[SCM] Samba Shared Repository - branch v4-4-test updated
Karolin Seeger
kseeger at samba.org
Wed Jun 22 14:52:02 UTC 2016
The branch, v4-4-test has been updated
via ddcf7b7 libnet: ignore realm setting for domain security joins to AD domains if 'winbind rpc only = true'
via fdb3f7f s3-libnet: Print error string even on successfuly completion of libnetjoin.
via cee44fd s4: torture: Added raw readX test to ensure 'reserved' fields are zero.
via e23b5f8 s3: smbd: In reply_read_and_X() SMB1 server is overwriting part of the 'reserved' zero fields with reply data length.
via 9b3295c s3: smbd: Use common function setup_readX_header() in aio read code.
via b3add95 s3: smbd: Make setup_readX_header() externally accessible
via 40f4125 s3: smbd: Remove unused 'req' argument from setup_readX_header()
from 2b63c23 libnet_join: use sitename if it was set by pre-join detection
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-4-test
- Log -----------------------------------------------------------------
commit ddcf7b7a079bdd809766bce0bcd26e06803ff9f3
Author: Michael Adam <obnox at samba.org>
Date: Wed Jun 15 23:03:32 2016 +0200
libnet: ignore realm setting for domain security joins to AD domains if 'winbind rpc only = true'
Inspired by initial patch from Matt Rogers @ RedHat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Michael Adam <obnox at samba.org>
Autobuild-Date(master): Wed Jun 22 05:05:47 CEST 2016 on sn-devel-144
(cherry picked from commit e29d8f108cd090706dc3f54282f5c33ec30df899)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-4-test): Wed Jun 22 16:51:56 CEST 2016 on sn-devel-144
commit fdb3f7fe2aef60a49317ef93ce5adbbdd4d08d04
Author: Günther Deschner <gd at samba.org>
Date: Wed Jun 15 16:04:29 2016 +0200
s3-libnet: Print error string even on successfuly completion of libnetjoin.
Sometimes useful information should be printed to the users.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 632faa87610b3afca3f8d3e9f3f46ee6b87f362a)
commit cee44fd2cd2c6f4611b402b0fe9125bdc626bfb2
Author: Jeremy Allison <jra at samba.org>
Date: Fri Jun 10 09:32:32 2016 -0700
s4: torture: Added raw readX test to ensure 'reserved' fields are zero.
Passes against Win2k12+, and smbd with the previous patch.
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Alexander Bokovoy <ab at samba.org>
Autobuild-Date(master): Sat Jun 18 19:32:22 CEST 2016 on sn-devel-144
(cherry picked from commit 747de99fcd70f400ec0ca6b2ca020664f7464454)
commit e23b5f88fd4d7b87c66e5b26867f46518965744c
Author: Jeremy Allison <jra at samba.org>
Date: Mon Jun 13 09:30:25 2016 -0700
s3: smbd: In reply_read_and_X() SMB1 server is overwriting part of the 'reserved' zero fields with reply data length.
This occurred due to old code that used to do:
SSVAL(smb_buf(req->outbuf),-2,nread);
to set the reply length. This code was not needed,
as srv_set_message() was already correctly setting
the bcc length and was probably left from much
earlier legacy code.
However, in commit ddaa65ef6e049a185281c4d5deca4045e3b085e2
this was converted to do:
SSVAL(req->outbuf,smb_vwv11,smb_maxcnt);
This code actually overwrites the last 'reserved'
field in the SMB_COM_READ_ANDX packet reply, but we
never noticed as no client (or server code) looks at or
checks vwv11 in a SMB_COM_READ_ANDX reply.
