[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Fri Mar 29 00:36:05 UTC 2019


The branch, master has been updated
       via  11f25834203 s3:smbd: fix max_buffer handling of initial notify requests
       via  12fb3ec1dd8 s4:torture/smb2: replace torture:cn_max_buffer_size option with the negotiated max trans size
       via  d6fce7c0cb1 s4:torture/smb2/notify: make use of torture_setup_simple_file() in test_valid_request()
       via  4ffb517ffd9 s4:torture/smb2: add smb2_create_simple_file() and torture_setup_simple_file()
       via  e6fa76b651d s4:libcli/smb2: calculate the correct credit charge in smb2_notify_send()
       via  5a07c294814 s4:libcli/smb2: calculate the correct credit charge in smb2_ioctl_send()
       via  97b4e6e220d s4:libcli/smb2: align struct smb_ioctl.smb2 to [MS-SMB2] names
       via  c88c2bf3b54 s4:libcli/smb2: calculate the correct credit charge in smb2_getinfo_send()
       via  ee2574ae567 s4:libcli/smb2: fix smb2_getinfo_send() marshalling
       via  829f692fb15 smb2_server: grant all 8192 credits to clients
       via  4d6cd932a95 vfs_default: fix vfswrap_offload_write_send() NT_STATUS_INVALID_VIEW_SIZE check
       via  2abf9e9a95c vfs_default: fix DEBUG messages in vfswrap_offload_write_*_done()
       via  1dc00254833 smb2_tcon: avoid STATUS_PENDING completely on tdis
       via  d64038425f2 smb2_sesssetup: avoid STATUS_PENDING completely on session logoff
       via  8a11da429bd smb2_tcon: avoid STATUS_PENDING responses for tree connect
       via  23792449694 smb2_sesssetup: avoid STATUS_PENDING responses for session setup
       via  4760b85243f smb2_server: allow smbd_smb2_request_pending_queue(0) to avoid STATUS_PENDING
       via  827dd0145b7 smb2_ioctl_network_fs: remove unused fsctl_srv_copychunk_state->aapl_copyfile
       via  1d934857591 s3:smbd: handle IO_REPARSE_TAG_DFS in SMB_FIND_FILE_FULL_DIRECTORY_INFO
       via  4c6156eddd1 s3:smbd: fix SAFE_FREE() vs. TALLOC_FREE() in list_sessions()
       via  7dbd8e441f7 s3:smb2_write: add missing initialization of state->in_offset
       via  6171a7fffd3 s4:torture/smb2: test_notify_tcp_dis trigger idle event every 0.25s
       via  7a091aa982a s4:torture/raw: test_notify_tcp_dis trigger idle event every 0.25s
       via  8dea0718f20 s4:libcli/smb2: don't schedule idle handlers on a dead connection
       via  c2761b00570 s4:libcli/raw: don't schedule idle handlers on a dead connection
      from  c68d9c9ef36 vfs_snapper: drop unneeded fstat handler

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 11f2583420310e0278188935f31be3131eb85fd4
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Jan 16 21:29:51 2019 +0100

    s3:smbd: fix max_buffer handling of initial notify requests
    
    The max_buffer value is only evaluated on the first notify
    request on a directory handle.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13864
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Fri Mar 29 00:35:39 UTC 2019 on sn-devel-144

commit 12fb3ec1dd886c15977ae9eb0b2b25f2017db10d
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Jan 8 16:22:25 2019 +0100

    s4:torture/smb2: replace torture:cn_max_buffer_size option with the negotiated max trans size
    
    Both:
    
     smbtorture //w2012r2-188/torture -Ua%b smb2.notify.valid-req --smb-ports=139
    
    and:
    
     smbtorture //w2012r2-188/torture -Ua%b smb2.notify.valid-req --smb-ports=445
    
    work against Windows 2008R2, 2012R2 and 2016 now and it reflects what
    we have implemented in Samba.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13864
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit d6fce7c0cb126e4ac79bceda77a50c4d65c093fd
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Feb 15 15:30:29 2019 +0100

    s4:torture/smb2/notify: make use of torture_setup_simple_file() in test_valid_request()
    
    There's no reason to use torture_setup_complex_file(), when we want to
    test notify code. The test pass fine against Samba this way and don't
    fail because of unrelated timestamp behavior.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13864
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 4ffb517ffd9cee0ad433e3f58f659f8445fa2166
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Feb 12 16:51:20 2019 +0100

    s4:torture/smb2: add smb2_create_simple_file() and torture_setup_simple_file()
    
    Instead of the *_complex_file() versions these don't use EA's nor
    complex timestamps.
    
