[SCM] Samba Shared Repository - branch v4-12-test updated

Karolin Seeger kseeger at samba.org
Wed Mar 18 12:27:03 UTC 2020


The branch, v4-12-test has been updated
       via  f50790c1be7 nmblib: avoid undefined behaviour in handle_name_ptrs()
       via  8b86109e5de vfs_recycle: prevent flooding the log if we're called on non-existant paths
       via  1d226313e03 librpc: fix IDL for svcctl_ChangeServiceConfigW
       via  ea4603fd5e5 s4-torture: add ndr svcctl testsuite
       via  ea15a4bd189 s4-torture: add rpc test for ChangeServiceConfigW
       via  b0f590055c1 VFS: default: add support for FILE_ATTRIBUTE_OFFLINE to async dosmode
       via  34f3476d560 VFS: default: use correct type for pathlen in vfswrap_getxattrat_do_sync()
       via  cfaca1c0b7a VFS: default: avoid a crash in vfswrap_getxattrat_do_sync()
       via  69e66865203 VFS: default: remove unused arg from vfswrap_is_offline()
       via  8f4e8be8554 VFS: default: let vfswrap_is_offline() take conn, not handle
       via  e98dcaa16d0 smbd: ignore set NTACL requests which contain S-1-5-88 NFS ACEs
       via  b8ef341f6b5 vfs_fruit: tmsize prevent overflow Force the type during arithmetic in order to prevent overflow when summing the Time Machine folder size. Increase the precision to off_t (used for file sizes), leave the overflow error traps but with more precise wording.
      from  fdc2f7d218a VERSION: Bump version up to 4.12.1...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test


- Log -----------------------------------------------------------------
commit f50790c1be70af62cb2d0231cc05bdf59344b4c1
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date:   Sun Jan 19 15:08:58 2020 +1300

    nmblib: avoid undefined behaviour in handle_name_ptrs()
    
    If *offset is length - 1, we would read ubuf[(*offset)+1] as the lower
    bits of the new *offset. This value is undefined, but because it is
    checked against the valid range, there is no way to read further
    beyond that one byte.
    
    Credit to oss-fuzz.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14242
    OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20193
    
    Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Fri Feb  7 10:19:39 UTC 2020 on sn-devel-184
    
    (cherry picked from commit 3bc7acc62646b105b03fd3c65e9170a373f95392)
    
    Autobuild-User(v4-12-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-12-test): Wed Mar 18 12:26:06 UTC 2020 on sn-devel-184

commit 8b86109e5deca6b19883828ff02b4cf19e751641
Author: Ralph Boehme <slow at samba.org>
Date:   Fri Mar 6 12:22:25 2020 +0100

    vfs_recycle: prevent flooding the log if we're called on non-existant paths
    
    vfs_recycle is assuming that any path passed to unlink must exist, otherwise it
    logs this error. Turn this into a DEBUG level message.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14316
    See also: https://bugzilla.redhat.com/show_bug.cgi?id=1780802
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Isaac Boukris <iboukris at samba.org>
    
    Autobuild-User(master): Isaac Boukris <iboukris at samba.org>
    Autobuild-Date(master): Mon Mar  9 14:15:06 UTC 2020 on sn-devel-184

commit 1d226313e0393e7d1e712c990fe2e1d4db26fe71
Author: Günther Deschner <gd at samba.org>
Date:   Wed Mar 4 15:23:43 2020 +0100

    librpc: fix IDL for svcctl_ChangeServiceConfigW
    
    Found while trying to run winexe against Windows Server 2019.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14313
    
    Guenther
    
    Signed-off-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    (cherry picked from commit ebda529b59105e9b70cc74377fe4d54cc16b4f37)

commit ea4603fd5e58d589034772b173a3a518133faa69
Author: Günther Deschner <gd at samba.org>
Date:   Thu Mar 5 20:42:21 2020 +0100

    s4-torture: add ndr svcctl testsuite
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14313
    
    Guenther
    
    Signed-off-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    (cherry picked from commit c3fa0b2df9fc53dddcc3160b6a3dc751bbb389a4)

commit ea15a4bd1896e5ef1e07738bd46387d9f9bfcdbe
Author: Günther Deschner <gd at samba.org>
Date:   Thu Mar 5 22:45:48 2020 +0100

    s4-torture: add rpc test for ChangeServiceConfigW
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14313
    
