summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/proto.h6
-rw-r--r--source3/lib/messages.c13
-rw-r--r--source3/lib/talloc.c5
-rw-r--r--source3/libsmb/cli_lsarpc.c28
-rw-r--r--source3/libsmb/clientgen.c4
-rw-r--r--source3/libsmb/clisecdesc.c39
-rw-r--r--source3/libsmb/clitrans.c7
-rw-r--r--source3/printing/printing.c16
-rw-r--r--source3/rpc_client/cli_lsarpc.c2
-rw-r--r--source3/rpc_parse/parse_lsa.c43
-rw-r--r--source3/rpc_parse/parse_misc.c8
-rw-r--r--source3/rpc_server/srv_lsa.c20
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c2
-rw-r--r--source3/smbd/connection.c9
-rw-r--r--source3/utils/smbcacls.c24
-rw-r--r--source3/utils/smbcontrol.c9
16 files changed, 148 insertions, 87 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 9a81fa273d..8b4fcb173d 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -157,7 +157,7 @@ void message_dispatch(void);
void message_register(int msg_type,
void (*fn)(int msg_type, pid_t pid, void *buf, size_t len));
void message_deregister(int msg_type);
-BOOL message_send_all(int msg_type, void *buf, size_t len, BOOL duplicates_allowed);
+BOOL message_send_all(TDB_CONTEXT *conn_tdb, int msg_type, void *buf, size_t len, BOOL duplicates_allowed);
/*The following definitions come from lib/ms_fnmatch.c */
@@ -2312,8 +2312,7 @@ BOOL lsa_io_r_lookup_sids(char *desc, LSA_R_LOOKUP_SIDS *r_s, prs_struct *ps, in
void init_q_lookup_names(TALLOC_CTX *mem_ctx, LSA_Q_LOOKUP_NAMES *q_l,
POLICY_HND *hnd, int num_names, char **names);
BOOL lsa_io_q_lookup_names(char *desc, LSA_Q_LOOKUP_NAMES *q_r, prs_struct *ps, int depth);
-BOOL lsa_io_r_lookup_names(TALLOC_CTX *mem_ctx, char *desc,
- LSA_R_LOOKUP_NAMES *r_r, prs_struct *ps, int depth);
+BOOL lsa_io_r_lookup_names(char *desc, LSA_R_LOOKUP_NAMES *r_r, prs_struct *ps, int depth);
void init_lsa_q_close(LSA_Q_CLOSE *q_c, POLICY_HND *hnd);
BOOL lsa_io_q_close(char *desc, LSA_Q_CLOSE *q_c, prs_struct *ps, int depth);
BOOL lsa_io_r_close(char *desc, LSA_R_CLOSE *r_c, prs_struct *ps, int depth);
@@ -3474,6 +3473,7 @@ void conn_free(connection_struct *conn);
/*The following definitions come from smbd/connection.c */
+TDB_CONTEXT *conn_tdb_ctx(void);
BOOL yield_connection(connection_struct *conn,char *name,int max_connections);
BOOL claim_connection(connection_struct *conn,char *name,int max_connections,BOOL Clear);
diff --git a/source3/lib/messages.c b/source3/lib/messages.c
index e5aafcb646..d46ad74553 100644
--- a/source3/lib/messages.c
+++ b/source3/lib/messages.c
@@ -384,22 +384,13 @@ this is a useful function for sending messages to all smbd processes.
It isn't very efficient, but should be OK for the sorts of applications that
use it. When we need efficient broadcast we can add it.
