[SCM] Samba Shared Repository - branch master updated - c4dc548171ba27b741669e364839a3c8e507be96

Volker Lendecke vlendec at samba.org
Sun Oct 19 20:41:39 GMT 2008 

The branch, master has been updated
       via  c4dc548171ba27b741669e364839a3c8e507be96 (commit)
       via  2883c88ae46d3957564660213471e1d6f94cdb04 (commit)
       via  48d3a1d2fb5569ab11ffef8b903af91d77d326a3 (commit)
       via  1510b7b8c99ea64a8fabdb89c5868b2f5895fdbf (commit)
       via  ac647d03ac271b0a81b6c8041e2c6b84ada13aca (commit)
      from  c0de338394c9e2dd80a3ad06341fe95b1ea169ed (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit c4dc548171ba27b741669e364839a3c8e507be96
Author: Volker Lendecke <vl at samba.org>
Date:   Sun Oct 19 22:37:27 2008 +0200

    Fix 64-bit printf warnings

commit 2883c88ae46d3957564660213471e1d6f94cdb04
Author: Volker Lendecke <vl at samba.org>
Date:   Sun Oct 19 15:30:12 2008 +0200

    Fix nonempty blank lines

commit 48d3a1d2fb5569ab11ffef8b903af91d77d326a3
Author: Volker Lendecke <vl at samba.org>
Date:   Sun Oct 19 15:17:12 2008 +0200

    "fn_new"->"fn" in smb_messages[], we got beyond that :-)

commit 1510b7b8c99ea64a8fabdb89c5868b2f5895fdbf
Author: Volker Lendecke <vl at samba.org>
Date:   Sun Oct 19 14:50:55 2008 +0200

    Use a direct compare instead of calling strncmp in valid_smb_header

commit ac647d03ac271b0a81b6c8041e2c6b84ada13aca
Author: Volker Lendecke <vl at samba.org>
Date:   Sun Oct 19 13:44:11 2008 +0200

    Move the global hosts_allow() check out of the processing loop

-----------------------------------------------------------------------

Summary of changes:
 librpc/ndr/ndr_compression.c |    8 +-
 source3/smbd/process.c       |   53 +++++++-----
 source3/smbd/reply.c         |  182 +++++++++++++++++++++---------------------
 3 files changed, 126 insertions(+), 117 deletions(-)


Changeset truncated at 500 lines:

diff --git a/librpc/ndr/ndr_compression.c b/librpc/ndr/ndr_compression.c
index afd397e..c73c3bb 100644
--- a/librpc/ndr/ndr_compression.c
+++ b/librpc/ndr/ndr_compression.c
@@ -260,7 +260,9 @@ static enum ndr_err_code ndr_push_compression_mszip_chunk(struct ndr_push *ndrpu
 	ndrpush->offset = tmp_offset;
 
 	DEBUG(9,("MSZIP comp plain_chunk_size: %08X (%u) comp_chunk_size: %08X (%u)\n",
-		 plain_chunk.length, plain_chunk.length, comp_chunk_size, comp_chunk_size));
+		 (unsigned int)plain_chunk.length,
+		 (unsigned int)plain_chunk.length,
+		 comp_chunk_size, comp_chunk_size));
 
 	ndrpush->offset += comp_chunk_size;
 	return NDR_ERR_SUCCESS;
@@ -307,7 +309,7 @@ static enum ndr_err_code ndr_pull_compression_xpress_chunk(struct ndr_pull *ndrp
 	if (ret < 0) {
 		return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION,
 				      "XPRESS lzxpress_decompress() returned %d\n",
-				      ret);
+				      (int)ret);
 	}
 	plain_chunk.length = ret;
 
@@ -361,7 +363,7 @@ static enum ndr_err_code ndr_push_compression_xpress_chunk(struct ndr_push *ndrp
 	if (ret < 0) {
 		return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION,
 				      "XPRESS lzxpress_compress() returned %d\n",
-				      ret);
+				      (int)ret);
 	}
 	comp_chunk.length = ret;
 
