diff options
author | Jeremy Allison <jra@samba.org> | 2004-04-14 22:35:28 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:51:14 -0500 |
commit | 5573a9ed661b5b07f52e90516edb3fbe210c9c87 (patch) | |
tree | c27e2023ac94d3fca5b6e722874217f2fbcfef83 /source3 | |
parent | 81996162d6ecb6236dfb154eac8ed6d4f0ad1079 (diff) | |
download | samba-5573a9ed661b5b07f52e90516edb3fbe210c9c87.tar.gz samba-5573a9ed661b5b07f52e90516edb3fbe210c9c87.tar.bz2 samba-5573a9ed661b5b07f52e90516edb3fbe210c9c87.zip |
r225: Patch from Pat.Hayward@propero.net to make the session_users list dynamic.
I restricted it to 128k max to prevent DOS attacks.
Jeremy.
(This used to be commit 70fb2a196d83c4bde11d27608da27f956f3f19b8)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/smbd/password.c | 36 | ||||
-rw-r--r-- | source3/smbd/trans2.c | 2 |
2 files changed, 29 insertions, 9 deletions
diff --git a/source3/smbd/password.c b/source3/smbd/password.c index ef5d0a97ac..d15970cbef 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -21,7 +21,8 @@ #include "includes.h" /* users from session setup */ -static pstring session_users=""; +static char *session_userlist = NULL; +static int len_session_userlist = 0; /* this holds info on user ids that are already validated for this VC */ static user_struct *validated_users; @@ -295,14 +296,33 @@ void add_session_user(const char *user) fstrcpy(suser,passwd->pw_name); - if (suser && *suser && !in_list(suser,session_users,False)) { - if (strlen(suser) + strlen(session_users) + 2 >= sizeof(pstring)) { - DEBUG(1,("Too many session users??\n")); - } else { - pstrcat(session_users," "); - pstrcat(session_users,suser); + if(!*suser) + return; + + if( session_userlist && in_list(suser,session_userlist,False) ) + return; + + if( !session_userlist || (strlen(suser) + strlen(session_userlist) + 2 >= len_session_userlist) ) { + char *newlist; + + if (len_session_userlist > 128 * PSTRING_LEN) { + DEBUG(3,("add_session_user: session userlist already too large.\n")); + return; + } + newlist = Realloc( session_userlist, len_session_userlist + PSTRING_LEN ); + if( newlist == NULL ) { + DEBUG(1,("Unable to resize session_userlist\n")); + return; } + if (!session_userlist) { + *newlist = '\0'; + } + session_userlist = newlist; + len_session_userlist += PSTRING_LEN; } + + safe_strcat(session_userlist," ",len_session_userlist-1); + safe_strcat(session_userlist,suser,len_session_userlist-1); } /**************************************************************************** @@ -468,7 +488,7 @@ BOOL authorise_login(int snum, fstring user, DATA_BLOB password, /* now check the list of session users */ if (!ok) { char *auser; - char *user_list = strdup(session_users); + char *user_list = strdup(session_userlist); if (!user_list) return(False); diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 16c2d83aa2..1d07e7851d 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -1239,7 +1239,7 @@ static BOOL get_lanman2_dir_entry(connection_struct *conn, SOFF_T(p,0,get_allocation_size(NULL,&sbuf)); /* Number of bytes used on disk - 64 Bit */ p+= 8; - put_long_date(p,sbuf.st_ctime); /* Creation Time 64 Bit */ + put_long_date(p,sbuf.st_ctime); /* Inode change Time 64 Bit */ put_long_date(p+8,sbuf.st_atime); /* Last access time 64 Bit */ put_long_date(p+16,sbuf.st_mtime); /* Last modification time 64 Bit */ p+= 24; |