[MS-SMB] shows for SMB_COM_READ_ANDX reply:
SMB_Parameters
{
UCHAR WordCount;
Words
{
UCHAR AndXCommand;
UCHAR AndXReserved;
USHORT AndXOffset;
USHORT Available;
USHORT DataCompactionMode;
USHORT Reserved1;
USHORT DataLength;
USHORT DataOffset;
USHORT DataLengthHigh;
USHORT Reserved2[4];
}
}
SMB_Data
{
USHORT ByteCount;
Bytes
{
UCHAR Pad[] (optional);
UCHAR Data[variable];
}
and indeed checking wireshark from Win2012R2
we find that smbd is writing the returned
read length into smb_vwv11 and Windows leaves
it as zeros (reserved).
Also fix the same problem in the named pipes code.
Torture test to ensure Reserved2[4] replies
are zero to follow.
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit e57f9e15d08ed46b2fac2562d1027c6a2ba80dac)
commit 9b3295c9f720a41803882deabaa28b996570bdf1
Author: Jeremy Allison <jra at samba.org>
Date: Mon Jun 13 09:25:02 2016 -0700
s3: smbd: Use common function setup_readX_header() in aio read code.
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 6507336d6646b7709768c19a03eac61ea30cce31)
commit b3add954b20f7e040817bc5beccda9cec38c749d
Author: Jeremy Allison <jra at samba.org>
Date: Mon Jun 13 09:22:56 2016 -0700
s3: smbd: Make setup_readX_header() externally accessible
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 2ff3171fba931e621581336c975bae146a2ea3a9)
commit 40f4125ad082bf09bc48d3a2c28b7e2d48fa86a2
Author: Jeremy Allison <jra at samba.org>
Date: Mon Jun 13 09:20:43 2016 -0700
s3: smbd: Remove unused 'req' argument from setup_readX_header()
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 1e29a1ce067e5f5b5159bcd20d37c6945bcc3900)
-----------------------------------------------------------------------
Summary of changes:
source3/libnet/libnet_join.c | 16 ++++++++++++++++
source3/smbd/aio.c | 9 +--------
source3/smbd/pipes.c | 1 -
source3/smbd/proto.h | 1 +
source3/smbd/reply.c | 10 ++++------
source3/utils/net_ads.c | 5 +++++
source3/utils/net_rpc.c | 10 ++++++++++
source4/torture/raw/read.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
8 files changed, 81 insertions(+), 15 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index c007183..bab58f3 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -2303,6 +2303,7 @@ static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx,
bool valid_security = false;
bool valid_workgroup = false;
bool valid_realm = false;
+ bool ignored_realm = false;
/* check if configuration is already set correctly */
@@ -2322,11 +2323,26 @@ static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx,
valid_realm = strequal(lp_realm(), r->out.dns_domain_name);
switch (lp_security()) {
case SEC_DOMAIN:
+ if (!valid_realm && lp_winbind_rpc_only()) {
+ valid_realm = true;
+ ignored_realm = true;
+ }
case SEC_ADS:
valid_security = true;
}
if (valid_workgroup && valid_realm && valid_security) {
+ if (ignored_realm && !r->in.modify_config)
+ {
+ libnet_join_set_error_string(mem_ctx, r,
+ "Warning: ignoring realm when "
+ "joining AD domain with "
+ "'security=domain' and "
+ "'winbind rpc only = yes'. "
+ "(realm set to '%s', "
+ "should be '%s').", lp_realm(),
+ r->out.dns_domain_name);
+ }
/* nothing to be done */
return WERR_OK;
}
diff --git a/source3/smbd/aio.c b/source3/smbd/aio.c
index 32a1ce0..a998ef6 100644
--- a/source3/smbd/aio.c
+++ b/source3/smbd/aio.c
@@ -272,7 +272,6 @@ static void aio_pread_smb1_done(struct tevent_req *req)
files_struct *fsp = aio_ex->fsp;
int outsize;
char *outbuf = (char *)aio_ex->outbuf.data;
- char *data = smb_buf(outbuf) + 1 /* padding byte */;
ssize_t nread;
int err;
@@ -301,13 +300,7 @@ static void aio_pread_smb1_done(struct tevent_req *req)
ERROR_NT(map_nt_error_from_unix(err));
outsize = srv_set_message(outbuf,0,0,true);
