[SCM] Samba Shared Repository - branch v4-14-stable updated

Jule Anger janger at samba.org
Wed Dec 15 14:53:07 UTC 2021


The branch, v4-14-stable has been updated
       via  ae3229e76d0 VERSION: Disable GIT_SNAPSHOT for the 4.14.11 release.
       via  808afc79cc9 WHATSNEW: Add release notes for Samba 4.14.11.
       via  08eb470b9c5 smb2_server: don't let SMB2_OP_IOCTL force FILE_CLOSED for invalid file ids
       via  25c97fc3a0f smb2_ioctl: return BUFFER_TOO_SMALL in smbd_smb2_request_ioctl_done()
       via  016d9c40bca smb2_server: skip tcon check and chdir_current_service() for FSCTL_VALIDATE_NEGOTIATE_INFO
       via  fd82e1e4bad smb2_server: decouple IOCTL check from signing/encryption states
       via  ea6db15c314 smb2_server: make sure in_ctl_code = IVAL(body, 0x04); reads valid bytes
       via  8eb06f10a12 s4:torture/smb2: add smb2.ioctl.bug14788.VALIDATE_NEGOTIATE
       via  fd8864ef4fe libcli/smb: split out smb2cli_raw_tcon* from smb2cli_tcon*
       via  4d2d5a3c66a s3:smbd: remove dead code from smbd_smb2_request_dispatch()
       via  3d35397e103 smbd: s3-dsgetdcname: handle num_ips == 0
       via  ce1186e06ed dsdb: Use DSDB_SEARCH_SHOW_EXTENDED_DN when searching for the local replicated object
       via  b0d67dc3d42 CVE-2020-25717: s3-auth: fix MIT Realm regression
       via  aef700ad3c8 s3: docs-xml: Clarify the "delete veto files" paramter.
       via  b61fb49a7a9 s3: smbd: Fix logic in can_delete_directory_fsp() to cope with dangling symlinks.
       via  7034f9b765d s3: smbd: Fix logic in rmdir_internals() to cope with dangling symlinks.
       via  66d688cea2b s3: smbd: Fix rmdir_internals() to do an early return if lp_delete_veto_files() is not set.
       via  3d4761cf04d s3: VFS: xattr_tdb. Allow unlinkat to cope with dangling symlinks.
       via  37804062ea7 s3: VFS: streams_depot. Allow unlinkat to cope with dangling symlinks.
       via  67c85f0ce8e s3: smbd: Add two tests showing the ability to delete a directory containing a dangling symlink over SMB2 depends on "delete veto files" setting.
       via  db8eb865b53 s3: smbd: Add two tests showing recursive directory delete of a directory containing veto file and msdfs links over SMB2.
       via  3e8d6e681f8 CVE-2021-3670 ldap_server: Clearly log LDAP queries and timeouts
       via  3a4eb50cf74 CVE-2021-3670 dsdb/anr: Do a copy of the potentially anr query before starting to modify it
       via  d92dfb0dabf CVE-2021-3670 ldap_server: Remove duplicate print of LDAP search details
       via  08c9016cb9f CVE-2021-3670 ldb: Confirm the request has not yet timed out in ldb filter processing
       via  f9b2267c6eb CVE-2021-3670 ldap_server: Ensure value of MaxQueryDuration is greater than zero
       via  f72090064bd CVE-2021-3670 ldap_server: Set timeout on requests based on MaxQueryDuration
       via  dc71ae17782 CVE-2021-3670 tests/krb5/test_ldap.py: Add test for LDAP timeouts
       via  8ccb26c679b CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the named based lookup fails
       via  ff3798418e8 CVE-2020-25717: tests/krb5: Add a test for idmap_nss mapping users to SIDs
       via  9bef6bc6cf0 CVE-2020-25717: selftest: turn ad_member_no_nss_wb into ad_member_idmap_nss
       via  f00c993f0c7 CVE-2020-25717: nsswitch/nsstest.c: Lower 'non existent uid' to make room for new accounts
       via  8bed2c3f7a9 CVE-2020-25717: tests/krb5: Add method to automatically obtain server credentials
       via  1bd06f8cb35 CVE-2020-25727: idmap_nss: verify that the name of the sid belongs to the configured domain
       via  75ab0a306fc IPA DC: add missing checks
       via  5b1d789632f s3:winbindd: fix "allow trusted domains = no" regression
       via  4a106c2322c lib: handle NTTIME_THAW in nt_time_to_full_timespec()
       via  4e2c7c66c96 torture: add a test for NTTIME_FREEZE and NTTIME_THAW
       via  7e1a65ed980 lib: add a test for null_nttime(NTTIME_THAW)
       via  38ac4c09474 lib: update null_nttime() of -1: -1 is NTTIME_FREEZE
       via  f8fec80020e lib: use NTTIME_FREEZE in a null_nttime() test
       via  43f873d52ab lib: fix null_nttime() tests
       via  ac6f4c093b8 lib: add NTTIME_THAW
       via  a1dae6a208a VERSION: Bump version up to Samba 4.14.11...
      from  9312b1832e5 VERSION: Disable GIT_SNAPSHOT for the 4.14.10 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-stable


- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 VERSION                                            |   2 +-
 WHATSNEW.txt                                       |  90 +++++-
 auth/gensec/schannel.c                             |   1 +
 docs-xml/smbdotconf/filename/deletevetofiles.xml   |   9 +-
 lib/ldb/ldb_key_value/ldb_kv.c                     |   2 +
 lib/ldb/ldb_key_value/ldb_kv.h                     |  10 +
 lib/ldb/ldb_key_value/ldb_kv_index.c               |  41 +++
 lib/ldb/ldb_key_value/ldb_kv_search.c              |  33 +-
 lib/util/tests/time.c                              |   5 +-
 lib/util/time.c                                    |   8 +-
 lib/util/time.h                                    |   1 +
 libcli/smb/smb2cli_tcon.c                          | 183 ++++++++---
 libcli/smb/smbXcli_base.h                          |  20 ++
 nsswitch/nsstest.c                                 |   2 +-
 python/samba/tests/krb5/kdc_base_test.py           |  42 +++
 python/samba/tests/krb5/test_idmap_nss.py          | 232 ++++++++++++++
 python/samba/tests/usage.py                        |   1 +
 selftest/target/Samba.pm                           |   2 +-
 selftest/target/Samba3.pm                          |  44 ++-
 source3/auth/auth_util.c                           |  34 ++-
 source3/auth/user_krb5.c                           |   9 +
 source3/libsmb/dsgetdcname.c                       |   4 +
 source3/modules/vfs_streams_depot.c                |  10 +
 source3/modules/vfs_xattr_tdb.c                    |  10 +
 source3/rpc_server/lsa/srv_lsa_nt.c                |   1 +
 .../tests/test_delete_veto_files_only_rmdir.sh     | 183 +++++++++++
 source3/script/tests/test_veto_rmdir.sh            | 217 +++++++++++++
 source3/selftest/tests.py                          |   6 +
 source3/smbd/close.c                               | 334 ++++++++++++++-------
 source3/smbd/dir.c                                 |  97 ++++++
 source3/smbd/smb2_ioctl.c                          |  19 ++
 source3/smbd/smb2_server.c                         |  39 +--
 source3/winbindd/idmap_nss.c                       |  26 +-
 source3/winbindd/winbindd_util.c                   |   2 +-
 source4/dsdb/samdb/ldb_modules/anr.c               |  73 ++++-
 source4/dsdb/samdb/ldb_modules/operational.c       |   2 +-
 source4/dsdb/samdb/ldb_modules/repl_meta_data.c    |  13 +-
 source4/dsdb/tests/python/large_ldap.py            |  63 ++++
 source4/ldap_server/ldap_backend.c                 | 136 +++++++--
 source4/ldap_server/ldap_server.c                  |   4 +-
 source4/selftest/tests.py                          |  18 +-
 source4/torture/smb2/ioctl.c                       | 111 +++++++
 source4/torture/smb2/timestamps.c                  | 208 +++++++++++++
 43 files changed, 2109 insertions(+), 238 deletions(-)
 create mode 100755 python/samba/tests/krb5/test_idmap_nss.py
 create mode 100755 source3/script/tests/test_delete_veto_files_only_rmdir.sh
 create mode 100755 source3/script/tests/test_veto_rmdir.sh


