[SCM] Samba Shared Repository - branch master updated

Stefan Metzmacher metze at samba.org
Tue Jan 9 11:27:01 UTC 2024


The branch, master has been updated
       via  1b6ef968d83 dcesrv_reply: just drop responses if the connection is already terminating
       via  e829f5d8ec3 dcesrv_core: add dcesrv_call_state->subreq in order to allow tevent_req_cancel() on termination
       via  87e37e73a9b witness.idl: add flag(NDR_PAHEX) to some hex based enums
       via  290b0b04ae4 witness.idl: make some types public in order to be used elsewhere
       via  5beef87816d witness.idl: Set cifs as auth service name for the witness interface
       via  78ec47a6674 tdb: fix python/tdbdump.py example
       via  3c73d201d45 examples/scripts: add smbXsrvdump
       via  8e850685a10 smbXsrv.idl: add python bindings
       via  b96ce32f826 smbstatus: let --json dump also session channels
       via  3f92a684abb smbstatus: let --json report the client_guid a session belongs to
       via  c1c326ebccb smbXsrv_session: store session_global->client_guid
       via  88b1c8723b3 s3:sessionid: export smbXsrv_session_global via sessionid->global
       via  d52f7279063 lib/util: let is_zero_addr() return true for AF_UNSPEC
       via  10b084f824f s3:smbd multichannel: improve smbXsrv_connection_dbg()
       via  475784d63e9 s3:smbd multichannel: let a cross-node session binding NT_STATUS_REQUEST_NOT_ACCEPTED
       via  8a3707e3ed9 s3:smbd multichannel: always allow multichannel to the ip of the queried connection
       via  f94d2ed13e6 libcli/security: remove PRIMARY_{USER,GROUP}_SID_INDEX defines from security.h
       via  6331d33ae49 libcli/smb: add new SMB2_SHAREFLAG_ defines in smb2_constants.h
      from  f14a7065690 smbd: move access override for previous versions to the SMB layer

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 1b6ef968d8370757cb472a1e3bfe030f8066c50d
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Nov 24 14:42:35 2023 +0100

    dcesrv_reply: just drop responses if the connection is already terminating
    
    There's no reason to waste resources...
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Tue Jan  9 11:26:55 UTC 2024 on atb-devel-224

commit e829f5d8ec3a77acb52a22d45e61dcce03762a10
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Nov 24 14:02:02 2023 +0100

    dcesrv_core: add dcesrv_call_state->subreq in order to allow tevent_req_cancel() on termination
    
    Requests might be cancelled if the connection got disconnected,
    we got an ORPHANED or CO_CANCEL pdu.
    
    But this is all opt-in for the backends to choose.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 87e37e73a9ba13ed92a33a385a387b225b2b9190
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Dec 29 10:20:02 2023 +0100

    witness.idl: add flag(NDR_PAHEX) to some hex based enums
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 290b0b04ae41b835f864bba02b1320693ef199d3
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Nov 24 16:38:06 2023 +0100

    witness.idl: make some types public in order to be used elsewhere
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 5beef87816d103a729508ce88368c30c87b1fa4e
Author: Samuel Cabrero <scabrero at samba.org>
Date:   Wed Oct 21 18:30:29 2020 +0200

    witness.idl: Set cifs as auth service name for the witness interface
    
    Windows clients use the 'cifs' service name to bind to the witness interface.
    
    Signed-off-by: Samuel Cabrero <scabrero at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 78ec47a6674db65d738305cf00861aa711886a43
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Nov 24 16:28:38 2023 +0100

    tdb: fix python/tdbdump.py example
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 3c73d201d454a88135757065a2b238e6d94a1ac9
Author: Ralph Boehme <slow at samba.org>
Date:   Sun Jan 28 15:35:44 2018 +0100

    examples/scripts: add smbXsrvdump
    
    A simple python tool to dump smbXsrv TDB databases.
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 8e850685a1052a16bea402df3e8057218080c373
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Nov 24 16:09:58 2023 +0100

    smbXsrv.idl: add python bindings
    
    This is useful for some scripting examples and debugging...
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit b96ce32f826ba03384e6a7535200d7e18354fc4b
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Dec 15 16:46:50 2023 +0100

