added a sent_oplock_break element to Files[] as a paranoia check so we

can't sent a oplock break twice on the same file.

changed some debug levels in the oplock code to level 0 so we can
track down a bug

zero the returned Files[] entry in find_free_file()

don't try to overcome client bugs in the handling of non-encrypted
passwords if in server level security mode

added paranoid null termination of password buffers

slight change to my ajt_panic() routine
(This used to be commit e360c79c9cec681c4609783019749773d3e79386)

4 files changed, 26 insertions, 11 deletions

diff --git a/source3/include/smb.h b/source3/include/smb.h
index 49854a2512..bd60c1077a 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1454,6 +1454,7 @@ typedef struct
   BOOL print_file;
   BOOL modified;
   BOOL granted_oplock;
+  BOOL sent_oplock_break;
   char *name;
 } files_struct;
 
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 4d098013f2..ac9c701b70 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -3855,7 +3855,7 @@ my own panic function - not suitable for general use
 ********************************************************************/
 void ajt_panic(void)
 {
-  system("/usr/bin/X11/xedit -display ljus:0 /tmp/ERROR_FAULT");
+  system("/usr/bin/X11/xedit -display solen:0 /tmp/ERROR_FAULT");
 }
 #endif
 
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 2c646d99f5..ec94ab0552 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -260,7 +260,6 @@ int reply_tcon_and_X(char *inbuf,char *outbuf,int length,int bufsize)
   int connection_num;
   uint16 vuid = SVAL(inbuf,smb_uid);
   int passlen = SVAL(inbuf,smb_vwv3);
-  BOOL doencrypt = SMBENCRYPT();
 
   *service = *user = *password = *devicename = 0;
 
@@ -279,7 +278,7 @@ int reply_tcon_and_X(char *inbuf,char *outbuf,int length,int bufsize)
     password[passlen]=0;    
     path = smb_buf(inbuf) + passlen;
 
-    if (!doencrypt || passlen != 24) {
+    if (passlen != 24) {
       if (strequal(password," "))
 	*password = 0;
       passlen = strlen(password);
@@ -412,9 +411,10 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize)
     }
 
     memcpy(smb_apasswd,smb_buf(inbuf),smb_apasslen);
+    smb_apasswd[smb_apasslen] = 0;
     pstrcpy(user,smb_buf(inbuf)+smb_apasslen);
 
-    if (lp_security() != SEC_SERVER && !doencrypt) {
+    if (!doencrypt && (lp_security() != SEC_SERVER)) {
 	    smb_apasslen = strlen(smb_apasswd);
     }
   } else {
@@ -448,12 +448,14 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize)
     passlen1 = MIN(passlen1, MAX_PASS_LEN);
     passlen2 = MIN(passlen2, MAX_PASS_LEN);
 
-    if(doencrypt) {
+    if(doencrypt || (lp_security() == SEC_SERVER)) {
       /* Save the lanman2 password and the NT md4 password. */
       smb_apasslen = passlen1;
       memcpy(smb_apasswd,p,smb_apasslen);
+      smb_apasswd[smb_apasslen] = 0;
       smb_ntpasslen = passlen2;
       memcpy(smb_ntpasswd,p+passlen1,smb_ntpasslen);
+      smb_ntpasswd[smb_ntpasslen] = 0;
     } else {
       /* both Win95 and WinNT stuff up the password lengths for
 	 non-encrypting systems. Uggh. 
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 536e89bf18..77c8fc319f 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -1935,6 +1935,7 @@ dev = %x, inode = %x\n", old_shares[i].op_type, fname, dev, inode));
 	      !IS_VETO_OPLOCK_PATH(cnum,fname))
       {
         fs_p->granted_oplock = True;
+        fs_p->sent_oplock_break = False;
         global_oplocks_open++;
         port = oplock_port;
 
@@ -2807,7 +2808,7 @@ global_oplocks_open = %d\n", timestring(), dev, inode, global_oplocks_open));
   if(fsp == NULL)
   {
     /* The file could have been closed in the meantime - return success. */
-    DEBUG(3,("%s oplock_break: cannot find open file with dev = %x, inode = %x (fnum = %d) \
+    DEBUG(0,("%s oplock_break: cannot find open file with dev = %x, inode = %x (fnum = %d) \
 allowing break to succeed.\n", timestring(), dev, inode, fnum));
     return True;
   }
@@ -2823,11 +2824,19 @@ allowing break to succeed.\n", timestring(), dev, inode, fnum));
 
   if(!fsp->granted_oplock)
   {
-    DEBUG(3,("%s oplock_break: file %s (fnum = %d, dev = %x, inode = %x) has no oplock. \
-Allowing break to succeed regardless.\n", timestring(), fsp->name, fnum, dev, inode));
+    DEBUG(0,("%s oplock_break: file %s (fnum = %d, dev = %x, inode = %x) has no oplock. Allowing break to succeed regardless.\n", timestring(), fsp->name, fnum, dev, inode));
     return True;
   }
 
+  /* mark the oplock break as sent - we don't want to send twice! */
+  if (fsp->sent_oplock_break)
+  {
+    DEBUG(0,("%s ERROR: oplock_break already sent for file %s (fnum = %d, dev = %x, inode = %x)\n", timestring(), fsp->name, fnum, dev, inode));
+    return True;
+  }
+
+  fsp->sent_oplock_break = True;
+
   /* Now comes the horrid part. We must send an oplock break to the client,
      and then process incoming messages until we get a close or oplock release.
    */
@@ -2923,7 +2932,7 @@ inode = %x).\n", timestring(), fsp->name, fnum, dev, inode));
        from the sharemode. */
     /* Paranoia.... */
     fsp->granted_oplock = False;
-  global_oplocks_open--;
+    global_oplocks_open--;
   }
 
   /* Santity check - remove this later. JRA */
@@ -3599,8 +3608,11 @@ int find_free_file(void )
   /* we start at 1 here for an obscure reason I can't now remember,
      but I think is important :-) */
   for (i=1;i<MAX_OPEN_FILES;i++)
-    if (!Files[i].open)
-      return(i);
+	  if (!Files[i].open) {
+		  /* paranoia */
+		  memset(&Files[i], 0, sizeof(Files[i]));
+		  return(i);
+	  }
   DEBUG(1,("ERROR! Out of file structures - perhaps increase MAX_OPEN_FILES?\n"));
   return(-1);
 }