smbsh + solaris = :(

paolo.olivari at bpbassicurazioni.it paolo.olivari at bpbassicurazioni.it
Thu Nov 8 05:40:02 GMT 2001 

hi to everybody

i work on solaris and i find very useful to access to w2k shares using
smbsh: the idea is great! you don't have to mount: you just get the
shares on
the flight ...

just one matter: smbsh does not work on my soalris 8 and 2.6 server :(
(smbclient works perfecty ...) (samba is samba-2.2.2)

ok .. i have been fighting against this in the last two days

i can debug smbclient but i can't debug smbsh since it uses the
dynamical wrapping
of system call of the usual commands (ls ...)

here is what i discovered:

1. initially (using snoop) i saw:

        zeus -> iris.bpbassicurazioni.it NBT Type=SESSION REQUEST
Dest=...............[0] Source=...............[0] Length=72
iris.bpbassicurazioni.it -> zeus         NBT Type=NEGATIVE SESSION
RESPONSE Length=1

while smbclient has a positive session response

        zeus -> iris.bpbassicurazioni.it NBT Type=SESSION REQUEST
Dest=IRIS[20] Source=ZEUS[0] Length=72
iris.bpbassicurazioni.it -> zeus         NBT Type=POSITIVE SESSION
RESPONSE Length=0

i worked on this and i found that the function strupper in
lib/util_str.c did not change the case BUT erased
the string (why? don't ask me!) so i changed to the trivial:

void strupper(char *s)
{
int i, ciau;
for( i=0; (s[i]!='\0'); i++)
 {
  DEBUG(7,("%d ",i));
 if(s[i]>='a' && s[i]<='z')
   ciau=s[i]-32;
 else
              ciau=s[i];
  DEBUG(7,("%c ",ciau));
  s[i]=ciau;
 }
        DEBUG(7,("\nfine for\n"));
}

this gave me a POSITIVE SESSION also for smbsh :)

2. after that i got a core dumped like this:

paoloo at zeus:~/lab/samba-2.2.2/source$ smbsh -U olivari%RompiPalle77
smbsh$ ls /smb/bpbassdmn/iris/documenti
Segmentation Fault (core dumped)

so i added to DEBUG level 7 and my dump to examine the packet:

paoloo at zeus:~/lab/samba-2.2.2/source$ smbsh -U olivari%RompiPalle77 -d 7

Initial cwd is /usr/home/paoloo/lab/samba-2.2.2/source
set_maxfiles: setrlimit for RLIMIT_NOFILE for 8192 max files failed with
error Not owner
smbw_path(.)
cleaning /usr/home/paoloo/lab/samba-2.2.2/source/.
smbw_path(.)
cleaning /usr/home/paoloo/lab/samba-2.2.2/source/.
smbsh$ ls /smb/bpbassdmn/iris/documenti
smbw_path(.)
cleaning /usr/home/paoloo/lab/samba-2.2.2/source/.
Initial cwd is /usr/home/paoloo/lab/samba-2.2.2/source
set_maxfiles: setrlimit for RLIMIT_NOFILE for 8192 max files failed with
error Not owner
smbw_path(/smb/bpbassdmn/iris/documenti)
cleaning /smb/bpbassdmn/iris/documenti
smbw_path(/smb/bpbassdmn/iris/documenti)
cleaning /smb/bpbassdmn/iris/documenti
stat(/smb/bpbassdmn/iris/documenti)
cleaning /smb/bpbassdmn/iris/documenti
server=[iris] sh=[documenti] wgr=[BPBASSDMN] user=[olivari]
pas=[RompiPalle77]
ciau=[zeus]
ciau2=[zeus]
ciaux=[Z]
ciaux=[E]
ciaux=[U]
ciaux=[S]
ciau3=[ZEUS]

fine for
-1-66-52-128
90698583000000000000000000000000000000000000000000000000000000000000000000000000000000000000

ciau=[iris]
ciau2=[iris]
ciaux=[I]
ciaux=[R]
ciaux=[I]
ciaux=[S]
ciau3=[IRIS]

fine for
-1-66-52-40
738273830000000000000000000000000000000000000000000000000000000000000000000000000000000000032