****************************************************************************/
-BOOL message_send_all(int msg_type, void *buf, size_t len, BOOL duplicates_allowed)
+BOOL message_send_all(TDB_CONTEXT *conn_tdb, int msg_type, void *buf, size_t len, BOOL duplicates_allowed)
{
- TDB_CONTEXT *the_tdb;
-
- the_tdb = tdb_open(lock_path("connections.tdb"), 0, 0, O_RDONLY, 0);
- if (!the_tdb) {
- DEBUG(2,("Failed to open connections database in message_send_all\n"));
- return False;
- }
-
msg_all.msg_type = msg_type;
msg_all.buf = buf;
msg_all.len = len;
msg_all.duplicates = duplicates_allowed;
- tdb_traverse(the_tdb, traverse_fn, NULL);
- tdb_close(the_tdb);
+ tdb_traverse(conn_tdb, traverse_fn, NULL);
return True;
}
diff --git a/source3/lib/talloc.c b/source3/lib/talloc.c
index acc6204bed..a04bd2561b 100644
--- a/source3/lib/talloc.c
+++ b/source3/lib/talloc.c
@@ -96,6 +96,9 @@ void talloc_destroy_pool(TALLOC_CTX *t)
{
struct talloc_chunk *c;
+ if (!t)
+ return;
+
while (t->list) {
c = t->list->next;
free(t->list->ptr);
@@ -109,6 +112,8 @@ void talloc_destroy_pool(TALLOC_CTX *t)
/* destroy a whole pool including the context */
void talloc_destroy(TALLOC_CTX *t)
{
+ if (!t)
+ return;
talloc_destroy_pool(t);
free(t);
}
diff --git a/source3/libsmb/cli_lsarpc.c b/source3/libsmb/cli_lsarpc.c
index 4199ab2648..60fab75cca 100644
--- a/source3/libsmb/cli_lsarpc.c
+++ b/source3/libsmb/cli_lsarpc.c
@@ -109,12 +109,16 @@ uint32 cli_lsa_open_policy(struct cli_state *cli, BOOL sec_qos,
if (!lsa_io_q_open_pol("", &q, &qbuf, 0) ||
!rpc_api_pipe_req(cli, LSA_OPENPOLICY, &qbuf, &rbuf)) {
+ prs_mem_free(&qbuf);
+ prs_mem_free(&rbuf);
return NT_STATUS_UNSUCCESSFUL;
}
/* Unmarshall response */
if (!lsa_io_r_open_pol("", &r, &rbuf, 0)) {
+ prs_mem_free(&qbuf);
+ prs_mem_free(&rbuf);
return NT_STATUS_UNSUCCESSFUL;
}
@@ -126,6 +130,8 @@ uint32 cli_lsa_open_policy(struct cli_state *cli, BOOL sec_qos,
*hnd = r.pol;
}
+ prs_mem_free(&qbuf);
+ prs_mem_free(&rbuf);
return result;
}
@@ -152,12 +158,16 @@ uint32 cli_lsa_close(struct cli_state *cli, POLICY_HND *hnd)
if (!lsa_io_q_close("", &q, &qbuf, 0) ||
!rpc_api_pipe_req(cli, LSA_CLOSE, &qbuf, &rbuf)) {
+ prs_mem_free(&qbuf);
+ prs_mem_free(&rbuf);
return NT_STATUS_UNSUCCESSFUL;
}
/* Unmarshall response */
if (!lsa_io_r_close("", &r, &rbuf, 0)) {
+ prs_mem_free(&qbuf);
+ prs_mem_free(&rbuf);
return NT_STATUS_UNSUCCESSFUL;
}
@@ -169,6 +179,8 @@ uint32 cli_lsa_close(struct cli_state *cli, POLICY_HND *hnd)
*hnd = r.pol;
}
+ prs_mem_free(&qbuf);
+ prs_mem_free(&rbuf);
return result;
}
@@ -200,6 +212,8 @@ uint32 cli_lsa_lookup_sids(struct cli_state *cli, POLICY_HND *hnd,
if (!lsa_io_q_lookup_sids("", &q, &qbuf, 0) ||
!rpc_api_pipe_req(cli, LSA_LOOKUPSIDS, &qbuf, &rbuf)) {
+ prs_mem_free(&qbuf);
+ prs_mem_free(&rbuf);
return NT_STATUS_UNSUCCESSFUL;
}
@@ -212,6 +226,8 @@ uint32 cli_lsa_lookup_sids(struct cli_state *cli, POLICY_HND *hnd,
r.names = &t_names;
if (!lsa_io_r_lookup_sids("", &r, &rbuf, 0)) {
+ prs_mem_free(&qbuf);
