diff options
-rw-r--r-- | source3/rpc_server/srv_lsa.c | 28 | ||||
-rw-r--r-- | source3/rpc_server/srv_pipe_hnd.c | 12 | ||||
-rw-r--r-- | source3/smbd/blocking.c | 4 | ||||
-rw-r--r-- | source3/utils/torture.c | 16 |
4 files changed, 41 insertions, 19 deletions
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c index f5dd09d05e..1c682044cf 100644 --- a/source3/rpc_server/srv_lsa.c +++ b/source3/rpc_server/srv_lsa.c @@ -90,6 +90,8 @@ static void init_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid) fstring sid_str; int domlen = strlen(dom_name); + *sid_str = '\0'; + d_q->uni_dom_max_len = domlen * 2; d_q->uni_dom_str_len = domlen * 2; @@ -99,8 +101,10 @@ static void init_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid) /* this string is supposed to be character short */ init_unistr2(&d_q->uni_domain_name, dom_name, domlen); - sid_to_string(sid_str, dom_sid); - init_dom_sid2(&d_q->dom_sid, dom_sid); + if(dom_sid) { + sid_to_string(sid_str, dom_sid); + init_dom_sid2(&d_q->dom_sid, dom_sid); + } } /*************************************************************************** @@ -128,7 +132,7 @@ lsa_reply_query_info ***************************************************************************/ static BOOL lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata, - char *dom_name, DOM_SID *dom_sid) + char *dom_name, DOM_SID *dom_sid, uint32 status_code) { LSA_R_QUERY_INFO r_q; @@ -136,12 +140,14 @@ static BOOL lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata, /* set up the LSA QUERY INFO response */ - r_q.undoc_buffer = 0x22000000; /* bizarre */ - r_q.info_class = q_q->info_class; + if(status_code == 0) { + r_q.undoc_buffer = 0x22000000; /* bizarre */ + r_q.info_class = q_q->info_class; - init_dom_query(&r_q.dom.id5, dom_name, dom_sid); + init_dom_query(&r_q.dom.id5, dom_name, dom_sid); + } - r_q.status = 0x0; + r_q.status = status_code; /* store the response in the SMB stream */ if(!lsa_io_r_query("", &r_q, rdata, 0)) { @@ -484,7 +490,8 @@ static BOOL api_lsa_enum_trust_dom(prs_struct *data, prs_struct *rdata) ZERO_STRUCT(q_e); /* grab the enum trust domain context etc. */ - lsa_io_q_enum_trust_dom("", &q_e, data, 0); + if(!lsa_io_q_enum_trust_dom("", &q_e, data, 0)) + return False; /* construct reply. return status is always 0x0 */ lsa_reply_enum_trust_dom(&q_e, rdata, 0, NULL, NULL); @@ -500,6 +507,8 @@ static BOOL api_lsa_query_info(prs_struct *data, prs_struct *rdata) LSA_Q_QUERY_INFO q_i; fstring name; DOM_SID *sid = NULL; + uint32 status_code = 0; + memset(name, 0, sizeof(name)); ZERO_STRUCT(q_i); @@ -525,11 +534,12 @@ static BOOL api_lsa_query_info(prs_struct *data, prs_struct *rdata) break; default: DEBUG(0,("api_lsa_query_info: unknown info level in Lsa Query: %d\n", q_i.info_class)); + status_code = (NT_STATUS_INVALID_INFO_CLASS | 0xC0000000); break; } /* construct reply. return status is always 0x0 */ - if(!lsa_reply_query_info(&q_i, rdata, name, sid)) + if(!lsa_reply_query_info(&q_i, rdata, name, sid, status_code)) return False; return True; diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 56b76d92be..17ed35addd 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -77,7 +77,7 @@ void init_rpc_pipe_hnd(void) Initialise an outgoing packet. ****************************************************************************/ -static BOOL pipe_init_outgoing_data(output_data *o_data, uint32 len) +static BOOL pipe_init_outgoing_data(output_data *o_data) { /* Reset the offset counters. */ o_data->data_sent_length = 0; @@ -93,7 +93,7 @@ static BOOL pipe_init_outgoing_data(output_data *o_data, uint32 len) * Initialize the outgoing RPC data buffer. * we will use this as the raw data area for replying to rpc requests. */ - if(!prs_init(&o_data->rdata, len, 4, MARSHALL)) { + if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, 4, MARSHALL)) { DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n")); return False; } @@ -486,7 +486,7 @@ authentication failed. Denying the request.