summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2010-02-24 18:11:07 -0800
committerJeremy Allison <jra@samba.org>2010-02-24 18:11:07 -0800
commitd1950d66c4ed38918323bdb8c0bb11700a47bdc3 (patch)
tree0101c666e0272d8665cc09bccbdfb461f436a2bc /source3/smbd
parent3c202519eccfa1922f315e2f2910d832016ad3f1 (diff)
downloadsamba-d1950d66c4ed38918323bdb8c0bb11700a47bdc3.tar.gz
samba-d1950d66c4ed38918323bdb8c0bb11700a47bdc3.tar.bz2
samba-d1950d66c4ed38918323bdb8c0bb11700a47bdc3.zip
Make conn_close_all() safe to call from SMB2 sessions (fix crash bug).
Ensure we don't call close_cnum() with SMB2, also talloc_move the compat_conn pointer from the NULL context onto the tcon context in SMB2 as it's conceptually owned by that pointer. Jeremy.
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/conn.c27
-rw-r--r--source3/smbd/smb2_tcon.c6
2 files changed, 23 insertions, 10 deletions
diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c
index 959fcd7754..51f880d9df 100644
--- a/source3/smbd/conn.c
+++ b/source3/smbd/conn.c
@@ -177,15 +177,26 @@ return true if any were closed
****************************************************************************/
bool conn_close_all(struct smbd_server_connection *sconn)
{
- connection_struct *conn, *next;
- bool ret = false;
- for (conn=sconn->smb1.tcons.Connections;conn;conn=next) {
- next=conn->next;
- set_current_service(conn, 0, True);
- close_cnum(conn, conn->vuid);
- ret = true;
+ if (sconn->allow_smb2) {
+ /* SMB2 */
+ if (sconn->smb2.sessions.list &&
+ sconn->smb2.sessions.list->tcons.list) {
+ return true;
+ }
+ return false;
+ } else {
+ /* SMB1 */
+ connection_struct *conn, *next;
+ bool ret = false;
+
+ for (conn=sconn->smb1.tcons.Connections;conn;conn=next) {
+ next=conn->next;
+ set_current_service(conn, 0, True);
+ close_cnum(conn, conn->vuid);
+ ret = true;
+ }
+ return ret;
}
- return ret;
}
/****************************************************************************
diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c
index 70c5e8845e..bd33007c18 100644
--- a/source3/smbd/smb2_tcon.c
+++ b/source3/smbd/smb2_tcon.c
@@ -150,6 +150,7 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req,
fstring service;
int snum = -1;
struct smbd_smb2_tcon *tcon;
+ connection_struct *compat_conn = NULL;
int id;
NTSTATUS status;
@@ -196,14 +197,15 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req,
tcon->session = req->session;
talloc_set_destructor(tcon, smbd_smb2_tcon_destructor);
- tcon->compat_conn = make_connection_snum(req->sconn,
+ compat_conn = make_connection_snum(req->sconn,
snum, req->session->compat_vuser,
data_blob_null, "???",
&status);
- if (tcon->compat_conn == NULL) {
+ if (compat_conn == NULL) {
TALLOC_FREE(tcon);
return status;
}
+ tcon->compat_conn = talloc_move(tcon, &compat_conn);
tcon->compat_conn->cnum = tcon->tid;
*out_share_type = 0x01;