[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Mon Mar 28 16:00:02 MDT 2011


The branch, master has been updated
       via  67aa53a Be a little clearer about when and when not to set this option.
       via  52602e4 Fix inspired by work done by David Disseldorp for bug #8040 - smbclient segfaults when a Cyrillic netbios name or workgroup is configured.
      from  fbe19ba s3: Fix Coverity ID 2143: DEADCODE

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 67aa53a1e17e7d94ccbc244476fa6ce7b6b968d2
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Mar 28 14:12:36 2011 -0700

    Be a little clearer about when and when not to set this option.
    
    Autobuild-User: Jeremy Allison <jra at samba.org>
    Autobuild-Date: Mon Mar 28 23:59:47 CEST 2011 on sn-devel-104

commit 52602e4f5ad0f7c3cdb4a50dfe32d0b8ad49b6e4
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Mar 28 13:26:27 2011 -0700

    Fix inspired by work done by David Disseldorp for bug #8040 - smbclient segfaults when a Cyrillic netbios name or workgroup is configured.
    
    Change msrpc_gen to return NTSTATUS and ensure everywhere this is
    used it is correctly checked to return that status.
    
    Jeremy.

-----------------------------------------------------------------------

Summary of changes:
 docs-xml/smbdotconf/tuning/strictallocate.xml |   12 ++++++---
 libcli/auth/msrpc_parse.c                     |   34 ++++++++++++++++++++----
 libcli/auth/msrpc_parse.h                     |    2 +-
 libcli/auth/ntlmssp_server.c                  |   13 ++++++++-
 libcli/auth/ntlmssp_sign.c                    |   16 ++++++------
 libcli/auth/smbencrypt.c                      |    6 +++-
 source3/libsmb/ntlmssp.c                      |   14 ++++++++--
 source4/auth/ntlmssp/ntlmssp_client.c         |   14 +++++++---
 8 files changed, 81 insertions(+), 30 deletions(-)


Changeset truncated at 500 lines:

diff --git a/docs-xml/smbdotconf/tuning/strictallocate.xml b/docs-xml/smbdotconf/tuning/strictallocate.xml
index 1855574..900c90f 100644
--- a/docs-xml/smbdotconf/tuning/strictallocate.xml
+++ b/docs-xml/smbdotconf/tuning/strictallocate.xml
@@ -9,10 +9,14 @@
     disk storage blocks when a file is extended to the Windows behaviour
     of actually forcing the disk system to allocate real storage blocks
     when a file is created or extended to be a given size. In UNIX
-    terminology this means that Samba will stop creating sparse files.
-    This can be slow on some systems. When you work with large files like
-    >100MB or so you may even run into problems with clients running into
-    timeouts.</para>
+    terminology this means that Samba will stop creating sparse files.</para>
+
+    <para>This option is really desgined for file systems that support
+    fast allocation of large numbers of blocks such as extent-based file systems.
+    On file systems that don't support extents (most notably ext3) this can
+    make Samba slower. When you work with large files over >100MB on file
+    systems without extents you may even run into problems with clients
+    running into timeouts.</para>
 
     <para>When you have an extent based filesystem it's likely that we can make
     use of unwritten extents which allows Samba to allocate even large amounts
diff --git a/libcli/auth/msrpc_parse.c b/libcli/auth/msrpc_parse.c
index 1351dfa..bdbba3d 100644
--- a/libcli/auth/msrpc_parse.c
+++ b/libcli/auth/msrpc_parse.c
@@ -40,7 +40,7 @@
   d = word (4 bytes)
   C = constant ascii string
  */
-bool msrpc_gen(TALLOC_CTX *mem_ctx, 
+NTSTATUS msrpc_gen(TALLOC_CTX *mem_ctx, 
 	       DATA_BLOB *blob,
 	       const char *format, ...)
 {
@@ -57,7 +57,13 @@ bool msrpc_gen(TALLOC_CTX *mem_ctx,
 	DATA_BLOB *pointers;
 
