Fixed the nastiest locking bug to track down.... smb_pids are sent in the

lockingX calls - use that instead of smb_pid in the packet.
Jeremy.
(This used to be commit a3925cb9c6303ce24e5fecad6c8f3a0ba78b9ee0)

3 files changed, 36 insertions, 16 deletions

diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c
index 843f3d07a6..48d3c8a24a 100644
--- a/source3/smbd/blocking.c
+++ b/source3/smbd/blocking.c
@@ -196,6 +196,7 @@ static void reply_lockingX_error(blocking_lock_record *blr, int eclass, int32 ec
   connection_struct *conn = conn_find(SVAL(inbuf,smb_tid));
   uint16 num_ulocks = SVAL(inbuf,smb_vwv6);
   SMB_BIG_UINT count = (SMB_BIG_UINT)0, offset = (SMB_BIG_UINT) 0;
+  uint16 lock_pid;
   unsigned char locktype = CVAL(inbuf,smb_vwv3);
   BOOL large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES);
   char *data;
@@ -219,6 +220,7 @@ static void reply_lockingX_error(blocking_lock_record *blr, int eclass, int32 ec
     uint32 dummy2;
     BOOL err;
 
+    lock_pid = get_lock_pid( data, i, large_file_format);
     count = get_lock_count( data, i, large_file_format);
     offset = get_lock_offset( data, i, large_file_format, &err);
 
@@ -227,7 +229,7 @@ static void reply_lockingX_error(blocking_lock_record *blr, int eclass, int32 ec
      * request would never have been queued. JRA.
      */
 
-    do_unlock(fsp,conn,count,offset,&dummy1,&dummy2);
+    do_unlock(fsp,conn,lock_pid,count,offset,&dummy1,&dummy2);
   }
 
   generic_blocking_lock_error(blr, eclass, ecode);
@@ -280,7 +282,7 @@ static BOOL process_lockread(blocking_lock_record *blr)
   numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
   data = smb_buf(outbuf) + 3;
  
-  if(!do_lock( fsp, conn, (SMB_BIG_UINT)numtoread, (SMB_BIG_UINT)startpos, READ_LOCK, &eclass, &ecode)) {
+  if(!do_lock( fsp, conn, SVAL(inbuf,smb_pid), (SMB_BIG_UINT)numtoread, (SMB_BIG_UINT)startpos, READ_LOCK, &eclass, &ecode)) {
     if((errno != EACCES) && (errno != EAGAIN)) {
       /*
        * We have other than a "can't get lock" POSIX
@@ -346,7 +348,7 @@ static BOOL process_lock(blocking_lock_record *blr)
   offset = IVAL(inbuf,smb_vwv3);
 
   errno = 0;
-  if (!do_lock(fsp, conn, (SMB_BIG_UINT)count, (SMB_BIG_UINT)offset, WRITE_LOCK, &eclass, &ecode)) {
+  if (!do_lock(fsp, conn, SVAL(inbuf,smb_pid), (SMB_BIG_UINT)count, (SMB_BIG_UINT)offset, WRITE_LOCK, &eclass, &ecode)) {
     if((errno != EACCES) && (errno != EAGAIN)) {
 
       /*
@@ -395,6 +397,7 @@ static BOOL process_lockingX(blocking_lock_record *blr)
   uint16 num_ulocks = SVAL(inbuf,smb_vwv6);
   uint16 num_locks = SVAL(inbuf,smb_vwv7);
   SMB_BIG_UINT count = (SMB_BIG_UINT)0, offset = (SMB_BIG_UINT)0;
+  uint16 lock_pid;
   BOOL large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES);
   char *data;
   int eclass=0;
@@ -410,6 +413,7 @@ static BOOL process_lockingX(blocking_lock_record *blr)
   for(; blr->lock_num < num_locks; blr->lock_num++) {
     BOOL err;
 
+    lock_pid = get_lock_pid( data, blr->lock_num, large_file_format);
     count = get_lock_count( data, blr->lock_num, large_file_format);
     offset = get_lock_offset( data, blr->lock_num, large_file_format, &err);
 
