summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/includes.h10
-rw-r--r--source3/include/ntdomain.h3
-rw-r--r--source3/include/proto.h8
-rw-r--r--source3/include/rpc_dce.h18
-rw-r--r--source3/include/rpc_srvsvc.h2
-rw-r--r--source3/lib/membuffer.c4
-rw-r--r--source3/locking/locking_slow.c41
-rw-r--r--source3/rpc_parse/parse_prs.c2
-rw-r--r--source3/rpc_parse/parse_rpc.c41
-rw-r--r--source3/rpc_server/srv_pipe_hnd.c26
-rw-r--r--source3/rpc_server/srv_util.c17
-rw-r--r--source3/smbd/ipc.c3
12 files changed, 137 insertions, 38 deletions
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 5df76668c6..2ba069aa76 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -606,11 +606,6 @@ char *mktemp(char *); /* No standard include */
not good for HPUX */
/* #define SIGCLD_IGNORE */
#define USE_SIGPROCMASK /* Needed to stop zombie processes on HPUX 9.x and 10.x.*/
-#ifdef HPUX10
-#ifdef SEMMSL
-#undef SEMMSL
-#endif /* SEMMSL */
-#endif /* HPUX10 */
#endif /* HPUX */
@@ -1137,6 +1132,11 @@ union semun {
unsigned short *array;
};
#endif
+#if defined(HPUX) && defined(HPUX10)
+#ifdef SEMMSL
+#undef SEMMSL
+#endif /* SEMMSL */
+#endif /* HPUX && HPUX10 */
#endif
#ifdef AFS_AUTH
diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h
index 32812aa8b1..67fe879f9b 100644
--- a/source3/include/ntdomain.h
+++ b/source3/include/ntdomain.h
@@ -69,7 +69,8 @@ typedef struct
RPC_HDR hdr;
RPC_HDR_BA hdr_ba;
RPC_HDR_RB hdr_rb;
- RPC_HDR_RR hdr_rr;
+ RPC_HDR_REQ hdr_req;
+ RPC_HDR_RESP hdr_resp;
RPC_AUTH_NTLMSSP_REQ ntlmssp_req;
RPC_AUTH_NTLMSSP_RESP ntlmssp_resp;
diff --git a/source3/include/proto.h b/source3/include/proto.h
index ad9a36ca62..faf295f625 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -471,8 +471,10 @@ void make_rpc_hdr_ba(RPC_HDR_BA *rpc,
uint8 num_results, uint16 result, uint16 reason,
RPC_IFACE *transfer);
void smb_io_rpc_hdr_ba(char *desc, RPC_HDR_BA *rpc, prs_struct *ps, int depth);
-void make_rpc_hdr_rr(RPC_HDR_RR *hdr, uint32 data_len, uint8 opnum);
-void smb_io_rpc_hdr_rr(char *desc, RPC_HDR_RR *rpc, prs_struct *ps, int depth);
+void make_rpc_hdr_req(RPC_HDR_REQ *hdr, uint32 data_len, uint16 opnum);
+void smb_io_rpc_hdr_req(char *desc, RPC_HDR_REQ *rpc, prs_struct *ps, int depth);
+void make_rpc_hdr_resp(RPC_HDR_RESP *hdr, uint32 data_len);
+void smb_io_rpc_hdr_resp(char *desc, RPC_HDR_RESP *rpc, prs_struct *ps, int depth);
void make_rpc_auth_ntlmssp_req(RPC_AUTH_NTLMSSP_REQ *req,
fstring ntlmssp_str, uint32 ntlmssp_ver,
uint32 unknown_0, fstring myname, fstring domain);
@@ -1116,7 +1118,7 @@ void mem_buf_free(struct mem_buf **buf);
void mem_free_chain(struct mem_buf **buf);
void mem_free_data(struct mem_buf *buf);
BOOL mem_realloc_data(struct mem_buf *buf, int new_size);
-BOOL mem_grow_data(struct mem_buf **buf, BOOL io, int new_size);
+BOOL mem_grow_data(struct mem_buf **buf, BOOL io, int new_size, BOOL force_grow);
BOOL mem_find(struct mem_buf **buf, uint32 offset);
uint32 mem_buf_len(struct mem_buf *buf);
char *mem_data(struct mem_buf **buf, uint32 offset);
