The branch, master has been updated
via 85504ae... s4:libcli: Modify S4 client library to check for proper
CN alignment
via 00056e7... s3:smbd: Align change notify replies on 4-byte boundary
from 502bddf... s4:new_partition LDB module - fix an uninitalised
variable warning
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 85504ae6ff72204894ea7a856f0f36b44ad77fe2
Author: Steven Danneman <[email protected]>
Date: Mon Jun 28 16:06:33 2010 -0700
s4:libcli: Modify S4 client library to check for proper CN alignment
MS-CIFS 2.2.7.4.2 states that FILE_NOTIFY_INFORMATION structures in
change notify replies must be aligned to 4-byte boundaries.
This updates s4 client to check for this restriction and also adds a
torture test which should tickle a server into giving unaligned
structures if it doesn't follow the spec.
commit 00056e73c1cb54f5d6c10e63b70afc2c84e5883e
Author: Chere Zhou <[email protected]>
Date: Mon Jul 5 17:18:35 2010 -0700
s3:smbd: Align change notify replies on 4-byte boundary
MS-CIFS section 2.2.7.4.2 states this is mandatory. WinXP clients
don't seem to care, but a Win7 client will send an immediate Close()
to the directory handle when receiving an incorrectly aligned
change notify response.
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/notify.c | 10 ++++
source4/libcli/raw/rawnotify.c | 4 +-
source4/torture/raw/notify.c | 100 +++++++++++++++++++++++++++++++++++++++-
3 files changed, 112 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c
index dc13aad..e473d99 100644
--- a/source3/smbd/notify.c
+++ b/source3/smbd/notify.c
@@ -77,6 +77,7 @@ static bool notify_marshall_changes(int num_changes,
for (i=0; i<num_changes; i++) {
struct notify_change *c;
size_t namelen;
+ int rem = 0;
uint32 u32_tmp; /* Temp arg to prs_uint32 to avoid
* signed/unsigned issues */
@@ -102,6 +103,11 @@ static bool notify_marshall_changes(int num_changes,
*/
u32_tmp = (i == num_changes-1) ? 0 : namelen + 12;
+
+ /* Align on 4-byte boundary according to MS-CIFS 2.2.7.4.2 */
+ if ((rem = u32_tmp % 4 ) != 0)
+ u32_tmp += 4 - rem;
+
if (!prs_uint32("offset", ps, 1, &u32_tmp)) goto fail;
u32_tmp = c->action;
@@ -117,6 +123,10 @@ static bool notify_marshall_changes(int num_changes,
*/
prs_set_offset(ps, prs_offset(ps)-2);
+ if (rem != 0) {
+ if (!prs_align_custom(ps, 4)) goto fail;
+ }
+
TALLOC_FREE(uni_name.buffer);
if (prs_offset(ps) > max_offset) {
diff --git a/source4/libcli/raw/rawnotify.c b/source4/libcli/raw/rawnotify.c
index 2155076..40256aa 100644
--- a/source4/libcli/raw/rawnotify.c
+++ b/source4/libcli/raw/rawnotify.c
@@ -71,10 +71,12 @@ _PUBLIC_ NTSTATUS smb_raw_changenotify_recv(struct
smbcli_request *req,
parms->nttrans.out.changes = NULL;
parms->nttrans.out.num_changes = 0;
-
+
/* count them */
for (ofs=0; nt.out.params.length - ofs > 12; ) {
uint32_t next = IVAL(nt.out.params.data, ofs);
+ if (next % 4 != 0)
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
parms->nttrans.out.num_changes++;
if (next == 0 ||
ofs + next >= nt.out.params.length) break;
diff --git a/source4/torture/raw/notify.c b/source4/torture/raw/notify.c
index 5bf7f4a..dd3aae3 100644
--- a/source4/torture/raw/notify.c
+++ b/source4/torture/raw/notify.c
@@ -50,6 +50,14 @@
goto done; \
}} while (0)
+#define CHECK_WSTR2(tctx, field, value, flags) \
+do { \
+ if (!field.s || strcmp(field.s, value) || \
+ wire_bad_flags(&field, flags, cli->transport)) { \
+ torture_result(tctx, TORTURE_FAIL, \
+ "(%d) %s [%s] != %s\n", __LINE__, #field, field.s, value);
\
+ } \
+} while (0)
/*
basic testing of change notify on directories