    A lot of tests currently using *_complex_file() only fail because
    smbd doesn't implement the correct 'change_time' update behavior.
    That should not be the reason why all smb2 related tests fail.
    
    Timestamps should be tested in dedicated tests.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13864
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit e6fa76b651de6a3046ca9c44926343a5225772d6
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Jan 8 10:10:49 2019 +0100

    s4:libcli/smb2: calculate the correct credit charge in smb2_notify_send()
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13863
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 5a07c2948146c23d6a907fcd6ce63f67f36a5ded
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Jan 8 16:13:41 2019 +0100

    s4:libcli/smb2: calculate the correct credit charge in smb2_ioctl_send()
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13863
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 97b4e6e220dc3f0b9d7c3f50ef3b867ff2f0b755
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Jan 8 15:52:35 2019 +0100

    s4:libcli/smb2: align struct smb_ioctl.smb2 to [MS-SMB2] names
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13863
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit c88c2bf3b54a0faf8a77daf9b8827c101db9be95
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Jan 8 16:11:15 2019 +0100

    s4:libcli/smb2: calculate the correct credit charge in smb2_getinfo_send()
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13863
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit ee2574ae5675ef0ea9b14c13677acf6c003497e0
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Jan 8 16:09:46 2019 +0100

    s4:libcli/smb2: fix smb2_getinfo_send() marshalling
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13863
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 829f692fb1552e56c6a9726036a995b4328731dd
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Jan 16 12:24:04 2019 +0100

    smb2_server: grant all 8192 credits to clients
    
    This seems to match Windows Server 2016.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13863
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 4d6cd932a955a99ca33cc4aedd7f612e56e0b1de
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Jul 31 12:29:29 2018 +0200

    vfs_default: fix vfswrap_offload_write_send() NT_STATUS_INVALID_VIEW_SIZE check
    
    This fixes a regression introduced in commit
    60e45a2d25401eaf9a15a86d19114670ccfde259, where the 'num' variable
    was renamed to 'to_copy', but a new 'num' variable was introduced.
    
    Note that off_t is signed!
    In future we need to watch out for filesystems supporting
    FMODE_UNSIGNED_OFFSET on Linux. Which means they use it unsigned.
    
    This is more or less a theoretical problem, The
    NT_STATUS_INVALID_PARAMETER cases are catched before by
    SMB_VFS_PREAD_SEND/RECV.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13862
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 2abf9e9a95cbdf76109b3501dee3e0c34ad09194
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Mar 27 12:43:32 2019 +0100

    vfs_default: fix DEBUG messages in vfswrap_offload_write_*_done()
    
    SMB_VFS_{PREAD,PWRITE}_RECV() don't set errno, so we need to
    use strerror(aio_state.error) in the debug messages.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13862
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 1dc002548336b969979c3bf85b531c059d87f015
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Feb 12 08:27:43 2019 +0100

    smb2_tcon: avoid STATUS_PENDING completely on tdis
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=10344
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13698
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit d64038425f250e253dce707d69899c7a5d8cb32e
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Feb 12 08:27:43 2019 +0100

    smb2_sesssetup: avoid STATUS_PENDING completely on session logoff
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=10344
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13698
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 8a11da429bd3c89766f43c2bff681837a769987c
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Jan 24 09:10:11 2019 +0100

    smb2_tcon: avoid STATUS_PENDING responses for tree connect
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12844
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13698
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 23792449694b5221f6ea422166c96fac494e3e2c
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Jan 24 09:10:11 2019 +0100

    smb2_sesssetup: avoid STATUS_PENDING responses for session setup
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12845
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13698
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13796
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 4760b85243f335bb2094fc779802ce4b52db0ccb
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Feb 12 08:08:38 2019 +0100

    smb2_server: allow smbd_smb2_request_pending_queue(0) to avoid STATUS_PENDING
    
    This has the same meaning as smb2_request_set_async_internal(),
    but this will simplifies callers.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13698
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13796
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 827dd0145b78dcd01189f0608938b6a5d6f6fe12
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Jul 31 12:29:29 2018 +0200

