[SCM] Samba Shared Repository - branch v4-6-test updated

Karolin Seeger Fri, 23 Jun 2017 08:31:08 -0700

The branch, v4-6-test has been updated
       via  9670a0d Bug 15852. There are valid paths where 
conn->lsa_pipe_tcp->transport is NULL. Protect against this.
       via  8a7d05e s3:tests: Add test for smbclient -UDOMAIN+username
       via  282560e s3:popt_common: Reparse the username in 
popt_common_credentials_post()
       via  8dc2be5 s3:smb2_sesssetup: allow a compound request after a 
SessionSetup
       via  6e6fb56d s3:smb2_tcon: allow a compound request after a TreeConnect
      from  29c2411 s3:libsmb: add cli_state_update_after_sesssetup() helper 
function


https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test


- Log -----------------------------------------------------------------
commit 9670a0d9973757f3be1a071f347eec03802bb57b
Author: Richard Sharpe <richard.sha...@primarydata.com>
Date:   Tue Jun 20 12:40:39 2017 -0700

    Bug 15852. There are valid paths where conn->lsa_pipe_tcp->transport is 
NULL. Protect against this.
    
    Based on a suggestion from Metze.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12852
    
    Signed-off-by: Richard Sharpe <realrichardsha...@gmail.com>
    Reviewed-by: Jeremy Allison <j...@samba.org>
    
    Autobuild-User(master): Jeremy Allison <j...@samba.org>
    Autobuild-Date(master): Thu Jun 22 23:16:46 CEST 2017 on sn-devel-144
    
    (cherry picked from commit 03042b85c8140842633b36f3124e504b97b852a1)
    
    Autobuild-User(v4-6-test): Karolin Seeger <ksee...@samba.org>
    Autobuild-Date(v4-6-test): Fri Jun 23 17:29:50 CEST 2017 on sn-devel-144

commit 8a7d05ebf8d3b2542c1ff8c61ada4a7f573198bf
Author: Andreas Schneider <a...@samba.org>
Date:   Mon Jun 19 15:52:23 2017 +0200

    s3:tests: Add test for smbclient -UDOMAIN+username
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12849
    
    Signed-off-by: Andreas Schneider <a...@samba.org>
    Reviewed-by: Stefan Metzmacher <me...@samba.org>
    
    Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
    Autobuild-Date(master): Tue Jun 20 14:48:33 CEST 2017 on sn-devel-144
    
    (cherry picked from commit e60aeb6f56a26019788442247361ed516bf965af)

commit 282560e469b269e07c06e958c748207bfeafac41
Author: Andreas Schneider <a...@samba.org>
Date:   Mon Jun 19 14:50:33 2017 +0200

    s3:popt_common: Reparse the username in popt_common_credentials_post()
    
    When we parse the username in the options handling, the smb.conf file
    has not been loaded yet. So we are not aware of a 'winbind separator'
    set in the config file.
    
    We need to read and set the username again in the post-processing of the
    credentials.
    
    https://bugzilla.samba.org/show_bug.cgi?id=12849
    
    Signed-off-by: Andreas Schneider <a...@samba.org>
    Reviewed-by: Stefan Metzmacher <me...@samba.org>
    (cherry picked from commit 0caf40ec0196de0de016fda0d4aff0734d498d2b)

commit 8dc2be59f526a9cd77496360f1eed784b4b10411
Author: Stefan Metzmacher <me...@samba.org>
Date:   Thu Jun 15 23:01:18 2017 +0200

    s3:smb2_sesssetup: allow a compound request after a SessionSetup
    
    This is not a full fix yet as we don't allow compound requests
    after going async.
    
    With SMB 3.11 requiring signed TreeConnect requests it's pointless
    to try to compound requests after a SessionSetup.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12845
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>
    
    Autobuild-User(master): Jeremy Allison <j...@samba.org>
    Autobuild-Date(master): Sat Jun 17 10:55:25 CEST 2017 on sn-devel-144
    
    (cherry picked from commit bb5c394fde03dc8230d5089a66fea1a2541952f5)

commit 6e6fb56da11cb30011cf46826a1bf8b76aed9ec1
Author: Stefan Metzmacher <me...@samba.org>
Date:   Thu Jun 15 23:01:18 2017 +0200

    s3:smb2_tcon: allow a compound request after a TreeConnect
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12844
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>
    (cherry picked from commit f8974bcdbf8abe3803340dcd20206ff4de9d5079)