diff --git a/source3/include/rpc_dce.h b/source3/include/rpc_dce.h
index 9aacaaab87..2e3995e43d 100644
--- a/source3/include/rpc_dce.h
+++ b/source3/include/rpc_dce.h
@@ -75,16 +75,24 @@ typedef struct rpc_hdr_info
} RPC_HDR;
-/* RPC_HDR_RR - ms request / response rpc header */
-typedef struct rpc_hdr_rr_info
+/* RPC_HDR_REQ - ms request rpc header */
+typedef struct rpc_hdr_req_info
{
uint32 alloc_hint; /* allocation hint - data size (bytes) minus header and tail. */
- uint8 context_id; /* 0 - presentation context identifier */
+ uint16 context_id; /* 0 - presentation context identifier */
+ uint16 opnum; /* opnum */
+
+} RPC_HDR_REQ;
+
+/* RPC_HDR_RESP - ms response rpc header */
+typedef struct rpc_hdr_resp_info
+{
+ uint32 alloc_hint; /* allocation hint - data size (bytes) minus header and tail. */
+ uint16 context_id; /* 0 - presentation context identifier */
uint8 cancel_count; /* 0 - cancel count */
- uint8 opnum; /* opnum */
uint8 reserved; /* 0 - reserved. */
-} RPC_HDR_RR;
+} RPC_HDR_RESP;
/* this seems to be the same string name depending on the name of the pipe,
* but is more likely to be linked to the interface name
diff --git a/source3/include/rpc_srvsvc.h b/source3/include/rpc_srvsvc.h
index 4d11b915e4..6ba137da2f 100644
--- a/source3/include/rpc_srvsvc.h
+++ b/source3/include/rpc_srvsvc.h
@@ -249,7 +249,7 @@ typedef struct r_net_conn_enum_info
/* oops - this is going to take up a *massive* amount of stack. */
/* the UNISTR2s already have 1024 uint16 chars in them... */
-#define MAX_SHARE_ENTRIES 32
+#define MAX_SHARE_ENTRIES 128
/* SH_INFO_1 (pointers to level 1 share info strings) */
typedef struct ptr_share_info1
diff --git a/source3/lib/membuffer.c b/source3/lib/membuffer.c
index cf832c13cc..90b07047d3 100644
--- a/source3/lib/membuffer.c
+++ b/source3/lib/membuffer.c
@@ -293,11 +293,11 @@ BOOL mem_realloc_data(struct mem_buf *buf, int new_size)
/*******************************************************************
reallocate a memory buffer, retrospectively :-)
********************************************************************/
-BOOL mem_grow_data(struct mem_buf **buf, BOOL io, int new_size)
+BOOL mem_grow_data(struct mem_buf **buf, BOOL io, int new_size, BOOL force_grow)
{
if (new_size + (*buf)->margin >= (*buf)->data_size)
{
- if (io)
+ if (io && !force_grow)
{
DEBUG(3,("mem_grow_data: cannot resize when reading from a data stream\n"));
}
diff --git a/source3/locking/locking_slow.c b/source3/locking/locking_slow.c
index de2bb1701c..d6ac6efac1 100644
--- a/source3/locking/locking_slow.c
+++ b/source3/locking/locking_slow.c
@@ -502,8 +502,17 @@ mode file %s (%s)\n", fname, strerror(errno)));
return 0;
}
/* Now truncate the file at this point. */
+#ifdef FTRUNCATE_NEEDS_ROOT
+ become_root(False);
+#endif /* FTRUNCATE_NEEDS_ROOT */
+
if(ftruncate(fd, newsize)!= 0)
{
+
+#ifdef FTRUNCATE_NEEDS_ROOT
+ unbecome_root(False);
+#endif /* FTRUNCATE_NEEDS_ROOT */
+
DEBUG(0,("ERROR: get_share_modes: failed to ftruncate share \
mode file %s to size %d (%s)\n", fname, newsize, strerror(errno)));
if(*old_shares)
