summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/smbd/globals.h1
-rw-r--r--source3/smbd/server.c9
-rw-r--r--source3/smbd/smb2_sesssetup.c2
-rw-r--r--source3/smbd/smb2_tcon.c19
4 files changed, 30 insertions, 1 deletions
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index cd0cb4d246..e8821d71a4 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -286,6 +286,7 @@ struct smbd_smb2_tcon {
struct smbd_smb2_session *session;
uint32_t tid;
int snum;
+ connection_struct *compat_conn;
};
struct pending_auth_data;
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 77e487ac68..a022f3e868 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -827,6 +827,15 @@ static void exit_server_common(enum server_exit_reason how,
locking_end();
printing_end();
+ /*
+ * we need to force the order of freeing the following,
+ * because smbd_msg_ctx is not a talloc child of smbd_server_conn.
+ */
+ sconn = NULL;
+ TALLOC_FREE(smbd_server_conn);
+ TALLOC_FREE(smbd_msg_ctx);
+ TALLOC_FREE(smbd_event_ctx);
+
if (how != SERVER_EXIT_NORMAL) {
int oldlevel = DEBUGLEVEL;
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index eb88a60420..0f0a90003e 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -172,7 +172,7 @@ static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *req,
if (session->tcons.idtree == NULL) {
return NT_STATUS_NO_MEMORY;
}
- session->tcons.limit = 0x00FFFFFF;
+ session->tcons.limit = 0x0000FFFE;
session->tcons.list = NULL;
DLIST_ADD_END(req->conn->smb2.sessions.list, session,
diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c
index f74d1bcca7..4f305e01d5 100644
--- a/source3/smbd/smb2_tcon.c
+++ b/source3/smbd/smb2_tcon.c
@@ -110,6 +110,9 @@ static int smbd_smb2_tcon_destructor(struct smbd_smb2_tcon *tcon)
idr_remove(tcon->session->tcons.idtree, tcon->tid);
DLIST_REMOVE(tcon->session->tcons.list, tcon);
+ conn_free(tcon->session->conn, tcon->compat_conn);
+
+ tcon->compat_conn = NULL;
tcon->tid = 0;
tcon->session = NULL;
@@ -125,6 +128,7 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req,
int snum = -1;
struct smbd_smb2_tcon *tcon;
int id;
+ NTSTATUS status;
if (strncmp(share, "\\\\", 2) == 0) {
const char *p = strchr(share+2, '\\');
@@ -158,6 +162,7 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req,
tcon,
req->session->tcons.limit);
if (id == -1) {
+ TALLOC_FREE(tcon);
return NT_STATUS_INSUFFICIENT_RESOURCES;
}
tcon->tid = id;
@@ -168,6 +173,16 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req,
tcon->session = req->session;
talloc_set_destructor(tcon, smbd_smb2_tcon_destructor);
+ tcon->compat_conn = make_connection_snum(req->conn,
+ snum, req->session->compat_vuser,
+ data_blob_null, "???",
+ &status);
+ if (tcon->compat_conn == NULL) {
+ TALLOC_FREE(tcon);
+ return status;
+ }
+ tcon->compat_conn->cnum = tcon->tid;
+
*out_tree_id = tcon->tid;
return NT_STATUS_OK;
}
@@ -191,6 +206,10 @@ NTSTATUS smbd_smb2_request_check_tcon(struct smbd_smb2_request *req)
}
tcon = talloc_get_type_abort(p, struct smbd_smb2_tcon);
+ if (!change_to_user(tcon->compat_conn,req->session->vuid)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
req->tcon = tcon;
return NT_STATUS_OK;
}