diff options
-rw-r--r-- | source3/smbd/globals.h | 1 | ||||
-rw-r--r-- | source3/smbd/server.c | 9 | ||||
-rw-r--r-- | source3/smbd/smb2_sesssetup.c | 2 | ||||
-rw-r--r-- | source3/smbd/smb2_tcon.c | 19 |
4 files changed, 30 insertions, 1 deletions
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index cd0cb4d246..e8821d71a4 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -286,6 +286,7 @@ struct smbd_smb2_tcon { struct smbd_smb2_session *session; uint32_t tid; int snum; + connection_struct *compat_conn; }; struct pending_auth_data; diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 77e487ac68..a022f3e868 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -827,6 +827,15 @@ static void exit_server_common(enum server_exit_reason how, locking_end(); printing_end(); + /* + * we need to force the order of freeing the following, + * because smbd_msg_ctx is not a talloc child of smbd_server_conn. + */ + sconn = NULL; + TALLOC_FREE(smbd_server_conn); + TALLOC_FREE(smbd_msg_ctx); + TALLOC_FREE(smbd_event_ctx); + if (how != SERVER_EXIT_NORMAL) { int oldlevel = DEBUGLEVEL; diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index eb88a60420..0f0a90003e 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -172,7 +172,7 @@ static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *req, if (session->tcons.idtree == NULL) { return NT_STATUS_NO_MEMORY; } - session->tcons.limit = 0x00FFFFFF; + session->tcons.limit = 0x0000FFFE; session->tcons.list = NULL; DLIST_ADD_END(req->conn->smb2.sessions.list, session, diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c index f74d1bcca7..4f305e01d5 100644 --- a/source3/smbd/smb2_tcon.c +++ b/source3/smbd/smb2_tcon.c @@ -110,6 +110,9 @@ static int smbd_smb2_tcon_destructor(struct smbd_smb2_tcon *tcon) idr_remove(tcon->session->tcons.idtree, tcon->tid); DLIST_REMOVE(tcon->session->tcons.list, tcon); + conn_free(tcon->session->conn, tcon->compat_conn); + + tcon->compat_conn = NULL; tcon->tid = 0; tcon->session = NULL; @@ -125,6 +128,7 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, int snum = -1; struct smbd_smb2_tcon *tcon; int id; + NTSTATUS status; if (strncmp(share, "\\\\", 2) == 0) { const char *p = strchr(share+2, '\\'); @@ -158,6 +162,7 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, tcon, req->session->tcons.limit); if (id == -1) { + TALLOC_FREE(tcon); return NT_STATUS_INSUFFICIENT_RESOURCES; } tcon->tid = id; @@ -168,6 +173,16 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, tcon->session = req->session; talloc_set_destructor(tcon, smbd_smb2_tcon_destructor); + tcon->compat_conn = make_connection_snum(req->conn, + snum, req->session->compat_vuser, + data_blob_null, "???", + &status); + if (tcon->compat_conn == NULL) { + TALLOC_FREE(tcon); + return status; + } + tcon->compat_conn->cnum = tcon->tid; + *out_tree_id = tcon->tid; return NT_STATUS_OK; } @@ -191,6 +206,10 @@ NTSTATUS smbd_smb2_request_check_tcon(struct smbd_smb2_request *req) } tcon = talloc_get_type_abort(p, struct smbd_smb2_tcon); + if (!change_to_user(tcon->compat_conn,req->session->vuid)) { + return NT_STATUS_ACCESS_DENIED; + } + req->tcon = tcon; return NT_STATUS_OK; } |