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index ceffd6f..a8b93d8 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -105,7 +105,11 @@ static bool valid_smb_header(const uint8_t *inbuf)
 	if (is_encrypted_packet(inbuf)) {
 		return true;
 	}
-	return (strncmp(smb_base(inbuf),"\377SMB",4) == 0);
+	/*
+	 * This used to be (strncmp(smb_base(inbuf),"\377SMB",4) == 0)
+	 * but it just looks weird to call strncmp for this one.
+	 */
+	return (IVAL(smb_base(inbuf), 0) == 0x424D53FF);
 }
 
 /* Socket functions for smbd packet processing. */
@@ -974,7 +978,7 @@ force write permissions on print services.
 */
 static const struct smb_message_struct {
 	const char *name;
-	void (*fn_new)(struct smb_request *req);
+	void (*fn)(struct smb_request *req);
 	int flags;
 } smb_messages[256] = {
 
@@ -1350,7 +1354,7 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req, in
 		exit_server_cleanly("Non-SMB packet");
 	}
 
-	if (smb_messages[type].fn_new == NULL) {
+	if (smb_messages[type].fn == NULL) {
 		DEBUG(0,("Unknown message type %d!\n",type));
 		smb_dump("Unknown", 1, (char *)req->inbuf, size);
 		reply_unknown_new(req, type);
@@ -1472,7 +1476,7 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req, in
 		return conn;
 	}
 
-	smb_messages[type].fn_new(req);
+	smb_messages[type].fn(req);
 	return req->conn;
 }
 
@@ -1534,25 +1538,6 @@ static void process_smb(char *inbuf, size_t nread, size_t unread_bytes, bool enc
 
 	DO_PROFILE_INC(smb_count);
 
-	if (trans_num == 0) {
-		char addr[INET6_ADDRSTRLEN];
-
-		/* on the first packet, check the global hosts allow/ hosts
-		deny parameters before doing any parsing of the packet
-		passed to us by the client.  This prevents attacks on our
-		parsing code from hosts not in the hosts allow list */
-
-		if (!check_access(smbd_server_fd(), lp_hostsallow(-1),
-				  lp_hostsdeny(-1))) {
-			/* send a negative session response "not listening on calling name" */
-			static unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
-			DEBUG( 1, ( "Connection denied from %s\n",
-				client_addr(get_client_fd(),addr,sizeof(addr)) ) );
-			(void)srv_send_smb(smbd_server_fd(),(char *)buf,false);
-			exit_server_cleanly("connection denied");
-		}
-	}
-
 	DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type,
 		    smb_len(inbuf) ) );
 	DEBUG( 3, ( "Transaction %d of length %d (%u toread)\n", trans_num,
@@ -1893,6 +1878,28 @@ void smbd_process(void)
 	unsigned int num_smbs = 0;
 	size_t unread_bytes = 0;
 
+	char addr[INET6_ADDRSTRLEN];
+
+	/*
+	 * Before the first packet, check the global hosts allow/ hosts deny
+	 * parameters before doing any parsing of packets passed to us by the
+	 * client. This prevents attacks on our parsing code from hosts not in
+	 * the hosts allow list.
+	 */
+
+	if (!check_access(smbd_server_fd(), lp_hostsallow(-1),
+			  lp_hostsdeny(-1))) {
+		/*
+		 * send a negative session response "not listening on calling
+		 * name"
+		 */
+		unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
+		DEBUG( 1, ("Connection denied from %s\n",
+			   client_addr(get_client_fd(),addr,sizeof(addr)) ) );
+		(void)srv_send_smb(smbd_server_fd(),(char *)buf,false);
+		exit_server_cleanly("connection denied");
+	}
+
 	max_recv = MIN(lp_maxxmit(),BUFFER_SIZE);
 
 	while (True) {
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index b7763cb..25480c6 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -424,22 +424,22 @@ void reply_special(char *inbuf)
 	 * header.
 	 */
 	char outbuf[smb_size];
-	
+
 	static bool already_got_session = False;
 