    smbstatus: let --json dump also session channels
    
    This makes if easier to see how tcp connections belong
    to a session or client_guid.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 3f92a684abb577b84d01b8f9124a7a459635d851
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Dec 28 10:36:25 2023 +0100

    smbstatus: let --json report the client_guid a session belongs to
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit c1c326ebccb272acc918a97aff5b659cc299c9e5
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Dec 28 10:35:43 2023 +0100

    smbXsrv_session: store session_global->client_guid
    
    This is very useful for debugging...
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 88b1c8723b30930585514dacd472e4941c69220c
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Dec 15 16:45:54 2023 +0100

    s3:sessionid: export smbXsrv_session_global via sessionid->global
    
    This will allow smbstatus --json to dump more details.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit d52f7279063817055b6816d9f8372e374c90f75f
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Dec 21 13:02:43 2023 +0100

    lib/util: let is_zero_addr() return true for AF_UNSPEC
    
    It means the completely zero'ed structure is detected
    as zero address, as AF_UNSPEC is 0.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 10b084f824f839497405665b904cd54f8f5ff703
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Nov 17 13:36:02 2023 +0100

    s3:smbd multichannel: improve smbXsrv_connection_dbg()
    
    client_guid as well as local and remote address help a lot
    for debugging...
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 475784d63e9381e8a76cd666842686c1b8d2d0b4
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Dec 22 21:50:57 2023 +0100

    s3:smbd multichannel: let a cross-node session binding NT_STATUS_REQUEST_NOT_ACCEPTED
    
    This is better than NT_STATUS_USER_SESSION_DELETED, as it means the
    client can keep it's session alive. Otherwise a windows client believes
    the whole session is gone and all other channels are invalid.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 8a3707e3ed96df43c8f825527deb7d27fe0c6be8
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Dec 29 13:09:32 2023 +0100

    s3:smbd multichannel: always allow multichannel to the ip of the queried connection
    
    We can announce the ip of the current connection even if it's
    a moveable cluster address... as the client is already connected to it.
    
    This change means in a typical ctdb cluster, where we only have public
    addresses, the client can at least have more than one multichannel'ed
    connection to the public ip.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit f94d2ed13e6aa54e7e4e4cc292c565de1711a2a9
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Dec 28 10:18:51 2023 +0100

    libcli/security: remove PRIMARY_{USER,GROUP}_SID_INDEX defines from security.h
    
    These and more are also defined in security_token.h, which is later included
    from security.h anyway.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 6331d33ae498e03368422e585c3e47cfc73dfdb2
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sat Dec 23 00:04:33 2023 +0100

    libcli/smb: add new SMB2_SHAREFLAG_ defines in smb2_constants.h
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 examples/scripts/debugging/smbXsrvdump |  87 ++++++++++++++++++++++++++++
 lib/tdb/python/tdbdump.py              |   9 ++-
 lib/util/util_net.c                    |   3 +
 libcli/security/security.h             |   3 -
 libcli/smb/smb2_constants.h            |   4 +-
 librpc/idl/witness.idl                 |  11 ++--
 librpc/rpc/dcesrv_core.c               | 102 +++++++++++++++++++++++++++++++--
 librpc/rpc/dcesrv_core.h               |  12 ++++
 librpc/rpc/dcesrv_reply.c              |  27 ++++++++-
 source3/include/session.h              |   1 +
 source3/lib/sessionid_tdb.c            |   1 +
 source3/librpc/idl/smbXsrv.idl         |   1 +
 source3/librpc/idl/wscript_build       |   2 +-
 source3/smbd/smb2_ioctl_network_fs.c   |  23 +++++++-
 source3/smbd/smb2_process.c            |  31 +++++++---
 source3/smbd/smb2_sesssetup.c          |   8 ++-
 source3/smbd/smbXsrv_session.c         |   1 +
 source3/utils/status_json.c            |  99 ++++++++++++++++++++++++++++++++
 source4/librpc/wscript_build           |  12 ++++
 19 files changed, 409 insertions(+), 28 deletions(-)
 create mode 100755 examples/scripts/debugging/smbXsrvdump