+ prs_mem_free(&rbuf);
return NT_STATUS_UNSUCCESSFUL;
}
@@ -271,6 +287,9 @@ uint32 cli_lsa_lookup_sids(struct cli_state *cli, POLICY_HND *hnd,
}
done:
+ prs_mem_free(&qbuf);
+ prs_mem_free(&rbuf);
+
return result;
}
@@ -301,6 +320,8 @@ uint32 cli_lsa_lookup_names(struct cli_state *cli, POLICY_HND *hnd,
if (!lsa_io_q_lookup_names("", &q, &qbuf, 0) ||
!rpc_api_pipe_req(cli, LSA_LOOKUPNAMES, &qbuf, &rbuf)) {
+ prs_mem_free(&qbuf);
+ prs_mem_free(&rbuf);
return NT_STATUS_UNSUCCESSFUL;
}
@@ -309,7 +330,9 @@ uint32 cli_lsa_lookup_names(struct cli_state *cli, POLICY_HND *hnd,
ZERO_STRUCT(ref);
r.dom_ref = &ref;
- if (!lsa_io_r_lookup_names(cli->mem_ctx, "", &r, &rbuf, 0)) {
+ if (!lsa_io_r_lookup_names("", &r, &rbuf, 0)) {
+ prs_mem_free(&qbuf);
+ prs_mem_free(&rbuf);
return NT_STATUS_UNSUCCESSFUL;
}
@@ -366,5 +389,8 @@ uint32 cli_lsa_lookup_names(struct cli_state *cli, POLICY_HND *hnd,
}
done:
+ prs_mem_free(&qbuf);
+ prs_mem_free(&rbuf);
+
return result;
}
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 8d9e2f034f..1938049806 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -209,13 +209,13 @@ struct cli_state *cli_initialise(struct cli_state *cli)
cli->inbuf = (char *)malloc(cli->bufsize);
if (!cli->outbuf || !cli->inbuf)
{
- return False;
+ return NULL;
}
if ((cli->mem_ctx = talloc_init()) == NULL) {
free(cli->outbuf);
free(cli->inbuf);
- return False;
+ return NULL;
}
memset(cli->outbuf, '\0', cli->bufsize);
diff --git a/source3/libsmb/clisecdesc.c b/source3/libsmb/clisecdesc.c
index b56e1ea688..d53b3073b2 100644
--- a/source3/libsmb/clisecdesc.c
+++ b/source3/libsmb/clisecdesc.c
@@ -36,7 +36,6 @@ SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd)
TALLOC_CTX *mem_ctx;
prs_struct pd;
SEC_DESC *psd = NULL;
- SEC_DESC *ret;
SIVAL(param, 0, fd);
SSVAL(param, 4, 0x7);
@@ -48,7 +47,7 @@ SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd)
param, 8, 4,
NULL, 0, 0x10000)) {
DEBUG(1,("Failed to send NT_TRANSACT_QUERY_SECURITY_DESC\n"));
- return NULL;
+ goto cleanup;
}
@@ -56,12 +55,12 @@ SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd)
&rparam, &rparam_count,
&rdata, &rdata_count)) {
DEBUG(1,("Failed to recv NT_TRANSACT_QUERY_SECURITY_DESC\n"));
- return NULL;
+ goto cleanup;
}
if ((mem_ctx = talloc_init()) == NULL) {
DEBUG(0,("talloc_init failed.\n"));
- return NULL;
+ goto cleanup;
}
prs_init(&pd, rdata_count, 4, mem_ctx, UNMARSHALL);
@@ -70,13 +69,17 @@ SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd)
if (!sec_io_desc("sd data", &psd, &pd, 1)) {
DEBUG(1,("Failed to parse secdesc\n"));
- talloc_destroy(mem_ctx);
- return NULL;
+ goto cleanup;
}
- ret = dup_sec_desc(psd);
+ cleanup:
+
talloc_destroy(mem_ctx);
- return ret;
+ safe_free(rparam);
+ safe_free(rdata);
+
+ prs_mem_free(&pd);
+ return psd;
}
@@ -92,10 +95,11 @@ BOOL cli_set_secdesc(struct cli_state *cli,int fd, SEC_DESC *sd)
int rparam_count=0, rdata_count=0;
TALLOC_CTX *mem_ctx;
prs_struct pd;
+ BOOL ret = False;
if ((mem_ctx = talloc_init()) == NULL) {