} else {
- outsize = srv_set_message(outbuf, 12,
- nread + 1 /* padding byte */, false);
- SSVAL(outbuf,smb_vwv2, 0xFFFF); /* Remaining - must be * -1. */
- SSVAL(outbuf,smb_vwv5, nread);
- SSVAL(outbuf,smb_vwv6, smb_offset(data,outbuf));
- SSVAL(outbuf,smb_vwv7, ((nread >> 16) & 1));
- SSVAL(smb_buf(outbuf), -2, nread);
+ outsize = setup_readX_header(outbuf, nread);
aio_ex->fsp->fh->pos = aio_ex->offset + nread;
aio_ex->fsp->fh->position_information = aio_ex->fsp->fh->pos;
diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c
index 455dbf0..60c9ccb 100644
--- a/source3/smbd/pipes.c
+++ b/source3/smbd/pipes.c
@@ -492,7 +492,6 @@ static void pipe_read_andx_done(struct tevent_req *subreq)
+ 12 * sizeof(uint16_t) /* vwv */
+ 2 /* the buflen field */
+ 1); /* padding byte */
- SSVAL(req->outbuf,smb_vwv11,state->smb_maxcnt);
DEBUG(3,("readX-IPC min=%d max=%d nread=%d\n",
state->smb_mincnt, state->smb_maxcnt, (int)nread));
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index 9b9c924..324cf46 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -915,6 +915,7 @@ ssize_t sendfile_short_send(struct smbXsrv_connection *xconn,
size_t smb_maxcnt);
void reply_readbraw(struct smb_request *req);
void reply_lockread(struct smb_request *req);
+int setup_readX_header(char *outbuf, size_t smb_maxcnt);
void reply_read(struct smb_request *req);
void reply_read_and_X(struct smb_request *req);
void error_to_writebrawerr(struct smb_request *req);
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index bfa64a3..4c0a331 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -3896,8 +3896,7 @@ strict_unlock:
Setup readX header.
****************************************************************************/
-static int setup_readX_header(struct smb_request *req, char *outbuf,
- size_t smb_maxcnt)
+int setup_readX_header(char *outbuf, size_t smb_maxcnt)
{
int outsize;
@@ -3916,7 +3915,6 @@ static int setup_readX_header(struct smb_request *req, char *outbuf,
+ 2 /* the buflen field */
+ 1); /* padding byte */
SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
- SSVAL(outbuf,smb_vwv11,smb_maxcnt);
SCVAL(smb_buf(outbuf), 0, 0); /* padding byte */
/* Reset the outgoing length, set_message truncates at 0x1FFFF. */
_smb_setlen_large(outbuf,
@@ -3984,7 +3982,7 @@ static void send_file_readX(connection_struct *conn, struct smb_request *req,
header = data_blob_const(headerbuf, sizeof(headerbuf));
construct_reply_common_req(req, (char *)headerbuf);
- setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
+ setup_readX_header((char *)headerbuf, smb_maxcnt);
nread = SMB_VFS_SENDFILE(xconn->transport.sock, fsp, &header,
startpos, smb_maxcnt);
@@ -4085,7 +4083,7 @@ normal_read:
}
construct_reply_common_req(req, (char *)headerbuf);
- setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
+ setup_readX_header((char *)headerbuf, smb_maxcnt);
/* Send out the header. */
ret = write_data(xconn->transport.sock, (char *)headerbuf,
@@ -4135,7 +4133,7 @@ nosendfile_read:
return;
}
- setup_readX_header(req, (char *)req->outbuf, nread);
+ setup_readX_header((char *)req->outbuf, nread);
DEBUG(3, ("send_file_readX %s max=%d nread=%d\n",
fsp_fnum_dbg(fsp), (int)smb_maxcnt, (int)nread));
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 90af09e..c61aa0d 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -1596,6 +1596,11 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
r->out.netbios_domain_name);
}
+ /* print out informative error string in case there is one */
+ if (r->out.error_string != NULL) {
+ d_printf("%s\n", r->out.error_string);
+ }
+
/*
* We try doing the dns update (if it was compiled in
* and if it was not disabled on the command line).