\n", p->name)); * Process the complete data stream here. */ - if(pipe_init_outgoing_data(&p->out_data, MAX_PDU_FRAG_LEN)) + if(pipe_init_outgoing_data(&p->out_data)) ret = api_pipe_request(p); /* @@ -537,14 +537,14 @@ static ssize_t process_complete_pdu(pipes_struct *p) /* * We assume that a pipe bind is only in one pdu. */ - if(pipe_init_outgoing_data(&p->out_data, MAX_PDU_FRAG_LEN)) + if(pipe_init_outgoing_data(&p->out_data)) reply = api_pipe_bind_req(p, &rpc_in); break; case RPC_BINDRESP: /* * We assume that a pipe bind_resp is only in one pdu. */ - if(pipe_init_outgoing_data(&p->out_data, MAX_PDU_FRAG_LEN)) + if(pipe_init_outgoing_data(&p->out_data)) reply = api_pipe_bind_auth_resp(p, &rpc_in); break; case RPC_REQUEST: @@ -716,7 +716,7 @@ static BOOL read_from_remote(pipes_struct *p) * Create the response data buffer. */ - if(!pipe_init_outgoing_data(&p->out_data, 65536)) { + if(!pipe_init_outgoing_data(&p->out_data)) { DEBUG(0,("read_from_remote: failed to create outgoing buffer.\n")); return False; } diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c index ddf7de3f5b..e8dc29f80a 100644 --- a/source3/smbd/blocking.c +++ b/source3/smbd/blocking.c @@ -117,8 +117,8 @@ BOOL push_blocking_lock_request( char *inbuf, int length, int lock_timeout, int ubi_slAddTail(&blocking_lock_queue, blr); - DEBUG(3,("push_blocking_lock_request: lock request length=%d blocked with expiry time %d \ -for fnum = %d, name = %s\n", length, (int)blr->expire_time, + DEBUG(3,("push_blocking_lock_request: lock request length=%d blocked with expiry time %d (+%d) \ +for fnum = %d, name = %s\n", length, (int)blr->expire_time, lock_timeout, blr->fsp->fnum, blr->fsp->fsp_name )); return True; diff --git a/source3/utils/torture.c b/source3/utils/torture.c index 40920f79c3..e74106609d 100644 --- a/source3/utils/torture.c +++ b/source3/utils/torture.c @@ -998,8 +998,20 @@ static void run_locktest5(int dummy) goto fail; } + /* Check for NT bug... */ + ret = cli_lock(&cli1, fnum1, 0, 8, 0, READ_LOCK) && + cli_lock(&cli1, fnum3, 0, 1, 0, READ_LOCK); + cli_close(&cli1, fnum1); + fnum1 = cli_open(&cli1, fname, O_RDWR, DENY_NONE); + ret = cli_lock(&cli1, fnum1, 7, 1, 0, WRITE_LOCK); + EXPECTED(ret, True); + printf("this server %s the NT locking bug\n", ret ? "doesn't have" : "has"); + cli_close(&cli1, fnum1); + fnum1 = cli_open(&cli1, fname, O_RDWR, DENY_NONE); + cli_unlock(&cli1, fnum3, 0, 1); + ret = cli_lock(&cli1, fnum1, 0, 4, 0, WRITE_LOCK) && - cli_lock(&cli1, fnum1, 0, 4, 0, READ_LOCK); + cli_lock(&cli1, fnum1, 1, 1, 0, READ_LOCK); EXPECTED(ret, True); printf("the same process %s overlay a write with a read lock\n", ret?"can":"cannot"); @@ -1040,7 +1052,7 @@ static void run_locktest5(int dummy) /* We should have 3 stacked locks here. Ensure we need to do 3 unlocks. */ - ret = cli_unlock(&cli1, fnum1, 0, 4) && + ret = cli_unlock(&cli1, fnum1, 1, 1) && cli_unlock(&cli1, fnum1, 0, 4) && cli_unlock(&cli1, fnum1, 0, 4); |