From cd310c19cefddc799ec5f8b374bc9c5ea9dec5f1 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 21 Oct 2005 02:14:23 +0000 Subject: r11240: * fix invalid read reported by valgrind in the spoolss backchannel connection by rewriting spoolss_connect_to_client(). Ensure that we save the cli_state* in the rpc_pipe_client struct. * fix typo in debug message in cli_start_connection" (This used to be commit 18400f96628ffdd332c2fb2aa52b5e9aee5cb3ce) --- source3/libsmb/cliconnect.c | 2 +- source3/rpc_server/srv_spoolss_nt.c | 102 ++++++++++++------------------------ 2 files changed, 35 insertions(+), 69 deletions(-) diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 7ecc769517..8118f073df 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1388,7 +1388,7 @@ again: DEBUG(3,("Connecting to host=%s\n", dest_host)); if (!cli_connect(cli, dest_host, &ip)) { - DEBUG(1,("cli_full_connection: failed to connect to %s (%s)\n", + DEBUG(1,("cli_start_connection: failed to connect to %s (%s)\n", nmb_namestr(&called), inet_ntoa(ip))); cli_shutdown(cli); return NT_STATUS_UNSUCCESSFUL; diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 026e7681e0..e5b3ca3947 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -174,8 +174,10 @@ static void srv_spoolss_replycloseprinter(int snum, POLICY_HND *handle) /* if it's the last connection, deconnect the IPC$ share */ if (smb_connections==1) { - cli_shutdown(notify_cli_pipe->cli); + + cli_shutdown( notify_cli_pipe->cli ); notify_cli_pipe = NULL; /* The above call shuts downn the pipe also. */ + message_deregister(MSG_PRINTER_NOTIFY2); /* Tell the connections db we're no longer interested in @@ -2494,99 +2496,66 @@ done: Connect to the client machine. **********************************************************/ -static BOOL spoolss_connect_to_client(struct cli_state *the_cli, struct rpc_pipe_client **pp_pipe, +static BOOL spoolss_connect_to_client(struct rpc_pipe_client **pp_pipe, struct in_addr *client_ip, const char *remote_machine) { NTSTATUS ret; - ZERO_STRUCTP(the_cli); - - if(cli_initialise(the_cli) == NULL) { - DEBUG(0,("spoolss_connect_to_client: unable to initialize client connection.\n")); - return False; - } - + struct cli_state *the_cli; + struct in_addr rm_addr; + if ( is_zero_ip(*client_ip) ) { - if(!resolve_name( remote_machine, &the_cli->dest_ip, 0x20)) { - DEBUG(0,("spoolss_connect_to_client: Can't resolve address for %s\n", remote_machine)); - cli_shutdown(the_cli); - return False; + if ( !resolve_name( remote_machine, &rm_addr, 0x20) ) { + DEBUG(2,("spoolss_connect_to_client: Can't resolve address for %s\n", remote_machine)); + return False; } - if (ismyip(the_cli->dest_ip)) { + if ( ismyip( rm_addr )) { DEBUG(0,("spoolss_connect_to_client: Machine %s is one of our addresses. Cannot add to ourselves.\n", remote_machine)); - cli_shutdown(the_cli); return False; } - } - else { - the_cli->dest_ip.s_addr = client_ip->s_addr; + } else { + rm_addr.s_addr = client_ip->s_addr; DEBUG(5,("spoolss_connect_to_client: Using address %s (no name resolution necessary)\n", inet_ntoa(*client_ip) )); } - if (!cli_connect(the_cli, remote_machine, &the_cli->dest_ip)) { - DEBUG(0,("spoolss_connect_to_client: unable to connect to SMB server on machine %s. Error was : %s.