summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/rpc_server/srv_lsa.c28
-rw-r--r--source3/rpc_server/srv_pipe_hnd.c12
-rw-r--r--source3/smbd/blocking.c4
-rw-r--r--source3/utils/torture.c16
4 files changed, 41 insertions, 19 deletions
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index f5dd09d05e..1c682044cf 100644
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -90,6 +90,8 @@ static void init_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid)
fstring sid_str;
int domlen = strlen(dom_name);
+ *sid_str = '\0';
+
d_q->uni_dom_max_len = domlen * 2;
d_q->uni_dom_str_len = domlen * 2;
@@ -99,8 +101,10 @@ static void init_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid)
/* this string is supposed to be character short */
init_unistr2(&d_q->uni_domain_name, dom_name, domlen);
- sid_to_string(sid_str, dom_sid);
- init_dom_sid2(&d_q->dom_sid, dom_sid);
+ if(dom_sid) {
+ sid_to_string(sid_str, dom_sid);
+ init_dom_sid2(&d_q->dom_sid, dom_sid);
+ }
}
/***************************************************************************
@@ -128,7 +132,7 @@ lsa_reply_query_info
***************************************************************************/
static BOOL lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata,
- char *dom_name, DOM_SID *dom_sid)
+ char *dom_name, DOM_SID *dom_sid, uint32 status_code)
{
LSA_R_QUERY_INFO r_q;
@@ -136,12 +140,14 @@ static BOOL lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata,
/* set up the LSA QUERY INFO response */
- r_q.undoc_buffer = 0x22000000; /* bizarre */
- r_q.info_class = q_q->info_class;
+ if(status_code == 0) {
+ r_q.undoc_buffer = 0x22000000; /* bizarre */
+ r_q.info_class = q_q->info_class;
- init_dom_query(&r_q.dom.id5, dom_name, dom_sid);
+ init_dom_query(&r_q.dom.id5, dom_name, dom_sid);
+ }
- r_q.status = 0x0;
+ r_q.status = status_code;
/* store the response in the SMB stream */
if(!lsa_io_r_query("", &r_q, rdata, 0)) {
@@ -484,7 +490,8 @@ static BOOL api_lsa_enum_trust_dom(prs_struct *data, prs_struct *rdata)
ZERO_STRUCT(q_e);
/* grab the enum trust domain context etc. */
- lsa_io_q_enum_trust_dom("", &q_e, data, 0);
+ if(!lsa_io_q_enum_trust_dom("", &q_e, data, 0))
+ return False;
/* construct reply. return status is always 0x0 */
lsa_reply_enum_trust_dom(&q_e, rdata, 0, NULL, NULL);
@@ -500,6 +507,8 @@ static BOOL api_lsa_query_info(prs_struct *data, prs_struct *rdata)
LSA_Q_QUERY_INFO q_i;
fstring name;
DOM_SID *sid = NULL;
+ uint32 status_code = 0;
+
memset(name, 0, sizeof(name));
ZERO_STRUCT(q_i);
@@ -525,11 +534,12 @@ static BOOL api_lsa_query_info(prs_struct *data, prs_struct *rdata)
break;
default:
DEBUG(0,("api_lsa_query_info: unknown info level in Lsa Query: %d\n", q_i.info_class));
+ status_code = (NT_STATUS_INVALID_INFO_CLASS | 0xC0000000);
break;
}
/* construct reply. return status is always 0x0 */
- if(!lsa_reply_query_info(&q_i, rdata, name, sid))
+ if(!lsa_reply_query_info(&q_i, rdata, name, sid, status_code))
return False;
return True;
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index 56b76d92be..17ed35addd 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -77,7 +77,7 @@ void init_rpc_pipe_hnd(void)
Initialise an outgoing packet.
****************************************************************************/
-static BOOL pipe_init_outgoing_data(output_data *o_data, uint32 len)
+static BOOL pipe_init_outgoing_data(output_data *o_data)
{
/* Reset the offset counters. */
o_data->data_sent_length = 0;
@@ -93,7 +93,7 @@ static BOOL pipe_init_outgoing_data(output_data *o_data, uint32 len)
* Initialize the outgoing RPC data buffer.
* we will use this as the raw data area for replying to rpc requests.
