[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Fri Mar 2 04:50:02 UTC 2018


The branch, master has been updated
       via  f59f6ce nsswitch: fix wbinfo -m --verbose trust type "Local"
       via  a89a714 s3:smbd: Do not crash if we fail to init the session table
       via  b67ffaf libsmb: Use smb2 tcon if conn_protocol >= SMB2_02
      from  426e4a5 ctdb-pmda: Use modified API in pcp library 4.0

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit f59f6cefa11c4866d2ede47d9c9b415e3d5e233d
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Mar 1 11:43:39 2018 +0100

    nsswitch: fix wbinfo -m --verbose trust type "Local"
    
    Remove wrong "Local" strcmp(), there's another one, the correct one, a few lines
    below. Since commit 95e3307917b5731ab883ee5fce530c5b559b4934
    WBC_DOMINFO_TRUSTTYPE_NONE, which corresponded to the string "None" in the
    winbindd response, is not used anymore.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13313
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Fri Mar  2 05:49:18 CET 2018 on sn-devel-144

commit a89a7146563f2d9eb8bc02f1c090158ee499c878
Author: Andreas Schneider <asn at samba.org>
Date:   Mon Feb 19 18:07:50 2018 +0100

    s3:smbd: Do not crash if we fail to init the session table
    
    This should the following segfault with SMB1:
    
      #6  sig_fault (sig=<optimized out>) at ../lib/util/fault.c:94
      #7  <signal handler called>
      #8  smbXsrv_session_create (conn=conn at entry=0x5654d3512af0, now=now at entry=131594481900356690, _session=_session at entry=0x7ffc93a778e8)
          at ../source3/smbd/smbXsrv_session.c:1212
      #9  0x00007f7618aa21ef in reply_sesssetup_and_X (req=req at entry=0x5654d35174b0) at ../source3/smbd/sesssetup.c:961
      #10 0x00007f7618ae17b0 in switch_message (type=<optimized out>, req=req at entry=0x5654d35174b0) at ../source3/smbd/process.c:1726
      #11 0x00007f7618ae3550 in construct_reply (deferred_pcd=0x0, encrypted=false, seqnum=0, unread_bytes=0, size=140, inbuf=0x0, xconn=0x5654d35146d0)
          at ../source3/smbd/process.c:1762
      #12 process_smb (xconn=xconn at entry=0x5654d3512af0, inbuf=<optimized out>, nread=140, unread_bytes=0, seqnum=0, encrypted=<optimized out>,
          deferred_pcd=deferred_pcd at entry=0x0) at ../source3/smbd/process.c:2008
      #13 0x00007f7618ae4c41 in smbd_server_connection_read_handler (xconn=0x5654d3512af0, fd=40) at ../source3/smbd/process.c:2608
      #14 0x00007f761587eedb in epoll_event_loop_once () from /lib64/libtevent.so.0
    
    Inspection the core shows that:
      conn->client-session_table is NULL
      conn->protocol is PROTOCOL_NONE
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13315
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit b67ffaf518c971817b167b41bf6226cddfdcfd2f
Author: Dan Robertson <drobertson at tripwire.com>
Date:   Thu Feb 22 20:47:11 2018 +0000

    libsmb: Use smb2 tcon if conn_protocol >= SMB2_02
    
    When the connection protocol is SMB2 the tid from the smb1 member is
    used instead of smb2 in cli_state_set_tid which often results in a null
    deref.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13310
    
    Signed-off-by: Dan Robertson <drobertson at tripwire.com>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 nsswitch/libwbclient/wbc_util.c |  4 +---
 source3/libsmb/clientgen.c      |  2 +-
 source3/smbd/negprot.c          | 23 ++++++++++++++++++++---
 3 files changed, 22 insertions(+), 7 deletions(-)


Changeset truncated at 500 lines:

diff --git a/nsswitch/libwbclient/wbc_util.c b/nsswitch/libwbclient/wbc_util.c
index ecfcaa0..fc6a840 100644
--- a/nsswitch/libwbclient/wbc_util.c
+++ b/nsswitch/libwbclient/wbc_util.c
@@ -455,9 +455,7 @@ static wbcErr process_domain_info_string(struct wbcDomainInfo *info,
 	*s = '\0';
 	s++;
 