    smb2_ioctl_network_fs: remove unused fsctl_srv_copychunk_state->aapl_copyfile
    
    This is not used since commit 74e018f476608429caa1c3594102485ccc17afce.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 1d9348575914891dbb5638bc9b8d51eda98fe554
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Oct 9 12:06:29 2017 +0200

    s3:smbd: handle IO_REPARSE_TAG_DFS in SMB_FIND_FILE_FULL_DIRECTORY_INFO
    
    This completes commit 74829fecd7a4e806ee441cd75141bede2eefef1a,
    which missed SMB_FIND_FILE_FULL_DIRECTORY_INFO
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=10097
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 4c6156eddd1ce38ef7c23b0eab300da9badf3f4e
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Nov 28 08:16:03 2017 +0100

    s3:smbd: fix SAFE_FREE() vs. TALLOC_FREE() in list_sessions()
    
    It's very unlikely that sessionid_traverse_read() fails,
    but we should not segfault.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 7dbd8e441f74e839cfbf32ed3ac61958195761d3
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Oct 5 15:59:23 2017 +0200

    s3:smb2_write: add missing initialization of state->in_offset
    
    This is just used in DEBUG messages, but still confusing.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>

commit 6171a7fffd3268990c28d61cd48f2aacef428573
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sun Feb 17 22:45:32 2013 +0100

    s4:torture/smb2: test_notify_tcp_dis trigger idle event every 0.25s
    
    This is 1000 times longer than before and is less likely to
    change the timing behavior when running under valgrind.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>

commit 7a091aa982a662f804dc41fccbeda501f370347a
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sun Feb 17 22:43:49 2013 +0100

    s4:torture/raw: test_notify_tcp_dis trigger idle event every 0.25s
    
    This is 1000 times longer than before and is less likely to
    change the timing behavior when running under valgrind.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 8dea0718f20f41031bc09851f07b09dcacf437c3
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sun Feb 17 22:41:00 2013 +0100

    s4:libcli/smb2: don't schedule idle handlers on a dead connection
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit c2761b00570b0b1753dd226859a8534db1221c7c
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sun Feb 17 22:39:40 2013 +0100

    s4:libcli/raw: don't schedule idle handlers on a dead connection
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 selftest/knownfail                   |  4 ---
 source3/modules/vfs_default.c        | 47 +++++++++++++++++++++++++++++------
 source3/smbd/notify.c                | 11 +++++++--
 source3/smbd/nttrans.c               |  6 +++--
 source3/smbd/proto.h                 |  4 ++-
 source3/smbd/session.c               |  4 +--
 source3/smbd/smb2_ioctl_network_fs.c |  1 -
 source3/smbd/smb2_notify.c           |  1 +
 source3/smbd/smb2_server.c           | 19 +++++++++-----
 source3/smbd/smb2_sesssetup.c        | 17 ++++++++++---
 source3/smbd/smb2_tcon.c             | 12 ++++++---
 source3/smbd/smb2_write.c            |  1 +
 source3/smbd/trans2.c                |  6 +++--
 source4/libcli/raw/clitransport.c    | 17 +++++++++++++
 source4/libcli/raw/interfaces.h      | 15 +++++------
 source4/libcli/smb2/getinfo.c        | 25 +++++++++++++++----
 source4/libcli/smb2/ioctl.c          | 21 ++++++++++++----
 source4/libcli/smb2/notify.c         |  2 ++
 source4/libcli/smb2/smb2_calls.h     |  8 +++---
 source4/libcli/smb2/transport.c      | 17 +++++++++++++
 source4/ntvfs/ipc/vfs_ipc.c          |  8 +++---
 source4/smb_server/smb2/fileinfo.c   |  2 +-
 source4/smb_server/smb2/fileio.c     | 15 +++++------
 source4/torture/raw/notify.c         |  2 +-
 source4/torture/rpc/fsrvp.c          |  4 +--
 source4/torture/smb2/compound.c      |  8 +++---
 source4/torture/smb2/ioctl.c         | 48 ++++++++++++++++++------------------
 source4/torture/smb2/lock.c          |  2 +-
 source4/torture/smb2/notify.c        | 20 +++++++--------
 source4/torture/smb2/replay.c        |  4 +--
 source4/torture/smb2/session.c       |  2 +-
 source4/torture/smb2/util.c          | 34 +++++++++++++++++++++++++
 source4/torture/smbtorture.c         |  2 --
 source4/torture/smbtorture.h         |  8 ------
 source4/torture/vfs/fruit.c          |  4 +--
 35 files changed, 275 insertions(+), 126 deletions(-)


