summaryrefslogtreecommitdiffstats
path: root/source3/libsmb
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-20 04:07:27 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-20 04:07:27 +0000
commit31bdcfe4b647c8c783efa32da3c333b5f166a42d (patch)
tree2b868e2a40cde0854fa0f5466ea8990d3d38f93d /source3/libsmb
parentAdding upstream version 2:4.20.1+dfsg. (diff)
downloadsamba-upstream.tar.xz
samba-upstream.zip
Adding upstream version 2:4.20.2+dfsg.upstream/2%4.20.2+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/clidgram.c6
-rw-r--r--source3/libsmb/dsgetdcname.c29
-rw-r--r--source3/libsmb/libsmb_xattr.c14
-rw-r--r--source3/libsmb/namequery.c21
-rw-r--r--source3/libsmb/nmblib.c12
-rw-r--r--source3/libsmb/nmblib.h2
-rw-r--r--source3/libsmb/unexpected.c18
-rw-r--r--source3/libsmb/unexpected.h2
8 files changed, 82 insertions, 22 deletions
diff --git a/source3/libsmb/clidgram.c b/source3/libsmb/clidgram.c
index a45bdac..c87c870 100644
--- a/source3/libsmb/clidgram.c
+++ b/source3/libsmb/clidgram.c
@@ -349,7 +349,11 @@ struct tevent_req *nbt_getdc_send(TALLOC_CTX *mem_ctx,
return tevent_req_post(req, ev);
}
- subreq = nb_packet_reader_send(state, ev, DGRAM_PACKET, -1,
+ subreq = nb_packet_reader_send(state,
+ ev,
+ global_nmbd_socket_dir(),
+ DGRAM_PACKET,
+ -1,
state->my_mailslot);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c
index 09a6e66..654893c 100644
--- a/source3/libsmb/dsgetdcname.c
+++ b/source3/libsmb/dsgetdcname.c
@@ -196,7 +196,29 @@ static NTSTATUS store_cldap_reply(TALLOC_CTX *mem_ctx,
/* FIXME */
r->sockaddr_size = 0x10; /* the w32 winsock addr size */
r->sockaddr.sockaddr_family = 2; /* AF_INET */
- r->sockaddr.pdc_ip = talloc_strdup(mem_ctx, addr);
+ if (is_ipaddress_v4(addr)) {
+ r->sockaddr.pdc_ip = talloc_strdup(mem_ctx, addr);
+ if (r->sockaddr.pdc_ip == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ } else {
+ /*
+ * ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX will
+ * fail with an ipv6 address.
+ *
+ * This matches windows behaviour in the CLDAP
+ * response when NETLOGON_NT_VERSION_5EX_WITH_IP
+ * is used.
+ *
+ * Windows returns the ipv4 address of the ipv6
+ * server interface and falls back to 127.0.0.1
+ * if there's no ipv4 address.
+ */
+ r->sockaddr.pdc_ip = talloc_strdup(mem_ctx, "127.0.0.1");
+ if (r->sockaddr.pdc_ip == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
ndr_err = ndr_push_struct_blob(&blob, mem_ctx, r,
(ndr_push_flags_fn_t)ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX);
@@ -930,6 +952,11 @@ static NTSTATUS process_dc_netbios(TALLOC_CTX *mem_ctx,
name_type = NBT_NAME_PDC;
}
+ /*
+ * It's 2024 we always want an AD style response!
+ */
+ nt_version |= NETLOGON_NT_VERSION_AVOID_NT4EMUL;
+
nt_version |= map_ds_flags_to_nt_version(flags);
snprintf(my_acct_name,
diff --git a/source3/libsmb/libsmb_xattr.c b/source3/libsmb/libsmb_xattr.c
index dcb2f9e..a902341 100644
--- a/source3/libsmb/libsmb_xattr.c
+++ b/source3/libsmb/libsmb_xattr.c
@@ -121,7 +121,13 @@ ace_compare(struct security_ace *ace1,
*/
if (ace1->type != ace2->type) {
- return ace2->type - ace1->type;
+ /*
+ * ace2 and ace1 are reversed here, so that
+ * ACCESS_DENIED_ACE_TYPE (1) sorts before
+ * ACCESS_ALLOWED_ACE_TYPE (0), which is the order you
+ * usually want.
