[BUG] delete user script cannot work because...

Samba-JP TAKAHASHI Motonobu monyo at samba.gr.jp
Sat Jun 17 10:25:51 GMT 2000 

Hi!

I found a bug around delete user script parameter.

At least in Samba 2.0.7 "delete user script" cannot work.

The 1475th line of source/smbd/password.c has a bug corrected by this
patch below.

*** password.c.org      Sat Jun 17 18:53:11 2000
--- password.c  Sat Jun 17 18:53:27 2000
***************
*** 1472,1478 ****
      cli_ulogoff(&cli);
      cli_shutdown(&cli);
  
!     if((nt_rpc_err == NT_STATUS_NO_SUCH_USER) && (user_exists != NULL))
        *user_exists = False;
  
      return False;
--- 1472,1478 ----
      cli_ulogoff(&cli);
      cli_shutdown(&cli);
  
!     if(((nt_rpc_err & 0xFFFF) == NT_STATUS_NO_SUCH_USER) && (user_exists != NULL))
        *user_exists = False;
  
      return False;

Although this patch fixes the bug, I think it may not be the better
way to fix. 

The reason is explained below:

The value of nt_rpc_err comes from the 4th parameter of cli_error() at
the 1468th of in the password.c. And looking around the cli_error.c:

% grep cli_error */*.c
libsmb/clientgen.c:     cli_error(cli, &errclass, &errnum, &nt_rpc_error);
libsmb/clientgen.c:     if (cli_error(cli, &eclass, &ecode, NULL))
libsmb/clientgen.c:             if (cli_error(cli, &eclass, &ecode, NULL))
libsmb/clientgen.c:                     cli_error(cli, &eclass, &ecode, NULL);
libsmb/clientgen.c:                     cli_error(cli, &eclass, &ecode, NULL);
libsmb/clientgen.c:int cli_error(struct cli_state *cli, uint8 *eclass, uint32 *num, uint32 *nt_rpc_error)
libsmb/clientgen.c:             DEBUG(10,("cli_error: 32 bit codes: code=%08x\n", nt_err));
libsmb/clientgen.c:     if (cli_error(cli, NULL, NULL, NULL)) return False;
libsmb/clientgen.c:     if (cli_error(cli, NULL, NULL, NULL)) return False;
libsmb/clientgen.c:     if (cli_error(cli, NULL, NULL, NULL)) return False;
libsmb/clientgen.c:     if (cli_error(cli, NULL, NULL, NULL)) return False;
rpc_client/cli_pipe.c:          if (cli_error(cli, NULL, &err, NULL)) {
rpc_client/cli_pipe.c:          if (cli_error(cli, NULL, &err, NULL)) {
rpc_client/ntclienttrust.c:             cli_error(&cli_trust, &err_cls, &err_num, NULL);
rpc_client/ntclienttrust.c:     cli_error(&cli_trust, &err_cls, &err_num, NULL);
smbd/password.c:    cli_error(&cli, NULL, NULL, &nt_rpc_err);
smbwrapper/smbw.c:      ret = cli_error(c, &eclass, &ecode, NULL);
utils/torture.c:        (void)cli_error(c, &class, &num, NULL);


The 4th parameter of cli_error() is used only twice, the 1475th in the
smbd/password.c and the 214th line in cli_errstr() in
libsmb/clientgen.c.

cli_errstr() uses the 4th parameter of cli_error() as the parameter
put into get_nt_error_msg() and at the 530th line in
get_nt_error_msg() in source/libsmb/nterrr.c this value is again ANDed
with 0xFFFF.

As I explained, the 4th parameter of cli_error() is used only twice
and always ANDed with 0xFFFF. 

Thus it seems that to change the type of 4th parameter of cli_error()
from uint32 to uint16 is also considerable way to fix.

-----
Motonobu TAKAHASHI                    mailto:monyo at samba.gr.jp
Samba Users Group Japan               http://www.samba.gr.jp/

More information about the samba mailing list