@@ -515,6 +524,10 @@ mode file %s to size %d (%s)\n", fname, newsize, strerror(errno)));
}
}
+#ifdef FTRUNCATE_NEEDS_ROOT
+ unbecome_root(False);
+#endif /* FTRUNCATE_NEEDS_ROOT */
+
if(buf)
free(buf);
@@ -653,15 +666,29 @@ mode file %s (%s)\n", fname, strerror(errno)));
free(buf);
return;
}
+
/* Now truncate the file at this point. */
+#ifdef FTRUNCATE_NEEDS_ROOT
+ become_root(False);
+#endif /* FTRUNCATE_NEEDS_ROOT */
+
if(ftruncate(fd, newsize) != 0)
{
+
+#ifdef FTRUNCATE_NEEDS_ROOT
+ unbecome_root(False);
+#endif /* FTRUNCATE_NEEDS_ROOT */
+
DEBUG(0,("ERROR: del_share_mode: failed to ftruncate share \
mode file %s to size %d (%s)\n", fname, newsize, strerror(errno)));
if(buf)
free(buf);
return;
}
+
+#ifdef FTRUNCATE_NEEDS_ROOT
+ unbecome_root(False);
+#endif /* FTRUNCATE_NEEDS_ROOT */
}
/*******************************************************************
@@ -795,8 +822,18 @@ deleting it (%s).\n",fname, strerror(errno)));
}
/* Now truncate the file at this point - just for safety. */
+
+#ifdef FTRUNCATE_NEEDS_ROOT
+ become_root(False);
+#endif /* FTRUNCATE_NEEDS_ROOT */
+
if(ftruncate(fd, header_size + (SMF_ENTRY_LENGTH*num_entries))!= 0)
{
+
+#ifdef FTRUNCATE_NEEDS_ROOT
+ unbecome_root(False);
+#endif /* FTRUNCATE_NEEDS_ROOT */
+
DEBUG(0,("ERROR: set_share_mode: failed to ftruncate share \
mode file %s to size %d (%s)\n", fname, header_size + (SMF_ENTRY_LENGTH*num_entries),
strerror(errno)));
@@ -805,6 +842,10 @@ mode file %s to size %d (%s)\n", fname, header_size + (SMF_ENTRY_LENGTH*num_entr
return False;
}
+#ifdef FTRUNCATE_NEEDS_ROOT
+ unbecome_root(False);
+#endif /* FTRUNCATE_NEEDS_ROOT */
+
if(buf)
free(buf);
diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c
index 799bd1cc94..0baf05597c 100644
--- a/source3/rpc_parse/parse_prs.c
+++ b/source3/rpc_parse/parse_prs.c
@@ -86,7 +86,7 @@ void prs_align(prs_struct *ps)
********************************************************************/
BOOL prs_grow(prs_struct *ps)
{
- return mem_grow_data(&(ps->data), ps->io, ps->offset);
+ return mem_grow_data(&(ps->data), ps->io, ps->offset, False);
}
diff --git a/source3/rpc_parse/parse_rpc.c b/source3/rpc_parse/parse_rpc.c
index b025d3f1c8..8a5b6c172e 100644
--- a/source3/rpc_parse/parse_rpc.c
+++ b/source3/rpc_parse/parse_rpc.c
@@ -384,33 +384,58 @@ void smb_io_rpc_hdr_ba(char *desc, RPC_HDR_BA *rpc, prs_struct *ps, int depth)
}
/*******************************************************************
-creates an RPC_HDR_RR structure.
+creates an RPC_HDR_REQ structure.
********************************************************************/
-void make_rpc_hdr_rr(RPC_HDR_RR *hdr, uint32 data_len, uint8 opnum)
+void make_rpc_hdr_req(RPC_HDR_REQ *hdr, uint32 data_len, uint16 opnum)
{
if (hdr == NULL) return;
hdr->alloc_hint = data_len - 0x18; /* allocation hint */
hdr->context_id = 0; /* presentation context identifier */
- hdr->cancel_count = 0; /* cancel count */
hdr->opnum = opnum; /* opnum */
+}
+
+/*******************************************************************
+reads or writes an RPC_HDR_REQ structure.