Changeset truncated at 500 lines:

diff --git a/examples/scripts/debugging/smbXsrvdump b/examples/scripts/debugging/smbXsrvdump
new file mode 100755
index 00000000000..f5c3091dc0d
--- /dev/null
+++ b/examples/scripts/debugging/smbXsrvdump
@@ -0,0 +1,87 @@
+#!/usr/bin/env python3
+
+import sys
+
+sys.path.insert(0, "bin/python")
+
+import os
+import argparse
+import struct
+
+from samba.ndr import ndr_unpack, ndr_print
+from samba.dcerpc import smbXsrv
+from samba.dcerpc import server_id
+import tdb
+
+def print_watchers(num_watched, blob):
+    for i in range(0,num_watched):
+        id = ndr_unpack(server_id.server_id, blob[:24])
+        print(ndr_print(id))
+        blob = blob[24:]
+
+def print_record(data, ndr_type, watched, ctdb):
+    blob = data
+
+    if ctdb:
+        (rsn, dmaster, reserved1, flags) = struct.unpack('QIII', bytes(blob[:20]))
+        blob = blob[24:]
+        print("    ctdb record header: rsn=%lu, dmaster=%u, reserved1=0x%x, flags=0x%x len=%u" %
+              (rsn, dmaster, reserved1, flags, len(blob)))
+        if len(blob) == 0:
+            return
+
+    if watched:
+        (num_watched, ) = struct.unpack('I', bytes(blob[:4]))
+        blob = blob[4:]
+
+        deleted_bit = 1<<31
+        deleted = num_watched & deleted_bit
+
+        num_watched = num_watched & ~deleted_bit
+        if num_watched > 0:
+            if deleted:
+                deleted_str = "yes"
+            else:
+                deleted_str = "no"
+            print("    num_watched: %d, deleted: %s" % (num_watched, deleted_str))
+            print_watchers(num_watched, blob)
+            blob = blob[num_watched*4:]
+
+    unpacked = ndr_unpack(ndr_type, blob, allow_remaining=True)
+    print(ndr_print(unpacked))
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser()
+    parser.add_argument('path', help='Path to the TDB file')
+    parser.add_argument('-c', '--ctdb',
+                        default=False,
+                        action="store_true",
+                        help='The TDB database is from a ctdb cluster')
+    args = parser.parse_args()
+
+    watched = False
+    if 'smbXsrv_session' in args.path:
+        ndr_type = smbXsrv.session_globalB
+        watched = True
+    elif 'smbXsrv_open' in args.path:
+        ndr_type = smbXsrv.open_globalB
+    elif 'smbXsrv_client' in args.path:
+        ndr_type = smbXsrv.client_globalB
+        watched = True
+    elif 'smbXsrv_tcon' in args.path:
+        ndr_type = smbXsrv.tcon_globalB
+    elif 'smbXsrv_version' in args.path:
+        ndr_type = smbXsrv.version_globalB
+    else:
+        raise Exception("Failed to guess NDR type")
+
+    tdb = tdb.Tdb(args.path, 0, tdb.INCOMPATIBLE_HASH, os.O_RDONLY)
+
+    i = 1
+    for k in tdb.keys():
+        data = tdb.get(k)
+        print("Record: %d" % i)
+        print_record(data, ndr_type, watched, args.ctdb)
+        i = i + 1
+
+    tdb.close()
diff --git a/lib/tdb/python/tdbdump.py b/lib/tdb/python/tdbdump.py
index afc22d1d040..988e293fef7 100644
--- a/lib/tdb/python/tdbdump.py
+++ b/lib/tdb/python/tdbdump.py
@@ -1,12 +1,17 @@
 #!/usr/bin/env python3
 # Trivial reimplementation of tdbdump in Python
 
