← Back to branch summary

~ubuntu-branches/ubuntu/maverick/samba/maverick-security

« back to all changes in this revision

Viewing changes to source3/smbd/trans2.c

  • Committer: Bazaar Package Importer
  • Author(s): Chuck Short
  • Date: 2010-01-29 06:16:15 UTC
  • mfrom: (0.27.9 upstream) (0.34.4 squeeze)
  • Revision ID: james.westby@ubuntu.com-20100129061615-37hs6xqpsdhjq3ld
Tags: 2:3.4.5~dfsg-1ubuntu1
https://launchpad.net/bugs/462169
https://launchpad.net/bugs/493565
* Merge from debian testing.  Remaining changes:
  + debian/patches/VERSION.patch:
    - set SAMBA_VERSION_SUFFIX to Ubuntu.
  + debian/smb.conf:
    - Add "(Samba, Ubuntu)" to server string.
    - Comment out the default [homes] share, and add a comment about "valid users = %s"
      to show users how to restrict access to \\server\username to only username.
    - Set 'usershare allow guests', so that usershare admins are allowed to create
      public shares in additon to authenticated ones.
    - add map to guest = Bad user, maps bad username to gues access.
  + debian/samba-common.conf:
    - Do not change priority to high if dhclient3 is installed.
    - Use priority medium instead of high for the workgroup question.
  + debian/mksambapasswd.awk:
    - Do not add user with UID less than 1000 to smbpasswd.
  + debian/control: 
    - Make libswbclient0 replace/conflict with hardy's likewise-open.
    - Don't build against ctdb, since its not in main yet.
  + debian/rules:
    - Enable "native" PIE hardening.
    - Add BIND_NOW to maximize benefit of RELRO hardening.
  + Add ufw integration:
    - Created debian/samba.ufw.profile.
    - debian/rules, debian/samba.dirs, debian/samba.files: install
  + Add apoort hook:
    - Created debian/source_samba.py.
    - debian/rules, debian/samba.dirs, debian/samba-common-bin.files: install
  + debian/rules, debian/samba.if-up: allow "NetworkManager" as a recognized address
    family... it's obviously /not/ an address family, but it's what gets
    sent when using NM, so we'll cope for now.  (LP: #462169). Taken from karmic-proposed.
  + debian/control: Recommend keyutils for smbfs (LP: #493565)
  + Dropped patches:
    - debian/patches/security-CVE-2009-3297.patch: No longer needed
    - debian/patches/fix-too-many-open-files.patch: No longer needed

Show diffs side-by-side

added added

removed removed

Lines of Context:
source3/smbd/trans2.c
1254
1254
        char *nameptr;
1255
1255
        char *last_entry_ptr;
1256
1256
        bool was_8_3;
1257
 
        uint32 nt_extmode; /* Used for NT connections instead of mode */
1258
1257
        bool needslash = ( conn->dirpath[strlen(conn->dirpath) -1] != '/');
1259
1258
        bool check_mangled_names = lp_manglednames(conn->params);
1260
1259
        char mangled_name[13]; /* mangled 8.3 name. */
1456
1455
        p = pdata;
1457
1456
        last_entry_ptr = p;
1458
1457
 
1459
 
        nt_extmode = mode ? mode : FILE_ATTRIBUTE_NORMAL;
1460
 
 
1461
1458
        switch (info_level) {
1462
1459
                case SMB_FIND_INFO_STANDARD:
1463
1460
                        DEBUG(10,("get_lanman2_dir_entry: SMB_FIND_INFO_STANDARD\n"));
1604
1601
                        put_long_date_timespec(conn->ts_res, p,mdate_ts); p += 8;
1605
1602
                        SOFF_T(p,0,file_size); p += 8;
1606
1603
                        SOFF_T(p,0,allocation_size); p += 8;
1607
 
                        SIVAL(p,0,nt_extmode); p += 4;
 
1604
                        SIVAL(p,0,mode); p += 4;
1608
1605
                        q = p; p += 4; /* q is placeholder for name length. */
1609
1606
                        {
1610
1607
                                unsigned int ea_size = estimate_ea_size(conn, NULL, pathreal);
1655
1652
                        put_long_date_timespec(conn->ts_res, p,mdate_ts); p += 8;
1656
1653
                        SOFF_T(p,0,file_size); p += 8;
1657
1654
                        SOFF_T(p,0,allocation_size); p += 8;
1658
 
                        SIVAL(p,0,nt_extmode); p += 4;
 
1655
                        SIVAL(p,0,mode); p += 4;
1659
1656
                        len = srvstr_push(base_data, flags2,
1660
1657
                                          p + 4, fname, PTR_DIFF(end_data, p+4),
1661
1658
                                          STR_TERMINATE_ASCII);
1678
1675
                        put_long_date_timespec(conn->ts_res, p,mdate_ts); p += 8;
1679
1676
                        SOFF_T(p,0,file_size); p += 8;
1680
1677
                        SOFF_T(p,0,allocation_size); p += 8;
1681
 
                        SIVAL(p,0,nt_extmode); p += 4;
 