+ */
+ return NUMERIC_CMP(ace2->type, ace1->type);
}
if (dom_sid_compare(&ace1->trustee, &ace2->trustee)) {
@@ -129,15 +135,15 @@ ace_compare(struct security_ace *ace1,
}
if (ace1->flags != ace2->flags) {
- return ace1->flags - ace2->flags;
+ return NUMERIC_CMP(ace1->flags, ace2->flags);
}
if (ace1->access_mask != ace2->access_mask) {
- return ace1->access_mask - ace2->access_mask;
+ return NUMERIC_CMP(ace1->access_mask, ace2->access_mask);
}
if (ace1->size != ace2->size) {
- return ace1->size - ace2->size;
+ return NUMERIC_CMP(ace1->size, ace2->size);
}
return memcmp(ace1, ace2, sizeof(struct security_ace));
diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c
index e6c0c7d..8f6a9b5 100644
--- a/source3/libsmb/namequery.c
+++ b/source3/libsmb/namequery.c
@@ -34,6 +34,7 @@
#include "lib/gencache.h"
#include "librpc/gen_ndr/dns.h"
#include "lib/util/util_net.h"
+#include "lib/util/tsort.h"
#include "lib/util/string_wrappers.h"
/* nmbd.c sets this to True. */
@@ -644,7 +645,12 @@ static struct tevent_req *nb_trans_send(
return tevent_req_post(req, ev);
}
- subreq = nb_packet_reader_send(state, ev, type, state->trn_id, NULL);
+ subreq = nb_packet_reader_send(state,
+ ev,
+ global_nmbd_socket_dir(),
+ type,
+ state->trn_id,
+ NULL);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
@@ -1082,8 +1088,15 @@ bool name_status_find(const char *q_name,
}
/*
- comparison function used by sort_addr_list
-*/
+ * comparison function used by sort_addr_list
+ *
+ * This comparison is intransitive in sort if a socket has an invalid
+ * family (i.e., not IPv4 or IPv6), or an interface doesn't support
+ * the family. Say we have sockaddrs with IP versions {4,5,6}, of
+ * which 5 is invalid. By this function, 4 == 5 and 6 == 5, but 4 !=
+ * 6. This is of course a consequence of cmp() being unable to
+ * communicate error.
+ */
static int addr_compare(const struct sockaddr_storage *ss1,
const struct sockaddr_storage *ss2)
@@ -1171,7 +1184,7 @@ static int addr_compare(const struct sockaddr_storage *ss1,
max_bits2 += 128;
}
}
- return max_bits2 - max_bits1;
+ return NUMERIC_CMP(max_bits2, max_bits1);
}
/*
diff --git a/source3/libsmb/nmblib.c b/source3/libsmb/nmblib.c
index c90e92e..2297dd9 100644
--- a/source3/libsmb/nmblib.c
+++ b/source3/libsmb/nmblib.c
@@ -23,6 +23,12 @@
#include "libsmb/nmblib.h"
#include "lib/util/string_wrappers.h"
+const char *global_nmbd_socket_dir(void)
+{
+ return lp_parm_const_string(-1, "nmbd", "socket dir",
+ get_dyn_NMBDSOCKETDIR());
+}
+
static const struct opcode_names {
const char *nmb_opcode_name;
int opcode;
@@ -1229,8 +1235,10 @@ static unsigned char sort_ip[4];
static int name_query_comp(unsigned char *p1, unsigned char *p2)
{
- return matching_len_bits(p2+2, sort_ip, 4) -
- matching_len_bits(p1+2, sort_ip, 4);
+ int a = matching_len_bits(p1+2, sort_ip, 4);
+ int b = matching_len_bits(p2+2, sort_ip, 4);
+ /* reverse sort -- p2 derived value comes first */
+ return NUMERIC_CMP(b, a);
}
/****************************************************************************
diff --git a/source3/libsmb/nmblib.h b/source3/libsmb/nmblib.h
index 52600a4..5171a26 100644
--- a/source3/libsmb/nmblib.h
+++ b/source3/libsmb/nmblib.h
@@ -29,6 +29,8 @@
/* The following definitions come from libsmb/nmblib.c */
+const char *global_nmbd_socket_dir(void);
+
void debug_nmb_packet(struct packet_struct *p);