+********************************************************************/
+void smb_io_rpc_hdr_req(char *desc, RPC_HDR_REQ *rpc, prs_struct *ps, int depth)
+{
+ if (rpc == NULL) return;
+
+ prs_debug(ps, depth, desc, "smb_io_rpc_hdr_req");
+ depth++;
+
+ prs_uint32("alloc_hint", ps, depth, &(rpc->alloc_hint));
+ prs_uint16("context_id", ps, depth, &(rpc->context_id));
+ prs_uint16("opnum ", ps, depth, &(rpc->opnum));
+}
+
+/*******************************************************************
+creates an RPC_HDR_RESP structure.
+********************************************************************/
+void make_rpc_hdr_resp(RPC_HDR_RESP *hdr, uint32 data_len)
+{
+ if (hdr == NULL) return;
+
+ hdr->alloc_hint = data_len - 0x18; /* allocation hint */
+ hdr->context_id = 0; /* presentation context identifier */
+ hdr->cancel_count = 0; /* cancel count */
hdr->reserved = 0; /* 0 - reserved */
}
/*******************************************************************
-reads or writes an RPC_HDR_RR structure.
+reads or writes an RPC_HDR_RESP structure.
********************************************************************/
-void smb_io_rpc_hdr_rr(char *desc, RPC_HDR_RR *rpc, prs_struct *ps, int depth)
+void smb_io_rpc_hdr_resp(char *desc, RPC_HDR_RESP *rpc, prs_struct *ps, int depth)
{
if (rpc == NULL) return;
- prs_debug(ps, depth, desc, "smb_io_rpc_hdr_rr");
+ prs_debug(ps, depth, desc, "smb_io_rpc_hdr_resp");
depth++;
prs_uint32("alloc_hint", ps, depth, &(rpc->alloc_hint));
- prs_uint8 ("context_id", ps, depth, &(rpc->context_id));
+ prs_uint16("context_id", ps, depth, &(rpc->context_id));
prs_uint8 ("cancel_ct ", ps, depth, &(rpc->cancel_count));
- prs_uint8 ("opnum ", ps, depth, &(rpc->opnum));
prs_uint8 ("reserved ", ps, depth, &(rpc->reserved));
}
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index e4893fee89..a371e48bfd 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -157,9 +157,10 @@ int read_pipe(uint16 pnum, char *data, uint32 pos, int n)
if (OPEN_PNUM(pnum - PIPE_HANDLE_OFFSET))
{
- int num;
- int len;
- uint32 rpc_frag_pos;
+ int num = 0;
+ int len = 0;
+ uint32 hdr_num = 0;
+ uint32 rpc_frag_pos = 0;
DEBUG(6,("OK\n"));
@@ -169,9 +170,14 @@ int read_pipe(uint16 pnum, char *data, uint32 pos, int n)
return 0;
}
+ DEBUG(6,("read_pipe: p: %p max_rdata_len: %d data_pos: %d num: %d\n",
+ p, p->max_rdata_len, data_pos, num));
+
/* the read request starts from where the SMBtrans2 left off. */
data_pos += p->max_rdata_len;
+ rpc_frag_pos = data_pos % p->hdr.frag_len;
+
/* headers accumulate an offset */
data_pos -= p->hdr_offsets;
@@ -182,22 +188,32 @@ int read_pipe(uint16 pnum, char *data, uint32 pos, int n)
if (!IS_BITS_SET_ALL(p->hdr.flags, RPC_FLG_LAST))
{
- rpc_frag_pos = data_pos % p->hdr.frag_len;
+ DEBUG(5,("read_pipe: hdr_offsets: %d rpc_frag_pos: %d frag_len: %d\n",
+ p->hdr_offsets, rpc_frag_pos, p->hdr.frag_len));
if (rpc_frag_pos == 0)
{
+ /* this is subtracted from the total data bytes, later */
+ hdr_num = 0x18;
+
/* create and copy in a new header. */
create_rpc_reply(p, data_pos, p->rdata.offset);
mem_buf_copy(data, p->rhdr.data, 0, 0x18);
/* make room in data stream for header */
