diff options
author | Jeremy Allison <jra@samba.org> | 2014-01-11 15:45:48 -0800 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2014-01-17 09:18:41 +0100 |
commit | da502c0b6bb9c01580eda180ceee71c57b32867c (patch) | |
tree | d5f2ce9caadab6e1b117161699f80d62790c9fab /source3/smbd | |
parent | 3f28508f387856fbdd0d4480a0a6b417c6931484 (diff) | |
download | samba-da502c0b6bb9c01580eda180ceee71c57b32867c.tar.gz |
s3:dir - Introduce a 64-bit directory offset <-> 32 bit wire offset map using memcache.
Should fix the DOS clients against 64-bit smbd's bug.
https://bugzilla.samba.org/show_bug.cgi?id=2662
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 97cd9c6729a3821faa2dbc1588a40c5e03b9fd4f)
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/dir.c | 89 |
1 files changed, 87 insertions, 2 deletions
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index 980ca5832e..1be5daa385 100644 --- a/source3/smbd/dir.c +++ b/source3/smbd/dir.c @@ -24,6 +24,7 @@ #include "smbd/globals.h" #include "libcli/security/security.h" #include "lib/util/bitmap.h" +#include "memcache.h" /* This module implements directory related functions for Samba. @@ -72,6 +73,8 @@ struct dptr_struct { bool has_wild; /* Set to true if the wcard entry has MS wildcard characters in it. */ bool did_stat; /* Optimisation for non-wcard searches. */ bool priv; /* Directory handle opened with privilege. */ + uint32_t counter; + struct memcache *dptr_cache; }; static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn, @@ -158,6 +161,8 @@ static void dptr_idle(struct dptr_struct *dptr) if (dptr->dir_hnd) { DEBUG(4,("Idling dptr dnum %d\n",dptr->dnum)); TALLOC_FREE(dptr->dir_hnd); + TALLOC_FREE(dptr->dptr_cache); + dptr->counter = 0; } } @@ -905,6 +910,9 @@ void dptr_init_search_op(struct dptr_struct *dptr) static uint32_t map_dir_offset_to_wire(struct dptr_struct *dptr, long offset) { + DATA_BLOB key; + DATA_BLOB val; + if (offset == END_OF_DIRECTORY_OFFSET) { return WIRE_END_OF_DIRECTORY_OFFSET; } else if(offset == START_OF_DIRECTORY_OFFSET) { @@ -912,7 +920,58 @@ static uint32_t map_dir_offset_to_wire(struct dptr_struct *dptr, long offset) } else if (offset == DOT_DOT_DIRECTORY_OFFSET) { return WIRE_DOT_DOT_DIRECTORY_OFFSET; } - return (uint32_t)offset; + if (sizeof(long) == 4) { + /* 32-bit machine. We can cheat... */ + return (uint32_t)offset; + } + if (dptr->dptr_cache == NULL) { + /* Lazy initialize cache. */ + dptr->dptr_cache = memcache_init(dptr, 0); + if (dptr->dptr_cache == NULL) { + return WIRE_END_OF_DIRECTORY_OFFSET; + } + } else { + /* Have we seen this offset before ? */ + key.data = (void *)&offset; + key.length = sizeof(offset); + if (memcache_lookup(dptr->dptr_cache, + SMB1_SEARCH_OFFSET_MAP, + key, + &val)) { + uint32_t wire_offset; + SMB_ASSERT(val.length == sizeof(wire_offset)); + memcpy(&wire_offset, val.data, sizeof(wire_offset)); + DEBUG(10,("found wire %u <-> offset %ld\n", + (unsigned int)wire_offset, + (long)offset)); + return wire_offset; + } + } + /* Allocate a new wire cookie. */ + do { + dptr->counter++; + } while (dptr->counter == WIRE_START_OF_DIRECTORY_OFFSET || + dptr->counter == WIRE_END_OF_DIRECTORY_OFFSET || + dptr->counter == WIRE_DOT_DOT_DIRECTORY_OFFSET); + /* Store it in the cache. */ + key.data = (void *)&offset; + key.length = sizeof(offset); + val.data = (void *)&dptr->counter; + val.length = sizeof(dptr->counter); /* MUST BE uint32_t ! */ + memcache_add(dptr->dptr_cache, + SMB1_SEARCH_OFFSET_MAP, + key, + val); + /* And the reverse mapping for lookup from + map_wire_to_dir_offset(). */ + memcache_add(dptr->dptr_cache, + SMB1_SEARCH_OFFSET_MAP, + val, + key); + DEBUG(10,("stored wire %u <-> offset %ld\n", + (unsigned int)dptr->counter, + (long)offset)); + return dptr->counter; } /**************************************************************************** @@ -943,6 +1002,9 @@ bool dptr_fill(struct smbd_server_connection *sconn, static long map_wire_to_dir_offset(struct dptr_struct *dptr, uint32_t wire_offset) { + DATA_BLOB key; + DATA_BLOB val; + if (wire_offset == WIRE_END_OF_DIRECTORY_OFFSET) { return END_OF_DIRECTORY_OFFSET; } else if(wire_offset == WIRE_START_OF_DIRECTORY_OFFSET) { @@ -950,7 +1012,30 @@ static long map_wire_to_dir_offset(struct dptr_struct *dptr, uint32_t wire_offse } else if (wire_offset == WIRE_DOT_DOT_DIRECTORY_OFFSET) { return DOT_DOT_DIRECTORY_OFFSET; } - return (long)wire_offset; + if (sizeof(long) == 4) { + /* 32-bit machine. We can cheat... */ + return (long)wire_offset; + } + if (dptr->dptr_cache == NULL) { + /* Logic error, cache should be initialized. */ + return END_OF_DIRECTORY_OFFSET; + } + key.data = (void *)&wire_offset; + key.length = sizeof(wire_offset); + if (memcache_lookup(dptr->dptr_cache, + SMB1_SEARCH_OFFSET_MAP, + key, + &val)) { + /* Found mapping. */ + long offset; + SMB_ASSERT(val.length == sizeof(offset)); + memcpy(&offset, val.data, sizeof(offset)); + DEBUG(10,("lookup wire %u <-> offset %ld\n", + (unsigned int)wire_offset, + (long)offset)); + return offset; + } + return END_OF_DIRECTORY_OFFSET; } /**************************************************************************** |