DEBUG(0,("talloc_init failed.\n"));
- return False;
+ goto cleanup;
}
prs_init(&pd, 0, 4, mem_ctx, MARSHALL);
@@ -103,7 +107,7 @@ BOOL cli_set_secdesc(struct cli_state *cli,int fd, SEC_DESC *sd)
if (!sec_io_desc("sd data", &sd, &pd, 1)) {
DEBUG(1,("Failed to marshall secdesc\n"));
- return False;
+ goto cleanup;
}
SIVAL(param, 0, fd);
@@ -116,7 +120,7 @@ BOOL cli_set_secdesc(struct cli_state *cli,int fd, SEC_DESC *sd)
param, 8, 0,
pd.data_p, pd.data_offset, 0)) {
DEBUG(1,("Failed to send NT_TRANSACT_SET_SECURITY_DESC\n"));
- return False;
+ goto cleanup;
}
@@ -124,14 +128,19 @@ BOOL cli_set_secdesc(struct cli_state *cli,int fd, SEC_DESC *sd)
&rparam, &rparam_count,
&rdata, &rdata_count)) {
DEBUG(1,("NT_TRANSACT_SET_SECURITY_DESC failed\n"));
- return False;
+ goto cleanup;
}
- if (rparam) free(rparam);
- if (rdata) free(rdata);
+ ret = True;
+
+ cleanup:
+
+ safe_free(rparam);
+ safe_free(rdata);
talloc_destroy(mem_ctx);
- return True;
+ prs_mem_free(&pd);
+ return ret;
}
diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c
index 50ed68ee16..5cd6ae30ce 100644
--- a/source3/libsmb/clitrans.c
+++ b/source3/libsmb/clitrans.c
@@ -170,8 +170,13 @@ BOOL cli_receive_trans(struct cli_state *cli,int trans,
if (cli_error(cli, &eclass, &ecode, NULL))
{
- if(cli->nt_pipe_fnum == 0 || !(eclass == ERRDOS && ecode == ERRmoredata))
+ if(cli->nt_pipe_fnum == 0)
return(False);
+
+ if(!(eclass == ERRDOS && ecode == ERRmoredata)) {
+ if (eclass != 0 && (ecode != (0x80000000 | STATUS_BUFFER_OVERFLOW)))
+ return(False);
+ }
}
/* parse out the lengths */
diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index b670908049..842b97f9c5 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -421,7 +421,7 @@ static void print_queue_update(int snum)
if( qcount != get_queue_status(snum, &old_status)) {
DEBUG(10,("print_queue_update: queue status change %d jobs -> %d jobs for printer %s\n",
old_status.qcount, qcount, printer_name ));
- message_send_all(MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
+ message_send_all(conn_tdb_ctx(), MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
}
/* store the new queue status structure */
@@ -592,7 +592,7 @@ BOOL print_job_delete(struct current_user *user, int jobid, int *errcode)
printer_name = PRINTERNAME(snum);
- message_send_all(MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
+ message_send_all(conn_tdb_ctx(), MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
return !print_job_exists(jobid);
}
@@ -642,7 +642,7 @@ BOOL print_job_pause(struct current_user *user, int jobid, int *errcode)
printer_name = PRINTERNAME(snum);
- message_send_all(MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
+ message_send_all(conn_tdb_ctx(), MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
/* how do we tell if this succeeded? */
@@ -692,7 +692,7 @@ BOOL print_job_resume(struct current_user *user, int jobid, int *errcode)
printer_name = PRINTERNAME(snum);
- message_send_all(MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