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index b487cba796e..b86cd446d7a 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 ########################################################
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=14
-SAMBA_VERSION_RELEASE=10
+SAMBA_VERSION_RELEASE=11
 
 ########################################################
 # If a official release has a serious bug              #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index f81a31d49b0..ea20a3ea952 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,90 @@
+                   ===============================
+                   Release Notes for Samba 4.14.11
+                          December 15, 2021
+                   ===============================
+
+
+This is the latest stable release of the Samba 4.14 release series.
+
+Important Notes
+===============
+
+There have been a few regressions in the security release 4.14.10:
+
+o CVE-2020-25717: A user on the domain can become root on domain members.
+                  https://www.samba.org/samba/security/CVE-2020-25717.html
+                  PLEASE [RE-]READ!
+                  The instructions have been updated and some workarounds
+                  initially adviced for 4.14.10 are no longer required and
+                  should be reverted in most cases.
+
+o BUG-14902: User with multiple spaces (eg Fred<space><space>Nurk) become
+             un-deletable. While this release should fix this bug, it is
+             adviced to have a look at the bug report for more detailed
+             information, see https://bugzilla.samba.org/show_bug.cgi?id=14902.
+
+Changes since 4.14.10
+---------------------
+
+o  Jeremy Allison <jra at samba.org>
+   * BUG 14878: Recursive directory delete with veto files is broken.
+   * BUG 14879: A directory containing dangling symlinks cannot be deleted by
+     SMB2 alone when they are the only entry in the directory.
+
+o  Andrew Bartlett <abartlet at samba.org>
+   * BUG 14656: Spaces incorrectly collapsed in ldb attributes.
+   * BUG 14694: Ensure that the LDB request has not timed out during filter
+     processing as the LDAP server MaxQueryDuration is otherwise not honoured.
+   * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
+     side effects for the local nt token.
+   * BUG 14902: User with multiple spaces (eg Fred<space><space>Nurk) become un-
+     deletable.
+
+o  Ralph Boehme <slow at samba.org>
+   * BUG 14127: Avoid storing NTTIME_THAW (-2) as value on disk
+   * BUG 14922: Kerberos authentication on standalone server in MIT realm
+     broken.
+   * BUG 14923: Segmentation fault when joining the domain.
+
+o  Alexander Bokovoy <ab at samba.org>
+   * BUG 14903: Support for ROLE_IPA_DC is incomplete.
+
+o  Stefan Metzmacher <metze at samba.org>
+   * BUG 14788: Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before
+     smbd_smb2_ioctl_send.
+   * BUG 14899: winbindd doesn't start when "allow trusted domains" is off.
+   * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
+     side effects for the local nt token.
+
+o  Joseph Sutton <josephsutton at catalyst.net.nz>
+   * BUG 14694: Ensure that the LDB request has not timed out during filter
+     processing as the LDAP server MaxQueryDuration is otherwise not honoured.
+   * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
+     side effects for the local nt token.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
                    ===============================
                    Release Notes for Samba 4.14.10
                            November 9, 2021
@@ -103,8 +190,7 @@ database (https://bugzilla.samba.org/).
 ======================================================================
 