@@ -418,7 +422,7 @@ static BOOL process_lockingX(blocking_lock_record *blr)
      * request would never have been queued. JRA.
      */
     errno = 0;
-    if(!do_lock(fsp,conn,count,offset, ((locktype & 1) ? READ_LOCK : WRITE_LOCK),
+    if(!do_lock(fsp,conn,count,lock_pid,offset, ((locktype & 1) ? READ_LOCK : WRITE_LOCK),
                 &eclass, &ecode))
       break;
   }
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index f43c675289..dd2318b58a 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -612,7 +612,7 @@ static int switch_message(int type,char *inbuf,char *outbuf,int size,int bufsize
 {
   static pid_t pid= (pid_t)-1;
   int outsize = 0;
-  extern int global_smbpid;
+  extern uint16 global_smbpid;
 
   type &= 0xff;
 
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index b66149e7da..2539537bfc 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -2290,7 +2290,7 @@ int reply_lockread(connection_struct *conn, char *inbuf,char *outbuf, int length
    * for a write lock. JRA.
    */
 
-  if(!do_lock( fsp, conn, (SMB_BIG_UINT)numtoread, (SMB_BIG_UINT)startpos, WRITE_LOCK, &eclass, &ecode)) {
+  if(!do_lock( fsp, conn, SVAL(inbuf,smb_pid), (SMB_BIG_UINT)numtoread, (SMB_BIG_UINT)startpos, WRITE_LOCK, &eclass, &ecode)) {
     if((ecode == ERRlock) && lp_blocking_locks(SNUM(conn))) {
       /*
        * A blocking lock was requested. Package up
@@ -2605,7 +2605,7 @@ int reply_writeunlock(connection_struct *conn, char *inbuf,char *outbuf, int siz
     return(UNIXERROR(ERRDOS,ERRnoaccess));
   }
 
-  if(!do_unlock(fsp, conn, (SMB_BIG_UINT)numtowrite, (SMB_BIG_UINT)startpos, &eclass, &ecode)) {
+  if(!do_unlock(fsp, conn, SVAL(inbuf,smb_pid), (SMB_BIG_UINT)numtowrite, (SMB_BIG_UINT)startpos, &eclass, &ecode)) {
     END_PROFILE(SMBwriteunlock);
     return(ERROR(eclass,ecode));
   }
@@ -3089,7 +3089,7 @@ int reply_lock(connection_struct *conn,
 	DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
 		 fsp->fd, fsp->fnum, (double)offset, (double)count));
 
-	if (!do_lock(fsp, conn, count, offset, WRITE_LOCK, &eclass, &ecode)) {
+	if (!do_lock(fsp, conn, SVAL(inbuf,smb_pid), count, offset, WRITE_LOCK, &eclass, &ecode)) {
           if((ecode == ERRlock) && lp_blocking_locks(SNUM(conn))) {
 	    /*
              * A blocking lock was requested. Package up
@@ -3128,7 +3128,7 @@ int reply_unlock(connection_struct *conn, char *inbuf,char *outbuf, int size, in
   count = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv1);
   offset = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv3);
 
-  if(!do_unlock(fsp, conn, count, offset, &eclass, &ecode)) {
+  if(!do_unlock(fsp, conn, SVAL(inbuf,smb_pid), count, offset, &eclass, &ecode)) {
     END_PROFILE(SMBunlock);
     return (ERROR(eclass,ecode));
   }
@@ -4248,6 +4248,18 @@ int reply_setdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size
 }
 
 /****************************************************************************
+ Get a lock pid, dealing with large count requests.
+****************************************************************************/
+
+uint16 get_lock_pid( char *data, int data_offset, BOOL large_file_format)
+{
+	if(!large_file_format)
+		return SVAL(data,SMB_LPID_OFFSET(data_offset));
+	else
+		return SVAL(data,SMB_LARGE__LPID_OFFSET(data_offset));
+}
+
+/****************************************************************************
  Get a lock count, dealing with large count requests.
 ****************************************************************************/
 