-	if (strcmp(r, "Local") == 0) {
-		info->trust_type = WBC_DOMINFO_TRUSTTYPE_NONE;
-	} else if (strncmp(r, "Routed", strlen("Routed")) == 0) {
+	if (strncmp(r, "Routed", strlen("Routed")) == 0) {
 		info->trust_type = WBC_DOMINFO_TRUSTTYPE_NONE;
 		info->trust_routing = strdup(r);
 		BAIL_ON_PTR_ERROR(info->trust_routing, wbc_status);
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 44afee1..2e4dd15 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -371,7 +371,7 @@ uint32_t cli_state_set_tid(struct cli_state *cli, uint32_t tid)
 	uint32_t ret;
 	if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
 		ret = smb2cli_tcon_current_id(cli->smb2.tcon);
-		smb2cli_tcon_set_id(cli->smb1.tcon, tid);
+		smb2cli_tcon_set_id(cli->smb2.tcon, tid);
 	} else {
 		ret = smb1cli_tcon_current_id(cli->smb1.tcon);
 		smb1cli_tcon_set_id(cli->smb1.tcon, tid);
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 3a9363d..a36822e 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -65,6 +65,8 @@ static void reply_lanman1(struct smb_request *req, uint16_t choice)
 	time_t t = time(NULL);
 	struct smbXsrv_connection *xconn = req->xconn;
 	uint16_t raw;
+	NTSTATUS status;
+
 	if (lp_async_smb_echo_handler()) {
 		raw = 0;
 	} else {
@@ -88,7 +90,11 @@ static void reply_lanman1(struct smb_request *req, uint16_t choice)
 		SSVAL(req->outbuf,smb_vwv11, 8);
 	}
 
-	smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN1);
+	status = smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN1);
+	if (!NT_STATUS_IS_OK(status)) {
+		reply_nterror(req, status);
+		return;
+	}
 
 	/* Reply, SMBlockread, SMBwritelock supported. */
 	SCVAL(req->outbuf,smb_flg, FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
@@ -115,6 +121,8 @@ static void reply_lanman2(struct smb_request *req, uint16_t choice)
 	time_t t = time(NULL);
 	struct smbXsrv_connection *xconn = req->xconn;
 	uint16_t raw;
+	NTSTATUS status;
+
 	if (lp_async_smb_echo_handler()) {
 		raw = 0;
 	} else {
@@ -140,7 +148,11 @@ static void reply_lanman2(struct smb_request *req, uint16_t choice)
 		SSVAL(req->outbuf,smb_vwv11, 8);
 	}
 
-	smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN2);
+	status = smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN2);
+	if (!NT_STATUS_IS_OK(status)) {
+		reply_nterror(req, status);
+		return;
+	}
 
 	/* Reply, SMBlockread, SMBwritelock supported. */
 	SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
@@ -260,6 +272,7 @@ static void reply_nt1(struct smb_request *req, uint16_t choice)
 	struct smbXsrv_connection *xconn = req->xconn;
 	bool signing_desired = false;
 	bool signing_required = false;
+	NTSTATUS status;
 
 	xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
 
@@ -336,7 +349,11 @@ static void reply_nt1(struct smb_request *req, uint16_t choice)
 	SSVAL(req->outbuf,smb_vwv0,choice);
 	SCVAL(req->outbuf,smb_vwv1,secword);
 
-	smbXsrv_connection_init_tables(xconn, PROTOCOL_NT1);
+	status = smbXsrv_connection_init_tables(xconn, PROTOCOL_NT1);
+	if (!NT_STATUS_IS_OK(status)) {
+		reply_nterror(req, status);
+		return;
+	}
 
 	SSVAL(req->outbuf,smb_vwv1+1, lp_max_mux()); /* maxmpx */
 	SSVAL(req->outbuf,smb_vwv2+1, 1); /* num vcs */


-- 
Samba Shared Repository



More information about the samba-cvs mailing list