diff options
author | Jeremy Allison <jra@samba.org> | 2008-05-13 15:26:17 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2008-05-13 15:26:17 -0700 |
commit | a48a45bda33a3d46c30b425c802aa5cff19dd92e (patch) | |
tree | 1a1d9d4d2f24879687dae0d9f410edce7e8d580b | |
parent | 8998e18a2f3c7a0095614e58992a2facb34a3bc3 (diff) | |
download | samba-a48a45bda33a3d46c30b425c802aa5cff19dd92e.tar.gz |
Combination patch back port of :
Fix bug #5460. The problem is RHEL5.0 shipped a CIFS client
that sets the DFS bit on pathnames but doesn't
send DFS paths. This causes lookups to fail as
the smbd/msdfs.c code now just eats the first
two parts of the pathname and uses the rest as
the local path. The previous hostname check
used to protect us from that as we knew that
when the hostname was invalid it was a local
path (and a broken client).
I didn't want to put that check back in, but
came up with another idea - even though the
hostname can be a different one, the sharename
must be valid on this machine. So we can check
for a valid sharename instead.
Second part of patch for bug #5460. Cope with pathnames
that don't look like \xxx\yyy, cope with arbitrary length.
Jeremy.
Fix debug message.
Jeremy.
-rw-r--r-- | source/smbd/conn.c | 25 | ||||
-rw-r--r-- | source/smbd/msdfs.c | 47 |
2 files changed, 62 insertions, 10 deletions
diff --git a/source/smbd/conn.c b/source/smbd/conn.c index 282a82ce049..bd1f49032b9 100644 --- a/source/smbd/conn.c +++ b/source/smbd/conn.c @@ -64,10 +64,10 @@ BOOL conn_snum_used(int snum) return(False); } - /**************************************************************************** -find a conn given a cnum + Find a conn given a cnum. ****************************************************************************/ + connection_struct *conn_find(unsigned cnum) { int count=0; @@ -85,6 +85,27 @@ connection_struct *conn_find(unsigned cnum) return NULL; } +/**************************************************************************** + Find a conn given a service name. +****************************************************************************/ + +connection_struct *conn_find_byname(const char *service) +{ + int count=0; + connection_struct *conn; + + for (conn=Connections;conn;conn=conn->next,count++) { + if (strequal(lp_servicename(SNUM(conn)),service)) { + if (count > 10) { + DLIST_PROMOTE(Connections, conn); + } + return conn; + } + } + + return NULL; +} + /**************************************************************************** find first available connection slot, starting from a random position. diff --git a/source/smbd/msdfs.c b/source/smbd/msdfs.c index 982d0ae5905..e89f24a28b4 100644 --- a/source/smbd/msdfs.c +++ b/source/smbd/msdfs.c @@ -46,7 +46,7 @@ static NTSTATUS parse_dfs_path(const char *pathname, BOOL *ppath_contains_wcard) { pstring pathname_local; - char *p,*temp; + char *p,*temp, *servicename; NTSTATUS status = NT_STATUS_OK; char sepchar; @@ -107,17 +107,48 @@ static NTSTATUS parse_dfs_path(const char *pathname, DEBUG(10,("parse_dfs_path: hostname: %s\n",pdp->hostname)); /* Parse out servicename. */ - temp = p+1; - p = strchr_m(temp,sepchar); + servicename = p+1; + p = strchr_m(servicename,sepchar); + if (p) { + *p = '\0'; + } + + /* Is this really our servicename ? */ + if (NULL == conn_find_byname(servicename)) { + DEBUG(10,("parse_dfs_path: %s is not our servicename\n", + servicename)); + + /* + * Possibly client sent a local path by mistake. + * Try and convert to a local path. + */ + + pdp->hostname[0] = '\0'; + pdp->servicename[0] = '\0'; + + /* Repair the path - replace the sepchar's + we nulled out */ + servicename--; + *servicename = sepchar; + if (p) { + *p = sepchar; + } + + p = temp; + DEBUG(10,("parse_dfs_path: trying to convert %s " + "to a local path\n", + temp)); + goto local_path; + } + + fstrcpy(pdp->servicename,servicename); + + DEBUG(10,("parse_dfs_path: servicename: %s\n",pdp->servicename)); + if(p == NULL) { - fstrcpy(pdp->servicename,temp); pdp->reqpath[0] = '\0'; return NT_STATUS_OK; } - *p = '\0'; - fstrcpy(pdp->servicename,temp); - DEBUG(10,("parse_dfs_path: servicename: %s\n",pdp->servicename)); - p++; local_path: |