1678
                        SIVAL(p,0,mode); p += 4;
1682
1679
                        q = p; p += 4; /* q is placeholder for name length. */
1683
1680
                        {
1684
1681
                                unsigned int ea_size = estimate_ea_size(conn, NULL, pathreal);
1727
1724
                        put_long_date_timespec(conn->ts_res, p,mdate_ts); p += 8;
1728
1725
                        SOFF_T(p,0,file_size); p += 8;
1729
1726
                        SOFF_T(p,0,allocation_size); p += 8;
1730
 
                        SIVAL(p,0,nt_extmode); p += 4;
 
1727
                        SIVAL(p,0,mode); p += 4;
1731
1728
                        q = p; p += 4; /* q is placeholder for name length. */
1732
1729
                        {
1733
1730
                                unsigned int ea_size = estimate_ea_size(conn, NULL, pathreal);
1760
1757
                        put_long_date_timespec(conn->ts_res, p,mdate_ts); p += 8;
1761
1758
                        SOFF_T(p,0,file_size); p += 8;
1762
1759
                        SOFF_T(p,0,allocation_size); p += 8;
1763
 
                        SIVAL(p,0,nt_extmode); p += 4;
 
1760
                        SIVAL(p,0,mode); p += 4;
1764
1761
                        q = p; p += 4; /* q is placeholder for name length */
1765
1762
                        {
1766
1763
                                unsigned int ea_size = estimate_ea_size(conn, NULL, pathreal);
2263
2260
        requires_resume_key = (findnext_flags & FLAG_TRANS2_FIND_REQUIRE_RESUME);
2264
2261
        continue_bit = (findnext_flags & FLAG_TRANS2_FIND_CONTINUE);
2265
2262
 
2266
 
        srvstr_get_path_wcard(ctx, params, req->flags2, &resume_name,
 
2263
        if (!continue_bit) {
 
2264
                /* We only need resume_name if continue_bit is zero. */
 
2265
                srvstr_get_path_wcard(ctx, params, req->flags2, &resume_name,
2267
2266
                              params+12,
2268
2267
                              total_params - 12, STR_TERMINATE, &ntstatus,
2269
2268
                              &mask_contains_wcard);
2270
 
        if (!NT_STATUS_IS_OK(ntstatus)) {
2271
 
                /* Win9x or OS/2 can send a resume name of ".." or ".". This will cause the parser to
2272
 
                   complain (it thinks we're asking for the directory above the shared
2273
 
                   path or an invalid name). Catch this as the resume name is only compared, never used in
2274
 
                   a file access. JRA. */
2275
 
                srvstr_pull_talloc(ctx, params, req->flags2,
 
2269
                if (!NT_STATUS_IS_OK(ntstatus)) {
 
2270
                        /* Win9x or OS/2 can send a resume name of ".." or ".". This will cause the parser to
 
2271
                           complain (it thinks we're asking for the directory above the shared
 
2272
                           path or an invalid name). Catch this as the resume name is only compared, never used in
 
2273
                           a file access. JRA. */
 
2274
                        srvstr_pull_talloc(ctx, params, req->flags2,
2276
2275
                                &resume_name, params+12,
2277
2276
                                total_params - 12,
2278
2277
                                STR_TERMINATE);
2279
2278
 
2280
 
                if (!resume_name || !(ISDOT(resume_name) || ISDOTDOT(resume_name))) {
2281
 
                        reply_nterror(req, ntstatus);
2282
 
                        return;
 
2279
                        if (!resume_name || !(ISDOT(resume_name) || ISDOTDOT(resume_name))) {
 
2280
                                reply_nterror(req, ntstatus);
 
2281
                                return;
 
2282
                        }
2283
2283
                }
2284
2284
        }
2285
2285
 
2287
2287
close_after_request=%d, close_if_end = %d requires_resume_key = %d \
2288
2288
resume_key = %d resume name = %s continue=%d level = %d\n",
2289
2289
                dptr_num, max_data_bytes, maxentries, close_after_request, close_if_end, 
2290
 
                requires_resume_key, resume_key, resume_name, continue_bit, info_level));
 
2290
                requires_resume_key, resume_key,
 
2291
                resume_name ? resume_name : "(NULL)", continue_bit, info_level));
2291
2292
 
2292
2293
        if (!maxentries) {
2293
2294
                /* W2K3 seems to treat zero as 1. */
2412
2413
         * depend on the last file name instead.
2413
2414
         */
2414
2415
 
2415
 
        if(*resume_name && !continue_bit) {
 
2416
        if(!continue_bit && resume_name && *resume_name) {
2416
2417
                SMB_STRUCT_STAT st;
2417
2418
 
2418
2419
                long current_pos = 0;
4079
4080
        } else {
4080
4081
                mode = dos_mode(conn,fname,&sbuf);
4081
4082
        }
4082
 
        if (!mode)
4083
 
                mode = FILE_ATTRIBUTE_NORMAL;
4084
4083
 
4085
4084
        nlink = sbuf.st_nlink;
4086
4085