*/
- if(!prs_init(&o_data->rdata, len, 4, MARSHALL)) {
+ if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, 4, MARSHALL)) {
DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n"));
return False;
}
@@ -486,7 +486,7 @@ authentication failed. Denying the request.\n", p->name));
* Process the complete data stream here.
*/
- if(pipe_init_outgoing_data(&p->out_data, MAX_PDU_FRAG_LEN))
+ if(pipe_init_outgoing_data(&p->out_data))
ret = api_pipe_request(p);
/*
@@ -537,14 +537,14 @@ static ssize_t process_complete_pdu(pipes_struct *p)
/*
* We assume that a pipe bind is only in one pdu.
*/
- if(pipe_init_outgoing_data(&p->out_data, MAX_PDU_FRAG_LEN))
+ if(pipe_init_outgoing_data(&p->out_data))
reply = api_pipe_bind_req(p, &rpc_in);
break;
case RPC_BINDRESP:
/*
* We assume that a pipe bind_resp is only in one pdu.
*/
- if(pipe_init_outgoing_data(&p->out_data, MAX_PDU_FRAG_LEN))
+ if(pipe_init_outgoing_data(&p->out_data))
reply = api_pipe_bind_auth_resp(p, &rpc_in);
break;
case RPC_REQUEST:
@@ -716,7 +716,7 @@ static BOOL read_from_remote(pipes_struct *p)
* Create the response data buffer.
*/
- if(!pipe_init_outgoing_data(&p->out_data, 65536)) {
+ if(!pipe_init_outgoing_data(&p->out_data)) {
DEBUG(0,("read_from_remote: failed to create outgoing buffer.\n"));
return False;
}
diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c
index ddf7de3f5b..e8dc29f80a 100644
--- a/source3/smbd/blocking.c
+++ b/source3/smbd/blocking.c
@@ -117,8 +117,8 @@ BOOL push_blocking_lock_request( char *inbuf, int length, int lock_timeout, int
ubi_slAddTail(&blocking_lock_queue, blr);
- DEBUG(3,("push_blocking_lock_request: lock request length=%d blocked with expiry time %d \
-for fnum = %d, name = %s\n", length, (int)blr->expire_time,
+ DEBUG(3,("push_blocking_lock_request: lock request length=%d blocked with expiry time %d (+%d) \
+for fnum = %d, name = %s\n", length, (int)blr->expire_time, lock_timeout,
blr->fsp->fnum, blr->fsp->fsp_name ));
return True;
diff --git a/source3/utils/torture.c b/source3/utils/torture.c
index 40920f79c3..e74106609d 100644
--- a/source3/utils/torture.c
+++ b/source3/utils/torture.c
@@ -998,8 +998,20 @@ static void run_locktest5(int dummy)
goto fail;
}
+ /* Check for NT bug... */
+ ret = cli_lock(&cli1, fnum1, 0, 8, 0, READ_LOCK) &&
+ cli_lock(&cli1, fnum3, 0, 1, 0, READ_LOCK);
+ cli_close(&cli1, fnum1);
+ fnum1 = cli_open(&cli1, fname, O_RDWR, DENY_NONE);
+ ret = cli_lock(&cli1, fnum1, 7, 1, 0, WRITE_LOCK);
+ EXPECTED(ret, True);
+ printf("this server %s the NT locking bug\n", ret ? "doesn't have" : "has");
+ cli_close(&cli1, fnum1);
+ fnum1 = cli_open(&cli1, fname, O_RDWR, DENY_NONE);
+ cli_unlock(&cli1, fnum3, 0, 1);
+
ret = cli_lock(&cli1, fnum1, 0, 4, 0, WRITE_LOCK) &&
- cli_lock(&cli1, fnum1, 0, 4, 0, READ_LOCK);
+ cli_lock(&cli1, fnum1, 1, 1, 0, READ_LOCK);
EXPECTED(ret, True);
printf("the same process %s overlay a write with a read lock\n", ret?"can":"cannot");
@@ -1040,7 +1052,7 @@ static void run_locktest5(int dummy)
/* We should have 3 stacked locks here. Ensure we need to do 3 unlocks. */
- ret = cli_unlock(&cli1, fnum1, 0, 4) &&
+ ret = cli_unlock(&cli1, fnum1, 1, 1) &&
cli_unlock(&cli1, fnum1, 0, 4) &&
cli_unlock(&cli1, fnum1, 0, 4);