-----------------------------------------------------------------------

Summary of changes:
 source3/lib/popt_common.c                    | 15 +++++++
 source3/script/tests/test_smbclient_basic.sh | 62 ++++++++++++++++++++++++++++
 source3/selftest/tests.py                    |  1 +
 source3/smbd/smb2_sesssetup.c                |  1 +
 source3/smbd/smb2_tcon.c                     |  2 +
 source3/winbindd/winbindd_cm.c               |  8 ++--
 6 files changed, 86 insertions(+), 3 deletions(-)
 create mode 100755 source3/script/tests/test_smbclient_basic.sh


Changeset truncated at 500 lines:

diff --git a/source3/lib/popt_common.c b/source3/lib/popt_common.c
index 3589a4f..9928c70 100644
--- a/source3/lib/popt_common.c
+++ b/source3/lib/popt_common.c
@@ -238,6 +238,7 @@ void popt_common_credentials_set_delay_post(void)
 void popt_common_credentials_post(void)
 {
        struct user_auth_info *auth_info = cmdline_auth_info;
+       const char *username = NULL;
 
        if (get_cmdline_auth_info_use_machine_account(auth_info) &&
            !set_cmdline_auth_info_machine_account_creds(auth_info))
@@ -248,6 +249,20 @@ void popt_common_credentials_post(void)
        }
 
        set_cmdline_auth_info_getpass(auth_info);
+
+       /*
+        * When we set the username during the handling of the options passed to
+        * the binary we haven't loaded the config yet. This means that we
+        * didnn't take the 'winbind separator' into account.
+        *
+        * The username might contain the domain name and thus it hasn't been
+        * correctly parsed yet. If we have a username we need to set it again
+        * to run the string parser for the username correctly.
+        */
+       username = get_cmdline_auth_info_username(auth_info);
+       if (username != NULL && username[0] != '\0') {
+               set_cmdline_auth_info_username(auth_info, username);
+       }
 }
 
 static void popt_common_credentials_callback(poptContext con,
diff --git a/source3/script/tests/test_smbclient_basic.sh 
b/source3/script/tests/test_smbclient_basic.sh
new file mode 100755
index 0000000..90e579b
--- /dev/null
+++ b/source3/script/tests/test_smbclient_basic.sh
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+# this runs the file serving tests that are expected to pass with samba3 
against shares with various options
+
+if [ $# -lt 5 ]; then
+cat <<EOF
+Usage: test_smbclient_basic.sh SERVER SERVER_IP DOMAIN USERNAME PASSWORD 
SMBCLIENT <smbclient arguments>
+EOF
+exit 1;
+fi
+
+SERVER="$1"
+SERVER_IP="$2"
+USERNAME="$3"
+PASSWORD="$4"
+smbclient="$5"
+CONFIGURATION="$6"
+shift 6
+ADDARGS="$@"
+
+incdir=`dirname $0`/../../../testprogs/blackbox
+. $incdir/subunit.sh
+
+test_smbclient() {
+       name="$1"
+       cmd="$2"
+       shift
+       shift
+       echo "test: $name"
+       $VALGRIND $smbclient $CONFIGURATION //$SERVER/tmp -c "$cmd" $@
+       status=$?
+       if [ x$status = x0 ]; then
+               echo "success: $name"
+       else
+               echo "failure: $name"
+       fi
+       return $status
+}
+
+# TEST using \ as the separator (default)
+test_smbclient "smbclient as $DOMAIN\\$USERNAME" 'ls' 
-U$DOMAIN\\$USERNAME%$PASSWORD $CONFIGURATION || failed=`expr $failed + 1`
+# TEST using / as the separator (default)
+test_smbclient "smbclient as $DOMAIN/$USERNAME" 'ls' 
-U$DOMAIN/$USERNAME%$PASSWORD $CONFIGURATION || failed=`expr $failed + 1`
+
+# TEST using 'winbind separator = +'
+test_smbclient "smbclient as $DOMAIN+$USERNAME" 'ls' 
-U$DOMAIN+$USERNAME%$PASSWORD $CONFIGURATION --option=winbindseparator=+ || 
failed=`expr $failed + 1`
+
+# TEST using 'winbind separator = +' set in a config file
+smbclient_config="$PREFIX/tmpsmbconf"
+cat > $smbclient_config <<EOF
+[global]
+    include = $(echo $CONFIGURATION | cut -d= -f2)
+    winbind separator = +
+EOF
+
+SAVE_CONFIGURATION="$CONFIGURATION"
+CONFIGURATION="--configfile=$smbclient_config"
+test_smbclient "smbclient as $DOMAIN+$USERNAME" 'ls' 
-U$DOMAIN+$USERNAME%$PASSWORD || failed=`expr $failed + 1`
+CONFIGURATION="$SAVE_CONFIGURATION"
+rm -rf $smbclient_config
+
+exit $failed
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index dfe7866..d3cb071 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -152,6 +152,7 @@ plantestsuite("samba.vfstest.xattr-tdb-1", "nt4_dc:local", 
[os.path.join(samba3s
 plantestsuite("samba.vfstest.acl", "nt4_dc:local", [os.path.join(samba3srcdir, 
"script/tests/vfstest-acl/run.sh"), binpath("vfstest"), "$PREFIX", 
configuration])
 plantestsuite("samba.vfstest.catia", "nt4_dc:local", 
[os.path.join(samba3srcdir, "script/tests/vfstest-catia/run.sh"), 
binpath("vfstest"), "$PREFIX", configuration])
 
