[Samba] Re: 3.0.25a closing network drive connections?
Jeremy Allison
jra at samba.org
Tue Jun 12 22:03:33 GMT 2007
On Tue, Jun 12, 2007 at 02:14:12PM -0400, Josh Kelley wrote:
> On 6/11/07, Gerald (Jerry) Carter <jerry at samba.org> wrote:
> >> [2007/06/08 14:02:21, 10] lib/util_sock.c:read_data(525)
> >> read_data: read of 4 returned 0. Error = Success
> >> [2007/06/08 14:02:21, 10] lib/util_sock.c:receive_smb_raw(672)
> >> receive_smb_raw: length < 0!
> >> [2007/06/08 14:02:21, 3] smbd/process.c:timeout_processing(1328)
> >> timeout_processing: End of file from client (client has disconnected).
> >>
> >> Is anyone else seeing similar problems? Should I open a Bugzilla or
> >> post the full debug logs here?
> >
> >The client disconnected. This is not smbd's fault.
>
> Upon further investigation, I think that smbd may be sending invalid
> NOTIFY responses to the client, causing the client to disconnect.
>
> I opened a Bugzilla with a level 10 debug log, Wireshark capture, and
> instructions to reproduce, since I thought that would be better than
> posting all of that stuff here:
> https://bugzilla.samba.org/show_bug.cgi?id=4689
>
> I hope it's okay that I did so. Thank you for your time.
Here's the patch for this I added for 3.0.25b. On testing
here it seems to do the correct thing with WindowsXP SP2.
Jeremy.
-------------- next part --------------
Index: smbd/nttrans.c
===================================================================
--- smbd/nttrans.c (revision 23444)
+++ smbd/nttrans.c (working copy)
@@ -1979,8 +1979,7 @@
* here.
*/
- change_notify_reply(inbuf, max_param_count,
- fsp->notify);
+ change_notify_reply(inbuf, fsp->notify);
/*
* change_notify_reply() above has independently sent its
@@ -1993,8 +1992,7 @@
* No changes pending, queue the request
*/
- status = change_notify_add_request(inbuf, max_param_count, filter,
- recursive, fsp);
+ status = change_notify_add_request(inbuf, filter, recursive, fsp);
if (!NT_STATUS_IS_OK(status)) {
return ERROR_NT(status);
}
Index: smbd/notify.c
===================================================================
--- smbd/notify.c (revision 23444)
+++ smbd/notify.c (working copy)
@@ -27,7 +27,6 @@
struct files_struct *fsp; /* backpointer for cancel by mid */
char request_buf[smb_size];
uint32 filter;
- uint32 max_param_count;
uint32 current_bufsize;
struct notify_mid_map *mid_map;
void *backend_data;
@@ -126,12 +125,12 @@
"failed.");
}
-void change_notify_reply(const char *request_buf, uint32 max_param_count,
+void change_notify_reply(const char *request_buf,
struct notify_change_buf *notify_buf)
{
char *outbuf = NULL;
prs_struct ps;
- size_t buflen = smb_size+38+max_param_count;
+ size_t buflen;
if (notify_buf->num_changes == -1) {
change_notify_reply_packet(request_buf, NT_STATUS_OK);
@@ -145,14 +144,7 @@
goto done;
}
- if (prs_offset(&ps) > max_param_count) {
- /*
- * We exceed what the client is willing to accept. Send
- * nothing.
- */
- change_notify_reply_packet(request_buf, NT_STATUS_OK);
- goto done;
- }
+ buflen = smb_size+38+prs_offset(&ps) + 4 /* padding */;
if (!(outbuf = SMB_MALLOC_ARRAY(char, buflen))) {
change_notify_reply_packet(request_buf, NT_STATUS_NO_MEMORY);
@@ -214,7 +206,7 @@
return status;
}
-NTSTATUS change_notify_add_request(const char *inbuf, uint32 max_param_count,
+NTSTATUS change_notify_add_request(const char *inbuf,
uint32 filter, BOOL recursive,
struct files_struct *fsp)
{
@@ -231,7 +223,6 @@
map->req = request;
memcpy(request->request_buf, inbuf, sizeof(request->request_buf));
- request->max_param_count = max_param_count;
request->current_bufsize = 0;
request->filter = filter;
request->fsp = fsp;
@@ -408,7 +399,6 @@
*/
change_notify_reply(fsp->notify->requests->request_buf,
- fsp->notify->requests->max_param_count,
fsp->notify);
change_notify_remove_request(fsp->notify->requests);
More information about the samba
mailing list