+ message_send_all(conn_tdb_ctx(),MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
return True;
}
@@ -965,7 +965,7 @@ BOOL print_job_end(int jobid)
printer_name = PRINTERNAME(snum);
- message_send_all(MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
+ message_send_all(conn_tdb_ctx(),MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
return True;
}
@@ -1152,7 +1152,7 @@ BOOL print_queue_pause(struct current_user *user, int snum, int *errcode)
printer_name = PRINTERNAME(snum);
- message_send_all(MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
+ message_send_all(conn_tdb_ctx(),MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
return True;
}
@@ -1185,7 +1185,7 @@ BOOL print_queue_resume(struct current_user *user, int snum, int *errcode)
printer_name = PRINTERNAME(snum);
- message_send_all(MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
+ message_send_all(conn_tdb_ctx(),MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
return True;
}
@@ -1214,7 +1214,7 @@ BOOL print_queue_purge(struct current_user *user, int snum, int *errcode)
printer_name = PRINTERNAME(snum);
- message_send_all(MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
+ message_send_all(conn_tdb_ctx(),MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
return True;
}
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
index a3b0a516b0..03a5cad709 100644
--- a/source3/rpc_client/cli_lsarpc.c
+++ b/source3/rpc_client/cli_lsarpc.c
@@ -606,7 +606,7 @@ uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names,
r_l.dom_ref = &ref;
r_l.dom_rid = t_rids;
- lsa_io_r_lookup_names(ctx, "", &r_l, &rbuf, 0);
+ lsa_io_r_lookup_names("", &r_l, &rbuf, 0);
p = rbuf.data_offset != 0;
if (p && r_l.status != 0) {
diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c
index 4b0e6e4106..41219854d1 100644
--- a/source3/rpc_parse/parse_lsa.c
+++ b/source3/rpc_parse/parse_lsa.c
@@ -710,14 +710,14 @@ static BOOL lsa_io_sid_enum(char *desc, LSA_SID_ENUM *sen,
/* Mallocate memory if we're unpacking from the wire */
if (UNMARSHALLING(ps)) {
- if ((sen->ptr_sid = (uint32 *)malloc(
+ if ((sen->ptr_sid = (uint32 *)prs_alloc_mem( ps,
sen->num_entries * sizeof(uint32))) == NULL) {
DEBUG(3, ("init_lsa_sid_enum(): out of memory for "
"ptr_sid\n"));
return False;
}
- if ((sen->sid = (DOM_SID2 *)malloc(
+ if ((sen->sid = (DOM_SID2 *)prs_alloc_mem( ps,
sen->num_entries * sizeof(DOM_SID2))) == NULL) {
DEBUG(3, ("init_lsa_sid_enum(): out of memory for "
"sids\n"));
@@ -824,13 +824,13 @@ static BOOL lsa_io_trans_names(char *desc, LSA_TRANS_NAME_ENUM *trn,
if (UNMARSHALLING(ps)) {
if ((trn->name = (LSA_TRANS_NAME *)
- malloc(trn->num_entries *
+ prs_alloc_mem(ps, trn->num_entries *
sizeof(LSA_TRANS_NAME))) == NULL) {
return False;
}
if ((trn->uni_name = (UNISTR2 *)
- malloc(trn->num_entries *
+ prs_alloc_mem(ps, trn->num_entries *
sizeof(UNISTR2))) == NULL) {
return False;
}
@@ -964,23 +964,40 @@ BOOL lsa_io_q_lookup_names(char *desc, LSA_Q_LOOKUP_NAMES *q_r, prs_struct *ps,