 	*name1 = *name2 = 0;
-	
+
 	memset(outbuf, '\0', sizeof(outbuf));
 
 	smb_setlen(outbuf,0);
-	
+
 	switch (msg_type) {
 	case 0x81: /* session request */
-		
+
 		if (already_got_session) {
 			exit_server_cleanly("multiple session request not permitted");
 		}
-		
+
 		SCVAL(outbuf,0,0x82);
 		SCVAL(outbuf,3,0);
 		if (name_len(inbuf+4) > 50 || 
@@ -478,24 +478,24 @@ void reply_special(char *inbuf)
 
 		already_got_session = True;
 		break;
-		
+
 	case 0x89: /* session keepalive request 
 		      (some old clients produce this?) */
 		SCVAL(outbuf,0,SMBkeepalive);
 		SCVAL(outbuf,3,0);
 		break;
-		
+
 	case 0x82: /* positive session response */
 	case 0x83: /* negative session response */
 	case 0x84: /* retarget session response */
 		DEBUG(0,("Unexpected session response\n"));
 		break;
-		
+
 	case SMBkeepalive: /* session keepalive */
 	default:
 		return;
 	}
-	
+
 	DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
 		    msg_type, msg_flags));
 
@@ -1062,7 +1062,7 @@ void reply_getatr(struct smb_request *req)
 		SSVAL(req->outbuf, smb_flg2,
 		      SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
 	}
-  
+
 	DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n", fname, mode, (unsigned int)size ) );
 
 	END_PROFILE(SMBgetatr);
@@ -1169,9 +1169,9 @@ void reply_setatr(struct smb_request *req)
 	}
 
 	reply_outbuf(req, 0, 0);
- 
+
 	DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
-  
+
 	END_PROFILE(SMBsetatr);
 	return;
 }
@@ -1193,7 +1193,7 @@ void reply_dskattr(struct smb_request *req)
 	}
 
 	reply_outbuf(req, 5, 0);
-	
+
 	if (Protocol <= PROTOCOL_LANMAN2) {
 		double total_space, free_space;
 		/* we need to scale this to a number that DOS6 can handle. We
@@ -1207,7 +1207,7 @@ void reply_dskattr(struct smb_request *req)
 
 		dsize = (uint64_t)((total_space+63*512) / (64*512));
 		dfree = (uint64_t)((free_space+63*512) / (64*512));
-		
+
 		if (dsize > 0xFFFF) dsize = 0xFFFF;
 		if (dfree > 0xFFFF) dfree = 0xFFFF;
 
@@ -1713,7 +1713,7 @@ void reply_open(struct smb_request *req)
 		SCVAL(req->outbuf,smb_flg,
 		      CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
 	}
-    
+
 	if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
 		SCVAL(req->outbuf,smb_flg,
 		      CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
@@ -2201,7 +2201,7 @@ void reply_ctemp(struct smb_request *req)
 		SCVAL(req->outbuf, smb_flg,
 		      CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
 	}
-  
+
 	if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
 		SCVAL(req->outbuf, smb_flg,
 		      CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
@@ -2914,14 +2914,14 @@ void reply_readbraw(struct smb_request *req)
 	if (nread < mincount)
 		nread = 0;
 #endif
-  
+
 	DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
 		"min=%lu nread=%lu\n",
 		fsp->fnum, (double)startpos,
 		(unsigned long)maxcount,
 		(unsigned long)mincount,
 		(unsigned long)nread ) );
-  
+
 	send_file_readbraw(conn, fsp, startpos, nread, mincount);
 