Changeset truncated at 500 lines:

diff --git a/selftest/knownfail b/selftest/knownfail
index fad4daf6c86..c588f2f5c6b 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -169,7 +169,6 @@
 ^samba3.smb2.create.gentest
 ^samba3.smb2.create.blob
 ^samba3.smb2.create.open
-^samba3.smb2.notify.valid-req
 ^samba3.smb2.notify.rec
 ^samba3.smb2.durable-open.delete_on_close2
 ^samba3.smb2.durable-v2-open.app-instance
@@ -342,9 +341,6 @@
 ^samba.tests.dcerpc.dnsserver.python2.samba.tests.dcerpc.dnsserver.DnsserverTests.test_add_duplicate_different_type.*
 ^samba.tests.dcerpc.dnsserver.python2.samba.tests.dcerpc.dnsserver.DnsserverTests.test_rank_none.*
 ^samba.tests.dcerpc.dnsserver.python2.samba.tests.dcerpc.dnsserver.DnsserverTests.test_security_descriptor.*
-^samba3.smb2.credits.session_setup_credits_granted.*
-^samba3.smb2.credits.single_req_credits_granted.*
-^samba3.smb2.credits.skipped_mid.*
 ^samba4.blackbox.dbcheck-links.release-4-5-0-pre1.dbcheck_dangling_multi_valued_clean
 ^samba4.blackbox.dbcheck-links.release-4-5-0-pre1.dangling_multi_valued_check_missing
 #
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index bed581e96d1..47722d53cec 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -1802,6 +1802,8 @@ static struct tevent_req *vfswrap_offload_write_send(
 {
 	struct tevent_req *req;
 	struct vfswrap_offload_write_state *state = NULL;
+	/* off_t is signed! */
+	off_t max_offset = INT64_MAX - to_copy;
 	size_t num = MIN(to_copy, COPYCHUNK_MAX_TOTAL_LEN);
 	files_struct *src_fsp = NULL;
 	NTSTATUS status;
@@ -1853,6 +1855,35 @@ static struct tevent_req *vfswrap_offload_write_send(
 		return tevent_req_post(req, ev);
 	}
 
+	if (state->src_off > max_offset) {
+		/*
+		 * Protect integer checks below.
+		 */
+		tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+		return tevent_req_post(req, ev);
+	}
+	if (state->src_off < 0) {
+		/*
+		 * Protect integer checks below.
+		 */
+		tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+		return tevent_req_post(req, ev);
+	}
+	if (state->dst_off > max_offset) {
+		/*
+		 * Protect integer checks below.
+		 */
+		tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+		return tevent_req_post(req, ev);
+	}
+	if (state->dst_off < 0) {
+		/*
+		 * Protect integer checks below.
+		 */
+		tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+		return tevent_req_post(req, ev);
+	}
+
 	status = vfs_offload_token_db_fetch_fsp(vfswrap_offload_ctx,
 						token, &src_fsp);
 	if (tevent_req_nterror(req, status)) {
@@ -1876,17 +1907,12 @@ static struct tevent_req *vfswrap_offload_write_send(
 	state->src_ev = src_fsp->conn->sconn->ev_ctx;
 	state->src_fsp = src_fsp;
 
-	state->buf = talloc_array(state, uint8_t, num);
-	if (tevent_req_nomem(state->buf, req)) {
-		return tevent_req_post(req, ev);
-	}
-
 	status = vfs_stat_fsp(src_fsp);
 	if (tevent_req_nterror(req, status)) {
 		return tevent_req_post(req, ev);
 	}
 
-	if (src_fsp->fsp_name->st.st_ex_size < state->src_off + num) {
+	if (src_fsp->fsp_name->st.st_ex_size < state->src_off + to_copy) {
 		/*
 		 * [MS-SMB2] 3.3.5.15.6 Handling a Server-Side Data Copy Request
 		 *   If the SourceOffset or SourceOffset + Length extends beyond
@@ -1900,6 +1926,11 @@ static struct tevent_req *vfswrap_offload_write_send(
 		return tevent_req_post(req, ev);
 	}
 