+plantestsuite("samba3.blackbox.smbclient_basic", "ad_member", 
[os.path.join(samba3srcdir, "script/tests/test_smbclient_basic.sh"), '$SERVER', 
'$SERVER_IP', '$DC_USERNAME', '$DC_PASSWORD', smbclient3, configuration])
 for options in ["", "--option=clientntlmv2auth=no", 
"--option=clientusespnego=no", "--option=clientusespnego=no 
--option=clientntlmv2auth=no", "--option=clientntlmv2auth=no 
--option=clientlanmanauth=yes --max-protocol=LANMAN2", 
"--option=clientntlmv2auth=no --option=clientlanmanauth=yes 
--option=clientmaxprotocol=NT1"]:
     env = "nt4_dc"
     plantestsuite("samba3.blackbox.smbclient_auth.plain (%s) %s" % (env, 
options), env, [os.path.join(samba3srcdir, 
"script/tests/test_smbclient_auth.sh"), '$SERVER', '$SERVER_IP', 
'$DC_USERNAME', '$DC_PASSWORD', smbclient3, configuration, options])
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 6a0caac..c4ae185 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -483,6 +483,7 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct 
smbXsrv_session *session,
        global_client_caps |= (CAP_LEVEL_II_OPLOCKS|CAP_STATUS32);
 
        *out_session_id = session->global->session_wire_id;
+       smb2req->last_session_id = session->global->session_wire_id;
 
        return NT_STATUS_OK;
 }
diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c
index 5330fc3..914eb87 100644
--- a/source3/smbd/smb2_tcon.c
+++ b/source3/smbd/smb2_tcon.c
@@ -381,6 +381,8 @@ static NTSTATUS smbd_smb2_tree_connect(struct 
smbd_smb2_request *req,
        *out_maximal_access = tcon->compat->share_access;
 
        *out_tree_id = tcon->global->tcon_wire_id;
+       req->last_tid = tcon->global->tcon_wire_id;
+
        return NT_STATUS_OK;
 }
 
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 686bf9f..2cf89ed 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -2912,10 +2912,12 @@ static NTSTATUS cm_connect_lsa_tcp(struct 
winbindd_domain *domain,
 
        conn = &domain->conn;
 
-       if (conn->lsa_pipe_tcp &&
+       /*
+        * rpccli_is_connected handles more error cases
+        */
+       if (rpccli_is_connected(conn->lsa_pipe_tcp) &&
            conn->lsa_pipe_tcp->transport->transport == NCACN_IP_TCP &&
-           conn->lsa_pipe_tcp->auth->auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY 
&&
-           rpccli_is_connected(conn->lsa_pipe_tcp)) {
+           conn->lsa_pipe_tcp->auth->auth_level >= 
DCERPC_AUTH_LEVEL_INTEGRITY) {
                goto done;
        }
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-6-test updated

Reply via email to