 	DEBUG(5,("reply_readbraw finished\n"));
@@ -2978,7 +2978,7 @@ void reply_lockread(struct smb_request *req)
 	reply_outbuf(req, 5, numtoread + 3);
 
 	data = smb_buf(req->outbuf) + 3;
-	
+
 	/*
 	 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
 	 * protocol request that predates the read/write lock concept. 
@@ -2986,7 +2986,7 @@ void reply_lockread(struct smb_request *req)
 	 * for a write lock. JRA.
 	 * Note that the requested lock size is unaffected by max_recv.
 	 */
-	
+
 	br_lck = do_lock(smbd_messaging_context(),
 			fsp,
 			req->smbpid,
@@ -3022,7 +3022,7 @@ Returning short read of maximum allowed for compatibility with Windows 2000.\n",
 		END_PROFILE(SMBlockread);
 		return;
 	}
-	
+
 	srv_set_message((char *)req->outbuf, 5, nread+3, False);
 
 	SSVAL(req->outbuf,smb_vwv0,nread);
@@ -3030,7 +3030,7 @@ Returning short read of maximum allowed for compatibility with Windows 2000.\n",
 	p = smb_buf(req->outbuf);
 	SCVAL(p,0,0); /* pad byte. */
 	SSVAL(p,1,nread);
-	
+
 	DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
 		 fsp->fnum, (int)numtoread, (int)nread));
 
@@ -3094,7 +3094,7 @@ Returning short read of maximum allowed for compatibility with Windows 2000.\n",
 	reply_outbuf(req, 5, numtoread+3);
 
 	data = smb_buf(req->outbuf) + 3;
-  
+
 	if (is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtoread,
 		      (uint64_t)startpos, READ_LOCK)) {
 		reply_doserror(req, ERRDOS,ERRlock);
@@ -3117,7 +3117,7 @@ Returning short read of maximum allowed for compatibility with Windows 2000.\n",
 	SSVAL(req->outbuf,smb_vwv5,nread+3);
 	SCVAL(smb_buf(req->outbuf),0,1);
 	SSVAL(smb_buf(req->outbuf),1,nread);
-  
+
 	DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
 		fsp->fnum, (int)numtoread, (int)nread ) );
 
@@ -3659,7 +3659,7 @@ void reply_writeunlock(struct smb_request *req)
 		END_PROFILE(SMBwriteunlock);
 		return;
 	}
-	
+
 	fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0));
 
 	if (!check_fsp(conn, req, fsp)) {
@@ -3676,7 +3676,7 @@ void reply_writeunlock(struct smb_request *req)
 	numtowrite = SVAL(req->inbuf,smb_vwv1);
 	startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
 	data = smb_buf(req->inbuf) + 3;
-  
+
 	if (numtowrite
 	    && is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtowrite,
 			 (uint64_t)startpos, WRITE_LOCK)) {
@@ -3693,7 +3693,7 @@ void reply_writeunlock(struct smb_request *req)
 	} else {
 		nwritten = write_file(req,fsp,data,startpos,numtowrite);
 	}
-  
+
 	status = sync_file(conn, fsp, False /* write through */);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
@@ -3725,12 +3725,12 @@ void reply_writeunlock(struct smb_request *req)
 	}
 
 	reply_outbuf(req, 1, 0);
-	
+
 	SSVAL(req->outbuf,smb_vwv0,nwritten);
-	
+
 	DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
 		 fsp->fnum, (int)numtowrite, (int)nwritten));
-	
+
 	END_PROFILE(SMBwriteunlock);
 	return;
 }
@@ -3783,7 +3783,7 @@ void reply_write(struct smb_request *req)
 	numtowrite = SVAL(req->inbuf,smb_vwv1);
 	startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
 	data = smb_buf(req->inbuf) + 3;
-  
+
 	if (is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtowrite,
 		      (uint64_t)startpos, WRITE_LOCK)) {
 		reply_doserror(req, ERRDOS, ERRlock);
@@ -3834,14 +3834,14 @@ void reply_write(struct smb_request *req)
 	}
 
 	reply_outbuf(req, 1, 0);
-  
+
 	SSVAL(req->outbuf,smb_vwv0,nwritten);
 
 	if (nwritten < (ssize_t)numtowrite) {
 		SCVAL(req->outbuf,smb_rcls,ERRHRD);
 		SSVAL(req->outbuf,smb_err,ERRdiskfull);
 	}
-  
+
 	DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
 