+	state->buf = talloc_array(state, uint8_t, num);
+	if (tevent_req_nomem(state->buf, req)) {
+		return tevent_req_post(req, ev);
+	}
+
 	status = vfswrap_offload_write_loop(req);
 	if (!NT_STATUS_IS_OK(status)) {
 		tevent_req_nterror(req, status);
@@ -1969,7 +2000,7 @@ static void vfswrap_offload_write_read_done(struct tevent_req *subreq)
 	nread = SMB_VFS_PREAD_RECV(subreq, &aio_state);
 	TALLOC_FREE(subreq);
 	if (nread == -1) {
-		DBG_ERR("read failed: %s\n", strerror(errno));
+		DBG_ERR("read failed: %s\n", strerror(aio_state.error));
 		tevent_req_nterror(req, map_nt_error_from_unix(aio_state.error));
 		return;
 	}
@@ -2030,7 +2061,7 @@ static void vfswrap_offload_write_write_done(struct tevent_req *subreq)
 	nwritten = SMB_VFS_PWRITE_RECV(subreq, &aio_state);
 	TALLOC_FREE(subreq);
 	if (nwritten == -1) {
-		DBG_ERR("write failed: %s\n", strerror(errno));
+		DBG_ERR("write failed: %s\n", strerror(aio_state.error));
 		tevent_req_nterror(req, map_nt_error_from_unix(aio_state.error));
 		return;
 	}
diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c
index 44c0b09432e..bf3fff7b97d 100644
--- a/source3/smbd/notify.c
+++ b/source3/smbd/notify.c
@@ -43,6 +43,8 @@ struct notify_change_buf {
 	 * we only append.
 	 */
 
+	uint32_t max_buffer_size;
+
 	/*
 	 * num_changes == -1 means that we have got a catch-all change, when
 	 * asked we just return NT_STATUS_OK without specific changes.
@@ -224,11 +226,13 @@ void change_notify_reply(struct smb_request *req,
 		return;
 	}
 
-	if (max_param == 0 || notify_buf == NULL) {
+	if (notify_buf == NULL) {
 		reply_fn(req, NT_STATUS_OK, NULL, 0);
 		return;
 	}
 
+	max_param = MIN(max_param, notify_buf->max_buffer_size);
+
 	if (!notify_marshall_changes(notify_buf->num_changes, max_param,
 					notify_buf->changes, &blob)) {
 		/*
@@ -276,7 +280,9 @@ void notify_callback(struct smbd_server_connection *sconn,
 	files_forall(sconn, notify_fsp_cb, &state);
 }
 
-NTSTATUS change_notify_create(struct files_struct *fsp, uint32_t filter,
+NTSTATUS change_notify_create(struct files_struct *fsp,
+			      uint32_t max_buffer_size,
+			      uint32_t filter,
 			      bool recursive)
 {
 	size_t len = fsp_fullbasepath(fsp, NULL, 0);
@@ -295,6 +301,7 @@ NTSTATUS change_notify_create(struct files_struct *fsp, uint32_t filter,
 	}
 	fsp->notify->filter = filter;
 	fsp->notify->subdir_filter = recursive ? filter : 0;
+	fsp->notify->max_buffer_size = max_buffer_size;
 
 	fsp_fullbasepath(fsp, fullpath, sizeof(fullpath));
 
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 7ebd802109f..8bb121a1351 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1806,8 +1806,10 @@ static void call_nt_transact_notify_change(connection_struct *conn,
 
 	if (fsp->notify == NULL) {
 
-		status = change_notify_create(fsp, filter, recursive);
-
+		status = change_notify_create(fsp,
+					      max_param_count,
+					      filter,
+					      recursive);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(10, ("change_notify_create returned %s\n",
 				   nt_errstr(status)));
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index 3662a925dd6..fdb0ffabf75 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -542,7 +542,9 @@ void change_notify_reply(struct smb_request *req,
 void notify_callback(struct smbd_server_connection *sconn,
 		     void *private_data, struct timespec when,
 		     const struct notify_event *e);
-NTSTATUS change_notify_create(struct files_struct *fsp, uint32_t filter,
+NTSTATUS change_notify_create(struct files_struct *fsp,
+			      uint32_t max_buffer_size,
+			      uint32_t filter,
 			      bool recursive);
 NTSTATUS change_notify_add_request(struct smb_request *req,
 				uint32_t max_param,
diff --git a/source3/smbd/session.c b/source3/smbd/session.c
index 8b4c6609304..abc799105f0 100644
--- a/source3/smbd/session.c
+++ b/source3/smbd/session.c
@@ -179,8 +179,8 @@ int list_sessions(TALLOC_CTX *mem_ctx, struct sessionid **session_list)
 
