
@@ -703,7 +703,7 @@ static NTSTATUS get_trust_creds(const struct winbindd_domain *domain,
 {
 	const char *account_name;
 	const char *name = NULL;
-	
+
 	/* If we are a DC and this is not our own domain */
 
 	if (IS_DC) {
@@ -713,10 +713,10 @@ static NTSTATUS get_trust_creds(const struct winbindd_domain *domain,
 
 		if (!our_domain)
 			return NT_STATUS_INVALID_SERVER_STATE;		
-		
+
 		name = our_domain->name;		
 	}	
-	
+
 	if (!get_trust_pw_clear(name, machine_password,
 				&account_name, NULL))
 	{
@@ -738,7 +738,7 @@ static NTSTATUS get_trust_creds(const struct winbindd_domain *domain,
 		if (!our_domain) {
 			return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;			
 		}
-		
+
 		if (asprintf(machine_krb5_principal, "%s$@%s",
 			     account_name, our_domain->alt_name) == -1)
 		{
@@ -1342,7 +1342,7 @@ static bool find_new_dc(TALLOC_CTX *mem_ctx,
 
 	TALLOC_FREE(dcnames);
 	num_dcnames = 0;
-	
+
 	TALLOC_FREE(addrs);
 	num_addrs = 0;
 
@@ -1368,7 +1368,7 @@ static NTSTATUS cm_open_connection(struct winbindd_domain *domain,
 
 	/* we have to check the server affinity cache here since 
 	   later we selecte a DC based on response time and not preference */
-	   
+
 	/* Check the negative connection cache
 	   before talking to it. It going down may have
 	   triggered the reconnection. */
@@ -1618,26 +1618,26 @@ static bool set_dc_type_and_flags_trustinfo( struct winbindd_domain *domain )
 	TALLOC_CTX *mem_ctx = NULL;
 
 	DEBUG(5, ("set_dc_type_and_flags_trustinfo: domain %s\n", domain->name ));
-	
+
 	/* Our primary domain doesn't need to worry about trust flags.
 	   Force it to go through the network setup */
 	if ( domain->primary ) {		
 		return False;		
 	}
-	
+
 	our_domain = find_our_domain();
-	
+
 	if ( !connection_ok(our_domain) ) {
 		DEBUG(3,("set_dc_type_and_flags_trustinfo: No connection to our domain!\n"));		
 		return False;
 	}
 
 	/* This won't work unless our domain is AD */
-	 
+
 	if ( !our_domain->active_directory ) {
 		return False;
 	}
-	
+
 	/* Use DsEnumerateDomainTrusts to get us the trust direction
 	   and type */
 
@@ -1698,13 +1698,13 @@ static bool set_dc_type_and_flags_trustinfo( struct winbindd_domain *domain )
 
 			if ( !winbindd_can_contact_domain( domain) )
 				domain->internal = True;
-			
+
 			break;
 		}		
 	}
-	
+
 	talloc_destroy( mem_ctx );
-	
+
 	return domain->initialized;	
 }
 
@@ -1801,7 +1801,7 @@ no_dssetup:
 
 	result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 
 					 SEC_RIGHTS_MAXIMUM_ALLOWED, &pol);
-		
+
 	if (NT_STATUS_IS_OK(result)) {
 		/* This particular query is exactly what Win2k clients use 
 		   to determine that the DC is active directory */
@@ -2334,7 +2334,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
 	if (!NT_STATUS_IS_OK(result)) {
 		DEBUG(3, ("Could not open schannel'ed NETLOGON pipe. Error "
 			  "was %s\n", nt_errstr(result)));
-			  
+
 		/* make sure we return something besides OK */
 		return !NT_STATUS_IS_OK(result) ? result : NT_STATUS_PIPE_NOT_AVAILABLE;
 	}


-- 
Samba Shared Repository


More information about the samba-cvs mailing list