 
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
 
 
                    ==============================
diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index 0cdae141ead..6ebbe8f3179 100644
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -1080,6 +1080,7 @@ static NTSTATUS schannel_server_start(struct gensec_security *gensec_security)
 	case ROLE_DOMAIN_BDC:
 	case ROLE_DOMAIN_PDC:
 	case ROLE_ACTIVE_DIRECTORY_DC:
+	case ROLE_IPA_DC:
 		return NT_STATUS_OK;
 	default:
 		return NT_STATUS_NOT_IMPLEMENTED;
diff --git a/docs-xml/smbdotconf/filename/deletevetofiles.xml b/docs-xml/smbdotconf/filename/deletevetofiles.xml
index 581dc05396d..570d4ac60a0 100644
--- a/docs-xml/smbdotconf/filename/deletevetofiles.xml
+++ b/docs-xml/smbdotconf/filename/deletevetofiles.xml
@@ -4,9 +4,12 @@
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
 	<para>This option is used when Samba is attempting to 
-	delete a directory that contains one or more vetoed directories 
-	(see the <smbconfoption name="veto files"/>
-	option).  If this option is set to <constant>no</constant> (the default) then if a vetoed 
+	delete a directory that contains one or more vetoed files
+	or directories or non-visible files or directories (such
+	as dangling symlinks that point nowhere).
+	(see the <smbconfoption name="veto files"/>, <smbconfoption name="hide special files"/>,
+	<smbconfoption name="hide unreadable"/>, <smbconfoption name="hide unwriteable files"/>
+	options).  If this option is set to <constant>no</constant> (the default) then if a vetoed
 	directory contains any non-vetoed files or directories then the 
 	directory delete will fail. This is usually what you want.</para>
 
diff --git a/lib/ldb/ldb_key_value/ldb_kv.c b/lib/ldb/ldb_key_value/ldb_kv.c
index ed0f760b5a2..aea6f0c1be0 100644
--- a/lib/ldb/ldb_key_value/ldb_kv.c
+++ b/lib/ldb/ldb_key_value/ldb_kv.c
@@ -2078,6 +2078,8 @@ static int ldb_kv_handle_request(struct ldb_module *module,
 		}
 	}
 
+	ac->timeout_timeval = tv;
+
 	/* set a spy so that we do not try to use the request context
 	 * if it is freed before ltdb_callback fires */
 	ac->spy = talloc(req, struct ldb_kv_req_spy);
diff --git a/lib/ldb/ldb_key_value/ldb_kv.h b/lib/ldb/ldb_key_value/ldb_kv.h
index f9dffae2dcf..ac474b04b4c 100644
--- a/lib/ldb/ldb_key_value/ldb_kv.h
+++ b/lib/ldb/ldb_key_value/ldb_kv.h
@@ -152,6 +152,16 @@ struct ldb_kv_context {
 	struct ldb_module *module;
 	struct ldb_request *req;
 
+	/*
+	 * Required as we might not get to the event loop before the
+	 * timeout, so we need some old-style cooperative multitasking
+	 * here.
+	 */
+	struct timeval timeout_timeval;
+
+	/* Used to throttle calls to gettimeofday() */
+	size_t timeout_counter;
+
 	bool request_terminated;
 	struct ldb_kv_req_spy *spy;
 
diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c b/lib/ldb/ldb_key_value/ldb_kv_index.c
index 1cc042aa84f..d70e5f619ef 100644
--- a/lib/ldb/ldb_key_value/ldb_kv_index.c
+++ b/lib/ldb/ldb_key_value/ldb_kv_index.c
@@ -2352,6 +2352,47 @@ static int ldb_kv_index_filter(struct ldb_kv_private *ldb_kv,
 	for (i = 0; i < num_keys; i++) {
 		int ret;
 		bool matched;
+
+		/*
+		 * Check the time every 64 records, to reduce calls to
+		 * gettimeofday().  This is a compromise, not all
+		 * calls to ldb_match_message() will take the same
+		 * time, most will run quickly but by luck it might be
+		 * possible to have 64 records that are slow, doing a
+		 * recursive search via LDAP_MATCHING_RULE_IN_CHAIN.
+		 *
+		 * Thankfully this is after index processing so only
+		 * on the subset that matches some index (but still
+		 * possibly a big one like objectclass=user)
+		 */
+		if (i % 64 == 0) {
+			struct timeval now = tevent_timeval_current();
+			int timeval_cmp = tevent_timeval_compare(&ac->timeout_timeval,
+								 &now);
+
+			/*
+			 * The search has taken too long.  This is the
+			 * most likely place for our time to expire,
+			 * as we are checking the records after the
+			 * index set intersection.  This is now the
+			 * slow process of checking if the records
+			 * actually match.
+			 *
+			 * The tevent based timeout is not likely to
+			 * be hit, sadly, as we don't run an event
+			 * loop.
+			 *
+			 * While we are indexed and most of the work
+			 * should have been done already, the
+			 * ldb_match_* calls can be quite expensive if
+			 * the caller uses LDAP_MATCHING_RULE_IN_CHAIN
+			 */
+			if (timeval_cmp <= 0) {
+				talloc_free(keys);
+				return LDB_ERR_TIME_LIMIT_EXCEEDED;
+			}
+		}
+
 		msg = ldb_msg_new(ac);
 		if (!msg) {
 			talloc_free(keys);
diff --git a/lib/ldb/ldb_key_value/ldb_kv_search.c b/lib/ldb/ldb_key_value/ldb_kv_search.c
index a0e1762bc90..46031b99c16 100644
--- a/lib/ldb/ldb_key_value/ldb_kv_search.c
+++ b/lib/ldb/ldb_key_value/ldb_kv_search.c
@@ -314,7 +314,8 @@ static int search_func(_UNUSED_ struct ldb_kv_private *ldb_kv,
 	struct ldb_context *ldb;
 	struct ldb_kv_context *ac;
 	struct ldb_message *msg, *filtered_msg;
-	int ret;
+	struct timeval now;
+	int ret, timeval_cmp;
 	bool matched;
 
 	ac = talloc_get_type(state, struct ldb_kv_context);
@@ -341,6 +342,36 @@ static int search_func(_UNUSED_ struct ldb_kv_private *ldb_kv,
 		return 0;
 	}
 
+	/*
+	 * Check the time every 64 records, to reduce calls to
+	 * gettimeofday().  This is a compromise, not all calls to
+	 * ldb_match_message() will take the same time, most will fail
+	 * quickly but by luck it might be possible to have 64 records
+	 * that are slow, doing a recursive search via
+	 * LDAP_MATCHING_RULE_IN_CHAIN.
+	 */
+	if (ac->timeout_counter++ % 64 == 0) {
+		now = tevent_timeval_current();
+		timeval_cmp = tevent_timeval_compare(&ac->timeout_timeval,
+						     &now);
+
+		/*
+		 * The search has taken too long.  This is the most
+		 * likely place for our time to expire, as we are in
+		 * an un-indexed search and we return the data from
+		 * within this loop.  The tevent based timeout is not
+		 * likely to be hit, sadly.
+		 *
+		 * ldb_match_msg_error() can be quite expensive if a
+		 * LDAP_MATCHING_RULE_IN_CHAIN extended match was
+		 * specified.
+		 */
+		if (timeval_cmp <= 0) {
+			ac->error = LDB_ERR_TIME_LIMIT_EXCEEDED;
+			return -1;
+		}
+	}
+
 	msg = ldb_msg_new(ac);
 	if (!msg) {
 		ac->error = LDB_ERR_OPERATIONS_ERROR;
diff --git a/lib/util/tests/time.c b/lib/util/tests/time.c
index fce0eef5e2e..d94f50355d0 100644
--- a/lib/util/tests/time.c
+++ b/lib/util/tests/time.c
@@ -34,8 +34,9 @@ static bool test_null_time(struct torture_context *tctx)
 
 static bool test_null_nttime(struct torture_context *tctx)
 {
-	torture_assert(tctx, null_nttime(-1), "-1");
-	torture_assert(tctx, null_nttime(-1), "-1");
+	torture_assert(tctx, null_nttime(0), "0");
+	torture_assert(tctx, !null_nttime(NTTIME_FREEZE), "-1");
+	torture_assert(tctx, !null_nttime(NTTIME_THAW), "-2");
 	torture_assert(tctx, !null_nttime(42), "42");
 	return true;
 }
diff --git a/lib/util/time.c b/lib/util/time.c
index e8b58e87268..680bfe7c282 100644
--- a/lib/util/time.c
+++ b/lib/util/time.c
@@ -180,7 +180,7 @@ check if it's a null NTTIME
 **/
 _PUBLIC_ bool null_nttime(NTTIME t)
 {
-	return t == 0 || t == (NTTIME)-1;
+	return t == 0;
 }
 