    Guenther
    
    Signed-off-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    (cherry picked from commit 0825324bc75d2ab10164a1f137be782d84c822b8)

commit b0f590055c1642686145154203207b942988608b
Author: Ralph Boehme <slow at samba.org>
Date:   Mon Feb 24 15:03:56 2020 +0100

    VFS: default: add support for FILE_ATTRIBUTE_OFFLINE to async dosmode
    
    This had been missing in the initial async dosmode implementation. It's the
    responsibility of the sync and async dosmode functions to call
    vfswrap_is_offline() since the offline functionality has been converted from a
    first class VFS function to be a part of the DOS attributes VFS functions.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14293
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit a23f8d913fa8d77bab394aea9a8e7df2704e8b19)

commit 34f3476d560b743f800bda69338e0c876846e680
Author: Ralph Boehme <slow at samba.org>
Date:   Mon Feb 24 14:30:37 2020 +0100

    VFS: default: use correct type for pathlen in vfswrap_getxattrat_do_sync()
    
    full_path_tos() returns a ssize_t.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14293
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit ace296b97642d9160ea66db89dcd0f24a21dba4e)

commit cfaca1c0b7a7f7d7e0b688b21846a9a9d1968cd8
Author: Ralph Boehme <slow at samba.org>
Date:   Mon Feb 24 14:29:01 2020 +0100

    VFS: default: avoid a crash in vfswrap_getxattrat_do_sync()
    
    Must use tevent_req_data() to get our tevent_req state, talloc_get_type_abort()
    will just crash as struct tevent_req != struct vfswrap_getxattrat_state.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14293
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit cbca811212a930b94f9917e5a82b6a95ab085e91)

commit 69e66865203ac1b6dc7fe2eb109f0ee7b5745fc9
Author: Ralph Boehme <slow at samba.org>
Date:   Mon Feb 24 14:28:19 2020 +0100

    VFS: default: remove unused arg from vfswrap_is_offline()
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14293
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 99873724cd493366c9957fd9fe230d52a6f02691)

commit 8f4e8be85547427cf6a3969d1738d1ed68ee195e
Author: Ralph Boehme <slow at samba.org>
Date:   Mon Feb 24 14:24:12 2020 +0100

    VFS: default: let vfswrap_is_offline() take conn, not handle
    
    vfswrap_is_offline() has been converted to a "helper" function some time ago, it
    had been a VFS interface function before. To make this change more obvious let
    it take a struct connection_struct instead of a struct vfs_handle_struct which
    is the canonical first parameter to VFS functions.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14293
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit d4c69d82bdc0fa029609032a9d32f32fa1708beb)

commit e98dcaa16d0943e44fad96868777f08dde023be1
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Feb 27 17:01:10 2020 +0100

    smbd: ignore set NTACL requests which contain S-1-5-88 NFS ACEs
    
    We apply the same "ignore" logic already in the POSIX ACL code and in the
    vfs_acl_xattr|tdb VFS modules to smb_set_nt_acl_nfs4() in the nfs4_acl helper
    subsystem which is common to a bunch of VFS modules: GPFS, ZFS, NFS4_xattr and
    aixacl2.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14307
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Tue Mar  3 19:15:10 UTC 2020 on sn-devel-184
    
    (cherry picked from commit f89c7ad851681c0e0ab39a1bedb3eeb672516fbb)

commit b8ef341f6b537ce23262ca191f4f55a6508a0854
Author: Art M. Gallagher <repos at artmg.net>
Date:   Tue Mar 3 21:51:46 2020 +0000

    vfs_fruit: tmsize prevent overflow Force the type during arithmetic in order to prevent overflow when summing the Time Machine folder size. Increase the precision to off_t (used for file sizes), leave the overflow error traps but with more precise wording.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13622
    Signed-off-by: Art M. Gallagher <smblock at artmg.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Sat Mar  7 01:37:31 UTC 2020 on sn-devel-184
    
    (cherry picked from commit b0ba7cd4f96a6ea227943cb05ef51a463e292b2d)

