[PATCH] Evaluate 'disable netbios' parameter

Jeremy Allison jra at samba.org
Thu Dec 20 22:02:37 UTC 2018 

On Thu, Dec 20, 2018 at 04:37:30PM -0500, Justin Stephenson via samba-technical wrote:
> Hello,
> 
> The following patches evaluate the 'disable_netbios' option prior to making
> calls to cli_connect_nb() in several places, this bug was reported by a
> RHEL customer seeing outbound 'netbios-ssn' traffic on port 139 with
> disable_netbios set in smb.conf.
> 
> Gitlab CI Passed, merge request below:
> https://gitlab.com/samba-team/samba/merge_requests/181
> 
> Please review.

Pretty good, thanks - but instead of using DEBUG(level,..)
macros can you replace with the new DBG_XXX() macros.

git grep from README.Coding attached.

README.Coding:DBG_ERR   log level 0             error conditions
README.Coding:DBG_WARNING       log level 1             warning conditions
README.Coding:DBG_NOTICE        log level 3             normal, but significant, condition
README.Coding:DBG_INFO  log level 5             informational message
README.Coding:DBG_DEBUG log level 10            debug-level message

We're trying to clean up the debug systems to
these 'standard' levels so we can eventually
rationalize out the multiple levels, so new
code should use the DBG_XXX() calls.

Thanks !

Jeremy.