if(!smb_io_pol_hnd("", &q_r->pol, ps, depth)) /* policy handle */
return False;
+ if(!prs_align(ps))
+ return False;
if(!prs_uint32("num_entries ", ps, depth, &q_r->num_entries))
return False;
if(!prs_uint32("num_entries2 ", ps, depth, &q_r->num_entries2))
return False;
+ if (UNMARSHALLING(ps)) {
+ if (q_r->num_entries) {
+ if ((q_r->hdr_name = (UNIHDR *)prs_alloc_mem(ps,
+ q_r->num_entries * sizeof(UNIHDR))) == NULL)
+ return False;
+ if ((q_r->uni_name = (UNISTR2 *)prs_alloc_mem(ps,
+ q_r->num_entries * sizeof(UNISTR2))) == NULL)
+ return False;
+ }
+ }
+
for (i = 0; i < q_r->num_entries; i++) {
+ if(!prs_align(ps))
+ return False;
if(!smb_io_unihdr("hdr_name", &q_r->hdr_name[i], ps, depth)) /* pointer names */
return False;
}
for (i = 0; i < q_r->num_entries; i++) {
- if(!smb_io_unistr2("dom_name", &q_r->uni_name[i], q_r->hdr_name[i].buffer, ps, depth)) /* names to be looked up */
- return False;
if(!prs_align(ps))
return False;
+ if(!smb_io_unistr2("dom_name", &q_r->uni_name[i], q_r->hdr_name[i].buffer, ps, depth)) /* names to be looked up */
+ return False;
}
+ if(!prs_align(ps))
+ return False;
if(!prs_uint32("num_trans_entries ", ps, depth, &q_r->num_trans_entries))
return False;
if(!prs_uint32("ptr_trans_sids ", ps, depth, &q_r->ptr_trans_sids))
@@ -997,8 +1014,7 @@ BOOL lsa_io_q_lookup_names(char *desc, LSA_Q_LOOKUP_NAMES *q_r, prs_struct *ps,
reads or writes a structure.
********************************************************************/
-BOOL lsa_io_r_lookup_names(TALLOC_CTX *mem_ctx, char *desc,
- LSA_R_LOOKUP_NAMES *r_r, prs_struct *ps, int depth)
+BOOL lsa_io_r_lookup_names(char *desc, LSA_R_LOOKUP_NAMES *r_r, prs_struct *ps, int depth)
{
int i;
@@ -1032,11 +1048,12 @@ BOOL lsa_io_r_lookup_names(TALLOC_CTX *mem_ctx, char *desc,
return False;
}
- if ((r_r->dom_rid = (DOM_RID2 *)
- talloc(mem_ctx, r_r->num_entries2 * sizeof(DOM_RID2)))
- == NULL) {
- DEBUG(3, ("lsa_io_r_lookup_names(): out of memory\n"));
- return False;
+ if (UNMARSHALLING(ps)) {
+ if ((r_r->dom_rid = (DOM_RID2 *)prs_alloc_mem(ps, r_r->num_entries2 * sizeof(DOM_RID2)))
+ == NULL) {
+ DEBUG(3, ("lsa_io_r_lookup_names(): out of memory\n"));
+ return False;
+ }
}
for (i = 0; i < r_r->num_entries2; i++)
diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c
index dd6784a8e7..859a800771 100644
--- a/source3/rpc_parse/parse_misc.c
+++ b/source3/rpc_parse/parse_misc.c
@@ -321,7 +321,7 @@ void init_uni_hdr(UNIHDR *hdr, int len)
{
hdr->uni_str_len = 2 * len;
hdr->uni_max_len = 2 * len;
- hdr->buffer = len != 0;
+ hdr->buffer = len != 0 ? 1 : 0;
}
/*******************************************************************
@@ -867,8 +867,7 @@ void init_unistr2(UNISTR2 *str, const char *buf, size_t len)
{
ZERO_STRUCTP(str);
- /* Set up string lengths. */
-
+ /* set up string lengths. */
str->uni_max_len = (uint32)len;
str->undoc = 0;
str->uni_str_len = (uint32)len;
@@ -881,7 +880,8 @@ void init_unistr2(UNISTR2 *str, const char *buf, size_t len)
len *= sizeof(uint16);
