[PATCH] Evaluate 'disable netbios' parameter
Jeremy Allison
jra at samba.org
Thu Dec 20 22:02:37 UTC 2018
On Thu, Dec 20, 2018 at 04:37:30PM -0500, Justin Stephenson via samba-technical wrote:
> Hello,
>
> The following patches evaluate the 'disable_netbios' option prior to making
> calls to cli_connect_nb() in several places, this bug was reported by a
> RHEL customer seeing outbound 'netbios-ssn' traffic on port 139 with
> disable_netbios set in smb.conf.
>
> Gitlab CI Passed, merge request below:
> https://gitlab.com/samba-team/samba/merge_requests/181
>
> Please review.
Pretty good, thanks - but instead of using DEBUG(level,..)
macros can you replace with the new DBG_XXX() macros.
git grep from README.Coding attached.
README.Coding:DBG_ERR log level 0 error conditions
README.Coding:DBG_WARNING log level 1 warning conditions
README.Coding:DBG_NOTICE log level 3 normal, but significant, condition
README.Coding:DBG_INFO log level 5 informational message
README.Coding:DBG_DEBUG log level 10 debug-level message
We're trying to clean up the debug systems to
these 'standard' levels so we can eventually
rationalize out the multiple levels, so new
code should use the DBG_XXX() calls.
Thanks !
Jeremy.
> Justin Stephenson
> Red Hat
> From 5501320683bc6aa41719d6a1ef1384529fa432e2 Mon Sep 17 00:00:00 2001
> From: Justin Stephenson <jstephen at redhat.com>
> Date: Mon, 17 Dec 2018 14:40:33 -0500
> Subject: [PATCH 1/3] s3:libsmb: Evaluate 'disable netbios' parameter
>
> In certain places, cli_connect_nb() is being called even when
> 'disable netbios' is set in smb.conf.
>
> This patch ensures calls to this function are properly evaluating this
> 'disable netbios' parameter.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13727
> Signed-off-by: Justin Stephenson <jstephen at redhat.com>
> ---
> source3/libsmb/clidfs.c | 5 +++++
> source3/libsmb/libsmb_server.c | 12 ++++++++++++
> 2 files changed, 17 insertions(+)
>
> diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
> index 6918802396c..b42839b40be 100644
> --- a/source3/libsmb/clidfs.c
> +++ b/source3/libsmb/clidfs.c
> @@ -190,6 +190,11 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
> flags |= CLI_FULL_CONNECTION_USE_NT_HASH;
> }
>
> + if (lp_disable_netbios()) {
> + DBG_WARNING("NetBIOS support disabled, unable to connect");
> + return NT_STATUS_NOT_SUPPORTED;
> + }
> +
> status = cli_connect_nb(
> server, NULL, port, name_type, NULL,
> signing_state,
> diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
> index 67dfcf72327..3356e875a00 100644
> --- a/source3/libsmb/libsmb_server.c
> +++ b/source3/libsmb/libsmb_server.c
> @@ -473,6 +473,12 @@ SMBC_server_internal(TALLOC_CTX *ctx,
> /*
> * Try 139 first for IPC$
> */
> + if (lp_disable_netbios()) {
> + DEBUG(4,("NetBIOS support disabled, unable to connect\n"));
> + errno = ENOTSUP;
> + return NULL;
> + }
> +
> status = cli_connect_nb(server_n, NULL, NBT_SMB_PORT, 0x20,
> smbc_getNetbiosName(context),
> signing_state, flags, &c);
> @@ -483,6 +489,12 @@ SMBC_server_internal(TALLOC_CTX *ctx,
> /*
> * No IPC$ or 139 did not work
> */
> + if (lp_disable_netbios()) {
> + DEBUG(4,("NetBIOS support disabled, unable to connect\n"));
> + errno = ENOTSUP;
> + return NULL;
> + }
> +
> status = cli_connect_nb(server_n, NULL, port, 0x20,
