diff options
-rw-r--r-- | examples/LDAP/samba.schema | 9 | ||||
-rw-r--r-- | source/configure.in | 15 | ||||
-rw-r--r-- | source/libsmb/nmblib.c | 5 | ||||
-rw-r--r-- | source/nmbd/nmbd_packets.c | 44 | ||||
-rw-r--r-- | source/nmbd/nmbd_processlogon.c | 104 | ||||
-rw-r--r-- | source/param/loadparm.c | 2 | ||||
-rw-r--r-- | source/printing/printing.c | 25 |
7 files changed, 172 insertions, 32 deletions
diff --git a/examples/LDAP/samba.schema b/examples/LDAP/samba.schema index 17ea2d9fd2f..7dc4de54b34 100644 --- a/examples/LDAP/samba.schema +++ b/examples/LDAP/samba.schema @@ -10,6 +10,10 @@ ## 1.3.6.1.4.1.7165.2.1.x - attributetypes ## 1.3.6.1.4.1.7165.2.2.x - objectclasses ## +## Printer support +## 1.3.6.1.4.1.7165.2.3.1.x - attributetypes +## 1.3.6.1.4.1.7165.2.3.2.x - objectclasses +## ## ----- READ THIS WHEN ADDING A NEW ATTRIBUTE OR OBJECT CLASS ------ ## ## Run the 'get_next_oid' bash script in this directory to find the @@ -30,6 +34,11 @@ ## ## ------------------------------------------------------------------ +# objectIdentifier SambaRoot 1.3.6.1.4.1.7165 +# objectIdentifier Samba3 SambaRoot:2 +# objectIdentifier Samba3Attrib Samba3:1 +# objectIdentifier Samba3ObjectClass Samba3:2 + ######################################################################## ## HISTORICAL ## ######################################################################## diff --git a/source/configure.in b/source/configure.in index a35745c2e45..53267f0cd95 100644 --- a/source/configure.in +++ b/source/configure.in @@ -480,7 +480,7 @@ case "$host_os" in *irix*) AC_DEFINE(SYSV, 1, [Whether to enable System V compatibility]) ;; - *freebsd*) + *freebsd*|*DragonFly*) AC_DEFINE(FREEBSD, 1, [Whether the host os is FreeBSD]) ;; # @@ -716,7 +716,7 @@ if test x$enable_cups != xno; then CFLAGS="$CFLAGS `$CUPS_CONFIG --cflags`" LDFLAGS="$LDFLAGS `$CUPS_CONFIG --ldflags`" PRINT_LIBS="$PRINT_LIBS `$CUPS_CONFIG --libs`" - elif test x"$enable_cups" == x"yes"; then + elif test x"$enable_cups" = x"yes"; then AC_MSG_ERROR(Cups support required but cups-config not located. Make sure cups-devel related files are installed.) fi fi @@ -1130,7 +1130,7 @@ if test "$enable_shared" = "yes"; then case "$host_os" in *linux*) AC_DEFINE(LINUX,1,[Whether the host os is linux]) BLDSHARED="true" - LDSHFLAGS="-shared -Bsymbolic" + LDSHFLAGS="-shared -Wl,-Bsymbolic" DYNEXP="-Wl,--export-dynamic" PICFLAGS="-fPIC" SONAMEFLAG="-Wl,-soname=" @@ -1163,7 +1163,8 @@ if test "$enable_shared" = "yes"; then AC_DEFINE(STAT_ST_BLOCKSIZE,512) AC_DEFINE(BROKEN_GETGRNAM,1,[Does getgrnam work correctly]) ;; - *netbsd* | *freebsd*) BLDSHARED="true" + *netbsd* | *freebsd* | *DragonFly* ) + BLDSHARED="true" LDSHFLAGS="-shared" DYNEXP="-Wl,--export-dynamic" SONAMEFLAG="-Wl,-soname," @@ -2420,7 +2421,7 @@ if test x"$samba_cv_WITH_AFS" != x"no" || fi fi -if test x"$samba_cv_WITH_FAKE_KASERVER" != x"no" && test x"$have_afs_headers" == x"yes"; then +if test x"$samba_cv_WITH_FAKE_KASERVER" != x"no" && test x"$have_afs_headers" = x"yes"; then AC_DEFINE(WITH_FAKE_KASERVER,1,[Whether to include AFS fake-kaserver support]) fi @@ -2442,7 +2443,7 @@ AC_ARG_WITH(vfs-afsacl, AC_MSG_RESULT(no) ) -if test x"$samba_cv_WITH_VFS_AFSACL" == x"yes"; then +if test x"$samba_cv_WITH_VFS_AFSACL" = x"yes"; then default_shared_modules="$default_shared_modules vfs_afsacl" fi @@ -4005,7 +4006,7 @@ samba_cv_HAVE_BROKEN_LINUX_SENDFILE=yes,samba_cv_HAVE_BROKEN_LINUX_SENDFILE=no)] fi ;; - *freebsd*) + *freebsd* | *DragonFly* ) AC_CACHE_CHECK([for freebsd sendfile support],samba_cv_HAVE_SENDFILE,[ AC_TRY_LINK([\ #include <sys/types.h> diff --git a/source/libsmb/nmblib.c b/source/libsmb/nmblib.c index