 /*******************************************************************
@@ -1133,10 +1133,10 @@ struct timespec nt_time_to_full_timespec(NTTIME nt)
 	if (nt == NTTIME_OMIT) {
 		return make_omit_timespec();
 	}
-	if (nt == NTTIME_FREEZE) {
+	if (nt == NTTIME_FREEZE || nt == NTTIME_THAW) {
 		/*
-		 * This should be returned as SAMBA_UTIME_FREEZE in the
-		 * future.
+		 * This should be returned as SAMBA_UTIME_FREEZE or
+		 * SAMBA_UTIME_THAW in the future.
 		 */
 		return make_omit_timespec();
 	}
diff --git a/lib/util/time.h b/lib/util/time.h
index 04945b5f25f..d3dfde77e2b 100644
--- a/lib/util/time.h
+++ b/lib/util/time.h
@@ -63,6 +63,7 @@
  * implement this yet.
  */
 #define NTTIME_FREEZE UINT64_MAX
+#define NTTIME_THAW (UINT64_MAX - 1)
 
 #define SAMBA_UTIME_NOW UTIME_NOW
 #define SAMBA_UTIME_OMIT UTIME_OMIT
diff --git a/libcli/smb/smb2cli_tcon.c b/libcli/smb/smb2cli_tcon.c
index 8863bae0764..7bbae8ea3b3 100644
--- a/libcli/smb/smb2cli_tcon.c
+++ b/libcli/smb/smb2cli_tcon.c
@@ -23,42 +23,38 @@
 #include "../libcli/smb/smb_common.h"
 #include "../libcli/smb/smbXcli_base.h"
 
-struct smb2cli_tcon_state {
-	struct tevent_context *ev;
-	struct smbXcli_conn *conn;
-	uint32_t timeout_msec;
+struct smb2cli_raw_tcon_state {
 	struct smbXcli_session *session;
 	struct smbXcli_tcon *tcon;
 	uint8_t fixed[8];
 	uint8_t dyn_pad[1];
 };
 
-static void smb2cli_tcon_done(struct tevent_req *subreq);
-
-struct tevent_req *smb2cli_tcon_send(TALLOC_CTX *mem_ctx,
-				     struct tevent_context *ev,
-				     struct smbXcli_conn *conn,
-				     uint32_t timeout_msec,
-				     struct smbXcli_session *session,
-				     struct smbXcli_tcon *tcon,
-				     uint16_t flags,
-				     const char *unc)
+static void smb2cli_raw_tcon_done(struct tevent_req *subreq);
+
+struct tevent_req *smb2cli_raw_tcon_send(TALLOC_CTX *mem_ctx,
+					 struct tevent_context *ev,
+					 struct smbXcli_conn *conn,
+					 uint32_t additional_flags,
+					 uint32_t clear_flags,
+					 uint32_t timeout_msec,
+					 struct smbXcli_session *session,
+					 struct smbXcli_tcon *tcon,
+					 uint16_t tcon_flags,
+					 const char *unc)
 {
-	struct tevent_req *req, *subreq;
-	struct smb2cli_tcon_state *state;
-	uint8_t *fixed;
-	uint8_t *dyn;
+	struct tevent_req *req = NULL;
+	struct smb2cli_raw_tcon_state *state = NULL;
+	struct tevent_req *subreq = NULL;
+	uint8_t *fixed = NULL;
+	uint8_t *dyn = NULL;
 	size_t dyn_len;
-	uint32_t additional_flags = 0;
-	uint32_t clear_flags = 0;
 