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 93caf04..1e3e286 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -428,6 +428,11 @@ static int net_rpc_oldjoin(struct net_context *c, int argc, const char **argv)
r->out.netbios_domain_name);
}
+ /* print out informative error string in case there is one */
+ if (r->out.error_string != NULL) {
+ d_printf("%s\n", r->out.error_string);
+ }
+
TALLOC_FREE(mem_ctx);
return 0;
@@ -607,6 +612,11 @@ static int net_rpc_join_newstyle(struct net_context *c, int argc, const char **a
r->out.netbios_domain_name);
}
+ /* print out informative error string in case there is one */
+ if (r->out.error_string != NULL) {
+ d_printf("%s\n", r->out.error_string);
+ }
+
TALLOC_FREE(mem_ctx);
return 0;
diff --git a/source4/torture/raw/read.c b/source4/torture/raw/read.c
index 6abf08b..6160e3e 100644
--- a/source4/torture/raw/read.c
+++ b/source4/torture/raw/read.c
@@ -19,6 +19,7 @@
#include "includes.h"
#include "libcli/raw/libcliraw.h"
+#include "libcli/raw/raw_proto.h"
#include "system/time.h"
#include "system/filesys.h"
#include "libcli/libcli.h"
@@ -373,6 +374,8 @@ static bool test_readx(struct torture_context *tctx, struct smbcli_state *cli)
const char *fname = BASEDIR "\\test.txt";
const char *test_data = "TEST DATA";
unsigned int seed = time(NULL);
+ struct smbcli_request *smbreq = NULL;
+ unsigned int i;
buf = talloc_zero_array(tctx, uint8_t, maxsize);
@@ -422,6 +425,47 @@ static bool test_readx(struct torture_context *tctx, struct smbcli_state *cli)
smbcli_write(cli->tree, fnum, 0, test_data, 0, strlen(test_data));
+ printf("Checking reserved fields are [0]\n");
+ io.readx.in.file.fnum = fnum;
+ io.readx.in.offset = 0;
+ io.readx.in.remaining = 0;
+ io.readx.in.read_for_execute = false;
+ io.readx.in.mincnt = strlen(test_data);
+ io.readx.in.maxcnt = strlen(test_data);
+ smbreq = smb_raw_read_send(cli->tree, &io);
+ if (smbreq == NULL) {
+ ret = false;
+ torture_fail_goto(tctx, done, "smb_raw_read_send failed\n");
+ }
+ if (!smbcli_request_receive(smbreq) ||
+ smbcli_request_is_error(smbreq)) {
+ status = smbcli_request_destroy(smbreq);
+ torture_fail_goto(tctx, done, "receive failed\n");
+ }
+
+ if (smbreq->in.wct != 12) {
+ ret = false;
+ printf("Incorrect wct %u (should be 12)\n",
+ (unsigned int)smbreq->in.wct);
+ status = smbcli_request_destroy(smbreq);
+ torture_fail_goto(tctx, done, "bad wct\n");
+ }
+
+ /* Ensure VWV8 - WVW11 are zero. */
+ for (i = 8; i < 12; i++) {
+ uint16_t br = SVAL(smbreq->in.vwv, VWV(i));
+ if (br != 0) {
+ status = smbcli_request_destroy(smbreq);
+ ret = false;
+ printf("reserved field %u is %u not zero\n",
+ i,
+ (unsigned int)br);
+ torture_fail_goto(tctx, done, "bad reserved field\n");
+ }
+ }
+
+ smbcli_request_destroy(smbreq);
+
printf("Trying small read\n");
io.readx.in.file.fnum = fnum;
io.readx.in.offset = 0;
--
Samba Shared Repository
More information about the samba-cvs
mailing list