The branch, v4-6-test has been updated
via f2a0600 s4-cldap/netlogon: Match Windows 2012R2 and return
NETLOGON_NT_VERSION_5 when version unspecified
via 0ee93fe s4-dsdb/netlogon: allow missing ntver in cldap ping
via 38d8f3c s4:torture/ldap: Test netlogon without NtVer
via 3a5cf43 s3/utils: smbcacls failed to detect DIRECTORIES using SMB2
(windows only)
from fd96410 vfs_ceph: fix cephwrap_chdir()
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test
- Log -----------------------------------------------------------------
commit f2a06000cc8239c7631b168fbc0b109af7de9d09
Author: Andrew Bartlett <[email protected]>
Date: Tue Jul 25 14:26:45 2017 +1200
s4-cldap/netlogon: Match Windows 2012R2 and return NETLOGON_NT_VERSION_5
when version unspecified
The previous patch set this incorrectly to NETLOGON_NT_VERSION_1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11392
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Douglas Bagnall <[email protected]>
(cherry picked from commit 0554bc237f1b84d672d36781bead8b2c33f2e5a4)
Autobuild-User(v4-6-test): Karolin Seeger <[email protected]>
Autobuild-Date(v4-6-test): Tue Aug 1 12:15:22 CEST 2017 on sn-devel-144
commit 0ee93fee3ae94d3a16478199729aedddef16002f
Author: Arvid Requate <[email protected]>
Date: Thu Jun 22 13:37:13 2017 +0200
s4-dsdb/netlogon: allow missing ntver in cldap ping
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11392
Signed-off-by: Arvid Requate <[email protected]>
Reviewed-by: Douglas Bagnall <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
(cherry picked from commit 88db634ed84647e5105c4b4fdf37d5892bebfd8d)
commit 38d8f3c70d9b88eb501eb8bd6435f66c5873b4d9
Author: Arvid Requate <[email protected]>
Date: Tue Jun 20 20:05:17 2017 +0200
s4:torture/ldap: Test netlogon without NtVer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11392
Signed-off-by: Arvid Requate <[email protected]>
Reviewed-by: Douglas Bagnall <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
(cherry picked from commit 22a94b728bd5d513b2002b62c129271d2210ed73)
commit 3a5cf43fca3b3e2b0ccf9b4ce2be4968aa7baa80
Author: Noel Power <[email protected]>
Date: Thu Jul 20 13:01:50 2017 +0100
s3/utils: smbcacls failed to detect DIRECTORIES using SMB2 (windows only)
uint16_t get_fileinfo(...) returns file attributes, this function
called
cli_qfileinfo_basic(cli, fnum, &mode, NULL, NULL, NULL,
NULL, NULL, NULL);
which was failing with NT_STATUS_ACCESS_DENIED errors when fnum above
was obtained via (when using protocol > SMB). Note: This only seems to be
an issue when run against a windows server, with smbd SMB1 & SMB2 work fine.
status = cli_ntcreate(cli, filename, 0, CREATE_ACCESS_READ,
0, FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN, 0x0, 0x0, &fnum, NULL);
The failing cli_qfileinfo_basic call above is unnecessary as we can already
obtain the required information from the cli_ntcreate call
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12937
Signed-off-by: Noel Power <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
Reviewed-by: David Disseldorp <[email protected]>
(cherry picked from commit c57dcafb150823b00fd873046e65a966a8488fa8)
-----------------------------------------------------------------------
Summary of changes:
source3/utils/smbcacls.c | 14 ++-------
source4/dsdb/samdb/ldb_modules/netlogon.c | 6 +---
source4/torture/ldap/netlogon.c | 48 +++++++++++++++++++++++++++++++
3 files changed, 52 insertions(+), 16 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index b56fba7..05f98f8 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -229,30 +229,22 @@ get fileinfo for filename
static uint16_t get_fileinfo(struct cli_state *cli, const char *filename)
