Fixed the security=domain which seemed to have been broken. Hmmm. Wonder

when. The code in rpc_client/cli_pipe.c wasn't coping with a ERRmoredata
error correctly, and the rpc_read code wasn't growing the parse buffer
correctly either.....

Also made smbd and nmbd ignore SIGFPE for systems that have it.

Jeremy.

6 files changed, 82 insertions, 13 deletions

diff --git a/source/include/proto.h b/source/include/proto.h
index 30dcf34d99a..2afc8af5ae5 100644
--- a/source/include/proto.h
+++ b/source/include/proto.h
@@ -1145,7 +1145,7 @@ BOOL lp_dos_filetimes(int );
 BOOL lp_dos_filetime_resolution(int );
 BOOL lp_fake_dir_create_times(int );
 BOOL lp_blocking_locks(int );
-BOOL lp_truncate_locks(int );
+BOOL lp_mangle_locks(int );
 int lp_create_mode(int );
 int lp_force_create_mode(int );
 int lp_dir_mode(int );
@@ -1652,6 +1652,7 @@ void prs_mem_free(prs_struct *ps);
 void prs_give_memory(prs_struct *ps, char *buf, uint32 size, BOOL is_dynamic);
 char *prs_take_memory(prs_struct *ps, uint32 *psize);
 BOOL prs_grow(prs_struct *ps, uint32 extra_space);
+BOOL prs_force_grow(prs_struct *ps, uint32 extra_space);
 char *prs_data_p(prs_struct *ps);
 uint32 prs_data_size(prs_struct *ps);
 uint32 prs_offset(prs_struct *ps);
@@ -2599,8 +2600,9 @@ int rename_internals(connection_struct *conn,
 int reply_mv(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize);
 int reply_copy(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize);
 int reply_setdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize);
-SMB_OFF_T get_lock_count( char *data, int data_offset, BOOL large_file_format, BOOL truncate_locks, BOOL *err);
-SMB_OFF_T get_lock_offset( char *data, int data_offset, BOOL large_file_format, BOOL truncate_locks, BOOL *err);
+SMB_OFF_T get_lock_count( char *data, int data_offset, BOOL large_file_format, BOOL mangle_locks, BOOL *err);
+uint32 map_lock_offset(uint32 high, uint32 low);
+SMB_OFF_T get_lock_offset( char *data, int data_offset, BOOL large_file_format, BOOL mangle_locks, BOOL *err);
 int reply_lockingX(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize);
 int reply_readbmpx(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize);
 int reply_writebmpx(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize);
diff --git a/source/libsmb/clientgen.c b/source/libsmb/clientgen.c
index 9d552006f20..c8b1410a593 100644
--- a/source/libsmb/clientgen.c
+++ b/source/libsmb/clientgen.c
@@ -334,7 +334,9 @@ static BOOL cli_receive_trans(struct cli_state *cli,int trans,
 	int total_data=0;
 	int total_param=0;
 	int this_data,this_param;
-	
+	uint8 eclass;
+    uint32 ecode;
+
 	*data_len = *param_len = 0;
 
 	if (!cli_receive_smb(cli))
@@ -350,9 +352,16 @@ static BOOL cli_receive_trans(struct cli_state *cli,int trans,
 		return(False);
 	}
 
-	if (cli_error(cli, NULL, NULL, NULL))
+	/*
+	 * An NT RPC pipe call can return ERRDOS, ERRmoredata
+	 * to a trans call. This is not an error and should not
+	 * be treated as such.
+	 */
+
+	if (cli_error(cli, &eclass, &ecode, NULL))
 	{
-		return(False);
+        if(cli->nt_pipe_fnum == 0 || !(eclass == ERRDOS && ecode == ERRmoredata))
+			return(False);
 	}
 
 	/* parse out the lengths */
@@ -403,9 +412,10 @@ static BOOL cli_receive_trans(struct cli_state *cli,int trans,
 				 CVAL(cli->inbuf,smb_com)));
 			return(False);
 		}
-		if (cli_error(cli, NULL, NULL, NULL))
+		if (cli_error(cli, &eclass, &ecode, NULL))
 		{
-			return(False);
+        	if(cli->nt_pipe_fnum == 0 || !(eclass == ERRDOS && ecode == ERRmoredata))
+				return(False);
 		}
 	}
 	
diff --git a/source/nmbd/nmbd.c b/source/nmbd/nmbd.c
index 0e439057e7e..c1abca6b412 100644
--- a/source/nmbd/nmbd.c
+++ b/source/nmbd/nmbd.c
@@ -594,6 +594,11 @@ static void usage(char *pname)
   CatchSignal( SIGHUP,  SIGNAL_CAST sig_hup );
   CatchSignal( SIGTERM, SIGNAL_CAST sig_term );
 
