[PATCH] libcli/smb: Parse primary domain from session setup
Samuel Cabrero
scabrero at suse.de
Sat Mar 3 12:19:02 UTC 2018
On Mon, 2017-10-30 at 10:51 +0100, Samuel Cabrero via samba-technical
wrote:
> I have tested Windows server 2008 R2 and 2012 R2 and none of them
> send
> the workgroup, but samba does.
>
> To put some context the goal of the patch is to fix the "net rap
> server
> domain" command, which uses the primary domain from session setup to
> call NetServerEnum2. If Windows does not send it I can add an
> optional
> argument to the command to specify the workgroup, this would be
> compatible with the submitted patch.
>
>
> On Mon, 2017-10-30 at 08:58 +0100, Stefan Metzmacher via samba-
> technical wrote:
> > Am 30.10.2017 um 03:58 schrieb Andrew Bartlett:
> > > On Tue, 2017-10-24 at 10:56 +1300, Andrew Bartlett via samba-
> > > technical
> > > wrote:
> > > > On Mon, 2017-10-23 at 14:12 +0200, Samuel Cabrero via samba-
> > > > technical
> > > > wrote:
> > > > > Hi,
> > > > >
> > > > > I still have this patch on the queue, I sent it some time
> > > > > ago.
> > > >
> > > > This looks good to me. Could we have a test so we don't break
> > > > this
> > > > again?
> > >
> > > Any chance you can write a test for this?
> > >
> > > > Also, please file a bug for backport.
> > > >
> > > > Metze: Can I get some more comment from you on this? You made
> > > > comments
> > > > about some of the parsing routines working only by luck here:
> > > > https://bugzilla.samba.org/show_bug.cgi?id=12824
> > > >
> > > > Was there an intentional reason this support was lost?
> > >
> > > Can I please get a comment on this patch from the broader team?
> >
> > [MS-SMB] 2.2.4.6.2 Server Response Extensions lists only
> > NativeLanMan
> > and NativeOS.
> >
> > But it seems Samba sends the workgroup. Does some other servers
> > also
> > do this?
> >
> > metze
> >
>
>
Following with this metze was right, Windows machines do not send the
primary domain when extended security is used, so although samba does,
the approach was wrong and the primary domain cannot be extracted from
the session setup.
Searching another way to fix this, I found in [MS-RAP] 2.5.5.2.1:
RAPParams (variable): The RAPParams structure MUST be as follows:
Domain (variable): ... If this string is not present or is empty (a
single null byte), the server MUST return the list of servers for the
server's current domain or workgroup.
This new patchset makes samba's NetServerEnum2 handler to stick to
specification, using its own domain when domain field is empty in the
request, and then takes advantage of this when requesting the servers
list. This fixes the server's listings in 'smbclient -L' and 'net rap
server domain' commands when using SPNEGO.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s3-lanman-Handle-empty-domain-in-NetServerEnum2-requ.patch
Type: text/x-patch
Size: 963 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180303/5357aab9/0001-s3-lanman-Handle-empty-domain-in-NetServerEnum2-requ.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-s3-libsmb-Avoid-segfault-if-cli_NetServerEnum-is-cal.patch
Type: text/x-patch
Size: 2079 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180303/5357aab9/0002-s3-libsmb-Avoid-segfault-if-cli_NetServerEnum-is-cal.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-s3-libsmb-Fix-workgroup-listing-when-using-SPNEGO.patch
Type: text/x-patch
Size: 3065 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180303/5357aab9/0003-s3-libsmb-Fix-workgroup-listing-when-using-SPNEGO.bin>
More information about the samba-technical
mailing list