 	status = sessionid_traverse_read(gather_sessioninfo, (void *) &sesslist);
 	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(3, ("Session traverse failed\n"));
-		SAFE_FREE(sesslist.sessions);
+		DBG_ERR("Session traverse failed: %s\n", nt_errstr(status));
+		TALLOC_FREE(sesslist.sessions);
 		*session_list = NULL;
 		return 0;
 	}
diff --git a/source3/smbd/smb2_ioctl_network_fs.c b/source3/smbd/smb2_ioctl_network_fs.c
index c0d175609ec..8154fa3f92e 100644
--- a/source3/smbd/smb2_ioctl_network_fs.c
+++ b/source3/smbd/smb2_ioctl_network_fs.c
@@ -94,7 +94,6 @@ struct fsctl_srv_copychunk_state {
 		COPYCHUNK_OUT_LIMITS,
 		COPYCHUNK_OUT_RSP,
 	} out_data;
-	bool aapl_copyfile;
 };
 static void fsctl_srv_copychunk_vfs_done(struct tevent_req *subreq);
 
diff --git a/source3/smbd/smb2_notify.c b/source3/smbd/smb2_notify.c
index 24241562556..68429b7b766 100644
--- a/source3/smbd/smb2_notify.c
+++ b/source3/smbd/smb2_notify.c
@@ -263,6 +263,7 @@ static struct tevent_req *smbd_smb2_notify_send(TALLOC_CTX *mem_ctx,
 	if (fsp->notify == NULL) {
 
 		status = change_notify_create(fsp,
+					      in_output_buffer_length,
 					      in_completion_filter,
 					      recursive);
 		if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 1e9ed331aa6..956c5f0ca09 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -829,8 +829,11 @@ static void smb2_set_operation_credit(struct smbXsrv_connection *xconn,
 	 *       of requests and the used sequence number.
 	 *       Which means we would grant more credits
 	 *       for client which use multi credit requests.
+	 *
+	 * The above is what Windows Server < 2016 is doing,
+	 * but new servers use all credits (8192 by default).
 	 */
-	current_max_credits = xconn->smb2.credits.max / 16;
+	current_max_credits = xconn->smb2.credits.max;
 	current_max_credits = MAX(current_max_credits, 1);
 
 	if (xconn->smb2.credits.multicredit) {
@@ -875,15 +878,19 @@ static void smb2_set_operation_credit(struct smbXsrv_connection *xconn,
 			 * with a successful session setup
 			 */
 			if (NT_STATUS_IS_OK(out_status)) {
-				additional_max = 32;
+				additional_max = xconn->smb2.credits.max;
 			}
 			break;
 		default:
 			/*
-			 * We match windows and only grant additional credits
-			 * in chunks of 32.
+			 * Windows Server < 2016 and older Samba versions
+			 * used to only grant additional credits in
+			 * chunks of 32 credits.
+			 *
+			 * But we match Windows Server 2016 and grant
+			 * all credits as requested.
 			 */
-			additional_max = 32;
+			additional_max = xconn->smb2.credits.max;
 			break;
 		}
 
@@ -1391,7 +1398,7 @@ NTSTATUS smbd_smb2_request_pending_queue(struct smbd_smb2_request *req,
 		return NT_STATUS_OK;
 	}
 
-	if (req->async_internal) {
+	if (req->async_internal || defer_time == 0) {
 		/*
 		 * An SMB2 request implementation wants to handle the request
 		 * asynchronously "internally" while keeping synchronous
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index d34951a4eef..9591a8823dd 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -107,7 +107,16 @@ NTSTATUS smbd_smb2_request_process_sesssetup(struct smbd_smb2_request *smb2req)
 	}
 	tevent_req_set_callback(subreq, smbd_smb2_request_sesssetup_done, smb2req);
 
