summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/aio.c8
-rw-r--r--source3/smbd/nttrans.c12
-rw-r--r--source3/smbd/open.c5
-rw-r--r--source3/smbd/reply.c5
-rw-r--r--source3/smbd/sesssetup.c23
5 files changed, 40 insertions, 13 deletions
diff --git a/source3/smbd/aio.c b/source3/smbd/aio.c
index 2889e3c13f..74275368bd 100644
--- a/source3/smbd/aio.c
+++ b/source3/smbd/aio.c
@@ -268,12 +268,15 @@ bool schedule_aio_read_and_X(connection_struct *conn,
a->aio_sigevent.sigev_signo = RT_SIGNAL_AIO;
a->aio_sigevent.sigev_value.sival_int = aio_ex->mid;
+ become_root();
if (SMB_VFS_AIO_READ(fsp,a) == -1) {
DEBUG(0,("schedule_aio_read_and_X: aio_read failed. "
"Error %s\n", strerror(errno) ));
delete_aio_ex(aio_ex);
+ unbecome_root();
return False;
}
+ unbecome_root();
DEBUG(10,("schedule_aio_read_and_X: scheduled aio_read for file %s, "
"offset %.0f, len = %u (mid = %u)\n",
@@ -366,13 +369,16 @@ bool schedule_aio_write_and_X(connection_struct *conn,
a->aio_sigevent.sigev_signo = RT_SIGNAL_AIO;
a->aio_sigevent.sigev_value.sival_int = aio_ex->mid;
+ become_root();
if (SMB_VFS_AIO_WRITE(fsp,a) == -1) {
DEBUG(3,("schedule_aio_wrote_and_X: aio_write failed. "
"Error %s\n", strerror(errno) ));
delete_aio_ex(aio_ex);
+ unbecome_root();
return False;
}
-
+ unbecome_root();
+
release_level_2_oplocks_on_change(fsp);
if (!write_through && !lp_syncalways(SNUM(fsp->conn))
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 149e6ecbd9..b6951272d7 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -455,6 +455,12 @@ void reply_ntcreate_and_X(struct smb_request *req)
fname));
/*
+ * we need to remove ignored bits when they come directly from the client
+ * because we reuse some of them for internal stuff
+ */
+ create_options &= ~NTCREATEX_OPTIONS_MUST_IGNORE_MASK;
+
+ /*
* If it's an IPC, use the pipe handler.
*/
@@ -858,6 +864,12 @@ static void call_nt_transact_create(connection_struct *conn,
allocation_size |= (((SMB_BIG_UINT)IVAL(params,16)) << 32);
#endif
+ /*
+ * we need to remove ignored bits when they come directly from the client
+ * because we reuse some of them for internal stuff
+ */
+ create_options &= ~NTCREATEX_OPTIONS_MUST_IGNORE_MASK;
+
/* Ensure the data_len is correct for the sd and ea values given. */
if ((ea_len + sd_len > data_count)
|| (ea_len > data_count) || (sd_len > data_count)
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 03efd09f06..8b32907a4b 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -2560,6 +2560,11 @@ NTSTATUS create_file_unixpath(connection_struct *conn,
goto fail;
}
+ if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
if (req == NULL) {
oplock_request |= INTERNAL_OPEN_ONLY;
}
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index b3d691fbe7..06aa835cb0 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -3198,8 +3198,9 @@ static void send_file_readX(connection_struct *conn, struct smb_request *req,
setup_readX_header((char *)headerbuf, smb_maxcnt);
if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) {
- /* Returning ENOSYS means no data at all was sent. Do this as a normal read. */
- if (errno == ENOSYS) {
+ /* Returning ENOSYS or EINVAL means no data at all was sent.
+ Do this as a normal read. */
+ if (errno == ENOSYS || errno == EINVAL) {
goto normal_read;
}
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 041596b953..9c9d0a97bc 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -1738,16 +1738,19 @@ void reply_sesssetup_and_X(struct smb_request *req)
return;
}
- nt_status = create_local_token(server_info);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(10, ("create_local_token failed: %s\n",
- nt_errstr(nt_status)));
- data_blob_free(&nt_resp);
- data_blob_free(&lm_resp);
- data_blob_clear_free(&plaintext_password);
- reply_nterror(req, nt_status_squash(nt_status));
- END_PROFILE(SMBsesssetupX);
- return;
+ if (!server_info->ptok) {
+ nt_status = create_local_token(server_info);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(10, ("create_local_token failed: %s\n",
+ nt_errstr(nt_status)));
+ data_blob_free(&nt_resp);
+ data_blob_free(&lm_resp);
+ data_blob_clear_free(&plaintext_password);
+ reply_nterror(req, nt_status_squash(nt_status));
+ END_PROFILE(SMBsesssetupX);
+ return;
+ }
}
data_blob_clear_free(&plaintext_password);