This is a *big* checkin that may break some things, but implements the

new open mechanism Andrew & I discussed.

config.sub:
configure: Included the QNX patch.

include/vfs.h:
smbd/vfs-wrap.c:
smbd/vfs.c: Added ftruncate vfs call (needed).

Note that we will also need locking calls in the vfs (to be added).

lib/util_unistr.c:
nmbd/nmbd_processlogon.c: Fix for NT domain logons causing nmbd to core dump.
                          Also fix for sidsize DOS bug.

locking/locking.c: Check value of ret before using it for memdup.

printing/printing.c: Convert print_fsp_open to return an allocated fsp.

rpc_server/srv_lsa.c: Fix for NT domain logons.

I have removed all use of lp_share_modes() from the code (although I
left the parameter in the table for backwards compatibility). It no longer makes
sense for this to exist.

smbd/close.c: Removed lp_share_modes().
smbd/fileio.c: Fixed parameters to unlock_share_entry call in panic code.
smbd/files.c: Correctly set the unix_ERR_code to ERRnofids on fsp allocation fail.

smbd/nttrans.c:
smbd/reply.c:
smbd/trans2.c: Changed all occurrences of open_file_shared/open_directory/
               open_file_stat to return an fsp from the call.

smbd/open.c: Changed all occurrences of open_file_shared/open_directory/
             open_file_stat to return an fsp from the call.

In addition I have fixed a long standing race condition in the deny mode
processing w.r.t. two smbd's creating a file. Andrew, please note that
your original idea of using open with O_EXCL in this case would not work
(I went over the races very carefully) and so we must re-check deny modes
*after* the open() call returns. This is because there is a race between
the open with O_EXCL and the lock of the share mode entry. Imagine the
case where the first smbd does the open with O_EXCL and a deny mode of DENY_ALL,
but is pre-empted before it locks the share modes and creates the deny
mode entry for DENY_ALL. A second smbd could then come in with O_RDONLY
and a deny mode of DENY_NONE and the two opens would be allowed.

The *only* way to fix this race is to lock the share modes after the
open and then do the deny mode checks *after* this lock in the case
where the file did not originally exist.

This code will need extensive testing but seems to initially work.

Jeremy.

1 files changed, 8 insertions, 3 deletions

diff --git a/source/nmbd/nmbd_processlogon.c b/source/nmbd/nmbd_processlogon.c
index 9784afe9e2e..bb4b7547a6e 100644
--- a/source/nmbd/nmbd_processlogon.c
+++ b/source/nmbd/nmbd_processlogon.c
@@ -67,7 +67,7 @@ logons are not enabled.\n", inet_ntoa(p->ip) ));
   strupper(my_name);
 
   code = SVAL(buf,0);
-  DEBUG(1,("process_logon_packet: Logon from %s: code = %x\n", inet_ntoa(p->ip), code));
+  DEBUG(1,("process_logon_packet: Logon from %s: code = 0x%x\n", inet_ntoa(p->ip), code));
 
   switch (code)
   {
@@ -202,10 +202,15 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
       domainsidsize = IVAL(q, 0);
       q += 4;
 
-      if (domainsidsize != 0) {
+      DEBUG(3,("process_logon_packet: SAMLOGON sidsize %d, len = %d\n", domainsidsize, len));
+
+      if (domainsidsize < (len - PTR_DIFF(q, buf)) && (domainsidsize != 0)) {
 	      q += domainsidsize;
 	      q = ALIGN4(q, buf);
       }
+
+      DEBUG(3,("process_logon_packet: len = %d PTR_DIFF(q, buf) = %d\n", len, PTR_DIFF(q, buf) ));
+
       if (len - PTR_DIFF(q, buf) > 8) {
 	      /* with NT5 clients we can sometimes
 		 get additional data - a length specificed string
@@ -213,7 +218,7 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
 		 data (no idea what it is) */
 	      int dom_len = CVAL(q, 0);
 	      q++;
-	      if (dom_len != 0) {
+	      if (dom_len < (len - PTR_DIFF(q, buf)) && (dom_len != 0)) {
 		      q += dom_len + 1;
 	      }
 	      q += 16;