> smbc_getNetbiosName(context),
> signing_state, flags, &c);
> --
> 2.17.2
>
>
> From 19acfa78ab31afd42c4bab8e46939aefb4e1fb64 Mon Sep 17 00:00:00 2001
> From: Justin Stephenson <jstephen at redhat.com>
> Date: Mon, 17 Dec 2018 14:57:59 -0500
> Subject: [PATCH 2/3] smbpasswd: Evaluate 'disable netbios' parameter
>
> The 'smbpasswd' remote password change operation should honor the
> 'disable netbios' parameter set in smb.conf. The operation will
> fail if disable netbios is set.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13727
> Signed-off-by: Justin Stephenson <jstephen at redhat.com>
> ---
> source3/libsmb/passchange.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
> index 48ffba8036f..29a97e8262e 100644
> --- a/source3/libsmb/passchange.c
> +++ b/source3/libsmb/passchange.c
> @@ -40,9 +40,19 @@ NTSTATUS remote_password_change(const char *remote_machine,
> struct rpc_pipe_client *pipe_hnd = NULL;
> NTSTATUS result;
> bool pass_must_change = False;
> + int rc = 0;
> + char *tmp_err = NULL;
>
> *err_str = NULL;
>
> + if (lp_disable_netbios()) {
> + rc = asprintf(&tmp_err, "NetBIOS support disabled, unable to connect");
> + if (rc > 0) {
> + err_str = &tmp_err;
> + }
> + return NT_STATUS_UNSUCCESSFUL;
> + }
> +
> result = cli_connect_nb(remote_machine, NULL, 0, 0x20, NULL,
> SMB_SIGNING_IPC_DEFAULT, 0, &cli);
> if (!NT_STATUS_IS_OK(result)) {
> --
> 2.17.2
>
>
> From c2142914b5d2a252b8b31925cb51b373de715c1a Mon Sep 17 00:00:00 2001
> From: Justin Stephenson <jstephen at redhat.com>
> Date: Mon, 17 Dec 2018 15:17:24 -0500
> Subject: [PATCH 3/3] s3:utils:net: Evaluate 'disable netbios' parameter
>
> This patch enforces evaluation of the 'disable netbios'
> parameter with certain net commands calling cli_connect_nb()
> making a netbios connection. Commands affected are:
>
> - net time
> - net file
> - net share
> - net user
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13727
> Signed-off-by: Justin Stephenson <jstephen at redhat.com>
> ---
> source3/utils/net_rpc.c | 5 +++++
> source3/utils/net_time.c | 5 +++++
> 2 files changed, 10 insertions(+)
>
> diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
> index a3b3727b484..330a913c811 100644
> --- a/source3/utils/net_rpc.c
> +++ b/source3/utils/net_rpc.c
> @@ -7440,6 +7440,11 @@ bool net_rpc_check(struct net_context *c, unsigned flags)
> if (!net_find_server(c, NULL, flags, &server_ss, &server_name))
> return false;
>
> + if (lp_disable_netbios()) {
> + DEBUG(0, ("NetBIOS support disabled, unable to connect\n"));
> + return false;
> + }
> +
> status = cli_connect_nb(server_name, &server_ss, 0, 0x20,
> lp_netbios_name(), SMB_SIGNING_IPC_DEFAULT,
> 0, &cli);
> diff --git a/source3/utils/net_time.c b/source3/utils/net_time.c
> index 0091fc86333..bf1faf1803f 100644
> --- a/source3/utils/net_time.c
> +++ b/source3/utils/net_time.c
> @@ -34,6 +34,11 @@ static time_t cli_servertime(const char *host,
> struct cli_state *cli = NULL;
> NTSTATUS status;
>
> + if (lp_disable_netbios()) {
> + fprintf(stderr, _("NetBIOS support disabled, unable to connect\n"));
> + goto done;
> + }
> +
> status = cli_connect_nb(host, dest_ss, 0, 0x20, lp_netbios_name(),
> SMB_SIGNING_DEFAULT, 0, &cli);
> if (!NT_STATUS_IS_OK(status)) {
> --
> 2.17.2
>
More information about the samba-technical
mailing list