[SCM] Samba Shared Repository - branch v4-6-test updated

Karolin Seeger kseeger at samba.org
Tue Aug 1 10:16:02 UTC 2017


The branch, v4-6-test has been updated
       via  f2a0600 s4-cldap/netlogon: Match Windows 2012R2 and return NETLOGON_NT_VERSION_5 when version unspecified
       via  0ee93fe s4-dsdb/netlogon: allow missing ntver in cldap ping
       via  38d8f3c s4:torture/ldap: Test netlogon without NtVer
       via  3a5cf43 s3/utils: smbcacls failed to detect DIRECTORIES using SMB2 (windows only)
      from  fd96410 vfs_ceph: fix cephwrap_chdir()

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test


- Log -----------------------------------------------------------------
commit f2a06000cc8239c7631b168fbc0b109af7de9d09
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Tue Jul 25 14:26:45 2017 +1200

    s4-cldap/netlogon: Match Windows 2012R2 and return NETLOGON_NT_VERSION_5 when version unspecified
    
    The previous patch set this incorrectly to NETLOGON_NT_VERSION_1
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11392
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    (cherry picked from commit 0554bc237f1b84d672d36781bead8b2c33f2e5a4)
    
    Autobuild-User(v4-6-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-6-test): Tue Aug  1 12:15:22 CEST 2017 on sn-devel-144

commit 0ee93fee3ae94d3a16478199729aedddef16002f
Author: Arvid Requate <requate at univention.de>
Date:   Thu Jun 22 13:37:13 2017 +0200

    s4-dsdb/netlogon: allow missing ntver in cldap ping
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11392
    
    Signed-off-by: Arvid Requate <requate at univention.de>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit 88db634ed84647e5105c4b4fdf37d5892bebfd8d)

commit 38d8f3c70d9b88eb501eb8bd6435f66c5873b4d9
Author: Arvid Requate <requate at univention.de>
Date:   Tue Jun 20 20:05:17 2017 +0200

    s4:torture/ldap: Test netlogon without NtVer
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11392
    
    Signed-off-by: Arvid Requate <requate at univention.de>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit 22a94b728bd5d513b2002b62c129271d2210ed73)

commit 3a5cf43fca3b3e2b0ccf9b4ce2be4968aa7baa80
Author: Noel Power <noel.power at suse.com>
Date:   Thu Jul 20 13:01:50 2017 +0100

    s3/utils: smbcacls failed to detect DIRECTORIES using SMB2 (windows only)
    
    uint16_t get_fileinfo(...) returns file attributes, this function
    called
    
         cli_qfileinfo_basic(cli, fnum, &mode, NULL, NULL, NULL,
                         NULL, NULL, NULL);
    
    which was failing with NT_STATUS_ACCESS_DENIED errors when fnum above
    was obtained via (when using protocol > SMB). Note: This only seems to be
    an issue when run against a windows server, with smbd SMB1 & SMB2 work fine.
    
        status = cli_ntcreate(cli, filename, 0, CREATE_ACCESS_READ,
                      0, FILE_SHARE_READ|FILE_SHARE_WRITE,
                      FILE_OPEN, 0x0, 0x0, &fnum, NULL);
    
    The failing cli_qfileinfo_basic call above is unnecessary as we can already
    obtain the required information from the cli_ntcreate call
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12937
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: David Disseldorp <ddiss at samba.org>
    (cherry picked from commit c57dcafb150823b00fd873046e65a966a8488fa8)

-----------------------------------------------------------------------

Summary of changes:
 source3/utils/smbcacls.c                  | 14 ++-------
 source4/dsdb/samdb/ldb_modules/netlogon.c |  6 +---
 source4/torture/ldap/netlogon.c           | 48 +++++++++++++++++++++++++++++++
 3 files changed, 52 insertions(+), 16 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index b56fba7..05f98f8 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -229,30 +229,22 @@ get fileinfo for filename
 static uint16_t get_fileinfo(struct cli_state *cli, const char *filename)
 {
 	uint16_t fnum = (uint16_t)-1;
-	uint16_t mode = 0;
 	NTSTATUS status;
+	struct smb_create_returns cr = {0};
 
 	/* The desired access below is the only one I could find that works
 	   with NT4, W2KP and Samba */
 
 	status = cli_ntcreate(cli, filename, 0, CREATE_ACCESS_READ,
 			      0, FILE_SHARE_READ|FILE_SHARE_WRITE,
-			      FILE_OPEN, 0x0, 0x0, &fnum, NULL);
+			      FILE_OPEN, 0x0, 0x0, &fnum, &cr);
 	if (!NT_STATUS_IS_OK(status)) {
 		printf("Failed to open %s: %s\n", filename, nt_errstr(status));
 		return 0;
 	}
 