str->buffer = (uint16 *)talloc(parse_misc_talloc, len);
- if ((str->buffer == NULL) && (len > 0)) {
+ if ((str->buffer == NULL) && (len > 0))
+ {
smb_panic("init_unistr2: malloc fail\n");
return;
}
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index 5bc780860f..aea7294ffe 100644
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -390,11 +390,6 @@ static BOOL lsa_reply_lookup_sids(prs_struct *rdata, DOM_SID2 *sid, int num_entr
return False;
}
- /* Free memory - perhaps this should be done using talloc()? */
-
- safe_free(names.name);
- safe_free(names.uni_name);
-
return True;
}
@@ -409,11 +404,8 @@ static BOOL lsa_reply_lookup_names(prs_struct *rdata, UNISTR2 *names,
DOM_R_REF ref;
DOM_RID2 rids[MAX_LOOKUP_SIDS];
uint32 mapped_count = 0;
- TALLOC_CTX *mem_ctx = talloc_init();
BOOL result = True;
- if (!mem_ctx) return False;
-
ZERO_STRUCT(r_l);
ZERO_STRUCT(ref);
ZERO_ARRAY(rids);
@@ -423,12 +415,11 @@ static BOOL lsa_reply_lookup_names(prs_struct *rdata, UNISTR2 *names,
init_reply_lookup_names(&r_l, &ref, num_entries, rids, mapped_count);
/* store the response in the SMB stream */
- if(!lsa_io_r_lookup_names(mem_ctx, "", &r_l, rdata, 0)) {
+ if(!lsa_io_r_lookup_names("", &r_l, rdata, 0)) {
DEBUG(0,("lsa_reply_lookup_names: Failed to marshall LSA_R_LOOKUP_NAMES.\n"));
result = False;
}
- talloc_destroy(mem_ctx);
return result;
}
@@ -583,20 +574,13 @@ static BOOL api_lsa_lookup_sids(pipes_struct *p)
if(!lsa_io_q_lookup_sids("", &q_l, data, 0)) {
DEBUG(0,("api_lsa_lookup_sids: failed to unmarshall LSA_Q_LOOKUP_SIDS.\n"));
result = False;
- goto done;
}
/* construct reply. return status is always 0x0 */
if(!lsa_reply_lookup_sids(rdata, q_l.sids.sid, q_l.sids.num_entries)) {
result = False;
- goto done;
}
-
- done:
- safe_free(q_l.sids.ptr_sid);
- safe_free(q_l.sids.sid);
-
return result;
}
@@ -618,8 +602,6 @@ static BOOL api_lsa_lookup_names(pipes_struct *p)
return False;
}
- SMB_ASSERT_ARRAY(q_l.uni_name, q_l.num_entries);
-
return lsa_reply_lookup_names(rdata, q_l.uni_name, q_l.num_entries);
}
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index a7614ff640..b43501a56b 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -640,7 +640,7 @@ static BOOL srv_spoolss_sendnotify(POLICY_HND *handle)
/*srv_spoolss_receive_message(printer);*/
DEBUG(10,("srv_spoolss_sendnotify: Sending message about printer %s\n", printer ));
- message_send_all(MSG_PRINTER_NOTIFY, printer, strlen(printer) + 1, False); /* Null terminate... */
+ message_send_all(conn_tdb_ctx(), MSG_PRINTER_NOTIFY, printer, strlen(printer) + 1, False); /* Null terminate... */
return True;
}
diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c
index cf455c0a8b..d150508cef 100644
--- a/source3/smbd/connection.c
+++ b/source3/smbd/connection.c
@@ -33,6 +33,15 @@ static void utmp_claim(const struct connections_data *crec, const connection_str
#endif
/****************************************************************************
+ Return the connection tdb context (used for message send all).