-----------------------------------------------------------------------

Summary of changes:
 examples/winexe/winexe.c      |  2 +
 librpc/idl/svcctl.idl         | 25 +++++++++---
 selftest/knownfail            |  3 ++
 source3/libsmb/nmblib.c       |  3 ++
 source3/modules/nfs4_acls.c   |  4 ++
 source3/modules/vfs_default.c | 49 ++++++++++++++++++------
 source3/modules/vfs_fruit.c   | 12 ++++--
 source3/modules/vfs_recycle.c |  4 +-
 source4/torture/ndr/ndr.c     |  1 +
 source4/torture/ndr/svcctl.c  | 88 +++++++++++++++++++++++++++++++++++++++++++
 source4/torture/rpc/svcctl.c  | 81 ++++++++++++++++++++++++++++++++++++++-
 source4/torture/wscript_build |  1 +
 12 files changed, 250 insertions(+), 23 deletions(-)
 create mode 100644 source4/torture/ndr/svcctl.c


Changeset truncated at 500 lines:

diff --git a/examples/winexe/winexe.c b/examples/winexe/winexe.c
index 22f748b1d45..fc6b15f8e52 100644
--- a/examples/winexe/winexe.c
+++ b/examples/winexe/winexe.c
@@ -625,8 +625,10 @@ static NTSTATUS winexe_svc_install(
 			NULL,	    /* load_order_group */
 			NULL,	    /* tag_id */
 			NULL,	    /* dependencies */
+			0,	    /* dwDependSize */
 			NULL,	    /* service_start_name */
 			NULL,	    /* password */
+			0,	    /* dwPwSize */
 			NULL,	    /* display_name */
 			&werr);
 
diff --git a/librpc/idl/svcctl.idl b/librpc/idl/svcctl.idl
index 671a1dc47be..a9dd3dec990 100644
--- a/librpc/idl/svcctl.idl
+++ b/librpc/idl/svcctl.idl
@@ -13,6 +13,17 @@ import "misc.idl", "security.idl";
   helpstring("Service Control")
 ] interface svcctl
 {
+	const int MAX_SERVICE_NAME_LENGTH = 256;
+	const short SC_MAX_DEPEND_SIZE = 4 * 1024;
+	const short SC_MAX_NAME_LENGTH = MAX_SERVICE_NAME_LENGTH + 1;
+	const short SC_MAX_PATH_LENGTH = 32 * 1024;
+	const short SC_MAX_PWD_SIZE = 514;
+	const short SC_MAX_COMPUTER_NAME_LENGTH = 1024;
+	const short SC_MAX_ACCOUNT_NAME_LENGTH = 2 * 1024;
+	const short SC_MAX_COMMENT_LENGTH = 128;
+	const short SC_MAX_ARGUMENT_LENGTH = 1024;
+	const short SC_MAX_ARGUMENTS = 1024;
+
 	typedef struct {
 		uint32 is_locked;
 		[string,charset(UTF16)] uint16 *lock_owner;
@@ -188,18 +199,20 @@ import "misc.idl", "security.idl";
 		SVCCTL_DISABLED			= 0x00000004
 	} svcctl_StartType;
 
-	WERROR svcctl_ChangeServiceConfigW(
+	[public] WERROR svcctl_ChangeServiceConfigW(
 		[in,ref] policy_handle *handle,
 		[in] uint32 type,
 		[in] svcctl_StartType start_type,
 		[in] svcctl_ErrorControl error_control,
 		[in,unique] [string,charset(UTF16)] uint16 *binary_path,
 		[in,unique] [string,charset(UTF16)] uint16 *load_order_group,
-		[out,ref] uint32 *tag_id,
-		[in,unique] [string,charset(UTF16)] uint16 *dependencies,
-		[in,unique] [string,charset(UTF16)] uint16 *service_start_name,
-		[in,unique] [string,charset(UTF16)] uint16 *password,
-		[in,unique] [string,charset(UTF16)] uint16 *display_name
+		[in,out,unique] uint32 *tag_id,
+		[in,unique,size_is(dwDependSize)] [string,charset(UTF16)] uint16 *dependencies,
+		[in,range(0, SC_MAX_DEPEND_SIZE)] uint32 dwDependSize,
+		[in,unique,range(0, SC_MAX_ACCOUNT_NAME_LENGTH)] [string,charset(UTF16)] uint16 *service_start_name,
+		[in,unique,size_is(dwPwSize)] [string,charset(UTF16)] uint16 *password,
+		[in,range(0, SC_MAX_PWD_SIZE)] uint32 dwPwSize,
+		[in,unique,range(0, SC_MAX_NAME_LENGTH)] [string,charset(UTF16)] uint16 *display_name
 	);
 