-	return smbd_smb2_request_pending_queue(smb2req, subreq, 500);
+	/*
+	 * Avoid sending a STATUS_PENDING message, which
+	 * matches a Windows Server and avoids problems with
+	 * MacOS clients.
+	 *
+	 * Even after 90 seconds a Windows Server doesn't return
+	 * STATUS_PENDING if using NTLMSSP against a non reachable
+	 * trusted domain.
+	 */
+	return smbd_smb2_request_pending_queue(smb2req, subreq, 0);
 }
 
 static void smbd_smb2_request_sesssetup_done(struct tevent_req *subreq)
@@ -1250,10 +1259,10 @@ NTSTATUS smbd_smb2_request_process_logoff(struct smbd_smb2_request *req)
 	tevent_req_set_callback(subreq, smbd_smb2_request_logoff_done, req);
 
 	/*
-	 * Wait a long time before going async on this to allow
-	 * requests we're waiting on to finish. Set timeout to 10 secs.
+	 * Avoid sending a STATUS_PENDING message, it's very likely
+	 * the client won't expect that.
 	 */
-	return smbd_smb2_request_pending_queue(req, subreq, 10000000);
+	return smbd_smb2_request_pending_queue(req, subreq, 0);
 }
 
 static void smbd_smb2_request_logoff_done(struct tevent_req *subreq)
diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c
index ebd31602efc..c2a5cbc39aa 100644
--- a/source3/smbd/smb2_tcon.c
+++ b/source3/smbd/smb2_tcon.c
@@ -102,7 +102,11 @@ NTSTATUS smbd_smb2_request_process_tcon(struct smbd_smb2_request *req)
 	}
 	tevent_req_set_callback(subreq, smbd_smb2_request_tcon_done, req);
 
-	return smbd_smb2_request_pending_queue(req, subreq, 500);
+	/*
+	 * Avoid sending a STATUS_PENDING message, it's very likely
+	 * the client won't expect that.
+	 */
+	return smbd_smb2_request_pending_queue(req, subreq, 0);
 }
 
 static void smbd_smb2_request_tcon_done(struct tevent_req *subreq)
@@ -498,10 +502,10 @@ NTSTATUS smbd_smb2_request_process_tdis(struct smbd_smb2_request *req)
 	tevent_req_set_callback(subreq, smbd_smb2_request_tdis_done, req);
 
 	/*
-	 * Wait a long time before going async on this to allow
-	 * requests we're waiting on to finish. Set timeout to 10 secs.
+	 * Avoid sending a STATUS_PENDING message, it's very likely
+	 * the client won't expect that.
 	 */
-	return smbd_smb2_request_pending_queue(req, subreq, 10000000);
+	return smbd_smb2_request_pending_queue(req, subreq, 0);
 }
 
 static void smbd_smb2_request_tdis_done(struct tevent_req *subreq)
diff --git a/source3/smbd/smb2_write.c b/source3/smbd/smb2_write.c
index ee95bd317ae..e49e623d796 100644
--- a/source3/smbd/smb2_write.c
+++ b/source3/smbd/smb2_write.c
@@ -287,6 +287,7 @@ static struct tevent_req *smbd_smb2_write_send(TALLOC_CTX *mem_ctx,
 		state->write_through = true;
 	}
 	state->in_length = in_data.length;
+	state->in_offset = in_offset;
 	state->out_count = 0;
 
 	DEBUG(10,("smbd_smb2_write: %s - %s\n",
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index dd5973b089b..017ad068877 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -2109,12 +2109,14 @@ static NTSTATUS smbd_marshall_dir_entry(TALLOC_CTX *ctx,
 		SOFF_T(p,0,allocation_size); p += 8;
 		SIVAL(p,0,mode); p += 4;
 		q = p; p += 4; /* q is placeholder for name length. */
-		{
+		if (mode & FILE_ATTRIBUTE_REPARSE_POINT) {
+			SIVAL(p, 0, IO_REPARSE_TAG_DFS);
+		} else {
 			unsigned int ea_size = estimate_ea_size(conn, NULL,
 								smb_fname);
 			SIVAL(p,0,ea_size); /* Extended attributes */
-			p +=4;
 		}
+		p +=4;
 		status = srvstr_push(base_data, flags2, p,
 				  fname, PTR_DIFF(end_data, p),
 				  STR_TERMINATE_ASCII, &len);
diff --git a/source4/libcli/raw/clitransport.c b/source4/libcli/raw/clitransport.c
index 47b8dbf3ae7..26e9dee401d 100644
--- a/source4/libcli/raw/clitransport.c
+++ b/source4/libcli/raw/clitransport.c
@@ -181,6 +181,14 @@ static void idle_handler(struct tevent_context *ev,
 
 	transport->idle.func(transport, transport->idle.private_data);
 