 	pointers = talloc_array(mem_ctx, DATA_BLOB, strlen(format));
+	if (!pointers) {
+		return NT_STATUS_NO_MEMORY;
+	}
 	intargs = talloc_array(pointers, int, strlen(format));
+	if (!intargs) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
 	/* first scan the format to work out the header and body size */
 	va_start(ap, format);
@@ -72,7 +78,7 @@ bool msrpc_gen(TALLOC_CTX *mem_ctx,
 				s, &n);
 			if (!ret) {
 				va_end(ap);
-				return false;
+				return map_nt_error_from_unix(errno);
 			}
 			pointers[i].length = n;
 			pointers[i].length -= 2;
@@ -86,7 +92,7 @@ bool msrpc_gen(TALLOC_CTX *mem_ctx,
 				s, &n);
 			if (!ret) {
 				va_end(ap);
-				return false;
+				return map_nt_error_from_unix(errno);
 			}
 			pointers[i].length = n;
 			pointers[i].length -= 1;
@@ -102,7 +108,7 @@ bool msrpc_gen(TALLOC_CTX *mem_ctx,
 				s, &n);
 			if (!ret) {
 				va_end(ap);
-				return false;
+				return map_nt_error_from_unix(errno);
 			}
 			pointers[i].length = n;
 			pointers[i].length -= 2;
@@ -132,13 +138,22 @@ bool msrpc_gen(TALLOC_CTX *mem_ctx,
 			pointers[i].length = strlen(s)+1;
 			head_size += pointers[i].length;
 			break;
+		default:
+			va_end(ap);
+			return NT_STATUS_INVALID_PARAMETER;
 		}
 	}
 	va_end(ap);
 
+	if (head_size + data_size == 0) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
 	/* allocate the space, then scan the format again to fill in the values */
 	*blob = data_blob_talloc(mem_ctx, NULL, head_size + data_size);
-
+	if (!blob->data) {
+		return NT_STATUS_NO_MEMORY;
+	}
 	head_ofs = 0;
 	data_ofs = head_size;
 
@@ -185,13 +200,16 @@ bool msrpc_gen(TALLOC_CTX *mem_ctx,
 			memcpy(blob->data + head_ofs, pointers[i].data, n);
 			head_ofs += n;
 			break;
+		default:
+			va_end(ap);
+			return NT_STATUS_INVALID_PARAMETER;
 		}
 	}
 	va_end(ap);
 	
 	talloc_free(pointers);
 
-	return true;
+	return NT_STATUS_OK;
 }
 
 
@@ -231,6 +249,10 @@ bool msrpc_parse(TALLOC_CTX *mem_ctx,
 	char *p = talloc_array(mem_ctx, char, p_len);
 	bool ret = true;
 
+	if (!p) {
+		return false;
+	}
+
 	va_start(ap, format);
 	for (i=0; format[i]; i++) {
 		switch (format[i]) {
diff --git a/libcli/auth/msrpc_parse.h b/libcli/auth/msrpc_parse.h
index 507694d..d976a95 100644
--- a/libcli/auth/msrpc_parse.h
+++ b/libcli/auth/msrpc_parse.h
@@ -11,7 +11,7 @@
 
 /* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/msrpc_parse.c  */
 
-bool msrpc_gen(TALLOC_CTX *mem_ctx, 
+NTSTATUS msrpc_gen(TALLOC_CTX *mem_ctx, 
 	       DATA_BLOB *blob,
 	       const char *format, ...);
 
diff --git a/libcli/auth/ntlmssp_server.c b/libcli/auth/ntlmssp_server.c
index 264e8bc..802ac40 100644
--- a/libcli/auth/ntlmssp_server.c
+++ b/libcli/auth/ntlmssp_server.c
@@ -144,12 +144,15 @@ NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
 	/* This creates the 'blob' of names that appears at the end of the packet */
 	if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO)
 	{
-		msrpc_gen(ntlmssp_state, &struct_blob, "aaaaa",
+		status = msrpc_gen(ntlmssp_state, &struct_blob, "aaaaa",
 			  MsvAvNbDomainName, target_name,
 			  MsvAvNbComputerName, ntlmssp_state->server.netbios_name,
 			  MsvAvDnsDomainName, ntlmssp_state->server.dns_domain,
 			  MsvAvDnsComputerName, ntlmssp_state->server.dns_name,
 			  MsvAvEOL, "");
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
 	} else {
 		struct_blob = data_blob_null;
 	}
@@ -187,7 +190,7 @@ NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
 			gen_string = "CdAdbddBb";
 		}
 