-import tdb, sys
+import sys
+
+sys.path.insert(0, "bin/python")
+
+import tdb
 
 if len(sys.argv) < 2:
     print("Usage: tdbdump.py <tdb-file>")
     sys.exit(1)
 
 db = tdb.Tdb(sys.argv[1])
-for (k, v) in db.items():
+for k in db.keys():
+    v = db.get(k)
     print("{\nkey(%d) = %r\ndata(%d) = %r\n}" % (len(k), k, len(v), v))
diff --git a/lib/util/util_net.c b/lib/util/util_net.c
index acaa76ea74e..48c9552558b 100644
--- a/lib/util/util_net.c
+++ b/lib/util/util_net.c
@@ -642,6 +642,9 @@ bool is_zero_addr(const struct sockaddr_storage *pss)
 		const struct in_addr *pin = &((const struct sockaddr_in *)pss)->sin_addr;
 		return is_zero_ip_v4(*pin);
 	}
+	if (pss->ss_family == AF_UNSPEC) {
+		return true;
+	}
 	return false;
 }
 
diff --git a/libcli/security/security.h b/libcli/security/security.h
index 7c214bd3c1e..a1c26ed57f4 100644
--- a/libcli/security/security.h
+++ b/libcli/security/security.h
@@ -25,9 +25,6 @@
 
 #include "librpc/gen_ndr/security.h"
 
-#define PRIMARY_USER_SID_INDEX 0
-#define PRIMARY_GROUP_SID_INDEX 1
-
 /* File Specific access rights */
 #define FILE_READ_DATA        SEC_FILE_READ_DATA
 #define FILE_WRITE_DATA       SEC_FILE_WRITE_DATA
diff --git a/libcli/smb/smb2_constants.h b/libcli/smb/smb2_constants.h
index edc8ec04739..a41be6399ac 100644
--- a/libcli/smb/smb2_constants.h
+++ b/libcli/smb/smb2_constants.h
@@ -201,7 +201,9 @@
 #define SMB2_SHAREFLAG_ENABLE_HASH_V1                    0x2000
 #define SMB2_SHAREFLAG_ENABLE_HASH_V2                    0x4000
 #define SMB2_SHAREFLAG_ENCRYPT_DATA                      0x8000
-#define SMB2_SHAREFLAG_ALL                               0xFF33
+#define SMB2_SHAREFLAG_IDENTITY_REMOTING             0x00040000
+#define SMB2_SHAREFLAG_COMPRESS_DATA                 0x00100000
+#define SMB2_SHAREFLAG_ISOLATED_TRANSPORT            0x00200000
 
 /* SMB2 share capabilities */
 #define SMB2_SHARE_CAP_DFS			0x8
diff --git a/librpc/idl/witness.idl b/librpc/idl/witness.idl
index 652c0e9cb65..f69c9bbc009 100644
--- a/librpc/idl/witness.idl
+++ b/librpc/idl/witness.idl
@@ -8,11 +8,12 @@ import "misc.idl";
   pointer_default(unique),
   helpstring("SMB Witness Service"),
   helper("../librpc/ndr/ndr_witness.h"),
-  endpoint("ncacn_ip_tcp:")
+  endpoint("ncacn_ip_tcp:"),
+  authservice("cifs")
 ]
 interface witness
 {
-	typedef [v1_enum] enum {
+	typedef [flag(NDR_PAHEX),v1_enum,public] enum {
 		WITNESS_V1 = 0x00010001,
 		WITNESS_V2 = 0x00020000,
 		WITNESS_UNSPECIFIED_VERSION = 0xFFFFFFFF
@@ -21,7 +22,7 @@ interface witness
 	/*****************/
 	/* Function 0x00 */
 
-	typedef [enum16bit] enum {
+	typedef [flag(NDR_PAHEX),enum16bit] enum {
 		WITNESS_STATE_UNKNOWN     = 0x00,
 		WITNESS_STATE_AVAILABLE   = 0x01,
 		WITNESS_STATE_UNAVAILABLE = 0xff
@@ -79,7 +80,7 @@ interface witness
 		WITNESS_NOTIFY_IP_CHANGE       = 4
 	} witness_notifyResponse_type;
 
-	typedef [v1_enum] enum {
+	typedef [flag(NDR_PAHEX),v1_enum] enum {
 		WITNESS_RESOURCE_STATE_UNKNOWN     = 0x00,
 		WITNESS_RESOURCE_STATE_AVAILABLE   = 0x01,
 		WITNESS_RESOURCE_STATE_UNAVAILABLE = 0xff
@@ -134,7 +135,7 @@ interface witness
 	/*****************/
 	/* Function 0x04 */
 