\n", remote_machine, cli_errstr(the_cli) )); - cli_shutdown(the_cli); - return False; - } - - if (!attempt_netbios_session_request(the_cli, global_myname(), remote_machine, &the_cli->dest_ip)) { - DEBUG(0,("spoolss_connect_to_client: machine %s rejected the NetBIOS session request.\n", - remote_machine)); - cli_shutdown(the_cli); - return False; - } + /* setup the connection */ - the_cli->protocol = PROTOCOL_NT1; - cli_setup_signing_state(the_cli, lp_client_signing()); - - if (!cli_negprot(the_cli)) { - DEBUG(0,("spoolss_connect_to_client: machine %s rejected the negotiate protocol. Error was : %s.\n", remote_machine, cli_errstr(the_cli) )); - cli_shutdown(the_cli); - return False; - } + ret = cli_full_connection( &the_cli, global_myname(), remote_machine, + &rm_addr, 0, "IPC$", "IPC", + "", /* username */ + "", /* domain */ + "", /* password */ + 0, lp_client_signing(), NULL ); - if (the_cli->protocol != PROTOCOL_NT1) { - DEBUG(0,("spoolss_connect_to_client: machine %s didn't negotiate NT protocol.\n", remote_machine)); - cli_shutdown(the_cli); - return False; - } - - /* - * Do an anonymous session setup. - */ - - if (!cli_session_setup(the_cli, "", "", 0, "", 0, "")) { - DEBUG(0,("spoolss_connect_to_client: machine %s rejected the session setup. Error was : %s.\n", remote_machine, cli_errstr(the_cli) )); - cli_shutdown(the_cli); + if ( !NT_STATUS_IS_OK( ret ) ) { + DEBUG(2,("spoolss_connect_to_client: connection to [%s] failed!\n", + remote_machine )); return False; - } - - if (!(the_cli->sec_mode & 1)) { - DEBUG(0,("spoolss_connect_to_client: machine %s isn't in user level security mode\n", remote_machine)); + } + + if ( the_cli->protocol != PROTOCOL_NT1 ) { + DEBUG(0,("spoolss_connect_to_client: machine %s didn't negotiate NT protocol.\n", remote_machine)); cli_shutdown(the_cli); return False; } - if (!cli_send_tconX(the_cli, "IPC$", "IPC", "", 1)) { - DEBUG(0,("spoolss_connect_to_client: machine %s rejected the tconX on the IPC$ share. Error was : %s.\n", remote_machine, cli_errstr(the_cli) )); - cli_shutdown(the_cli); - return False; - } - /* * Ok - we have an anonymous connection to the IPC$ share. * Now start the NT Domain stuff :-). */ - *pp_pipe = cli_rpc_pipe_open_noauth(the_cli, PI_SPOOLSS, &ret); - if(!*pp_pipe) { - DEBUG(0,("spoolss_connect_to_client: unable to open the spoolss pipe on machine %s. Error was : %s.\n", + if ( !(*pp_pipe = cli_rpc_pipe_open_noauth(the_cli, PI_SPOOLSS, &ret)) ) { + DEBUG(2,("spoolss_connect_to_client: unable to open the spoolss pipe on machine %s. Error was : %s.\n", remote_machine, nt_errstr(ret))); cli_shutdown(the_cli); return False; } + /* make sure to save the cli_state pointer. Keep its own talloc_ctx */ + + (*pp_pipe)->cli = the_cli; + return True; } @@ -2605,14 +2574,11 @@ static BOOL srv_spoolss_replyopenprinter(int snum, const char *printer, * and connect to the IPC$ share anonymously */ if (smb_connections==0) { - struct cli_state notify_cli; /* print notify back-channel */ fstring unix_printer; fstrcpy(unix_printer, printer+2); /* the +2 is to strip the leading 2 backslashs */ - ZERO_STRUCT(notify_cli); - - if(!spoolss_connect_to_client(¬ify_cli, ¬ify_cli_pipe, client_ip, unix_printer)) + if ( !spoolss_connect_to_client( ¬ify_cli_pipe, client_ip, unix_printer )) return False; message_register(MSG_PRINTER_NOTIFY2, receive_notify2_message_list); -- cgit