-		msrpc_gen(out_mem_ctx, reply, gen_string,
+		status = msrpc_gen(out_mem_ctx, reply, gen_string,
 			"NTLMSSP",
 			NTLMSSP_CHALLENGE,
 			target_name,
@@ -197,6 +200,12 @@ NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
 			struct_blob.data, struct_blob.length,
 			version_blob.data, version_blob.length);
 
+		if (!NT_STATUS_IS_OK(status)) {
+			data_blob_free(&version_blob);
+			data_blob_free(&struct_blob);
+			return status;
+		}
+
 		data_blob_free(&version_blob);
 
 		if (DEBUGLEVEL >= 10) {
diff --git a/libcli/auth/ntlmssp_sign.c b/libcli/auth/ntlmssp_sign.c
index 0e57c07..42b459c 100644
--- a/libcli/auth/ntlmssp_sign.c
+++ b/libcli/auth/ntlmssp_sign.c
@@ -130,17 +130,17 @@ static NTSTATUS ntlmssp_make_packet_signature(struct ntlmssp_state *ntlmssp_stat
 		dump_data_pw("ntlmssp v2 sig ", sig->data, sig->length);
 
 	} else {
-		bool ok;
+		NTSTATUS status;
 		uint32_t crc;
 
 		crc = crc32_calc_buffer(data, length);
 
-		ok = msrpc_gen(sig_mem_ctx,
+		status = msrpc_gen(sig_mem_ctx,
 			       sig, "dddd",
 			       NTLMSSP_SIGN_VERSION, 0, crc,
 			       ntlmssp_state->crypt->ntlm.seq_num);
-		if (!ok) {
-			return NT_STATUS_NO_MEMORY;
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
 		}
 
 		ntlmssp_state->crypt->ntlm.seq_num++;
@@ -307,17 +307,17 @@ NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state,
 					   sig->data+4, 8);
 		}
 	} else {
-		bool ok;
+		NTSTATUS status;
 		uint32_t crc;
 
 		crc = crc32_calc_buffer(data, length);
 
-		ok = msrpc_gen(sig_mem_ctx,
+		status = msrpc_gen(sig_mem_ctx,
 			       sig, "dddd",
 			       NTLMSSP_SIGN_VERSION, 0, crc,
 			       ntlmssp_state->crypt->ntlm.seq_num);
-		if (!ok) {
-			return NT_STATUS_NO_MEMORY;
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
 		}
 
 		/*
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index abd8ad9..825739a 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -363,7 +363,8 @@ DATA_BLOB NTLMv2_generate_names_blob(TALLOC_CTX *mem_ctx,
 {
 	DATA_BLOB names_blob = data_blob_talloc(mem_ctx, NULL, 0);
 
-	msrpc_gen(mem_ctx, &names_blob,
+	/* Deliberately ignore return here.. */
+	(void)msrpc_gen(mem_ctx, &names_blob,
 		  "aaa",
 		  MsvAvNbDomainName, domain,
 		  MsvAvNbComputerName, hostname,
@@ -386,7 +387,8 @@ static DATA_BLOB NTLMv2_generate_client_data(TALLOC_CTX *mem_ctx, const DATA_BLO
 
 	/* See http://www.ubiqx.org/cifs/SMB.html#SMB.8.5 */
 
-	msrpc_gen(mem_ctx, &response, "ddbbdb",
+	/* Deliberately ignore return here.. */
+	(void)msrpc_gen(mem_ctx, &response, "ddbbdb",
 		  0x00000101,     /* Header  */
 		  0,              /* 'Reserved'  */
 		  long_date, 8,	  /* Timestamp */
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index 7a006a3..e0bccca 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -377,6 +377,8 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state,
 				  TALLOC_CTX *out_mem_ctx, /* Unused at this time */
 				  DATA_BLOB reply, DATA_BLOB *next_request)
 {
+	NTSTATUS status;
+
 	if (ntlmssp_state->unicode) {
 		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
 	} else {
@@ -388,12 +390,17 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state,
 	}
 