 	END_PROFILE(SMBwrite);
@@ -4062,7 +4062,7 @@ void reply_write_and_X(struct smb_request *req)
 			END_PROFILE(SMBwriteX);
 			return;
 		}
-		
+
 		nwritten = write_file(req,fsp,data,startpos,numtowrite);
 	}
 
@@ -4178,7 +4178,7 @@ void reply_lseek(struct smb_request *req)
 
 	reply_outbuf(req, 2, 0);
 	SIVAL(req->outbuf,smb_vwv0,res);
-  
+
 	DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
 		fsp->fnum, (double)startpos, (double)res, mode));
 
@@ -4209,7 +4209,7 @@ void reply_flush(struct smb_request *req)
 	if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) {
 		return;
 	}
-	
+
 	if (!fsp) {
 		file_sync_all(conn);
 	} else {
@@ -4222,7 +4222,7 @@ void reply_flush(struct smb_request *req)
 			return;
 		}
 	}
-	
+
 	reply_outbuf(req, 0, 0);
 
 	DEBUG(3,("flush\n"));
@@ -4293,7 +4293,7 @@ void reply_close(struct smb_request *req)
 		DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
 			 fsp->fh->fd, fsp->fnum,
 			 conn->num_files_open));
- 
+
 		/*
 		 * Take care of any time sent in the close.
 		 */
@@ -4306,7 +4306,7 @@ void reply_close(struct smb_request *req)
 		 * was detected on close - normally this is due to
 		 * a disk full error. If not then it was probably an I/O error.
 		 */
- 
+
 		status = close_file(req, fsp, NORMAL_CLOSE);
 	}  
 
@@ -4361,7 +4361,7 @@ void reply_writeclose(struct smb_request *req)
 	mtime = convert_time_t_to_timespec(srv_make_unix_date3(
 						   req->inbuf+smb_vwv4));
 	data = smb_buf(req->inbuf) + 1;
-  
+
 	if (numtowrite
 	    && is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtowrite,
 			 (uint64_t)startpos, WRITE_LOCK)) {
@@ -4369,7 +4369,7 @@ void reply_writeclose(struct smb_request *req)
 		END_PROFILE(SMBwriteclose);
 		return;
 	}
-  
+
 	nwritten = write_file(req,fsp,data,startpos,numtowrite);
 
 	set_close_write_time(fsp, mtime);
@@ -4388,13 +4388,13 @@ void reply_writeclose(struct smb_request *req)
 	DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
 		 fsp->fnum, (int)numtowrite, (int)nwritten,
 		 conn->num_files_open));
-  
+
 	if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
 		reply_doserror(req, ERRHRD, ERRdiskfull);
 		END_PROFILE(SMBwriteclose);
 		return;
 	}
- 
+
 	if(!NT_STATUS_IS_OK(close_status)) {
 		reply_nterror(req, close_status);
 		END_PROFILE(SMBwriteclose);
@@ -4402,7 +4402,7 @@ void reply_writeclose(struct smb_request *req)
 	}
 
 	reply_outbuf(req, 1, 0);
-  
+
 	SSVAL(req->outbuf,smb_vwv0,nwritten);
 	END_PROFILE(SMBwriteclose);
 	return;
@@ -4496,10 +4496,10 @@ void reply_unlock(struct smb_request *req)
 		END_PROFILE(SMBunlock);
 		return;
 	}
-	
+
 	count = (uint64_t)IVAL(req->inbuf,smb_vwv1);
 	offset = (uint64_t)IVAL(req->inbuf,smb_vwv3);
-	
+
 	status = do_unlock(smbd_messaging_context(),
 			fsp,
 			req->smbpid,


-- 
Samba Shared Repository

More information about the samba-cvs mailing list