-	typedef [bitmap32bit] bitmap {
+	typedef [bitmap32bit,public] bitmap {
 		WITNESS_REGISTER_NONE            = 0x00,
 		WITNESS_REGISTER_IP_NOTIFICATION = 0x01
 	} witness_RegisterEx_flags;
diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c
index 24f619d7337..c0a4150e3b3 100644
--- a/librpc/rpc/dcesrv_core.c
+++ b/librpc/rpc/dcesrv_core.c
@@ -165,6 +165,24 @@ static struct dcesrv_call_state *dcesrv_find_fragmented_call(struct dcesrv_conne
 	return NULL;
 }
 
+/*
+  find a pending request
+*/
+static struct dcesrv_call_state *dcesrv_find_pending_call(
+					struct dcesrv_connection *dce_conn,
+					uint32_t call_id)
+{
+	struct dcesrv_call_state *c = NULL;
+
+	for (c = dce_conn->pending_call_list; c != NULL; c = c->next) {
+		if (c->pkt.call_id == call_id) {
+			return c;
+		}
+	}
+
+	return NULL;
+}
+
 /*
  * register a principal for an auth_type
  *
@@ -2508,11 +2526,68 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
 		status = dcesrv_request(call);
 		break;
 	case DCERPC_PKT_CO_CANCEL:
+		existing = dcesrv_find_fragmented_call(dce_conn,
+						       call->pkt.call_id);
+		if (existing != NULL) {
+			/*
+			 * If the call is still waiting for
+			 * more fragments, it's not pending yet,
+			 * for now we just remember we got CO_CANCEL,
+			 * but ignore it otherwise.
+			 *
+			 * This matches what windows is doing...
+			 */
+			existing->got_co_cancel = true;
+			SMB_ASSERT(existing->subreq == NULL);
+			existing = NULL;
+		}
+		existing = dcesrv_find_pending_call(dce_conn,
+						    call->pkt.call_id);
+		if (existing != NULL) {
+			/*
+			 * Give the backend a chance to react
+			 * on CO_CANCEL, but note it's ignored
+			 * by default.
+			 */
+			existing->got_co_cancel = true;
+			if (existing->subreq != NULL) {
+				tevent_req_cancel(existing->subreq);
+			}
+			existing = NULL;
+		}
+		status = NT_STATUS_OK;
+		TALLOC_FREE(call);
+		break;
 	case DCERPC_PKT_ORPHANED:
-		/*
-		 * Window just ignores CO_CANCEL and ORPHANED,
-		 * so we do...
-		 */
+		existing = dcesrv_find_fragmented_call(dce_conn,
+						       call->pkt.call_id);
+		if (existing != NULL) {
+			/*
+			 * If the call is still waiting for
+			 * more fragments, it's not pending yet,
+			 * for now we just remember we got ORPHANED,
+			 * but ignore it otherwise.
+			 *
+			 * This matches what windows is doing...
+			 */
+			existing->got_orphaned = true;
+			SMB_ASSERT(existing->subreq == NULL);
+			existing = NULL;
+		}
+		existing = dcesrv_find_pending_call(dce_conn,
+						    call->pkt.call_id);
+		if (existing != NULL) {
+			/*
+			 * Give the backend a chance to react
+			 * on ORPHANED, but note it's ignored
+			 * by default.
+			 */
+			existing->got_orphaned = true;
+			if (existing->subreq != NULL) {
+				tevent_req_cancel(existing->subreq);
+			}
+			existing = NULL;
+		}
 		status = NT_STATUS_OK;
 		TALLOC_FREE(call);
 		break;
@@ -2796,6 +2871,7 @@ const struct dcesrv_critical_sizes *dcerpc_module_version(void)
 _PUBLIC_ void dcesrv_terminate_connection(struct dcesrv_connection *dce_conn, const char *reason)
 {
 	struct dcesrv_context *dce_ctx = dce_conn->dce_ctx;
+	struct dcesrv_call_state *c = NULL, *n = NULL;
 	struct dcesrv_auth *a = NULL;
 
 	dce_conn->wait_send = NULL;
@@ -2811,6 +2887,7 @@ _PUBLIC_ void dcesrv_terminate_connection(struct dcesrv_connection *dce_conn, co
 		a->auth_invalid = true;
 	}
 
