The branch, v4-8-test has been updated via c56beb9a1fd vfs_fileid: fix get_connectpath_ino via df175f06f9f s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection via bb76511f413 libcli: Add error log if insufficient SMB2 credits via b7134e36f8d s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list() via 8932a4a161f s3: lib: nmbname: Ensure we limit the NetBIOS name correctly. CID: 1433607 from 129423d3657 s3-vfs-fruit: add close call
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log ----------------------------------------------------------------- commit c56beb9a1fd18146093b49965938388597425999 Author: Ralph Wuerthner <ralph.wuerth...@de.ibm.com> Date: Thu Jan 10 14:28:14 2019 +0100 vfs_fileid: fix get_connectpath_ino Bug: https://bugzilla.samba.org/show_bug.cgi?id=13741 Signed-off-by: Ralph Wuerthner <ralph.wuerth...@de.ibm.com> Reviewed-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Stefan Metzmacher <me...@samba.org> Autobuild-Date(master): Tue Jan 15 04:13:15 CET 2019 on sn-devel-144 (cherry picked from commit 12398a2d1ddcd326e02e5d8b0749e0e796145165) Autobuild-User(v4-8-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-8-test): Fri Feb 1 17:06:06 CET 2019 on sn-devel-144 commit df175f06f9fb63a04ae7635d6d0cbcbfe8ef2ceb Author: Tim Beale <timbe...@catalyst.net.nz> Date: Mon Jan 7 15:28:12 2019 +1300 s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection cli_smb2_list() appears to be a slightly unique SMB operation in that it specifies the max transaction size for the response buffer size. The Python bindings highlighted a problem where if cli_smb2_list() were one of the first operations performed on the SMBv2 connection, it would fail due to insufficient credits. Because the response buffer size is (potentially) so much larger, it requires more credits (128) compared with other SMB operations. When talking to a samba DC, the connection credits seem to start off at 1, then increase by 32 for every SMB reply we receive back from the server. After cli_full_connection(), the connection has 65 credits. The cli_smb2_create_fnum() in cli_smb2_list() adds another 32 credits, but this is still less than the 128 that smb2cli_query_directory() requires. This problem doesn't happen for smbclient because the cli_cm_open() API it uses ends up sending more messages, and so the connection has more credits. This patch changes cli_smb2_list(), so it requests a smaller response buffer size if it doesn't have enough credits available for the max transaction size. smb2cli_query_directory() is already in a loop, so it can span multiple SMB messages if for some reason the transaction size isn't big enough for the listings. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13736 Signed-off-by: Tim Beale <timbe...@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <me...@samba.org> Autobuild-User(master): Stefan Metzmacher <me...@samba.org> Autobuild-Date(master): Thu Jan 10 02:40:16 CET 2019 on sn-devel-144 (cherry picked from commit fd355dff906f5f4832901bce76544f1a4e50c33d) commit bb76511f41355b7d3a8a20b69d86eaeb89ebe0e5 Author: Tim Beale <timbe...@catalyst.net.nz> Date: Mon Jan 7 12:06:15 2019 +1300 libcli: Add error log if insufficient SMB2 credits Although it's unusual to hit this case, I was seeing it happen while working on the SMB python bindings. Even with debug level 10, there was nothing coming out to help pin down the source of the NT_STATUS_INTERNAL_ERROR. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13736 Signed-off-by: Tim Beale <timbe...@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit bf229de7926f12e329cdb3201f68f20ae776fe32) commit b7134e36f8d0d2bf9941aad52a0e995c8436117b Author: Ralph Boehme <s...@samba.org> Date: Tue Mar 20 15:27:44 2018 +0100 s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list() BUG: https://bugzilla.samba.org/show_bug.cgi?id=13736 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit 580ff206431969dc2924d520053b956b7169ca07) commit 8932a4a161f2647057e1fe815562354e0a12ccbd Author: Jeremy Allison <j...