d883c5308d3..7f22ce0096a 100644 --- a/source/libsmb/nmblib.c +++ b/source/libsmb/nmblib.c @@ -475,6 +475,11 @@ static BOOL parse_dgram(char *inbuf,int length,struct dgram_packet *dgram) dgram->datasize = length-offset; memcpy(dgram->data,inbuf+offset,dgram->datasize); + /* Paranioa. Ensure the last 2 bytes in the dgram buffer are + zero. This should be true anyway, just enforce it for paranioa sake. JRA. */ + SMB_ASSERT(dgram->datasize <= (sizeof(dgram->data)-2)); + memset(&dgram->data[sizeof(dgram->data)-2], '\0', 2); + return(True); } diff --git a/source/nmbd/nmbd_packets.c b/source/nmbd/nmbd_packets.c index d8b50a1b2e9..96de4911dc5 100644 --- a/source/nmbd/nmbd_packets.c +++ b/source/nmbd/nmbd_packets.c @@ -1203,6 +1203,16 @@ an error packet of type %x\n", nmb_namestr(&dgram->dest_name), inet_ntoa(p->ip), return; } + /* Ensure we have a large enough packet before looking inside. */ + if (dgram->datasize < (smb_vwv12 - 2)) { + /* That's the offset minus the 4 byte length + 2 bytes of offset. */ + DEBUG(0,("process_dgram: ignoring too short dgram packet (%u) sent to name %s from IP %s\n", + (unsigned int)dgram->datasize, + nmb_namestr(&dgram->dest_name), + inet_ntoa(p->ip) )); + return; + } + buf = &dgram->data[0]; buf -= 4; /* XXXX for the pseudo tcp length - someday I need to get rid of this */ @@ -1212,14 +1222,36 @@ an error packet of type %x\n", nmb_namestr(&dgram->dest_name), inet_ntoa(p->ip), len = SVAL(buf,smb_vwv11); buf2 = smb_base(buf) + SVAL(buf,smb_vwv12); - if (len <= 0) + if (len <= 0 || len > dgram->datasize) { + DEBUG(0,("process_dgram: ignoring malformed1 (datasize = %d, len = %d) datagram \ +packet sent to name %s from IP %s\n", + dgram->datasize, + len, + nmb_namestr(&dgram->dest_name), + inet_ntoa(p->ip) )); + return; + } + + if (buf2 < dgram->data || (buf2 >= dgram->data + dgram->datasize)) { + DEBUG(0,("process_dgram: ignoring malformed2 (datasize = %d, len=%d, off=%d) datagram \ +packet sent to name %s from IP %s\n", + dgram->datasize, + len, + PTR_DIFF(buf2, dgram->data), + nmb_namestr(&dgram->dest_name), + inet_ntoa(p->ip) )); return; + } - if (buf2 + len > buf + sizeof(dgram->data)) { - DEBUG(2,("process_dgram: datagram from %s to %s IP %s for %s len=%d too long.\n", - nmb_namestr(&dgram->source_name),nmb_namestr(&dgram->dest_name), - inet_ntoa(p->ip), smb_buf(buf),len)); - len = (buf + sizeof(dgram->data)) - buf; + if ((buf2 + len < dgram->data) || (buf2 + len > dgram->data + dgram->datasize)) { + DEBUG(0,("process_dgram: ignoring malformed3 (datasize = %d, len=%d, off=%d) datagram \ +packet sent to name %s from IP %s\n", + dgram->datasize, + len, + PTR_DIFF(buf2, dgram->data), + nmb_namestr(&dgram->dest_name), + inet_ntoa(p->ip) )); + return; } DEBUG(4,("process_dgram: datagram from %s to %s IP %s for %s of type %d len=%d\n", diff --git a/source/nmbd/nmbd_processlogon.c b/source/nmbd/nmbd_processlogon.c index da93224043c..fa2a8c1cefa 100644 --- a/source/nmbd/nmbd_processlogon.c +++ b/source/nmbd/nmbd_processlogon.c @@ -102,8 +102,22 @@ logons are not enabled.\n", inet_ntoa(p->ip) )); char *machine = q; char *user = skip_string(machine,1); + if (PTR_DIFF(user, buf) >= len) { + DEBUG(0,("process_logon_packet: bad packet\n")); + return; + } getdc = skip_string(user,1); + + if (PTR_DIFF(getdc, buf) >= len) { + DEBUG(0,("process_logon_packet: bad packet\n")); + return; + } q = skip_string(getdc,1); + + if (PTR_DIFF(q + 5, buf) >= len) { + DEBUG(0,("process_logon_packet: bad packet\n")); + return; + } token = SVAL(q,3); fstrcpy(reply_name,my_name); @@ -151,7 +165,17 @@ logons are not enabled.