+no_pending:
 	if (dce_conn->pending_call_list == NULL) {
 		char *full_reason = talloc_asprintf(dce_conn, "dcesrv: %s", reason);
 
@@ -2831,6 +2908,23 @@ _PUBLIC_ void dcesrv_terminate_connection(struct dcesrv_connection *dce_conn, co
 		dce_conn->terminate = "dcesrv: deferred terminating connection - no memory";
 	}
 	DLIST_ADD_END(dce_ctx->broken_connections, dce_conn);
+
+	for (c = dce_conn->pending_call_list; c != NULL; c = n) {
+		n = c->next;
+
+		c->got_disconnect = true;
+		if (c->subreq != NULL) {
+			tevent_req_cancel(c->subreq);
+		}
+	}
+
+	if (dce_conn->pending_call_list == NULL) {
+		/*
+		 * tevent_req_cancel() was able to made progress
+		 * and we don't have pending calls anymore.
+		 */
+		goto no_pending;
+	}
 }
 
 _PUBLIC_ void dcesrv_cleanup_broken_connections(struct dcesrv_context *dce_ctx)
diff --git a/librpc/rpc/dcesrv_core.h b/librpc/rpc/dcesrv_core.h
index e45c85a7f7f..3758c8d7de2 100644
--- a/librpc/rpc/dcesrv_core.h
+++ b/librpc/rpc/dcesrv_core.h
@@ -158,6 +158,18 @@ struct dcesrv_call_state {
 	struct dcerpc_auth in_auth_info;
 	struct dcerpc_auth _out_auth_info;
 	struct dcerpc_auth *out_auth_info;
+
+	/*
+	 * Optional subreq for pending calls,
+	 * will be used to call tevent_req_cancel()
+	 * if the connection terminates,
+	 * we got an ORPHANED PDU
+	 * or got a CO_CANCEL PDU
+	 */
+	bool got_disconnect;
+	bool got_orphaned;
+	bool got_co_cancel;
+	struct tevent_req *subreq;
 };
 
 /*
diff --git a/librpc/rpc/dcesrv_reply.c b/librpc/rpc/dcesrv_reply.c
index 94a616c7f59..6d605168176 100644
--- a/librpc/rpc/dcesrv_reply.c
+++ b/librpc/rpc/dcesrv_reply.c
@@ -92,6 +92,16 @@ NTSTATUS dcesrv_fault_with_flags(struct dcesrv_call_state *call,
 	struct data_blob_list_item *rep;
 	NTSTATUS status;
 
+	if (call->conn->terminate != NULL) {
+		/*
+		 * If we're already disconnecting
+		 * we should just drop a possible
+		 * response
+		 */
+		talloc_free(call);
+		return NT_STATUS_OK;
+	}
+
 	/* setup a fault */
 	dcesrv_init_hdr(&pkt, lpcfg_rpc_big_endian(call->conn->dce_ctx->lp_ctx));
 	pkt.auth_length = 0;
@@ -149,12 +159,27 @@ _PUBLIC_ NTSTATUS dcesrv_reply(struct dcesrv_call_state *call)
 	struct dcesrv_auth *auth = call->auth_state;
 	size_t sig_size = 0;
 
-	/* call the reply function */
+	/*
+	 * call the reply function,
+	 * it's mostly for debug messages
+	 * and dcesrv_fault() also checks for
+	 * (call->conn->terminate != NULL) internally.
+	 */
 	status = context->iface->reply(call, call, call->r);
 	if (!NT_STATUS_IS_OK(status)) {
 		return dcesrv_fault(call, call->fault_code);
 	}
 