@@ -1594,7 +1602,96 @@ done:
}
-/*
+/*
+ testing alignment of multiple change notify infos
+*/
+static bool test_notify_alignment(struct smbcli_state *cli,
+ struct torture_context *tctx)
+{
+ NTSTATUS status;
+ union smb_notify notify;
+ union smb_open io;
+ int i, fnum, fnum2;
+ struct smbcli_request *req;
+ const char *fname = BASEDIR "\\starter";
+ const char *fnames[] = { "a",
+ "ab",
+ "abc",
+ "abcd" };
+ int num_names = ARRAY_SIZE(fnames);
+ const char *fpath = NULL;
+
+ torture_comment(tctx, "TESTING CHANGE NOTIFY REPLY ALIGNMENT\n");
+
+ /* get a handle on the directory */
+ io.generic.level = RAW_OPEN_NTCREATEX;
+ io.ntcreatex.in.root_fid.fnum = 0;
+ io.ntcreatex.in.flags = 0;
+ io.ntcreatex.in.access_mask = SEC_FILE_ALL;
+ io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+ io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+ io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+ NTCREATEX_SHARE_ACCESS_WRITE;
+ io.ntcreatex.in.alloc_size = 0;
+ io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+ io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+ io.ntcreatex.in.security_flags = 0;
+ io.ntcreatex.in.fname = BASEDIR;
+
+ status = smb_raw_open(cli->tree, tctx, &io);
+ torture_assert_ntstatus_ok(tctx, status, "");
+ fnum = io.ntcreatex.out.file.fnum;
+
+ /* ask for a change notify, on file creation */
+ notify.nttrans.level = RAW_NOTIFY_NTTRANS;
+ notify.nttrans.in.buffer_size = 1000;
+ notify.nttrans.in.completion_filter = FILE_NOTIFY_CHANGE_FILE_NAME;
+ notify.nttrans.in.file.fnum = fnum;
+ notify.nttrans.in.recursive = false;
+
+ /* start change tracking */
+ req = smb_raw_changenotify_send(cli->tree, ¬ify);
+
+ fnum2 = smbcli_open(cli->tree, fname, O_CREAT|O_RDWR, DENY_NONE);
+ torture_assert(tctx, fnum2 != -1, smbcli_errstr(cli->tree));
+ smbcli_close(cli->tree, fnum2);
+
+ status = smb_raw_changenotify_recv(req, tctx, ¬ify);
+ torture_assert_ntstatus_ok(tctx, status, "");
+
+ /* create 4 files that will cause CHANGE_NOTIFY_INFO structures
+ * to be returned in the same packet with all possible 4-byte padding
+ * permutations. As per MS-CIFS 2.2.7.4.2 these structures should be
+ * 4-byte aligned. */
+
+ for (i = 0; i < num_names; i++) {
+ fpath = talloc_asprintf(tctx, "%s\\%s", BASEDIR, fnames[i]);
+ fnum2 = smbcli_open(cli->tree, fpath,
+ O_CREAT|O_RDWR, DENY_NONE);
+ torture_assert(tctx, fnum2 != -1, smbcli_errstr(cli->tree));
+ smbcli_close(cli->tree, fnum2);
+ talloc_free(fpath);
+ }
+
+ /* We send a notify packet, and let smb_raw_changenotify_recv() do
+ * the alignment checking for us. */
+ req = smb_raw_changenotify_send(cli->tree, ¬ify);
+ status = smb_raw_changenotify_recv(req, tctx, ¬ify);
+ torture_assert_ntstatus_ok(tctx, status, "");
+
+ /* Do basic checking for correctness. */
+ torture_assert(tctx, notify.nttrans.out.num_changes == num_names, "");
+ for (i = 0; i < num_names; i++) {
+ torture_assert(tctx, notify.nttrans.out.changes[i].action ==
+ NOTIFY_ACTION_ADDED, "");
+ CHECK_WSTR2(tctx, notify.nttrans.out.changes[i].name, fnames[i],
+ STR_UNICODE);
+ }
+
+ return true;
+}
+
+/*
basic testing of change notify
*/
bool torture_raw_notify(struct torture_context *torture,
@@ -1621,6 +1718,7 @@ bool torture_raw_notify(struct torture_context *torture,
ret &= test_notify_tree(cli, torture);
ret &= test_notify_overflow(cli, torture);
ret &= test_notify_basedir(cli, torture);
+ ret &= test_notify_alignment(cli, torture);
smb_raw_exit(cli->session);
smbcli_deltree(cli->tree, BASEDIR);
--
Samba Shared Repository