@samba.org> Date: Mon Nov 12 11:37:31 2018 -0800 s3: lib: nmbname: Ensure we limit the NetBIOS name correctly. CID: 1433607 Firstly, make the exit condition from the loop explicit (we must never write into byte n, where n >= sizeof(name->name). Secondly ensure exiting from the loop that n==MAX_NETBIOSNAME_LEN, as this is the sign of a correct NetBIOS name encoding (RFC1002) in order to properly read the NetBIOS name type (which is always encoded in byte 16 == name->name[15]). BUG: https://bugzilla.samba.org/show_bug.cgi?id=11495 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: David Disseldorp <dd...@samba.org> Autobuild-User(master): David Disseldorp <dd...@samba.org> Autobuild-Date(master): Tue Nov 13 20:54:56 CET 2018 on sn-devel-144 (cherry picked from commit 3634e20c7603103b0f2e00e5b61cc63f905d780d) ----------------------------------------------------------------------- Summary of changes: libcli/smb/smbXcli_base.c | 3 +++ source3/libsmb/cli_smb2_fnum.c | 15 ++++++++++++++- source3/libsmb/nmblib.c | 34 +++++++++++++++++++++------------- source3/modules/vfs_fileid.c | 4 +++- 4 files changed, 41 insertions(+), 15 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index 3f65216a669..10de278825a 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -3231,6 +3231,9 @@ NTSTATUS smb2cli_req_compound_submit(struct tevent_req **reqs, avail = MIN(avail, state->conn->smb2.cur_credits); if (avail < charge) { + DBG_ERR("Insufficient credits. " + "%"PRIu64" available, %"PRIu16" needed\n", + avail, charge); return NT_STATUS_INTERNAL_ERROR; } diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c index 561efe371a4..176b58d160a 100644 --- a/source3/libsmb/cli_smb2_fnum.c +++ b/source3/libsmb/cli_smb2_fnum.c @@ -910,6 +910,9 @@ NTSTATUS cli_smb2_list(struct cli_state *cli, TALLOC_CTX *frame = talloc_stackframe(); TALLOC_CTX *subframe = NULL; bool mask_has_wild; + uint32_t max_trans; + uint32_t max_avail_len; + bool ok; if (smbXcli_conn_has_async_calls(cli->conn)) { /* @@ -957,6 +960,16 @@ NTSTATUS cli_smb2_list(struct cli_state *cli, goto fail; } + /* + * ideally, use the max transaction size, but don't send a request + * bigger than we have credits available for + */ + max_trans = smb2cli_conn_max_trans_size(cli->conn); + ok = smb2cli_conn_req_possible(cli->conn, &max_avail_len); + if (ok) { + max_trans = MIN(max_trans, max_avail_len); + } + do { uint8_t *dir_data = NULL; uint32_t dir_data_length = 0; @@ -973,7 +986,7 @@ NTSTATUS cli_smb2_list(struct cli_state *cli, ph->fid_persistent, ph->fid_volatile, mask, - 0xffff, + max_trans, subframe, &dir_data, &dir_data_length); diff --git a/source3/libsmb/nmblib.c b/source3/libsmb/nmblib.c index 8feb029b05e..7b75c3de065 100644 --- a/source3/libsmb/nmblib.c +++ b/source3/libsmb/nmblib.c @@ -207,25 +207,33 @@ static int parse_nmb_name(char *inbuf,int ofs,int length, struct nmb_name *name) unsigned char c1,c2; c1 = ubuf[offset++]-'A'; c2 = ubuf[offset++]-'A'; - if ((c1 & 0xF0) || (c2 & 0xF0) || (n > sizeof(name->name)-1)) + if ((c1 & 0xF0) || (c2 & 0xF0)) { return(0); + } + if (n >= sizeof(name->name)) { + return 0; + } name->name[n++] = (c1<<4) | c2; m -= 2; } - name->name[n] = 0; - - if (n==MAX_NETBIOSNAME_LEN) { - /* parse out the name type, its always - * in the 16th byte of the name */ - name->name_type = ((unsigned char)name->name[15]) & 0xff; - - /* remove trailing spaces */ - name->name[15] = 0; - n = 14; - while (n && name->name[n]==' ') - name->name[n--] = 0; + /* + * RFC1002: For a valid NetBIOS name, exiting from the above, + * n *must* be MAX_NETBIOSNAME_LEN (16). + */ + if (n != MAX_NETBIOSNAME_LEN) { + return 0; } + /* parse out the name type, its always + * in the 16th byte of the name */ + name->name_type = ((unsigned char)name->name[15]) & 0xff; + + /* remove trailing spaces */ + name->name[15] = 0; + n = 14; + while (n && name->name[n]==' ') + name->name[n--] = 0; + /* now the domain parts (if any) */ n = 0; while (ubuf[offset]) { diff --git a/source3/modules/vfs_fileid.c b/source3/modules/vfs_fileid.c index 5d08fe97d15..cb77a2e52c6 100644 --- a/source3/modules/vfs_fileid.c +++ b/source3/modules/vfs_fileid.c @@ -297,12 +297,14 @@ static int get_connectpath_ino(struct vfs_handle_struct *handle, } ret = SMB_VFS_NEXT_STAT(handle, fname); - TALLOC_FREE(fname); if (ret != 0) { DBG_ERR("stat failed for %s with %s\n", handle->conn->connectpath, strerror(errno)); + TALLOC_FREE(fname); return -1; } + *ino = fname->st.st_ex_ino; + TALLOC_FREE(fname); return 0; } -- Samba Shared Repository