> Justin Stephenson
> Red Hat

> From 5501320683bc6aa41719d6a1ef1384529fa432e2 Mon Sep 17 00:00:00 2001
> From: Justin Stephenson <jstephen at redhat.com>
> Date: Mon, 17 Dec 2018 14:40:33 -0500
> Subject: [PATCH 1/3] s3:libsmb: Evaluate 'disable netbios' parameter
> 
> In certain places, cli_connect_nb() is being called even when
> 'disable netbios' is set in smb.conf.
> 
> This patch ensures calls to this function are properly evaluating this
> 'disable netbios' parameter.
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13727
> Signed-off-by: Justin Stephenson <jstephen at redhat.com>
> ---
>  source3/libsmb/clidfs.c        |  5 +++++
>  source3/libsmb/libsmb_server.c | 12 ++++++++++++
>  2 files changed, 17 insertions(+)
> 
> diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
> index 6918802396c..b42839b40be 100644
> --- a/source3/libsmb/clidfs.c
> +++ b/source3/libsmb/clidfs.c
> @@ -190,6 +190,11 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
>  		flags |= CLI_FULL_CONNECTION_USE_NT_HASH;
>  	}
>  
> +	if (lp_disable_netbios()) {
> +		DBG_WARNING("NetBIOS support disabled, unable to connect");
> +		return NT_STATUS_NOT_SUPPORTED;
> +	}
> +
>  	status = cli_connect_nb(
>  		server, NULL, port, name_type, NULL,
>  		signing_state,
> diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
> index 67dfcf72327..3356e875a00 100644
> --- a/source3/libsmb/libsmb_server.c
> +++ b/source3/libsmb/libsmb_server.c
> @@ -473,6 +473,12 @@ SMBC_server_internal(TALLOC_CTX *ctx,
>  			/*
>  			 * Try 139 first for IPC$
>  			 */
> +			if (lp_disable_netbios()) {
> +				DEBUG(4,("NetBIOS support disabled, unable to connect\n"));
> +				errno = ENOTSUP;
> +				return NULL;
> +			}
> +
>  			status = cli_connect_nb(server_n, NULL, NBT_SMB_PORT, 0x20,
>  					smbc_getNetbiosName(context),
>  					signing_state, flags, &c);
> @@ -483,6 +489,12 @@ SMBC_server_internal(TALLOC_CTX *ctx,
>  		/*
>  		 * No IPC$ or 139 did not work
>  		 */
> +		if (lp_disable_netbios()) {
> +			DEBUG(4,("NetBIOS support disabled, unable to connect\n"));
> +			errno = ENOTSUP;
> +			return NULL;
> +		}
> +
>  		status = cli_connect_nb(server_n, NULL, port, 0x20,
>  					smbc_getNetbiosName(context),
>  					signing_state, flags, &c);
> -- 
> 2.17.2
> 
> 
> From 19acfa78ab31afd42c4bab8e46939aefb4e1fb64 Mon Sep 17 00:00:00 2001
> From: Justin Stephenson <jstephen at redhat.com>
> Date: Mon, 17 Dec 2018 14:57:59 -0500
> Subject: [PATCH 2/3] smbpasswd: Evaluate 'disable netbios' parameter
> 
> The 'smbpasswd' remote password change operation should honor the
> 'disable netbios' parameter set in smb.conf. The operation will
> fail if disable netbios is set.
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13727
> Signed-off-by: Justin Stephenson <jstephen at redhat.com>
> ---
>  source3/libsmb/passchange.c | 10 ++++++++++
>  1 file changed, 10 insertions(+)
> 
> diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
> index 48ffba8036f..29a97e8262e 100644
> --- a/source3/libsmb/passchange.c
> +++ b/source3/libsmb/passchange.c
> @@ -40,9 +40,19 @@ NTSTATUS remote_password_change(const char *remote_machine,
>  	struct rpc_pipe_client *pipe_hnd = NULL;
>  	NTSTATUS result;
>  	bool pass_must_change = False;
> +	int rc = 0;
> +	char *tmp_err = NULL;
>  
>  	*err_str = NULL;
>  
> +	if (lp_disable_netbios()) {
> +		rc = asprintf(&tmp_err, "NetBIOS support disabled, unable to connect");
> +		if (rc > 0) {
> +			err_str = &tmp_err;
> +		}
> +		return NT_STATUS_UNSUCCESSFUL;
> +	}
> +
>  	result = cli_connect_nb(remote_machine, NULL, 0, 0x20, NULL,
>  				SMB_SIGNING_IPC_DEFAULT, 0, &cli);
>  	if (!NT_STATUS_IS_OK(result)) {
> -- 
> 2.17.2
> 
> 
> From c2142914b5d2a252b8b31925cb51b373de715c1a Mon Sep 17 00:00:00 2001
> From: Justin Stephenson <jstephen at redhat.com>
> Date: Mon, 17 Dec 2018 15:17:24 -0500
> Subject: [PATCH 3/3] s3:utils:net: Evaluate 'disable netbios' parameter
> 
> This patch enforces evaluation of the 'disable netbios'
> parameter with certain net commands calling cli_connect_nb()
> making a netbios connection. Commands affected are:
> 
> - net time
> - net file
> - net share
> - net user
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13727
> Signed-off-by: Justin Stephenson <jstephen at redhat.com>
> ---
>  source3/utils/net_rpc.c  | 5 +++++
>  source3/utils/net_time.c | 5 +++++
>  2 files changed, 10 insertions(+)
> 
> diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
> index a3b3727b484..330a913c811 100644
> --- a/source3/utils/net_rpc.c
> +++ b/source3/utils/net_rpc.c
> @@ -7440,6 +7440,11 @@ bool net_rpc_check(struct net_context *c, unsigned flags)
>  	if (!net_find_server(c, NULL, flags, &server_ss, &server_name))
>  		return false;
>  
> +	if (lp_disable_netbios()) {
> +		DEBUG(0, ("NetBIOS support disabled, unable to connect\n"));
> +		return false;
> +	}
> +
>  	status = cli_connect_nb(server_name, &server_ss, 0, 0x20,
>  				lp_netbios_name(), SMB_SIGNING_IPC_DEFAULT,
>  				0, &cli);
> diff --git a/source3/utils/net_time.c b/source3/utils/net_time.c
> index 0091fc86333..bf1faf1803f 100644
> --- a/source3/utils/net_time.c
> +++ b/source3/utils/net_time.c
> @@ -34,6 +34,11 @@ static time_t cli_servertime(const char *host,
>  	struct cli_state *cli = NULL;
>  	NTSTATUS status;
>  
> +	if (lp_disable_netbios()) {
> +		fprintf(stderr, _("NetBIOS support disabled, unable to connect\n"));
> +		goto done;
> +	}
> +
>  	status = cli_connect_nb(host, dest_ss, 0, 0x20, lp_netbios_name(),
>  				SMB_SIGNING_DEFAULT, 0, &cli);
>  	if (!NT_STATUS_IS_OK(status)) {
> -- 
> 2.17.2
>

More information about the samba-technical mailing list