From: Jeremy Allison Date: Wed, 9 Dec 1998 22:57:42 +0000 (+0000) Subject: lib/access.c: Added checks for invalid '*' or '?' characters in hosts allow/deny... X-Git-Tag: samba-2.0.0beta4~25 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=15efd5b348190addc686bb03726820e7e15446f8;p=thirdparty%2Fsamba.git lib/access.c: Added checks for invalid '*' or '?' characters in hosts allow/deny that could silently deny access. Log them if they occur. smbd/close.c smbd/oplock.c smbd/reply.c: Removed a global oplock variable (hurrah!). Removal of the oplocks flags and any kernel oplocks is now done in either close() or in reply_locking() by calling release_file_oplock(). Jeremy. --- diff --git a/source/include/proto.h b/source/include/proto.h index 6b48032b561..419e0b6117c 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -2435,6 +2435,7 @@ BOOL setup_kernel_oplock_pipe(void); BOOL open_oplock_ipc(void); BOOL receive_local_message(fd_set *fds, char *buffer, int buffer_len, int timeout); BOOL set_file_oplock(files_struct *fsp); +void release_file_oplock(files_struct *fsp); int setup_oplock_select_set( fd_set *fds); BOOL process_local_message(char *buffer, int buf_size); BOOL request_oplock_break(share_mode_entry *share_entry, diff --git a/source/lib/access.c b/source/lib/access.c index 0fa383d84a5..9d8ad67f53d 100644 --- a/source/lib/access.c +++ b/source/lib/access.c @@ -38,12 +38,14 @@ static int masked_match(char *tok, char *slash, char *s) } /* string_match - match string against token */ -static int string_match(char *tok,char *s) +static int string_match(char *tok,char *s, char *invalid_char) { - int tok_len; - int str_len; + size_t tok_len; + size_t str_len; char *cut; + *invalid_char = '\0'; + /* Return True if a token has the magic value "ALL". Return * FAIL if the token is "FAIL". If the token starts with a "." * (domain name), return True if it matches the last fields of @@ -108,6 +110,10 @@ static int string_match(char *tok,char *s) } else if ((cut = strchr(tok, '/')) != 0) { /* netnumber/netmask */ if (isdigit((int)s[0]) && masked_match(tok, cut, s)) return (True); + } else if (strchr(tok, '*') != 0) { + *invalid_char = '*'; + } else if (strchr(tok, '?') != 0) { + *invalid_char = '?'; } return (False); } @@ -118,15 +124,26 @@ static int client_match(char *tok,char *item) { char **client = (char **)item; int match; + char invalid_char = '\0'; /* * Try to match the address first. If that fails, try to match the host * name if available. */ - if ((match = string_match(tok, client[1])) == 0) - if (client[0][0] != 0) - match = string_match(tok, client[0]); + if ((match = string_match(tok, client[1], &invalid_char)) == 0) { + if(invalid_char) + DEBUG(0,("client_match: address match failing due to invalid character '%c' found in \ +token '%s' in an allow/deny hosts line.\n", invalid_char, tok )); + + if (client[0][0] != 0) + match = string_match(tok, client[0], &invalid_char); + + if(invalid_char) + DEBUG(0,("client_match: address match failing due to invalid character '%c' found in \ +token '%s' in an allow/deny hosts line.\n", invalid_char, tok )); + } + return (match); } diff --git a/source/smbd/close.c b/source/smbd/close.c index 94923b6db27..0d133f06667 100644 --- a/source/smbd/close.c +++ b/source/smbd/close.c @@ -23,9 +23,6 @@ extern int DEBUGLEVEL; -extern int32 global_oplocks_open; - - /**************************************************************************** run a file if it is a magic script ****************************************************************************/ @@ -119,6 +116,9 @@ void close_file(files_struct *fsp, BOOL normal_close) del_share_mode(token, fsp); } + if(fsp->granted_oplock == True) + release_file_oplock(fsp); + if(fd_attempt_close(fsp->fd_ptr) == 0) last_reference = True; @@ -158,11 +158,6 @@ with error %s\n", fsp->fsp_name, strerror(errno) )); } } - if(fsp->granted_oplock == True) - global_oplocks_open--; - - fsp->sent_oplock_break = False; - DEBUG(2,("%s closed file %s (numopen=%d)\n", conn->user,fsp->fsp_name, conn->num_files_open)); diff --git a/source/smbd/oplock.c b/source/smbd/oplock.c index 1455b4d8e58..0202a95bed6 100644 --- a/source/smbd/oplock.c +++ b/source/smbd/oplock.c @@ -32,7 +32,7 @@ static int oplock_pipe_write = -1; #endif /* HAVE_KERNEL_OPLOCKS */ /* Current number of oplocks we have outstanding. */ -int32 global_oplocks_open = 0; +static int32 global_oplocks_open = 0; BOOL global_oplock_break = False; extern int smb_read_error; @@ -309,7 +309,7 @@ inode = %.0f. Another process had the file open.\n", disabled (just clears flags). ****************************************************************************/ -static void release_file_oplock(files_struct *fsp) +void release_file_oplock(files_struct *fsp) { #if defined(HAVE_KERNEL_OPLOCKS) @@ -808,13 +808,6 @@ static BOOL oplock_break(SMB_DEV_T dev, SMB_INO_T inode, struct timeval *tval) exit_server("oplock break failure"); } - if(OPEN_FSP(fsp)) - { - /* The lockingX reply will have removed the oplock flag - from the sharemode. */ - release_file_oplock(fsp); - } - /* Santity check - remove this later. JRA */ if(global_oplocks_open < 0) { diff --git a/source/smbd/reply.c b/source/smbd/reply.c index c78c3d3ecb8..5af5c13da3a 100644 --- a/source/smbd/reply.c +++ b/source/smbd/reply.c @@ -3780,6 +3780,7 @@ support large counts.\n", (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(da } count = (SMB_OFF_T)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)); + #endif /* LARGE_SMB_OFF_T */ } return count; @@ -3817,6 +3818,7 @@ support large offsets.\n", (unsigned int)IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(d } offset = (SMB_OFF_T)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)); + #endif /* LARGE_SMB_OFF_T */ } return offset; @@ -3867,24 +3869,24 @@ int reply_lockingX(connection_struct *conn, char *inbuf,char *outbuf,int length, { DEBUG(0,("reply_lockingX: Error : oplock break from client for fnum = %d and \ no oplock granted on this file.\n", fsp->fnum)); - return ERROR(ERRDOS,ERRlock); + + /* if this is a pure oplock break request then don't send a reply */ + if (num_locks == 0 && num_ulocks == 0) + return -1; + else + return ERROR(ERRDOS,ERRlock); } /* Remove the oplock flag from the sharemode. */ lock_share_entry(fsp->conn, dev, inode, &token); if(remove_share_oplock(token, fsp)==False) { - - DEBUG(0,("reply_lockingX: failed to remove share oplock for fnum %d, \ + DEBUG(0,("reply_lockingX: failed to remove share oplock for fnum %d, \ dev = %x, inode = %.0f\n", fsp->fnum, (unsigned int)dev, (double)inode)); - - unlock_share_entry(fsp->conn, dev, inode, token); - } else { - unlock_share_entry(fsp->conn, dev, inode, token); - - /* Clear the granted flag and return. */ - fsp->granted_oplock = False; } + release_file_oplock(fsp); + unlock_share_entry(fsp->conn, dev, inode, token); + /* if this is a pure oplock break request then don't send a reply */ if (num_locks == 0 && num_ulocks == 0) {