 	/* generate the ntlmssp negotiate packet */
-	msrpc_gen(ntlmssp_state, next_request, "CddAA",
+	status = msrpc_gen(ntlmssp_state, next_request, "CddAA",
 		  "NTLMSSP",
 		  NTLMSSP_NEGOTIATE,
 		  ntlmssp_state->neg_flags,
 		  ntlmssp_state->client.netbios_domain,
 		  ntlmssp_state->client.netbios_name);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("ntlmssp_client_initial: failed to generate "
+			"ntlmssp negotiate packet\n"));
+		return status;
+	}
 
 	if (DEBUGLEVEL >= 10) {
 		struct NEGOTIATE_MESSAGE *negotiate = talloc(
@@ -683,7 +690,7 @@ noccache:
 	}
 
 	/* this generates the actual auth packet */
-	if (!msrpc_gen(ntlmssp_state, next_request, auth_gen_string,
+	nt_status = msrpc_gen(ntlmssp_state, next_request, auth_gen_string,
 		       "NTLMSSP",
 		       NTLMSSP_AUTH,
 		       lm_response.data, lm_response.length,
@@ -692,8 +699,9 @@ noccache:
 		       ntlmssp_state->user,
 		       ntlmssp_state->client.netbios_name,
 		       encrypted_session_key.data, encrypted_session_key.length,
-		       ntlmssp_state->neg_flags)) {
+		       ntlmssp_state->neg_flags);
 
+	if (!NT_STATUS_IS_OK(nt_status)) {
 		return NT_STATUS_NO_MEMORY;
 	}
 
diff --git a/source4/auth/ntlmssp/ntlmssp_client.c b/source4/auth/ntlmssp/ntlmssp_client.c
index 13827e9..53bd7a4 100644
--- a/source4/auth/ntlmssp/ntlmssp_client.c
+++ b/source4/auth/ntlmssp/ntlmssp_client.c
@@ -54,6 +54,7 @@ NTSTATUS ntlmssp_client_initial(struct gensec_security *gensec_security,
 	struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
 	const char *domain = ntlmssp_state->domain;
 	const char *workstation = cli_credentials_get_workstation(gensec_security->credentials);
+	NTSTATUS status;
 
 	/* These don't really matter in the initial packet, so don't panic if they are not set */
 	if (!domain) {
@@ -75,7 +76,7 @@ NTSTATUS ntlmssp_client_initial(struct gensec_security *gensec_security,
 	}
 
 	/* generate the ntlmssp negotiate packet */
-	msrpc_gen(out_mem_ctx, 
+	status = msrpc_gen(out_mem_ctx, 
 		  out, "CddAA",
 		  "NTLMSSP",
 		  NTLMSSP_NEGOTIATE,
@@ -83,6 +84,10 @@ NTSTATUS ntlmssp_client_initial(struct gensec_security *gensec_security,
 		  domain, 
 		  workstation);
 
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
 	ntlmssp_state->expected_state = NTLMSSP_CHALLENGE;
 
 	return NT_STATUS_MORE_PROCESSING_REQUIRED;
@@ -269,7 +274,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
 	debug_ntlmssp_flags(ntlmssp_state->neg_flags);
 
 	/* this generates the actual auth packet */
-	if (!msrpc_gen(mem_ctx, 
+	nt_status = msrpc_gen(mem_ctx, 
 		       out, auth_gen_string, 
 		       "NTLMSSP", 
 		       NTLMSSP_AUTH, 
@@ -279,9 +284,10 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
 		       user, 
 		       cli_credentials_get_workstation(gensec_security->credentials),
 		       encrypted_session_key.data, encrypted_session_key.length,
-		       ntlmssp_state->neg_flags)) {
+		       ntlmssp_state->neg_flags);
+	if (!NT_STATUS_IS_OK(nt_status)) {
 		talloc_free(mem_ctx);
-		return NT_STATUS_NO_MEMORY;
+		return nt_status;
 	}
 
 	ntlmssp_state->session_key = session_key;


-- 
Samba Shared Repository


More information about the samba-cvs mailing list