void put_name(char *dest, const char *name, int pad, unsigned int name_type);
char *nmb_namestr(const struct nmb_name *n);
diff --git a/source3/libsmb/unexpected.c b/source3/libsmb/unexpected.c
index b81d379..10ceac7 100644
--- a/source3/libsmb/unexpected.c
+++ b/source3/libsmb/unexpected.c
@@ -26,12 +26,6 @@
#include "lib/tsocket/tsocket.h"
#include "lib/util/sys_rw.h"
-static const char *nmbd_socket_dir(void)
-{
- return lp_parm_const_string(-1, "nmbd", "socket dir",
- get_dyn_NMBDSOCKETDIR());
-}
-
struct nb_packet_query {
enum packet_type type;
size_t mailslot_namelen;
@@ -74,6 +68,7 @@ static void nb_packet_server_listener(struct tevent_context *ev,
NTSTATUS nb_packet_server_create(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
+ const char *nmbd_socket_dir,
int max_clients,
struct nb_packet_server **presult)
{
@@ -90,7 +85,7 @@ NTSTATUS nb_packet_server_create(TALLOC_CTX *mem_ctx,
result->max_clients = max_clients;
result->listen_sock = create_pipe_sock(
- nmbd_socket_dir(), "unexpected", 0755);
+ nmbd_socket_dir, "unexpected", 0755);
if (result->listen_sock == -1) {
status = map_nt_error_from_unix(errno);
goto fail;
@@ -248,7 +243,7 @@ static void nb_packet_got_query(struct tevent_req *req)
ssize_t nread;
int err;
- nread = tstream_read_packet_recv(req, talloc_tos(), &buf, &err);
+ nread = tstream_read_packet_recv(req, client, &buf, &err);
TALLOC_FREE(req);
if (nread < (ssize_t)sizeof(struct nb_packet_query)) {
DEBUG(10, ("read_packet_recv returned %d (%s)\n",
@@ -280,6 +275,8 @@ static void nb_packet_got_query(struct tevent_req *req)
}
}
+ TALLOC_FREE(buf);
+
client->ack.byte = 0;
client->ack.iov[0].iov_base = &client->ack.byte;
client->ack.iov[0].iov_len = 1;
@@ -333,7 +330,7 @@ static void nb_packet_client_read_done(struct tevent_req *req)
uint8_t *buf;
int err;
- nread = tstream_read_packet_recv(req, talloc_tos(), &buf, &err);
+ nread = tstream_read_packet_recv(req, client, &buf, &err);
TALLOC_FREE(req);
if (nread == 1) {
DEBUG(10, ("Protocol error, received data on write-only "
@@ -495,6 +492,7 @@ static void nb_packet_reader_got_ack(struct tevent_req *subreq);
struct tevent_req *nb_packet_reader_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
+ const char *nmbd_socket_dir,
enum packet_type type,
int trn_id,
const char *mailslot_name)
@@ -530,7 +528,7 @@ struct tevent_req *nb_packet_reader_send(TALLOC_CTX *mem_ctx,
tevent_req_nterror(req, map_nt_error_from_unix(errno));
return tevent_req_post(req, ev);
}
- rpath = talloc_asprintf(state, "%s/%s", nmbd_socket_dir(),
+ rpath = talloc_asprintf(state, "%s/%s", nmbd_socket_dir,
"unexpected");
if (tevent_req_nomem(rpath, req)) {
return tevent_req_post(req, ev);
diff --git a/source3/libsmb/unexpected.h b/source3/libsmb/unexpected.h
index 270976b..4ae9b20 100644
--- a/source3/libsmb/unexpected.h
+++ b/source3/libsmb/unexpected.h
@@ -29,12 +29,14 @@ struct nb_packet_reader;
NTSTATUS nb_packet_server_create(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
+ const char *nmbd_socket_dir,
int max_clients,
struct nb_packet_server **presult);
void nb_packet_dispatch(struct nb_packet_server *server,
struct packet_struct *p);
struct tevent_req *nb_packet_reader_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
+ const char *nmbd_socket_dir,
enum packet_type type,
int trn_id,
const char *mailslot_name);