{
uint16_t fnum = (uint16_t)-1;
- uint16_t mode = 0;
NTSTATUS status;
+ struct smb_create_returns cr = {0};
/* The desired access below is the only one I could find that works
with NT4, W2KP and Samba */
status = cli_ntcreate(cli, filename, 0, CREATE_ACCESS_READ,
0, FILE_SHARE_READ|FILE_SHARE_WRITE,
- FILE_OPEN, 0x0, 0x0, &fnum, NULL);
+ FILE_OPEN, 0x0, 0x0, &fnum, &cr);
if (!NT_STATUS_IS_OK(status)) {
printf("Failed to open %s: %s\n", filename, nt_errstr(status));
return 0;
}
- status = cli_qfileinfo_basic(cli, fnum, &mode, NULL, NULL, NULL,
- NULL, NULL, NULL);
- if (!NT_STATUS_IS_OK(status)) {
- printf("Failed to file info %s: %s\n", filename,
- nt_errstr(status));
- }
-
cli_close(cli, fnum);
-
- return mode;
+ return cr.file_attributes;
}
/*****************************************************
diff --git a/source4/dsdb/samdb/ldb_modules/netlogon.c
b/source4/dsdb/samdb/ldb_modules/netlogon.c
index c5f194d..80599b8 100644
--- a/source4/dsdb/samdb/ldb_modules/netlogon.c
+++ b/source4/dsdb/samdb/ldb_modules/netlogon.c
@@ -425,7 +425,7 @@ NTSTATUS parse_netlogon_request(struct ldb_parse_tree *tree,
*domain_guid = NULL;
*domain_sid = NULL;
*acct_control = -1;
- *version = -1;
+ *version = NETLOGON_NT_VERSION_5;
if (tree->operation != LDB_OP_AND) goto failed;
@@ -486,10 +486,6 @@ NTSTATUS parse_netlogon_request(struct ldb_parse_tree
*tree,
*domain = lpcfg_dnsdomain(lp_ctx);
}
- if (*version == -1) {
- goto failed;
- }
-
return NT_STATUS_OK;
failed:
diff --git a/source4/torture/ldap/netlogon.c b/source4/torture/ldap/netlogon.c
index 1b43ea7..d61d373 100644
--- a/source4/torture/ldap/netlogon.c
+++ b/source4/torture/ldap/netlogon.c
@@ -541,6 +541,53 @@ static bool test_netlogon_extra_attrs(struct
torture_context *tctx,
return true;
}
+/*
+ Bug #11392: Huawei Unified Storage System S5500 V3 sends no NtVer
+ [MS-ADTS] Section 7.3.3.2 "Domain Controller Response to an LDAP Ping"
+*/
+static bool test_netlogon_huawei(struct torture_context *tctx,
+ request_rootdse_t request_rootdse,
+ void *conn)
+{
+ struct cldap_search io;
+ struct netlogon_samlogon_response n1;
+ NTSTATUS status;
+ const char *attrs[] = {
+ "netlogon",
+ NULL
+ };
+ struct ldb_message ldbmsg = { NULL, 0, NULL };
+
+ ZERO_STRUCT(io);
+ io.in.dest_address = NULL;
+ io.in.dest_port = 0;
+ io.in.timeout = 2;
+ io.in.retries = 2;
+
+ torture_comment(tctx, "Requesting netlogon without NtVer filter\n");
+ io.in.filter = talloc_asprintf(tctx, "(&(DnsDomain=%s))",
+ lpcfg_dnsdomain(tctx->lp_ctx));
+ torture_assert(tctx, io.in.filter != NULL, "OOM");
+ io.in.attributes = attrs;
+ status = request_rootdse(conn, tctx, &io);
+ CHECK_STATUS(status, NT_STATUS_OK);
+ torture_assert(tctx, io.out.response != NULL, "No Entries found.");
+ CHECK_VAL(io.out.response->num_attributes, 1);
+
+ ldbmsg.num_elements = io.out.response->num_attributes;
+ ldbmsg.elements = io.out.response->attributes;
+ torture_assert(tctx, ldb_msg_find_element(&ldbmsg, "netlogon") != NULL,
+ "Attribute netlogon not found in Result Entry\n");
+
+ status = pull_netlogon_samlogon_response(
+ io.out.response->attributes[0].values,
+ tctx,
+ &n1);
+ CHECK_STATUS(status, NT_STATUS_OK);
+ CHECK_VAL(n1.ntver, NETLOGON_NT_VERSION_5);
+
+ return true;
+}
bool torture_netlogon_tcp(struct torture_context *tctx)
{
@@ -609,6 +656,7 @@ bool torture_netlogon_udp(struct torture_context *tctx)
ret &= test_ldap_netlogon(tctx, udp_ldap_netlogon, cldap, host);
ret &= test_ldap_netlogon_flags(tctx, udp_ldap_netlogon, cldap, host);
ret &= test_netlogon_extra_attrs(tctx, udp_ldap_rootdse, cldap);
+ ret &= test_netlogon_huawei(tctx, udp_ldap_rootdse, cldap);
return ret;
}
--
Samba Shared Repository