@@ -4346,6 +4358,7 @@ int reply_lockingX(connection_struct *conn, char *inbuf,char *outbuf,int length,
   uint16 num_ulocks = SVAL(inbuf,smb_vwv6);
   uint16 num_locks = SVAL(inbuf,smb_vwv7);
   SMB_BIG_UINT count = 0, offset = 0;
+  uint16 lock_pid;
   int32 lock_timeout = IVAL(inbuf,smb_vwv4);
   int i;
   char *data;
@@ -4418,6 +4431,7 @@ no oplock granted on this file (%s).\n", fsp->fnum, fsp->fsp_name));
   /* Data now points at the beginning of the list
      of smb_unlkrng structs */
   for(i = 0; i < (int)num_ulocks; i++) {
+    lock_pid = get_lock_pid( data, i, large_file_format);
     count = get_lock_count( data, i, large_file_format);
     offset = get_lock_offset( data, i, large_file_format, &err);
 
@@ -4429,10 +4443,10 @@ no oplock granted on this file (%s).\n", fsp->fnum, fsp->fsp_name));
       return ERROR(ERRDOS,ERRnoaccess);
     }
 
-    DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for file %s\n",
-          (double)offset, (double)count, fsp->fsp_name ));
+    DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for pid %u, file %s\n",
+          (unsigned int)lock_pid, (double)offset, (double)count, fsp->fsp_name ));
 
-    if(!do_unlock(fsp,conn,count,offset, &eclass, &ecode)) {
+    if(!do_unlock(fsp,conn,lock_pid,count,offset, &eclass, &ecode)) {
       END_PROFILE(SMBlockingX);
       return ERROR(eclass,ecode);
     }
@@ -4448,6 +4462,7 @@ no oplock granted on this file (%s).\n", fsp->fnum, fsp->fsp_name));
      of smb_lkrng structs */
 
   for(i = 0; i < (int)num_locks; i++) {
+    lock_pid = get_lock_pid( data, i, large_file_format);
     count = get_lock_count( data, i, large_file_format);
     offset = get_lock_offset( data, i, large_file_format, &err);
 
@@ -4459,10 +4474,10 @@ no oplock granted on this file (%s).\n", fsp->fnum, fsp->fsp_name));
       return ERROR(ERRDOS,ERRnoaccess);
     }
  
-    DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for file %s\n",
-          (double)offset, (double)count, fsp->fsp_name ));
+    DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid %u, file %s\n",
+          (unsigned int)lock_pid, (double)offset, (double)count, fsp->fsp_name ));
 
-    if(!do_lock(fsp,conn,count,offset, ((locktype & 1) ? READ_LOCK : WRITE_LOCK),
+    if(!do_lock(fsp,conn,lock_pid, count,offset, ((locktype & 1) ? READ_LOCK : WRITE_LOCK),
                 &eclass, &ecode)) {
       if((ecode == ERRlock) && (lock_timeout != 0) && lp_blocking_locks(SNUM(conn))) {
         /*
@@ -4488,6 +4503,7 @@ no oplock granted on this file (%s).\n", fsp->fnum, fsp->fsp_name));
      * will delete it (and we shouldn't) .....
      */
     for(i--; i >= 0; i--) {
+      lock_pid = get_lock_pid( data, i, large_file_format);
       count = get_lock_count( data, i, large_file_format);
       offset = get_lock_offset( data, i, large_file_format, &err);
 
@@ -4499,7 +4515,7 @@ no oplock granted on this file (%s).\n", fsp->fnum, fsp->fsp_name));
         return ERROR(ERRDOS,ERRnoaccess);
       }
  
-      do_unlock(fsp,conn,count,offset,&dummy1,&dummy2);
+      do_unlock(fsp,conn,lock_pid,count,offset,&dummy1,&dummy2);
     }
     END_PROFILE(SMBlockingX);
     return ERROR(eclass,ecode);