-	status = cli_qfileinfo_basic(cli, fnum, &mode, NULL, NULL, NULL,
-				     NULL, NULL, NULL);
-	if (!NT_STATUS_IS_OK(status)) {
-		printf("Failed to file info %s: %s\n", filename,
-		       nt_errstr(status));
-        }
-
 	cli_close(cli, fnum);
-
-        return mode;
+	return cr.file_attributes;
 }
 
 /*****************************************************
diff --git a/source4/dsdb/samdb/ldb_modules/netlogon.c b/source4/dsdb/samdb/ldb_modules/netlogon.c
index c5f194d..80599b8 100644
--- a/source4/dsdb/samdb/ldb_modules/netlogon.c
+++ b/source4/dsdb/samdb/ldb_modules/netlogon.c
@@ -425,7 +425,7 @@ NTSTATUS parse_netlogon_request(struct ldb_parse_tree *tree,
 	*domain_guid = NULL;
 	*domain_sid = NULL;
 	*acct_control = -1;
-	*version = -1;
+	*version = NETLOGON_NT_VERSION_5;
 
 	if (tree->operation != LDB_OP_AND) goto failed;
 
@@ -486,10 +486,6 @@ NTSTATUS parse_netlogon_request(struct ldb_parse_tree *tree,
 		*domain = lpcfg_dnsdomain(lp_ctx);
 	}
 
-	if (*version == -1) {
-		goto failed;
-	}
-
 	return NT_STATUS_OK;
 
 failed:
diff --git a/source4/torture/ldap/netlogon.c b/source4/torture/ldap/netlogon.c
index 1b43ea7..d61d373 100644
--- a/source4/torture/ldap/netlogon.c
+++ b/source4/torture/ldap/netlogon.c
@@ -541,6 +541,53 @@ static bool test_netlogon_extra_attrs(struct torture_context *tctx,
 	return true;
 }
 
+/*
+  Bug #11392: Huawei Unified Storage System S5500 V3 sends no NtVer
+  [MS-ADTS] Section 7.3.3.2 "Domain Controller Response to an LDAP Ping"
+*/
+static bool test_netlogon_huawei(struct torture_context *tctx,
+				      request_rootdse_t request_rootdse,
+				      void *conn)
+{
+	struct cldap_search io;
+	struct netlogon_samlogon_response n1;
+	NTSTATUS status;
+	const char *attrs[] = {
+		"netlogon",
+		NULL
+	};
+	struct ldb_message ldbmsg = { NULL, 0, NULL };
+
+	ZERO_STRUCT(io);
+	io.in.dest_address = NULL;
+	io.in.dest_port = 0;
+	io.in.timeout   = 2;
+	io.in.retries   = 2;
+
+	torture_comment(tctx, "Requesting netlogon without NtVer filter\n");
+	io.in.filter = talloc_asprintf(tctx, "(&(DnsDomain=%s))",
+				lpcfg_dnsdomain(tctx->lp_ctx));
+	torture_assert(tctx, io.in.filter != NULL, "OOM");
+	io.in.attributes = attrs;
+	status = request_rootdse(conn, tctx, &io);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	torture_assert(tctx, io.out.response != NULL, "No Entries found.");
+	CHECK_VAL(io.out.response->num_attributes, 1);
+
+	ldbmsg.num_elements = io.out.response->num_attributes;
+	ldbmsg.elements = io.out.response->attributes;
+	torture_assert(tctx, ldb_msg_find_element(&ldbmsg, "netlogon") != NULL,
+		       "Attribute netlogon not found in Result Entry\n");
+
+	status = pull_netlogon_samlogon_response(
+			io.out.response->attributes[0].values,
+			tctx,
+			&n1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_VAL(n1.ntver, NETLOGON_NT_VERSION_5);
+
+	return true;
+}
 
 bool torture_netlogon_tcp(struct torture_context *tctx)
 {
@@ -609,6 +656,7 @@ bool torture_netlogon_udp(struct torture_context *tctx)
 	ret &= test_ldap_netlogon(tctx, udp_ldap_netlogon, cldap, host);
 	ret &= test_ldap_netlogon_flags(tctx, udp_ldap_netlogon, cldap, host);
 	ret &= test_netlogon_extra_attrs(tctx, udp_ldap_rootdse, cldap);
+	ret &= test_netlogon_huawei(tctx, udp_ldap_rootdse, cldap);
 
 	return ret;
 }


-- 
Samba Shared Repository



More information about the samba-cvs mailing list