+	if (call->conn->terminate != NULL) {
+		/*
+		 * If we're already disconnecting
+		 * we should just drop a possible
+		 * response
+		 */
+		talloc_free(call);
+		return NT_STATUS_OK;
+	}
+
 	/* form the reply NDR */
 	push = ndr_push_init_ctx(call);
 	NT_STATUS_HAVE_NO_MEMORY(push);
diff --git a/source3/include/session.h b/source3/include/session.h
index 268c059a8ed..40c25e514bb 100644
--- a/source3/include/session.h
+++ b/source3/include/session.h
@@ -43,5 +43,6 @@ struct sessionid {
 	uint16_t cipher;
 	uint16_t signing;
 	uint8_t signing_flags;
+	const struct smbXsrv_session_global0 *global;
 };
 
diff --git a/source3/lib/sessionid_tdb.c b/source3/lib/sessionid_tdb.c
index 32962253908..2376fd42a25 100644
--- a/source3/lib/sessionid_tdb.c
+++ b/source3/lib/sessionid_tdb.c
@@ -44,6 +44,7 @@ static int sessionid_traverse_read_fn(struct smbXsrv_session_global0 *global,
 		.connect_start = nt_time_to_unix(global->creation_time),
 		.pid = global->channels[0].server_id,
 		.connection_dialect = global->connection_dialect,
+		.global = global,
 	};
 
 	if (session_info != NULL) {
diff --git a/source3/librpc/idl/smbXsrv.idl b/source3/librpc/idl/smbXsrv.idl
index 173bc64db77..4eb43e6dd3c 100644
--- a/source3/librpc/idl/smbXsrv.idl
+++ b/source3/librpc/idl/smbXsrv.idl
@@ -266,6 +266,7 @@ interface smbXsrv
 		uint32					auth_session_info_seqnum;
 		auth_session_info			*auth_session_info;
 		uint16					connection_dialect;
+		GUID					client_guid;
 		smbXsrv_signing_flags			signing_flags;
 		uint16					signing_algo;
 		smbXsrv_encrpytion_flags		encryption_flags;
diff --git a/source3/librpc/idl/wscript_build b/source3/librpc/idl/wscript_build
index 28541d715b8..d12049b76d6 100644
--- a/source3/librpc/idl/wscript_build
+++ b/source3/librpc/idl/wscript_build
@@ -10,7 +10,7 @@ bld.SAMBA_PIDL_LIST('PIDL',
                        smbXsrv.idl
                        leases_db.idl
                     ''',
-                    options='--includedir=%s --header --ndr-parser' % topinclude,
+                    options='--includedir=%s --header --ndr-parser --client --python' % topinclude,
                     output_dir='../gen_ndr')
 
 bld.SAMBA_PIDL_LIST('PIDL',
diff --git a/source3/smbd/smb2_ioctl_network_fs.c b/source3/smbd/smb2_ioctl_network_fs.c
index 9ef99dca90f..bcfa37fdf97 100644
--- a/source3/smbd/smb2_ioctl_network_fs.c
+++ b/source3/smbd/smb2_ioctl_network_fs.c
@@ -362,6 +362,7 @@ static NTSTATUS fsctl_network_iface_info(TALLOC_CTX *mem_ctx,
 					 uint32_t in_max_output,
 					 DATA_BLOB *out_output)
 {
+	struct samba_sockaddr xconn_srv_addr = { .sa_socklen = 0, };
 	struct fsctl_net_iface_info *array = NULL;
 	struct fsctl_net_iface_info *first = NULL;
 	struct fsctl_net_iface_info *last = NULL;
@@ -369,6 +370,7 @@ static NTSTATUS fsctl_network_iface_info(TALLOC_CTX *mem_ctx,
 	size_t num_ifaces;
 	enum ndr_err_code ndr_err;
 	struct cluster_movable_ips *cluster_movable_ips = NULL;
+	ssize_t sret;
 	int ret;
 
 	if (in_input->length != 0) {
@@ -410,6 +412,14 @@ static NTSTATUS fsctl_network_iface_info(TALLOC_CTX *mem_ctx,
 		}
 	}
 
+	sret = tsocket_address_bsd_sockaddr(xconn->local_address,
+					    &xconn_srv_addr.u.sa,
+					    sizeof(xconn_srv_addr.u.ss));
+	if (sret < 0) {
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+	xconn_srv_addr.sa_socklen = sret;


-- 
Samba Shared Repository



More information about the samba-cvs mailing list