server_n=[iris] server=[iris]
 -> server_n=[iris] server=[iris]
resolve_hosts: Attempting host lookup for name iris<0x20>
Connecting to 132.147.78.25 at port 139
socket option SO_KEEPALIVE = 8
socket option SO_REUSEADDR = 0
socket option SO_BROADCAST = 0
socket option TCP_NODELAY = 0
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 16384
socket option SO_RCVBUF = 24820
Could not test socket option SO_SNDLOWAT.
Could not test socket option SO_RCVLOWAT.
Could not test socket option SO_SNDTIMEO.
Could not test socket option SO_RCVTIMEO.
-127 0 0 72
write_socket(4,76)
write_socket(4,76) wrote 76
Sent session request
size=0
smb_com=0x0
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=0
smb_flg2=0
smb_tid=0
smb_pid=0
smb_uid=0
smb_mid=0
smt_wct=0
smb_bcc=0
 session request ok
write_socket(4,168)
write_socket(4,168) wrote 168
size=107
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=26941
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[0]=7 (0x7)
smb_vwv[1]=12803 (0x3203)
smb_vwv[2]=256 (0x100)
smb_vwv[3]=1024 (0x400)
smb_vwv[4]=65 (0x41)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=256 (0x100)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=64768 (0xFD00)
smb_vwv[10]=243 (0xF3)
smb_vwv[11]=40448 (0x9E00)
smb_vwv[12]=18921 (0x49E9)
smb_vwv[13]=22015 (0x55FF)
smb_vwv[14]=49512 (0xC168)
smb_vwv[15]=50177 (0xC401)
smb_vwv[16]=2303 (0x8FF)
smb_bcc=38
size=107
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=26941
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[0]=7 (0x7)
smb_vwv[1]=12803 (0x3203)
smb_vwv[2]=256 (0x100)
smb_vwv[3]=1024 (0x400)
smb_vwv[4]=65 (0x41)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=256 (0x100)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=64768 (0xFD00)
smb_vwv[10]=243 (0xF3)
smb_vwv[11]=40448 (0x9E00)
smb_vwv[12]=18921 (0x49E9)
smb_vwv[13]=22015 (0x55FF)
smb_vwv[14]=49512 (0xC168)
smb_vwv[15]=50177 (0xC401)
smb_vwv[16]=2303 (0x8FF)
smb_bcc=38
 negprot ok
 inizio cli_session_setup
 inizio cli_session_setup
 x inizio cli_session_setup
0 R 1 O 2 M 3 P 4 I 5 P 6 A 7 L 8 L 9 E 10 7 11 7
fine for
 y inizio cli_session_setup
SMBNTencrypt: inizio
a SMBNTencrypt: inizio
b SMBNTencrypt: inizio
c SMBNTencrypt: inizio
Segmentation Fault (core dumped)
smbsh$

the core happens in dos_struni2 (lib/util_unistr.c)

line 418 SSVAL(dst,0,doscp_to_ucs2[val]);

i changed to SSVAL(dst,0,0);
(i know it is NOT a solution but was just a trick to go on)

3. this way i get a core later, in dos_PutUniCode, called in
"libsmb/clistr.c" line 76, function clistr_push

i tricked substituting dos_PutUniCode with ascii_to_unistr
finally getting:

paoloo at zeus:~/lab/samba-2.2.2/source$ smbsh -U olivari%RompiPalle77 -d 1

smbsh$ ls /smb/bpbassdmn/iris/documenti
/smb/bpbassdmn/iris/documenti: Not owner


having changed the code in a "stupid" way brought me to loose
credentials ... obvious ...


the fact is: smbclient and smbwrapper use the SAME function
cli_session_setup()
to open a session with w2k;
why the first work and the second not?

i read that with old glibc smbsh doesn't work, maybe solaris'libc has
the same problem?
i tried also on solaris 2.6 and got the same ....

some of you can help?

having modified and debugged samba code has been a honour to me, who
wrote
this code is a genius - i mean really, not just to get help ;)

bye
paolo
milan - italy

More information about the samba-technical mailing list