+****************************************************************************/
+
+TDB_CONTEXT *conn_tdb_ctx(void)
+{
+ return tdb;
+}
+
+/****************************************************************************
delete a connection record
****************************************************************************/
BOOL yield_connection(connection_struct *conn,char *name,int max_connections)
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index c017c16bdf..3240438a7a 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -120,12 +120,12 @@ static void SidToString(fstring str, DOM_SID *sid)
}
/* convert a string to a SID, either numeric or username/group */
-static BOOL StringToSid(DOM_SID *sid, fstring str)
+static BOOL StringToSid(DOM_SID *sid, char *str)
{
uint32 *types = NULL;
DOM_SID *sids = NULL;
int num_sids;
- BOOL result = False;
+ BOOL result = True;
/* Short cut */
@@ -136,7 +136,7 @@ static BOOL StringToSid(DOM_SID *sid, fstring str)
if (open_policy_hnd() &&
cli_lsa_lookup_names(&lsa_cli, &pol, 1, &str, &sids, &types,
- &num_sids) == NT_STATUS_NOPROBLEMO) {
+ &num_sids) != NT_STATUS_NOPROBLEMO) {
result = string_to_sid(sid, str);
goto done;
}
@@ -147,6 +147,7 @@ static BOOL StringToSid(DOM_SID *sid, fstring str)
safe_free(types);
done:
+
return result;
}
@@ -372,9 +373,12 @@ static SEC_DESC *sec_desc_parse(char *str)
if (strncmp(tok,"ACL:", 4) == 0) {
SEC_ACE ace;
- if (!parse_ace(&ace, tok+4) ||
- !add_ace(&dacl, &ace)) {
- printf("Failed to parse ACL\n");
+ if (!parse_ace(&ace, tok+4)) {
+ printf("Failed to parse ACL %s\n", tok);
+ return NULL;
+ }
+ if(!add_ace(&dacl, &ace)) {
+ printf("Failed to add ACL %s\n", tok);
return NULL;
}
continue;
@@ -565,7 +569,6 @@ static void cacl_set(struct cli_state *cli, char *filename,
if (!cli_set_secdesc(cli, fnum, sd)) {
printf("ERROR: secdesc set failed: %s\n", cli_errstr(cli));
- return;
}
free_sec_desc(&sd);
@@ -607,12 +610,15 @@ struct cli_state *connect_one(char *share)
if (!(c=cli_initialise(NULL)) || (cli_set_port(c, 139) == 0) ||
!cli_connect(c, server_n, &ip)) {
DEBUG(0,("Connection to %s failed\n", server_n));
+ cli_shutdown(c);
+ safe_free(c);
return NULL;
}
if (!cli_session_request(c, &calling, &called)) {
DEBUG(0,("session request to %s failed\n", called.name));
cli_shutdown(c);
+ safe_free(c);
if (strcmp(called.name, "*SMBSERVER")) {
make_nmb_name(&called , "*SMBSERVER", 0x20);
goto again;
@@ -625,6 +631,7 @@ struct cli_state *connect_one(char *share)
if (!cli_negprot(c)) {
DEBUG(0,("protocol negotiation failed\n"));
cli_shutdown(c);
+ safe_free(c);
return NULL;
}
@@ -640,6 +647,8 @@ struct cli_state *connect_one(char *share)
password, strlen(password),
lp_workgroup())) {
DEBUG(0,("session setup failed: %s\n", cli_errstr(c)));
+ cli_shutdown(c);
+ safe_free(c);
return NULL;
}
@@ -649,6 +658,7 @@ struct cli_state *connect_one(char *share)
password, strlen(password)+1)) {
DEBUG(0,("tree connect failed: %s\n", cli_errstr(c)));
cli_shutdown(c);
+ safe_free(c);
return NULL;
}
diff --git a/source3/utils/smbcontrol.c b/source3/utils/smbcontrol.c
index 991d1d77d2..87d00eecbd 100644
--- a/source3/utils/smbcontrol.c
+++ b/source3/utils/smbcontrol.c
@@ -118,10 +118,17 @@ send a message to a named destination
static BOOL send_message(char *dest, int msg_type, void *buf, int len, BOOL duplicates)
{
pid_t pid;
+ TDB_CONTEXT *the_tdb;
+
+ the_tdb = tdb_open(lock_path("connections.tdb"), 0, 0, O_RDONLY, 0);
+ if (!the_tdb) {
+ fprintf(stderr,"Failed to open connections database in send_message.\n");
+ return False;
+ }
/* "smbd" is the only broadcast operation */
if (strequal(dest,"smbd")) {
- return message_send_all(msg_type, buf, len, duplicates);
+ return message_send_all(the_tdb,msg_type, buf, len, duplicates);
} else if (strequal(dest,"nmbd")) {
pid = pidfile_pid(dest);
if (pid == 0) {