+	if (transport->idle.func == NULL) {
+		return;
+	}
+
+	if (!smbXcli_conn_is_connected(transport->conn)) {
+		return;
+	}
+
 	next = timeval_current_ofs_usec(transport->idle.period);
 
 	transport->idle.te = tevent_add_timer(transport->ev,
@@ -200,6 +208,15 @@ _PUBLIC_ void smbcli_transport_idle_handler(struct smbcli_transport *transport,
 				   void *private_data)
 {
 	TALLOC_FREE(transport->idle.te);
+	ZERO_STRUCT(transport->idle);
+
+	if (idle_func == NULL) {
+		return;
+	}
+
+	if (!smbXcli_conn_is_connected(transport->conn)) {
+		return;
+	}
 
 	transport->idle.func = idle_func;
 	transport->idle.private_data = private_data;
diff --git a/source4/libcli/raw/interfaces.h b/source4/libcli/raw/interfaces.h
index 43a53f834df..d44c451f650 100644
--- a/source4/libcli/raw/interfaces.h
+++ b/source4/libcli/raw/interfaces.h
@@ -2291,16 +2291,17 @@ union smb_ioctl {
 
 			/* static body buffer 56 (0x38) bytes */
 			/* uint16_t buffer_code;  0x39 = 0x38 + 1 */
-			uint16_t _pad;
+			uint16_t reserved;
 			uint32_t function;
 			/*struct smb2_handle handle;*/
 			/* uint32_t out_ofs; */
 			/* uint32_t out_size; */
-			uint32_t unknown2;
+			uint32_t max_input_response;
 			/* uint32_t in_ofs; */
 			/* uint32_t in_size; */
-			uint32_t max_response_size;
-			uint64_t flags;
+			uint32_t max_output_response;
+			uint32_t flags;
+			uint32_t reserved2;
 
 			/* dynamic body */
 			DATA_BLOB out;
@@ -2311,15 +2312,15 @@ union smb_ioctl {
 
 			/* static body buffer 48 (0x30) bytes */
 			/* uint16_t buffer_code;  0x31 = 0x30 + 1 */
-			uint16_t _pad;
+			uint16_t reserved;
 			uint32_t function;
 			/* struct smb2_handle handle; */
 			/* uint32_t in_ofs; */
 			/* uint32_t in_size; */
 			/* uint32_t out_ofs; */
 			/* uint32_t out_size; */
-			uint32_t unknown2;
-			uint32_t unknown3;
+			uint32_t flags;
+			uint32_t reserved2;
 
 			/* dynamic body */
 			DATA_BLOB in;
diff --git a/source4/libcli/smb2/getinfo.c b/source4/libcli/smb2/getinfo.c
index 14d911683e7..7a8fd44a855 100644
--- a/source4/libcli/smb2/getinfo.c
+++ b/source4/libcli/smb2/getinfo.c
@@ -32,26 +32,41 @@ struct smb2_request *smb2_getinfo_send(struct smb2_tree *tree, struct smb2_getin
 {
 	struct smb2_request *req;
 	NTSTATUS status;
+	size_t max_payload;
 
 	req = smb2_request_init_tree(tree, SMB2_OP_GETINFO, 0x28, true, 
-				     io->in.blob.length);
+				     io->in.input_buffer.length);
 	if (req == NULL) return NULL;
 
 	SCVAL(req->out.body, 0x02, io->in.info_type);
 	SCVAL(req->out.body, 0x03, io->in.info_class);
 	SIVAL(req->out.body, 0x04, io->in.output_buffer_length);
-	SIVAL(req->out.body, 0x0C, io->in.reserved);
-	SIVAL(req->out.body, 0x08, io->in.input_buffer_length);
+	/*
+	 * uint16_t input_buffer_offset
+	 * uint16_t reserved
+	 * uint32_t input_buffer_length
+	 *
+	 * We use smb2_push_o32s32_blob() which would
+	 * expect uint32_t offset, uint32_t length.
+	 *
+	 * Everything is little endian, we can just
+	 * overwrite the reserved field later.
+	 */
 	SIVAL(req->out.body, 0x10, io->in.additional_information);


-- 
Samba Shared Repository



More information about the samba-cvs mailing list