[SCM] Samba Shared Repository - branch master updated

Stefan Metzmacher metze at samba.org
Thu Aug 1 15:40:02 UTC 2019 

The branch, master has been updated
       via  c226dc6e8a1 smbd: Fix use-after-free from exit_server_common()
       via  10e140d25cd s3:torture: Fix the FreeBSD build
       via  21f6cece543 libcli/smb: send SMB2_NETNAME_NEGOTIATE_CONTEXT_ID
       via  e10b90f33bb libcli/smb: add new COMPRESSION and NETNAME negotiate context ids
      from  f258cfaa1d0 vfs:glusterfs_fuse: build only if we have setmntent()

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit c226dc6e8a18343031829c35552e557903593daf
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Jul 31 14:17:02 2019 +0200

    smbd: Fix use-after-free from exit_server_common()
    
    We need to keep the smbXsrv_connection structures around until all
    pending requests have had their chance to clean up behind them. If you
    look at srv_send_smb(), it's exactly prepared already to just drop
    anything on the floor when the transport has been declared dead:
    
    	if (!NT_STATUS_IS_OK(xconn->transport.status)) {
    		/*
    		 * we're not supposed to do any io
    		 */
    		return true;
    	}
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=14064
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Thu Aug  1 15:39:13 UTC 2019 on sn-devel-184

commit 10e140d25cd3cad8428e3b080ef28dd237d903d5
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Jul 31 10:52:40 2019 +0200

    s3:torture: Fix the FreeBSD build
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=14060
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 21f6cece543dd791e0f4636458bfe9819823420c
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Jul 25 14:38:26 2019 +0200

    libcli/smb: send SMB2_NETNAME_NEGOTIATE_CONTEXT_ID
    
    Note: Unlike the current documentation, the utf16 string
    is not null-terminated, that matches Windows Server 1903
    as a client.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14055
    RN: Add the target server name of SMB 3.1.1 connections
    as a hint to load balancers or servers with "multi-tenancy"
    support.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Aurelien Aptel <aaptel at suse.com>

commit e10b90f33bb812600886656a1124e2d434416563
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Jul 25 14:37:31 2019 +0200

    libcli/smb: add new COMPRESSION and NETNAME negotiate context ids
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14055
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Aurelien Aptel <aaptel at suse.com>

-----------------------------------------------------------------------

Summary of changes:
 libcli/smb/smb2_constants.h |  2 ++
 libcli/smb/smbXcli_base.c   | 17 +++++++++++++++++
 source3/smbd/server_exit.c  | 22 +++++++++++++++-------
 source3/torture/torture.c   |  2 ++
 4 files changed, 36 insertions(+), 7 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/smb/smb2_constants.h b/libcli/smb/smb2_constants.h
index 3dd462cdd69..1430f02689c 100644
--- a/libcli/smb/smb2_constants.h
+++ b/libcli/smb/smb2_constants.h
@@ -131,6 +131,8 @@
 /* Types of SMB2 Negotiate Contexts - only in dialect >= 0x310 */
 #define SMB2_PREAUTH_INTEGRITY_CAPABILITIES 0x0001
 #define SMB2_ENCRYPTION_CAPABILITIES        0x0002
+#define SMB2_COMPRESSION_CAPABILITIES       0x0003
+#define SMB2_NETNAME_NEGOTIATE_CONTEXT_ID   0x0005
 
 /* Values for the SMB2_PREAUTH_INTEGRITY_CAPABILITIES Context (>= 0x310) */
 #define SMB2_PREAUTH_INTEGRITY_SHA512       0x0001
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 98c928795ec..0375101b034 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -4771,6 +4771,8 @@ static struct tevent_req *smbXcli_negprot_smb2_subreq(struct smbXcli_negprot_sta
 	if (state->conn->max_protocol >= PROTOCOL_SMB3_10) {
 		NTSTATUS status;
 		struct smb2_negotiate_contexts c = { .num_contexts = 0, };
+		uint8_t *netname_utf16 = NULL;
+		size_t netname_utf16_len = 0;
 		uint32_t offset;
 		DATA_BLOB b;
 		uint8_t p[38];
@@ -4803,6 +4805,21 @@ static struct tevent_req *smbXcli_negprot_smb2_subreq(struct smbXcli_negprot_sta
 			return NULL;
 		}
 
+		ok = convert_string_talloc(state, CH_UNIX, CH_UTF16,
+					   state->conn->remote_name,
+					   strlen(state->conn->remote_name),
+					   &netname_utf16, &netname_utf16_len);
+		if (!ok) {
+			return NULL;
+		}
+
+		status = smb2_negotiate_context_add(state, &c,
+					SMB2_NETNAME_NEGOTIATE_CONTEXT_ID,
+					netname_utf16, netname_utf16_len);
+		if (!NT_STATUS_IS_OK(status)) {
+			return NULL;
+		}
+
 		status = smb2_negotiate_context_push(state, &b, c);
 		if (!NT_STATUS_IS_OK(status)) {
 			return NULL;
diff --git a/source3/smbd/server_exit.c b/source3/smbd/server_exit.c
index ba5e6c7ff1e..d51b73d5131 100644
--- a/source3/smbd/server_exit.c
+++ b/source3/smbd/server_exit.c
@@ -93,7 +93,6 @@ static void exit_server_common(enum server_exit_reason how,
 {
 	struct smbXsrv_client *client = global_smbXsrv_client;
 	struct smbXsrv_connection *xconn = NULL;
-	struct smbXsrv_connection *xconn_next = NULL;
 	struct smbd_server_connection *sconn = NULL;
 	struct messaging_context *msg_ctx = global_messaging_context();
 
@@ -112,10 +111,7 @@ static void exit_server_common(enum server_exit_reason how,
 	/*
 	 * Here we typically have just one connection
 	 */
-	for (; xconn != NULL; xconn = xconn_next) {
-		xconn_next = xconn->next;
-		DLIST_REMOVE(client->connections, xconn);
-
+	for (; xconn != NULL; xconn = xconn->next) {
 		/*
 		 * This is typically the disconnect for the only
 		 * (or with multi-channel last) connection of the client
@@ -130,8 +126,6 @@ static void exit_server_common(enum server_exit_reason how,
 				break;
 			}
 		}
-
-		TALLOC_FREE(xconn);
 		DO_PROFILE_INC(disconnect);
 	}
 
@@ -174,6 +168,20 @@ static void exit_server_common(enum server_exit_reason how,
 
 	change_to_root_user();
 
+	if (client != NULL) {
+		struct smbXsrv_connection *xconn_next = NULL;
+
+		for (xconn = client->connections;
+		     xconn != NULL;
+		     xconn = xconn_next) {
+			xconn_next = xconn->next;
+			DLIST_REMOVE(client->connections, xconn);
+			TALLOC_FREE(xconn);
+		}
+	}
+
+	change_to_root_user();
+
 	/* 3 second timeout. */
 	print_notify_send_messages(msg_ctx, 3);
 
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index ad6b3458f3c..2779e8e3aa8 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -13993,10 +13993,12 @@ static struct {
 		.name  = "OPLOCK4",
 		.fn    =  run_oplock4,
 	},
+#ifdef HAVE_KERNEL_OPLOCKS_LINUX
 	{
 		.name  = "OPLOCK5",
 		.fn    =  run_oplock5,
 	},
+#endif
 	{
 		.name  = "DIR",
 		.fn    =  run_dirtest,


-- 
Samba Shared Repository

More information about the samba-cvs mailing list