From cf9d07cc7d41627a59ea3bec5ba2b9eebb894ab5 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 29 Nov 1997 02:40:31 +0000 Subject: added a sent_oplock_break element to Files[] as a paranoia check so we can't sent a oplock break twice on the same file. changed some debug levels in the oplock code to level 0 so we can track down a bug zero the returned Files[] entry in find_free_file() don't try to overcome client bugs in the handling of non-encrypted passwords if in server level security mode added paranoid null termination of password buffers slight change to my ajt_panic() routine (This used to be commit e360c79c9cec681c4609783019749773d3e79386) --- source3/include/smb.h | 1 + source3/lib/util.c | 2 +- source3/smbd/reply.c | 10 ++++++---- source3/smbd/server.c | 24 ++++++++++++++++++------ 4 files changed, 26 insertions(+), 11 deletions(-) diff --git a/source3/include/smb.h b/source3/include/smb.h index 49854a2512..bd60c1077a 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -1454,6 +1454,7 @@ typedef struct BOOL print_file; BOOL modified; BOOL granted_oplock; + BOOL sent_oplock_break; char *name; } files_struct; diff --git a/source3/lib/util.c b/source3/lib/util.c index 4d098013f2..ac9c701b70 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -3855,7 +3855,7 @@ my own panic function - not suitable for general use ********************************************************************/ void ajt_panic(void) { - system("/usr/bin/X11/xedit -display ljus:0 /tmp/ERROR_FAULT"); + system("/usr/bin/X11/xedit -display solen:0 /tmp/ERROR_FAULT"); } #endif diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 2c646d99f5..ec94ab0552 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -260,7 +260,6 @@ int reply_tcon_and_X(char *inbuf,char *outbuf,int length,int bufsize) int connection_num; uint16 vuid = SVAL(inbuf,smb_uid); int passlen = SVAL(inbuf,smb_vwv3); - BOOL doencrypt = SMBENCRYPT(); *service = *user = *password = *devicename = 0; @@ -279,7 +278,7 @@ int reply_tcon_and_X(char *inbuf,char *outbuf,int length,int bufsize) password[passlen]=0; path = smb_buf(inbuf) + passlen; - if (!doencrypt || passlen != 24) { + if (passlen != 24) { if (strequal(password," ")) *password = 0; passlen = strlen(password); @@ -412,9 +411,10 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize) } memcpy(smb_apasswd,smb_buf(inbuf),smb_apasslen); + smb_apasswd[smb_apasslen] = 0; pstrcpy(user,smb_buf(inbuf)+smb_apasslen); - if (lp_security() != SEC_SERVER && !doencrypt) { + if (!doencrypt && (lp_security() != SEC_SERVER)) { smb_apasslen = strlen(smb_apasswd); } } else { @@ -448,12 +448,14 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize) passlen1 = MIN(passlen1, MAX_PASS_LEN); passlen2 = MIN(passlen2, MAX_PASS_LEN); - if(doencrypt) { + if(doencrypt || (lp_security() == SEC_SERVER)) { /* Save the lanman2 password and the NT md4 password. */ smb_apasslen = passlen1; memcpy(smb_apasswd,p,smb_apasslen); + smb_apasswd[smb_apasslen] = 0; smb_ntpasslen = passlen2; memcpy(smb_ntpasswd,p+passlen1,smb_ntpasslen); + smb_ntpasswd[smb_ntpasslen] = 0; } else { /* both Win95 and WinNT stuff up the password lengths for non-encrypting systems. Uggh. diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 536e89bf18..77c8fc319f 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -1935,6 +1935,7 @@ dev = %x, inode = %x\n", old_shares[i].op_type, fname, dev, inode)); !IS_VETO_OPLOCK_PATH(cnum,fname)) { fs_p->granted_oplock = True; + fs_p->sent_oplock_break = False; global_oplocks_open++; port = oplock_port; @@ -2807,7 +2808,7 @@ global_oplocks_open = %d\n", timestring(), dev, inode, global_oplocks_open)); if(fsp == NULL) { /* The file could have been closed in the meantime - return success. */ - DEBUG(3,("%s oplock_break: cannot find open file with dev = %x, inode = %x (fnum = %d) \ + DEBUG(0,("%s oplock_break: cannot find open file with dev = %x, inode = %x (fnum = %d) \ allowing break to succeed.\n", timestring(), dev, inode, fnum)); return True; } @@ -2823,11 +2824,19 @@ allowing break to succeed.\n", timestring(), dev, inode, fnum)); if(!fsp->granted_oplock) { - DEBUG(3,("%s oplock_break: file %s (fnum = %d, dev = %x, inode = %x) has no oplock. \ -Allowing break to succeed regardless.\n", timestring(), fsp->name, fnum, dev, inode)); + DEBUG(0,("%s oplock_break: file %s (fnum = %d, dev = %x, inode = %x) has no oplock. Allowing break to succeed regardless.\n", timestring(), fsp->name, fnum, dev, inode)); return True; } + /* mark the oplock break as sent - we don't want to send twice! */ + if (fsp->sent_oplock_break) + { + DEBUG(0,("%s ERROR: oplock_break already sent for file %s (fnum = %d, dev = %x, inode = %x)\n", timestring(), fsp->name, fnum, dev, inode)); + return True; + } + + fsp->sent_oplock_break = True; + /* Now comes the horrid part. We must send an oplock break to the client, and then process incoming messages until we get a close or oplock release. */ @@ -2923,7 +2932,7 @@ inode = %x).\n", timestring(), fsp->name, fnum, dev, inode)); from the sharemode. */ /* Paranoia.... */ fsp->granted_oplock = False; - global_oplocks_open--; + global_oplocks_open--; } /* Santity check - remove this later. JRA */ @@ -3599,8 +3608,11 @@ int find_free_file(void ) /* we start at 1 here for an obscure reason I can't now remember, but I think is important :-) */ for (i=1;i