-	req = tevent_req_create(mem_ctx, &state, struct smb2cli_tcon_state);
+	req = tevent_req_create(mem_ctx, &state,
+				struct smb2cli_raw_tcon_state);
 	if (req == NULL) {
 		return NULL;
 	}
-	state->ev = ev;
-	state->conn = conn;
-	state->timeout_msec = timeout_msec;
 	state->session = session;
 	state->tcon = tcon;
 
@@ -77,7 +73,7 @@ struct tevent_req *smb2cli_tcon_send(TALLOC_CTX *mem_ctx,
 	fixed = state->fixed;
 	SSVAL(fixed, 0, 9);
 	if (smbXcli_conn_protocol(conn) >= PROTOCOL_SMB3_10) {
-		SSVAL(fixed, 2, flags);
+		SSVAL(fixed, 2, tcon_flags);
 	} else {
 		SSVAL(fixed, 2, 0); /* Reserved */
 	}
@@ -89,10 +85,6 @@ struct tevent_req *smb2cli_tcon_send(TALLOC_CTX *mem_ctx,
 		dyn_len = sizeof(state->dyn_pad);
 	}
 
-	if (smbXcli_session_is_authenticated(state->session)) {
-		additional_flags |= SMB2_HDR_FLAG_SIGNED;
-	}
-
 	subreq = smb2cli_req_send(state, ev, conn, SMB2_OP_TCON,
 				  additional_flags, clear_flags,
 				  timeout_msec,
@@ -104,19 +96,17 @@ struct tevent_req *smb2cli_tcon_send(TALLOC_CTX *mem_ctx,
 	if (tevent_req_nomem(subreq, req)) {
 		return tevent_req_post(req, ev);
 	}
-	tevent_req_set_callback(subreq, smb2cli_tcon_done, req);
+	tevent_req_set_callback(subreq, smb2cli_raw_tcon_done, req);
 
 	return req;
 }
 
-static void smb2cli_tcon_validate(struct tevent_req *subreq);
-
-static void smb2cli_tcon_done(struct tevent_req *subreq)
+static void smb2cli_raw_tcon_done(struct tevent_req *subreq)
 {
 	struct tevent_req *req = tevent_req_callback_data(
 		subreq, struct tevent_req);
-	struct smb2cli_tcon_state *state = tevent_req_data(
-		req, struct smb2cli_tcon_state);
+	struct smb2cli_raw_tcon_state *state = tevent_req_data(
+		req, struct smb2cli_raw_tcon_state);
 	NTSTATUS status;
 	struct iovec *iov;
 	uint8_t *body;
@@ -156,6 +146,129 @@ static void smb2cli_tcon_done(struct tevent_req *subreq)
 				share_capabilities,
 				maximal_access);
 
+	tevent_req_done(req);
+}
+
+NTSTATUS smb2cli_raw_tcon_recv(struct tevent_req *req)
+{
+	return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS smb2cli_raw_tcon(struct smbXcli_conn *conn,
+			  uint32_t additional_flags,
+			  uint32_t clear_flags,
+			  uint32_t timeout_msec,
+			  struct smbXcli_session *session,
+			  struct smbXcli_tcon *tcon,
+			  uint16_t tcon_flags,
+			  const char *unc)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	struct tevent_context *ev;
+	struct tevent_req *req;
+	NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+	if (smbXcli_conn_has_async_calls(conn)) {
+		/*
+		 * Can't use sync call while an async call is in flight
+		 */
+		status = NT_STATUS_INVALID_PARAMETER;
+		goto fail;
+	}
+	ev = samba_tevent_context_init(frame);
+	if (ev == NULL) {
+		goto fail;
+	}
+	req = smb2cli_raw_tcon_send(frame, ev, conn,
+				    additional_flags, clear_flags,
+				    timeout_msec, session, tcon,
+				    tcon_flags, unc);
+	if (req == NULL) {
+		goto fail;
+	}
+	if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+		goto fail;
+	}


-- 
Samba Shared Repository



More information about the samba-cvs mailing list