[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Thu Aug 1 15:40:02 UTC 2019
The branch, master has been updated
via c226dc6e8a1 smbd: Fix use-after-free from exit_server_common()
via 10e140d25cd s3:torture: Fix the FreeBSD build
via 21f6cece543 libcli/smb: send SMB2_NETNAME_NEGOTIATE_CONTEXT_ID
via e10b90f33bb libcli/smb: add new COMPRESSION and NETNAME negotiate context ids
from f258cfaa1d0 vfs:glusterfs_fuse: build only if we have setmntent()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c226dc6e8a18343031829c35552e557903593daf
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jul 31 14:17:02 2019 +0200
smbd: Fix use-after-free from exit_server_common()
We need to keep the smbXsrv_connection structures around until all
pending requests have had their chance to clean up behind them. If you
look at srv_send_smb(), it's exactly prepared already to just drop
anything on the floor when the transport has been declared dead:
if (!NT_STATUS_IS_OK(xconn->transport.status)) {
/*
* we're not supposed to do any io
*/
return true;
}
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14064
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Aug 1 15:39:13 UTC 2019 on sn-devel-184
commit 10e140d25cd3cad8428e3b080ef28dd237d903d5
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jul 31 10:52:40 2019 +0200
s3:torture: Fix the FreeBSD build
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14060
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 21f6cece543dd791e0f4636458bfe9819823420c
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jul 25 14:38:26 2019 +0200
libcli/smb: send SMB2_NETNAME_NEGOTIATE_CONTEXT_ID
Note: Unlike the current documentation, the utf16 string
is not null-terminated, that matches Windows Server 1903
as a client.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14055
RN: Add the target server name of SMB 3.1.1 connections
as a hint to load balancers or servers with "multi-tenancy"
support.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Aurelien Aptel <aaptel at suse.com>
commit e10b90f33bb812600886656a1124e2d434416563
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jul 25 14:37:31 2019 +0200
libcli/smb: add new COMPRESSION and NETNAME negotiate context ids
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14055
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Aurelien Aptel <aaptel at suse.com>
-----------------------------------------------------------------------
Summary of changes:
libcli/smb/smb2_constants.h | 2 ++
libcli/smb/smbXcli_base.c | 17 +++++++++++++++++
source3/smbd/server_exit.c | 22 +++++++++++++++-------
source3/torture/torture.c | 2 ++
4 files changed, 36 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/smb/smb2_constants.h b/libcli/smb/smb2_constants.h
index 3dd462cdd69..1430f02689c 100644
--- a/libcli/smb/smb2_constants.h
+++ b/libcli/smb/smb2_constants.h
@@ -131,6 +131,8 @@
/* Types of SMB2 Negotiate Contexts - only in dialect >= 0x310 */
#define SMB2_PREAUTH_INTEGRITY_CAPABILITIES 0x0001
#define SMB2_ENCRYPTION_CAPABILITIES 0x0002
+#define SMB2_COMPRESSION_CAPABILITIES 0x0003
+#define SMB2_NETNAME_NEGOTIATE_CONTEXT_ID 0x0005
/* Values for the SMB2_PREAUTH_INTEGRITY_CAPABILITIES Context (>= 0x310) */
#define SMB2_PREAUTH_INTEGRITY_SHA512 0x0001
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 98c928795ec..0375101b034 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -4771,6 +4771,8 @@ static struct tevent_req *smbXcli_negprot_smb2_subreq(struct smbXcli_negprot_sta
if (state->conn->max_protocol >= PROTOCOL_SMB3_10) {
NTSTATUS status;
struct smb2_negotiate_contexts c = { .num_contexts = 0, };
+ uint8_t *netname_utf16 = NULL;
+ size_t netname_utf16_len = 0;
uint32_t offset;
DATA_BLOB b;
uint8_t p[38];
@@ -4803,6 +4805,21 @@ static struct tevent_req *smbXcli_negprot_smb2_subreq(struct smbXcli_negprot_sta
return NULL;
}
+ ok = convert_string_talloc(state, CH_UNIX, CH_UTF16,
+ state->conn->remote_name,
+ strlen(state->conn->remote_name),
+ &netname_utf16, &netname_utf16_len);
+ if (!ok) {
+ return NULL;
+ }
+
+ status = smb2_negotiate_context_add(state, &c,
+ SMB2_NETNAME_NEGOTIATE_CONTEXT_ID,
+ netname_utf16, netname_utf16_len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return NULL;
+ }
+
status = smb2_negotiate_context_push(state, &b, c);
if (!NT_STATUS_IS_OK(status)) {
return NULL;
diff --git a/source3/smbd/server_exit.c b/source3/smbd/server_exit.c
index ba5e6c7ff1e..d51b73d5131 100644
--- a/source3/smbd/server_exit.c
+++ b/source3/smbd/server_exit.c
@@ -93,7 +93,6 @@ static void exit_server_common(enum server_exit_reason how,
{
struct smbXsrv_client *client = global_smbXsrv_client;
struct smbXsrv_connection *xconn = NULL;
- struct smbXsrv_connection *xconn_next = NULL;
struct smbd_server_connection *sconn = NULL;
struct messaging_context *msg_ctx = global_messaging_context();
@@ -112,10 +111,7 @@ static void exit_server_common(enum server_exit_reason how,
/*
* Here we typically have just one connection
*/
- for (; xconn != NULL; xconn = xconn_next) {
- xconn_next = xconn->next;
- DLIST_REMOVE(client->connections, xconn);
-
+ for (; xconn != NULL; xconn = xconn->next) {
/*
* This is typically the disconnect for the only
* (or with multi-channel last) connection of the client
@@ -130,8 +126,6 @@ static void exit_server_common(enum server_exit_reason how,
break;
}
}
-
- TALLOC_FREE(xconn);
DO_PROFILE_INC(disconnect);
}
@@ -174,6 +168,20 @@ static void exit_server_common(enum server_exit_reason how,
change_to_root_user();
+ if (client != NULL) {
+ struct smbXsrv_connection *xconn_next = NULL;
+
+ for (xconn = client->connections;
+ xconn != NULL;
+ xconn = xconn_next) {
+ xconn_next = xconn->next;
+ DLIST_REMOVE(client->connections, xconn);
+ TALLOC_FREE(xconn);
+ }
+ }
+
+ change_to_root_user();
+
/* 3 second timeout. */
print_notify_send_messages(msg_ctx, 3);
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index ad6b3458f3c..2779e8e3aa8 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -13993,10 +13993,12 @@ static struct {
.name = "OPLOCK4",
.fn = run_oplock4,
},
+#ifdef HAVE_KERNEL_OPLOCKS_LINUX
{
.name = "OPLOCK5",
.fn = run_oplock5,
},
+#endif
{
.name = "DIR",
.fn = run_dirtest,
--
Samba Shared Repository
More information about the samba-cvs
mailing list