 	/*****************/
diff --git a/selftest/knownfail b/selftest/knownfail
index c9ef0851172..20441c078b4 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -234,6 +234,9 @@
 ^samba3.rpc.eventlog.eventlog.GetNumRecords\(ad_dc\)
 ^samba3.rpc.eventlog.eventlog.OpenEventLog\(ad_dc\)
 ^samba3.rap.basic.netsessiongetinfo\(ad_dc\)
+# not implemented
+^samba3.rpc.svcctl.svcctl.ChangeServiceConfigW\(ad_dc\)
+^samba3.rpc.svcctl.svcctl.ChangeServiceConfigW\(nt4_dc\)
 #
 # This makes less sense when not running against an AD DC
 #
diff --git a/source3/libsmb/nmblib.c b/source3/libsmb/nmblib.c
index 84cbb054b8e..c05fac2bba9 100644
--- a/source3/libsmb/nmblib.c
+++ b/source3/libsmb/nmblib.c
@@ -160,6 +160,9 @@ static bool handle_name_ptrs(unsigned char *ubuf,int *offset,int length,
 		if (!*got_pointer)
 			(*ret) += 2;
 		(*got_pointer)=True;
+		if (*offset > length - 2) {
+			return False;
+		}
 		(*offset) = ((ubuf[*offset] & ~0xC0)<<8) | ubuf[(*offset)+1];
 		if (loop_count++ == 10 ||
 				(*offset) < 0 || (*offset)>(length-2)) {
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index 4d50223c795..7f32e681694 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -996,6 +996,10 @@ NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp,
 				      * refined... */
 	}
 
+	if (security_descriptor_with_ms_nfs(psd)) {
+		return NT_STATUS_OK;
+	}
+
 	if (pparams == NULL) {
 		/* Special behaviours */
 		if (smbacl4_get_vfs_params(fsp->conn, &params)) {
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 37b59d8c3c0..a30f3ba1d31 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -1638,9 +1638,8 @@ static NTSTATUS vfswrap_fsctl(struct vfs_handle_struct *handle,
 	return NT_STATUS_NOT_SUPPORTED;
 }
 
-static bool vfswrap_is_offline(struct vfs_handle_struct *handle,
-			       const struct smb_filename *fname,
-			       SMB_STRUCT_STAT *sbuf);
+static bool vfswrap_is_offline(struct connection_struct *conn,
+			       const struct smb_filename *fname);
 
 static NTSTATUS vfswrap_get_dos_attributes(struct vfs_handle_struct *handle,
 					   struct smb_filename *smb_fname,
@@ -1648,7 +1647,7 @@ static NTSTATUS vfswrap_get_dos_attributes(struct vfs_handle_struct *handle,
 {
 	bool offline;
 
-	offline = vfswrap_is_offline(handle, smb_fname, &smb_fname->st);
+	offline = vfswrap_is_offline(handle->conn, smb_fname);
 	if (offline) {
 		*dosmode |= FILE_ATTRIBUTE_OFFLINE;
 	}
@@ -1720,6 +1719,12 @@ static void vfswrap_get_dos_attributes_getxattr_done(struct tevent_req *subreq)
 		struct vfswrap_get_dos_attributes_state);
 	ssize_t xattr_size;
 	DATA_BLOB blob = {0};
+	char *path = NULL;
+	char *tofree = NULL;
+	char pathbuf[PATH_MAX+1];
+	ssize_t pathlen;
+	struct smb_filename smb_fname;
+	bool offline;
 	NTSTATUS status;
 
 	xattr_size = SMB_VFS_GETXATTRAT_RECV(subreq,
@@ -1768,6 +1773,29 @@ static void vfswrap_get_dos_attributes_getxattr_done(struct tevent_req *subreq)
 		return;
 	}
 
+	pathlen = full_path_tos(state->dir_fsp->fsp_name->base_name,
+				state->smb_fname->base_name,
+				pathbuf,
+				sizeof(pathbuf),
+				&path,
+				&tofree);
+	if (pathlen == -1) {
+		tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
+		return;
+	}
+
+	smb_fname = (struct smb_filename) {
+		.base_name = path,
+		.st = state->smb_fname->st,
+		.flags = state->smb_fname->flags,
+	};
+
+	offline = vfswrap_is_offline(state->conn, &smb_fname);
+	if (offline) {
+		state->dosmode |= FILE_ATTRIBUTE_OFFLINE;
+	}
+	TALLOC_FREE(tofree);
+
 	tevent_req_done(req);
 	return;
 }
@@ -1798,7 +1826,7 @@ static NTSTATUS vfswrap_fget_dos_attributes(struct vfs_handle_struct *handle,
 {
 	bool offline;
 
-	offline = vfswrap_is_offline(handle, fsp->fsp_name, &fsp->fsp_name->st);
+	offline = vfswrap_is_offline(handle->conn, fsp->fsp_name);
 	if (offline) {
 		*dosmode |= FILE_ATTRIBUTE_OFFLINE;
 	}
@@ -3326,12 +3354,12 @@ static struct tevent_req *vfswrap_getxattrat_send(
 
 static void vfswrap_getxattrat_do_sync(struct tevent_req *req)
 {
-	struct vfswrap_getxattrat_state *state = talloc_get_type_abort(
+	struct vfswrap_getxattrat_state *state = tevent_req_data(
 		req, struct vfswrap_getxattrat_state);
 	char *path = NULL;
 	char *tofree = NULL;
 	char pathbuf[PATH_MAX+1];
-	size_t pathlen;
+	ssize_t pathlen;
 	int err;
 
 	pathlen = full_path_tos(state->dir_fsp->fsp_name->base_name,
@@ -3543,9 +3571,8 @@ static bool vfswrap_aio_force(struct vfs_handle_struct *handle, struct files_str
 	return false;
 }
 
-static bool vfswrap_is_offline(struct vfs_handle_struct *handle,
-			       const struct smb_filename *fname,
-			       SMB_STRUCT_STAT *sbuf)
+static bool vfswrap_is_offline(struct connection_struct *conn,
+			       const struct smb_filename *fname)
 {
 	NTSTATUS status;
 	char *path;
@@ -3555,7 +3582,7 @@ static bool vfswrap_is_offline(struct vfs_handle_struct *handle,
 		return false;
 	}
 
-	if (!lp_dmapi_support(SNUM(handle->conn)) || !dmapi_have_session()) {
+	if (!lp_dmapi_support(SNUM(conn)) || !dmapi_have_session()) {
 #if defined(ENOTSUP)
 		errno = ENOTSUP;
 #endif
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index ebf3e18af2f..b2d0901a800 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -4986,15 +4986,21 @@ static bool fruit_tmsize_do_dirent(vfs_handle_struct *handle,
 		return true;
 	}
 
+	/*
+	 * Arithmetic on 32-bit systems may cause overflow, depending on
+	 * size_t precision. First we check its unlikely, then we
+	 * force the precision into target off_t, then we check that
+	 * the total did not overflow either.
+	 */
 	if (bandsize > SIZE_MAX/nbands) {
-		DBG_ERR("tmsize overflow: bandsize [%zu] nbands [%zu]\n",
+		DBG_ERR("tmsize potential overflow: bandsize [%zu] nbands [%zu]\n",
 			bandsize, nbands);
 		return false;
 	}
-	tm_size = bandsize * nbands;
+	tm_size = (off_t)bandsize * (off_t)nbands;
 
 	if (state->total_size + tm_size < state->total_size) {
-		DBG_ERR("tmsize overflow: bandsize [%zu] nbands [%zu]\n",
+		DBG_ERR("tm total size overflow: bandsize [%zu] nbands [%zu]\n",
 			bandsize, nbands);
 		return false;
 	}
diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c
index a1d32bf10cb..ab1e6aa4dcf 100644
--- a/source3/modules/vfs_recycle.c
+++ b/source3/modules/vfs_recycle.c
@@ -236,8 +236,8 @@ static off_t recycle_get_file_size(vfs_handle_struct *handle,
 	}
 
 	if (SMB_VFS_STAT(handle->conn, smb_fname_tmp) != 0) {
-		DEBUG(0,("recycle: stat for %s returned %s\n",
-			 smb_fname_str_dbg(smb_fname_tmp), strerror(errno)));
+		DBG_DEBUG("stat for %s returned %s\n",
+			 smb_fname_str_dbg(smb_fname_tmp), strerror(errno));
 		size = (off_t)0;
 		goto out;
 	}
diff --git a/source4/torture/ndr/ndr.c b/source4/torture/ndr/ndr.c
index 32efe90757d..690301f31b1 100644
--- a/source4/torture/ndr/ndr.c
+++ b/source4/torture/ndr/ndr.c
@@ -708,6 +708,7 @@ struct torture_suite *torture_local_ndr(TALLOC_CTX *mem_ctx)
 	torture_suite_add_suite(suite, ndr_krb5pac_suite(suite));
 	torture_suite_add_suite(suite, ndr_cabinet_suite(suite));
 	torture_suite_add_suite(suite, ndr_charset_suite(suite));
+	torture_suite_add_suite(suite, ndr_svcctl_suite(suite));
 
 	torture_suite_add_simple_test(suite, "string terminator",
 				      test_check_string_terminator);
diff --git a/source4/torture/ndr/svcctl.c b/source4/torture/ndr/svcctl.c
new file mode 100644
index 00000000000..6592beda02e
--- /dev/null
+++ b/source4/torture/ndr/svcctl.c
@@ -0,0 +1,88 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for svcctl ndr operations
+
+   Copyright (C) Guenther Deschner 2020
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/ndr/ndr.h"
+#include "librpc/gen_ndr/ndr_svcctl.h"
+#include "torture/ndr/proto.h"
+#include "param/param.h"
+
+static const uint8_t svcctl_ChangeServiceConfigW_req_data[] = {
+	0x00, 0x00, 0x00, 0x00, 0xcd, 0x94, 0x05, 0x40, 0x30, 0x28, 0x00, 0x49,
+	0x8d, 0xe4, 0x8e, 0x85, 0xb7, 0x19, 0x5c, 0x83, 0x10, 0x01, 0x00, 0x00,
+	0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool svcctl_ChangeServiceConfigW_req_check(struct torture_context *tctx,
+						  struct svcctl_ChangeServiceConfigW *r)
+{
+	struct policy_handle handle = { 0 };
+	GUID_from_string("400594cd-2830-4900-8de4-8e85b7195c83", &handle.uuid);
+
+	torture_assert_guid_equal(tctx, r->in.handle->uuid, handle.uuid, "handle");
+	torture_assert_u32_equal(tctx, r->in.type, 0x00000110, "type");
+	torture_assert_u32_equal(tctx, r->in.start_type, SVCCTL_AUTO_START, "start_type");
+	torture_assert_u32_equal(tctx, r->in.error_control, SVCCTL_SVC_ERROR_NORMAL, "error_control");
+	torture_assert_str_equal(tctx, r->in.binary_path, NULL, "binary_path");
+	torture_assert_str_equal(tctx, r->in.load_order_group, NULL, "load_order_group");
+	torture_assert(tctx, r->in.tag_id == NULL, "tag_id");
+	torture_assert_str_equal(tctx, r->in.dependencies, NULL, "dependencies");
+	torture_assert_u32_equal(tctx, r->in.dwDependSize, 0, "dwDependSize");
+	torture_assert_str_equal(tctx, r->in.service_start_name, NULL, "service_start_name");
+	torture_assert_str_equal(tctx, r->in.password, NULL, "password");
+	torture_assert_u32_equal(tctx, r->in.dwPwSize, 0, "dwPwSize");
+	torture_assert_str_equal(tctx, r->in.display_name, NULL, "display_name");
+
+	return true;
+}
+
+static const uint8_t svcctl_ChangeServiceConfigW_rep_data[] = {
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool svcctl_ChangeServiceConfigW_rep_check(struct torture_context *tctx,
+						  struct svcctl_ChangeServiceConfigW *r)
+{
+	torture_assert(tctx, r->out.tag_id == NULL, "tag_id");
+	torture_assert_werr_ok(tctx, r->out.result, "result");
+
+	return true;
+}
+
+struct torture_suite *ndr_svcctl_suite(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "svcctl");
+
+	torture_suite_add_ndr_pull_fn_test(suite,
+					   svcctl_ChangeServiceConfigW,
+					   svcctl_ChangeServiceConfigW_req_data,
+					   NDR_IN,
+					   svcctl_ChangeServiceConfigW_req_check);
+
+	torture_suite_add_ndr_pull_fn_test(suite,
+					   svcctl_ChangeServiceConfigW,
+					   svcctl_ChangeServiceConfigW_rep_data,
+					   NDR_OUT,
+					   svcctl_ChangeServiceConfigW_rep_check);
+	return suite;
+}
diff --git a/source4/torture/rpc/svcctl.c b/source4/torture/rpc/svcctl.c
index ebb2bc6ad0e..746b399360e 100644
--- a/source4/torture/rpc/svcctl.c
+++ b/source4/torture/rpc/svcctl.c
@@ -3,7 +3,7 @@
    test suite for svcctl rpc operations
 
    Copyright (C) Jelmer Vernooij 2004
-   Copyright (C) Guenther Deschner 2008,2009
+   Copyright (C) Guenther Deschner 2008,2009,2020
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -623,6 +623,83 @@ static bool test_SCManager(struct torture_context *tctx,
 	return true;
 }
 
+static bool test_ChangeServiceConfigW(struct torture_context *tctx,
+				      struct dcerpc_pipe *p)
+{
+	struct svcctl_ChangeServiceConfigW r;
+	struct svcctl_QueryServiceConfigW q;
+	struct policy_handle h, s;
+	NTSTATUS status;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	struct QUERY_SERVICE_CONFIG query;
+	bool ok;
+
+	uint32_t offered = 0;
+	uint32_t needed = 0;
+
+	ok = test_OpenSCManager(b, tctx, &h);
+	if (!ok) {
+		return false;
+	}
+
+	ok = test_OpenService(b, tctx, &h, TORTURE_DEFAULT_SERVICE, &s);
+	if (!ok) {
+		return false;
+	}
+
+	q.in.handle = &s;
+	q.in.offered = offered;
+	q.out.query = &query;
+	q.out.needed = &needed;
+
+	status = dcerpc_svcctl_QueryServiceConfigW_r(b, tctx, &q);
+	torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfigW failed!");
+
+	if (W_ERROR_EQUAL(q.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		q.in.offered = needed;
+		status = dcerpc_svcctl_QueryServiceConfigW_r(b, tctx, &q);
+		torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfigW failed!");
+	}
+	torture_assert_werr_ok(tctx, q.out.result, "QueryServiceConfigW failed!");
+
+	r.in.handle = &s;
+	r.in.type		= query.service_type;
+	r.in.start_type		= query.start_type;
+	r.in.error_control	= query.error_control;
+
+	/*
+	 * according to MS-SCMR 3.1.4.11 NULL params are supposed to leave the
+	 * existing values intact.
+	 */
+
+	r.in.binary_path	= NULL;
+	r.in.load_order_group	= NULL;
+	r.in.dependencies	= NULL;
+	r.in.dwDependSize	= 0;
+	r.in.service_start_name	= NULL;
+	r.in.password		= NULL;
+	r.in.dwPwSize		= 0;
+	r.in.display_name	= NULL;
+	r.in.tag_id		= NULL;
+	r.out.tag_id		= NULL;
+
+	status = dcerpc_svcctl_ChangeServiceConfigW_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "ChangeServiceConfigW failed!");
+	torture_assert_werr_ok(tctx, r.out.result, "ChangeServiceConfigW failed!");
+
+	ok = test_CloseServiceHandle(b, tctx, &s);
+	if (!ok) {
+		return false;
+	}
+
+	ok = test_CloseServiceHandle(b, tctx, &h);
+	if (!ok) {
+		return false;
+	}
+
+	return true;
+}
+
 struct torture_suite *torture_rpc_svcctl(TALLOC_CTX *mem_ctx)
 {
 	struct torture_suite *suite = torture_suite_create(mem_ctx, "svcctl");
@@ -652,6 +729,8 @@ struct torture_suite *torture_rpc_svcctl(TALLOC_CTX *mem_ctx)
 				   test_StartServiceW);
 	torture_rpc_tcase_add_test(tcase, "ControlService",
 				   test_ControlService);
+	torture_rpc_tcase_add_test(tcase, "ChangeServiceConfigW",
+				   test_ChangeServiceConfigW);
 
 	return suite;
 }
diff --git a/source4/torture/wscript_build b/source4/torture/wscript_build
index 65af160b322..05a6fbcbf14 100644
--- a/source4/torture/wscript_build
+++ b/source4/torture/wscript_build
@@ -71,6 +71,7 @@ bld.SAMBA_SUBSYSTEM('TORTURE_NDR',
                   ndr/winspool.c
                   ndr/cabinet.c
                   ndr/charset.c
+                  ndr/svcctl.c
 		  ''',
 	autoproto='ndr/proto.h',
 	deps='torture krb5samba',


-- 
Samba Shared Repository



More information about the samba-cvs mailing list