p->hdr_offsets += 0x18;
+ data += 0x18;
+
+ DEBUG(6,("read_pipe: hdr_offsets: %d\n", p->hdr_offsets));
}
}
if (num > 0)
{
- mem_buf_copy(data, p->rhdr.data, data_pos, num);
+ DEBUG(6,("read_pipe: adjusted data_pos: %d num: %d\n",
+ data_pos, num - hdr_num));
+ mem_buf_copy(data, p->rhdr.data, data_pos, num - hdr_num);
+
return num;
}
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 7be259029a..3f4d66eab2 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -173,13 +173,16 @@ void get_domain_user_groups(char *domain_groups, char *user)
BOOL create_rpc_reply(pipes_struct *p,
uint32 data_start, uint32 data_end)
{
+ DEBUG(5,("create_rpc_reply: data_start: %d data_end: %d max_tsize: %d\n",
+ data_start, data_end, p->hdr_ba.bba.max_tsize));
+
mem_buf_init(&(p->rhdr.data), 0);
mem_alloc_data(p->rhdr.data, 0x18);
p->rhdr.align = 4;
p->rhdr.io = False;
- p->hdr_rr.alloc_hint = data_end - data_start; /* calculate remaining data to be sent */
+ p->hdr_resp.alloc_hint = data_end - data_start; /* calculate remaining data to be sent */
p->hdr.pkt_type = RPC_RESPONSE; /* mark header as an rpc response */
/* set up rpc header (fragmentation issues) */
@@ -192,10 +195,10 @@ BOOL create_rpc_reply(pipes_struct *p,
p->hdr.flags = 0;
}
- if (p->hdr_rr.alloc_hint + 0x18 <= p->hdr_ba.bba.max_tsize)
+ if (p->hdr_resp.alloc_hint + 0x18 <= p->hdr_ba.bba.max_tsize)
{
p->hdr.flags |= RPC_FLG_LAST;
- p->hdr.frag_len = p->hdr_rr.alloc_hint + 0x18;
+ p->hdr.frag_len = p->hdr_resp.alloc_hint + 0x18;
}
else
{
@@ -208,7 +211,7 @@ BOOL create_rpc_reply(pipes_struct *p,
/* store the header in the data stream */
p->rhdr.offset = 0;
smb_io_rpc_hdr ("hdr", &(p->hdr ), &(p->rhdr), 0);
- smb_io_rpc_hdr_rr("rr" , &(p->hdr_rr), &(p->rhdr), 0);
+ smb_io_rpc_hdr_resp("resp", &(p->hdr_resp), &(p->rhdr), 0);
return p->rhdr.data != NULL && p->rhdr.offset == 0x18;
}
@@ -222,11 +225,11 @@ static BOOL api_rpc_command(pipes_struct *p,
prs_struct *data)
{
int fn_num;
- DEBUG(4,("api_rpc_command: %s op 0x%x - ", rpc_name, p->hdr_rr.opnum));
+ DEBUG(4,("api_rpc_command: %s op 0x%x - ", rpc_name, p->hdr_req.opnum));
for (fn_num = 0; api_rpc_cmds[fn_num].name; fn_num++)
{
- if (api_rpc_cmds[fn_num].opnum == p->hdr_rr.opnum && api_rpc_cmds[fn_num].fn != NULL)
+ if (api_rpc_cmds[fn_num].opnum == p->hdr_req.opnum && api_rpc_cmds[fn_num].fn != NULL)
{
DEBUG(3,("api_rpc_command: %s\n", api_rpc_cmds[fn_num].name));
break;
@@ -280,7 +283,7 @@ BOOL api_rpcTNP(pipes_struct *p, char *rpc_name, struct api_struct *api_rpc_cmds
}
/* read the rpc header */
- smb_io_rpc_hdr_rr("", &(p->hdr_rr), data, 0);
+ smb_io_rpc_hdr_req("req", &(p->hdr_req), data, 0);
/* interpret the command */
if (!api_rpc_command(p, rpc_name, api_rpc_cmds, data))
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index 6d0a8d55dd..62951219bf 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -3367,6 +3367,9 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf,
/* record maximum data length that can be transmitted in an SMBtrans */
p->max_rdata_len = mdrcnt;
+ DEBUG(10,("api_fd_reply: p:%p max_rdata_len: %d\n",
+ p, p->max_rdata_len));
+
switch (subcommand)
{
case 0x26: