r24388: - ACL retrieval provided incomplete information because the buffer pointer was

 incremented too far in some circumstances.  In these cases, only the first
 of multiple concatenated strings would be seen.

- Working on bug 4649 pertaining to delete an ACL, this fixes the reported
 crash.  It appears to have been an incomplete switchover from malloc to
 talloc, as the memory was still being freed with SAFE_FREE.

 Deleting ACLs still doesn't work.  Although a valid request is sent to the
 server and a SUCCESS response is returned, the method that's used in
 libsmbclient for deleting ACLs seems to be incorrect.  In looking at the
 samba4 torture tests, it appears that we should be turning on the INHERIT
 flag if we want to delete the ACL.  (I could use some assistance on the
 proper flags to send, from anyone familiar with this stuff.)

- Apply patch from SATOH Fumiyasu to fix bug 4750.  smbc_telldir_ctx() was not
  returning a value useful to smbc_lseekdir_ctx().

Derrell
(This used to be commit 2ac502e29bd8390252fe4ae8344faab49ca01ff5)

1 files changed, 22 insertions, 9 deletions

diff --git a/source3/libsmb/libsmbclient.c b/source3/libsmb/libsmbclient.c
index 90cde9100a..af619e8f3a 100644
--- a/source3/libsmb/libsmbclient.c
+++ b/source3/libsmb/libsmbclient.c
@@ -3434,8 +3434,6 @@ static off_t
 smbc_telldir_ctx(SMBCCTX *context,
                  SMBCFILE *dir)
 {
-	off_t ret_val; /* Squash warnings about cast */
-
 	if (!context || !context->internal ||
 	    !context->internal->_initialized) {
 
@@ -3458,12 +3456,16 @@ smbc_telldir_ctx(SMBCCTX *context,
 
 	}
 
+        /* See if we're already at the end. */
+        if (dir->dir_next == NULL) {
+                /* We are. */
+                return -1;
+        }
+
 	/*
 	 * We return the pointer here as the offset
 	 */
-	ret_val = (off_t)(long)dir->dir_next;
-	return ret_val;
-
+        return (off_t)(long)dir->dir_next->dirent;
 }
 
 /*
@@ -4526,6 +4528,7 @@ cacl_get(SMBCCTX *context,
                         buf += n;
                         n_used += n;
                         bufsize -= n;
+                        n = 0;
                 }
 
                 if (! exclude_nt_owner) {
@@ -4573,6 +4576,7 @@ cacl_get(SMBCCTX *context,
                         buf += n;
                         n_used += n;
                         bufsize -= n;
+                        n = 0;
                 }
 
                 if (! exclude_nt_group) {
@@ -4618,6 +4622,7 @@ cacl_get(SMBCCTX *context,
                         buf += n;
                         n_used += n;
                         bufsize -= n;
+                        n = 0;
                 }
 
                 if (! exclude_nt_acl) {
@@ -4708,6 +4713,7 @@ cacl_get(SMBCCTX *context,
                                 buf += n;
                                 n_used += n;
                                 bufsize -= n;
+                                n = 0;
                         }
                 }
 
@@ -4782,6 +4788,7 @@ cacl_get(SMBCCTX *context,
                         buf += n;
                         n_used += n;
                         bufsize -= n;
+                        n = 0;
                 }
 
                 if (! exclude_dos_size) {
@@ -4826,6 +4833,7 @@ cacl_get(SMBCCTX *context,
                         buf += n;
                         n_used += n;
                         bufsize -= n;
+                        n = 0;
                 }
 
                 if (! exclude_dos_create_time &&
@@ -4868,6 +4876,7 @@ cacl_get(SMBCCTX *context,
                         buf += n;
                         n_used += n;
                         bufsize -= n;
+                        n = 0;
                 }
 
                 if (! exclude_dos_access_time) {
@@ -4909,6 +4918,7 @@ cacl_get(SMBCCTX *context,
                         buf += n;
                         n_used += n;
                         bufsize -= n;
+                        n = 0;
                 }
 
                 if (! exclude_dos_write_time) {
@@ -4950,6 +4960,7 @@ cacl_get(SMBCCTX *context,
                         buf += n;
                         n_used += n;
                         bufsize -= n;
+                        n = 0;
                 }
 
                 if (! exclude_dos_change_time) {
@@ -4991,6 +5002,7 @@ cacl_get(SMBCCTX *context,
                         buf += n;
                         n_used += n;
                         bufsize -= n;
+                        n = 0;
                 }
 
                 if (! exclude_dos_inode) {
@@ -5035,6 +5047,7 @@ cacl_get(SMBCCTX *context,
                         buf += n;
                         n_used += n;
                         bufsize -= n;
+                        n = 0;
                 }
 
                 /* Restore name pointer to its original value */
@@ -5129,8 +5142,8 @@ cacl_set(TALLOC_CTX *ctx,
 	switch (mode) {
 	case SMBC_XATTR_MODE_REMOVE_ALL:
                 old->dacl->num_aces = 0;
-                SAFE_FREE(old->dacl->aces);
-                SAFE_FREE(old->dacl);
+                prs_mem_free(old->dacl->aces);
+                prs_mem_free(&old->dacl);
                 old->dacl = NULL;
                 dacl = old->dacl;
                 break;
@@ -5149,8 +5162,8 @@ cacl_set(TALLOC_CTX *ctx,
 					}
 					old->dacl->num_aces--;
 					if (old->dacl->num_aces == 0) {
-						SAFE_FREE(old->dacl->aces);
-						SAFE_FREE(old->dacl);
+                                                prs_mem_free(&old->dacl->aces);
+                                                prs_mem_free(&old->dacl);
 						old->dacl = NULL;
 					}
 					found = True;