+#if defined(SIGFPE)
+  /* we are never interested in SIGFPE */
+  BlockSignals(True,SIGFPE);
+#endif
+
   /* Setup the signals that allow the debug log level
      to by dynamically changed. */
 
diff --git a/source/rpc_client/cli_pipe.c b/source/rpc_client/cli_pipe.c
index 48554cf4a81..8711ab116ee 100644
--- a/source/rpc_client/cli_pipe.c
+++ b/source/rpc_client/cli_pipe.c
@@ -66,7 +66,7 @@ static BOOL rpc_read(struct cli_state *cli, prs_struct *rdata, uint32 data_to_re
 	 */
 
 	if (extra_data_size > 0) {
-		if(!prs_grow(rdata, (uint32)extra_data_size)) {
+		if(!prs_force_grow(rdata, (uint32)extra_data_size)) {
 			DEBUG(0,("rpc_read: Failed to grow parse struct by %d bytes.\n", extra_data_size ));
 			return False;
 		}
@@ -774,7 +774,7 @@ BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
 	 */
 
 	if((prs_offset(data) % 8) != 0) {
-		DEBUG(0,("rpc_api_pipe_req: Outgoing data not a multiple of 8 bytes....\n"));
+		DEBUG(5,("rpc_api_pipe_req: Outgoing data not a multiple of 8 bytes....\n"));
 	}
 
 	data_len = RPC_HEADER_LEN + RPC_HDR_REQ_LEN + prs_offset(data) +
diff --git a/source/rpc_parse/parse_prs.c b/source/rpc_parse/parse_prs.c
index 22be1a5ea58..f990711eeea 100644
--- a/source/rpc_parse/parse_prs.c
+++ b/source/rpc_parse/parse_prs.c
@@ -128,18 +128,34 @@ BOOL prs_grow(prs_struct *ps, uint32 extra_space)
 	}
 
 	/*
-	 * Ensure we have at least a PDU's length.
+	 * Decide how much extra space we really need.
 	 */
 
+	extra_space -= (ps->buffer_size - ps->data_offset);
+
 	if(ps->buffer_size == 0) {
-		new_size = MAX_PDU_FRAG_LEN;
+
+		/*
+		 * Ensure we have at least a PDU's length, or extra_space, whichever
+		 * is greater.
+		 */
+
+		new_size = MAX(MAX_PDU_FRAG_LEN,extra_space);
+
 		if((new_data = malloc(new_size)) == NULL) {
 			DEBUG(0,("prs_grow: Malloc failure for size %u.\n", (unsigned int)new_size));
 			return False;
 		}
 		memset(new_data, '\0', new_size );
 	} else {
-		new_size = ps->buffer_size*2;
+
+		/*
+		 * If the current buffer size is bigger than the space needed, just 
+		 * double it, else add extra_space.
+		 */
+
+		new_size = MAX(ps->buffer_size*2, ps->buffer_size + extra_space);
+
 		if((new_data = Realloc(ps->data_p, new_size)) == NULL) {
 			DEBUG(0,("prs_grow: Realloc failure for size %u.\n",
 				(unsigned int)new_size));
@@ -154,6 +170,37 @@ BOOL prs_grow(prs_struct *ps, uint32 extra_space)
 }
 
 /*******************************************************************
+ Attempt to force a data buffer to grow by len bytes.
+ We do this by setting the current offset to the end of the
+ current buffer and then calling prs_grow().
+ Also depends on the data stream mode (io).
+ ********************************************************************/
+
+BOOL prs_force_grow(prs_struct *ps, uint32 extra_space)
+{
+  uint32 save_current_offset = ps->data_offset;
+  BOOL saved_io = ps->io;
+  BOOL ret;
+
+  ps->data_offset = ps->buffer_size;
+  /* 
+   * Note we have to pretend we're marshalling in order
+   *  for prs_grow to work.
+   */
+  ps->io = MARSHALL;
+
+  ret = prs_grow(ps, extra_space);
+
+  /*
+   * Restore the current offset and also the io method.
+   */
+  ps->data_offset = save_current_offset;
+  ps->io = saved_io;
+
+  return ret;
+}
+
+/*******************************************************************
  Get the data pointer (external interface).
  ********************************************************************/
 
diff --git a/source/smbd/server.c b/source/smbd/server.c
index eebbbd22490..c9eab1aa378 100644
--- a/source/smbd/server.c
+++ b/source/smbd/server.c
@@ -538,6 +538,11 @@ static void usage(char *pname)
 	/* we are never interested in SIGPIPE */
 	BlockSignals(True,SIGPIPE);
 
+#if defined(SIGFPE)
+	/* we are never interested in SIGFPE */
+	BlockSignals(True,SIGFPE);
+#endif
+
 	/* we want total control over the permissions on created files,
 	   so set our umask to 0 */
 	umask(0);