\n", inet_ntoa(p->ip) )); } getdc = skip_string(machine,1); + + if (PTR_DIFF(getdc, buf) >= len) { + DEBUG(0,("process_logon_packet: bad packet\n")); + return; + } q = skip_string(getdc,1); + + if (PTR_DIFF(q, buf) >= len) { + DEBUG(0,("process_logon_packet: bad packet\n")); + return; + } q = ALIGN2(q, buf); /* At this point we can work out if this is a W9X or NT style @@ -165,9 +189,19 @@ logons are not enabled.\n", inet_ntoa(p->ip) )); } else { unicomp = q; + if (PTR_DIFF(q, buf) >= len) { + DEBUG(0,("process_logon_packet: bad packet\n")); + return; + } + /* A full length (NT style) request */ q = skip_unibuf(unicomp, PTR_DIFF(buf + len, unicomp)); + if (PTR_DIFF(q, buf) >= len) { + DEBUG(0,("process_logon_packet: bad packet\n")); + return; + } + if (len - PTR_DIFF(q, buf) > 8) { /* with NT5 clients we can sometimes get additional data - a length specificed string @@ -180,6 +214,12 @@ logons are not enabled.\n", inet_ntoa(p->ip) )); } q += 16; } + + if (PTR_DIFF(q + 8, buf) >= len) { + DEBUG(0,("process_logon_packet: bad packet\n")); + return; + } + ntversion = IVAL(q, 0); lmnttoken = SVAL(q, 4); lm20token = SVAL(q, 6); @@ -240,10 +280,34 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", fstring asccomp; q += 2; + + if (PTR_DIFF(q, buf) >= len) { + DEBUG(0,("process_logon_packet: bad packet\n")); + return; + } + unicomp = q; uniuser = skip_unibuf(unicomp, PTR_DIFF(buf+len, unicomp)); + + if (PTR_DIFF(uniuser, buf) >= len) { + DEBUG(0,("process_logon_packet: bad packet\n")); + return; + } + getdc = skip_unibuf(uniuser,PTR_DIFF(buf+len, uniuser)); + + if (PTR_DIFF(getdc, buf) >= len) { + DEBUG(0,("process_logon_packet: bad packet\n")); + return; + } + q = skip_string(getdc,1); + + if (PTR_DIFF(q + 8, buf) >= len) { + DEBUG(0,("process_logon_packet: bad packet\n")); + return; + } + q += 4; /* Account Control Bits - indicating username type */ domainsidsize = IVAL(q, 0); q += 4; @@ -270,6 +334,11 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", q += 16; } + if (PTR_DIFF(q + 8, buf) >= len) { + DEBUG(0,("process_logon_packet: bad packet\n")); + return; + } + ntversion = IVAL(q, 0); lmnttoken = SVAL(q, 4); lm20token = SVAL(q, 6); @@ -458,6 +527,11 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", /* Header */ + if (PTR_DIFF(q + 16, buf) >= len) { + DEBUG(0,("process_logon_packet: bad packet\n")); + return; + } + low_serial = IVAL(q, 0); q += 4; /* Low serial number */ q += 4; /* Date/time */ @@ -467,14 +541,42 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", /* Domain info */ q = skip_string(q, 1); /* PDC name */ + + if (PTR_DIFF(q, buf) >= len) { + DEBUG(0,("process_logon_packet: bad packet\n")); + return; + } + q = skip_string(q, 1); /* Domain name */ + + if (PTR_DIFF(q, buf) >= len) { + DEBUG(0,("process_logon_packet: bad packet\n")); + return; + } + q = skip_unibuf(q, PTR_DIFF(buf + len, q)); /* Unicode PDC name */ + + if (PTR_DIFF(q, buf) >= len) { + DEBUG(0,("process_logon_packet: bad packet\n")); + return; + } + q = skip_unibuf(q, PTR_DIFF(buf + len, q)); /* Unicode domain name */ /* Database info */ + if (PTR_DIFF(q + 2, buf) >= len) { + DEBUG(0,("process_logon_packet: bad packet\n")); + return; + } + db_count = SVAL(q, 0); q += 2; - + + if (PTR_DIFF(q + (db_count*20), buf) >= len) { + DEBUG(0,("process_logon_packet: bad packet\n")); + return; + } + db_info = (struct sam_database_info *) malloc(sizeof(struct sam_database_info) * db_count); diff --git a/source/param/loadparm.c b/source/param/loadparm.c index 71543d1e15b..14981b97c42 100644 --- a/source/param/loadparm.c +++ b/source/param/loadparm.c @@ -1510,7 +1510,7 @@ static void init_globals(void) string_set(&Globals.szCupsServer, ""); Globals.winbind_cache_time = 300; /* 5 minutes */ - Globals.bWinbindEnableLocalAccounts = True; + Globals.bWinbindEnableLocalAccounts = False; Globals.bWinbindEnumUsers = True; Globals.bWinbindEnumGroups = True; Globals.bWinbindUseDefaultDomain = False; diff --git a/source/printing/printing.c b/source/printing/printing.c index 8b93a433115..d9bc13d03a2 100644 --- a/source/printing/printing.c +++ b/source/printing/printing.c @@ -159,8 +159,6 @@ static void rap_jobid_delete(int snum, uint32 jobid) tdb_delete(rap_tdb, data); } -static pid_t local_pid; - static int get_queue_status(int, print_status_struct *); /**************************************************************************** @@ -174,15 +172,10 @@ BOOL print_backend_init(void) int services = lp_numservices(); int snum; - if (local_pid == sys_getpid()) - return True; - unlink(lock_path("printing.tdb")); pstrcpy(printing_path,lock_path("printing")); mkdir(printing_path,0755); - local_pid = sys_getpid(); - /* handle a Samba upgrade */ for (snum = 0; snum < services; snum++) { @@ -599,6 +592,7 @@ void pjob_delete(int snum, uint32 jobid) /* Remove from printing.tdb */ tdb_delete(pdb->tdb, print_key(jobid)); + remove_from_jobs_changed(snum, jobid); release_print_db(pdb); rap_jobid_delete(snum, jobid); } @@ -1448,7 +1442,7 @@ int print_job_fd(int snum, uint32 jobid) if (!pjob) return -1; /* don't allow another process to get this info - it is meaningless */ - if (pjob->pid != local_pid) + if (pjob->pid != sys_getpid()) return -1; return pjob->fd; } @@ -1462,7 +1456,7 @@ int print_job_fd(int snum, uint32 jobid) char *print_job_fname(int snum, uint32 jobid) { struct printjob *pjob = print_job_find(snum, jobid); - if (!pjob || pjob->spooled || pjob->pid != local_pid) + if (!pjob || pjob->spooled || pjob->pid != sys_getpid()) return NULL; return pjob->filename; } @@ -1501,7 +1495,7 @@ BOOL print_job_set_place(int snum, uint32 jobid, int place) BOOL print_job_set_name(int snum, uint32 jobid, char *name) { struct printjob *pjob = print_job_find(snum, jobid); - if (!pjob || pjob->pid != local_pid) + if (!pjob || pjob->pid != sys_getpid()) return False; fstrcpy(pjob->jobname, name); @@ -1598,8 +1592,6 @@ static BOOL print_job_delete1(int snum, uint32 jobid) if (pjob->spooled && pjob->sysjob != -1) result = (*(current_printif->job_delete))(snum, pjob); - else - remove_from_jobs_changed(snum, jobid); /* Delete the tdb entry if the delete succeeded or the job hasn't been spooled. */ @@ -1814,7 +1806,7 @@ int print_job_write(int snum, uint32 jobid, const char *buf, int size) if (!pjob) return -1; /* don't allow another process to get this info - it is meaningless */ - if (pjob->pid != local_pid) + if (pjob->pid != sys_getpid()) return -1; return_code = write(pjob->fd, buf, size); @@ -2079,7 +2071,7 @@ uint32 print_job_start(struct current_user *user, int snum, char *jobname, NT_DE ZERO_STRUCT(pjob); - pjob.pid = local_pid; + pjob.pid = sys_getpid(); pjob.sysjob = -1; pjob.fd = -1; pjob.starttime = time(NULL); @@ -2149,7 +2141,7 @@ void print_job_endpage(int snum, uint32 jobid) if (!pjob) return; /* don't allow another process to get this info - it is meaningless */ - if (pjob->pid != local_pid) + if (pjob->pid != sys_getpid()) return; pjob->page_count++; @@ -2172,7 +2164,7 @@ BOOL print_job_end(int snum, uint32 jobid, BOOL normal_close) if (!pjob) return False; - if (pjob->spooled || pjob->pid != local_pid) + if (pjob->spooled || pjob->pid != sys_getpid()) return False; if (normal_close && (sys_fstat(pjob->fd, &sbuf) == 0)) { @@ -2228,7 +2220,6 @@ fail: /* Still need to add proper error return propagation! 010122:JRR */ unlink(pjob->filename); pjob_delete(snum, jobid); - remove_from_jobs_changed(snum, jobid); return False; } |