The branch, v4-14-stable has been updated via ae3229e76d0 VERSION: Disable GIT_SNAPSHOT for the 4.14.11 release. via 808afc79cc9 WHATSNEW: Add release notes for Samba 4.14.11. via 08eb470b9c5 smb2_server: don't let SMB2_OP_IOCTL force FILE_CLOSED for invalid file ids via 25c97fc3a0f smb2_ioctl: return BUFFER_TOO_SMALL in smbd_smb2_request_ioctl_done() via 016d9c40bca smb2_server: skip tcon check and chdir_current_service() for FSCTL_VALIDATE_NEGOTIATE_INFO via fd82e1e4bad smb2_server: decouple IOCTL check from signing/encryption states via ea6db15c314 smb2_server: make sure in_ctl_code = IVAL(body, 0x04); reads valid bytes via 8eb06f10a12 s4:torture/smb2: add smb2.ioctl.bug14788.VALIDATE_NEGOTIATE via fd8864ef4fe libcli/smb: split out smb2cli_raw_tcon* from smb2cli_tcon* via 4d2d5a3c66a s3:smbd: remove dead code from smbd_smb2_request_dispatch() via 3d35397e103 smbd: s3-dsgetdcname: handle num_ips == 0 via ce1186e06ed dsdb: Use DSDB_SEARCH_SHOW_EXTENDED_DN when searching for the local replicated object via b0d67dc3d42 CVE-2020-25717: s3-auth: fix MIT Realm regression via aef700ad3c8 s3: docs-xml: Clarify the "delete veto files" paramter. via b61fb49a7a9 s3: smbd: Fix logic in can_delete_directory_fsp() to cope with dangling symlinks. via 7034f9b765d s3: smbd: Fix logic in rmdir_internals() to cope with dangling symlinks. via 66d688cea2b s3: smbd: Fix rmdir_internals() to do an early return if lp_delete_veto_files() is not set. via 3d4761cf04d s3: VFS: xattr_tdb. Allow unlinkat to cope with dangling symlinks. via 37804062ea7 s3: VFS: streams_depot. Allow unlinkat to cope with dangling symlinks. via 67c85f0ce8e s3: smbd: Add two tests showing the ability to delete a directory containing a dangling symlink over SMB2 depends on "delete veto files" setting. via db8eb865b53 s3: smbd: Add two tests showing recursive directory delete of a directory containing veto file and msdfs links over SMB2. via 3e8d6e681f8 CVE-2021-3670 ldap_server: Clearly log LDAP queries and timeouts via 3a4eb50cf74 CVE-2021-3670 dsdb/anr: Do a copy of the potentially anr query before starting to modify it via d92dfb0dabf CVE-2021-3670 ldap_server: Remove duplicate print of LDAP search details via 08c9016cb9f CVE-2021-3670 ldb: Confirm the request has not yet timed out in ldb filter processing via f9b2267c6eb CVE-2021-3670 ldap_server: Ensure value of MaxQueryDuration is greater than zero via f72090064bd CVE-2021-3670 ldap_server: Set timeout on requests based on MaxQueryDuration via dc71ae17782 CVE-2021-3670 tests/krb5/test_ldap.py: Add test for LDAP timeouts via 8ccb26c679b CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the named based lookup fails via ff3798418e8 CVE-2020-25717: tests/krb5: Add a test for idmap_nss mapping users to SIDs via 9bef6bc6cf0 CVE-2020-25717: selftest: turn ad_member_no_nss_wb into ad_member_idmap_nss via f00c993f0c7 CVE-2020-25717: nsswitch/nsstest.c: Lower 'non existent uid' to make room for new accounts via 8bed2c3f7a9 CVE-2020-25717: tests/krb5: Add method to automatically obtain server credentials via 1bd06f8cb35 CVE-2020-25727: idmap_nss: verify that the name of the sid belongs to the configured domain via 75ab0a306fc IPA DC: add missing checks via 5b1d789632f s3:winbindd: fix "allow trusted domains = no" regression via 4a106c2322c lib: handle NTTIME_THAW in nt_time_to_full_timespec() via 4e2c7c66c96 torture: add a test for NTTIME_FREEZE and NTTIME_THAW via 7e1a65ed980 lib: add a test for null_nttime(NTTIME_THAW) via 38ac4c09474 lib: update null_nttime() of -1: -1 is NTTIME_FREEZE via f8fec80020e lib: use NTTIME_FREEZE in a null_nttime() test via 43f873d52ab lib: fix null_nttime() tests via ac6f4c093b8 lib: add NTTIME_THAW via a1dae6a208a VERSION: Bump version up to Samba 4.14.11... from 9312b1832e5 VERSION: Disable GIT_SNAPSHOT for the 4.14.10 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-stable - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 90 +++++- auth/gensec/schannel.c | 1 + docs-xml/smbdotconf/filename/deletevetofiles.xml | 9 +- lib/ldb/ldb_key_value/ldb_kv.c | 2 + lib/ldb/ldb_key_value/ldb_kv.h | 10 + lib/ldb/ldb_key_value/ldb_kv_index.c | 41 +++ lib/ldb/ldb_key_value/ldb_kv_search.c | 33 +- lib/util/tests/time.c | 5 +- lib/util/time.c | 8 +- lib/util/time.h | 1 + libcli/smb/smb2cli_tcon.c | 183 ++++++++--- libcli/smb/smbXcli_base.h | 20 ++ nsswitch/nsstest.c | 2 +- python/samba/tests/krb5/kdc_base_test.py | 42 +++ python/samba/tests/krb5/test_idmap_nss.py | 232 ++++++++++++++ python/samba/tests/usage.py | 1 + selftest/target/Samba.pm | 2 +- selftest/target/Samba3.pm | 44 ++- source3/auth/auth_util.c | 34 ++- source3/auth/user_krb5.c | 9 + source3/libsmb/dsgetdcname.c | 4 + source3/modules/vfs_streams_depot.c | 10 + source3/modules/vfs_xattr_tdb.c | 10 + source3/rpc_server/lsa/srv_lsa_nt.c | 1 + .../tests/test_delete_veto_files_only_rmdir.sh | 183 +++++++++++ source3/script/tests/test_veto_rmdir.sh | 217 +++++++++++++ source3/selftest/tests.py | 6 + source3/smbd/close.c | 334 ++++++++++++++------- source3/smbd/dir.c | 97 ++++++ source3/smbd/smb2_ioctl.c | 19 ++ source3/smbd/smb2_server.c | 39 +-- source3/winbindd/idmap_nss.c | 26 +- source3/winbindd/winbindd_util.c | 2 +- source4/dsdb/samdb/ldb_modules/anr.c | 73 ++++- source4/dsdb/samdb/ldb_modules/operational.c | 2 +- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 13 +- source4/dsdb/tests/python/large_ldap.py | 63 ++++ source4/ldap_server/ldap_backend.c | 136 +++++++-- source4/ldap_server/ldap_server.c | 4 +- source4/selftest/tests.py | 18 +- source4/torture/smb2/ioctl.c | 111 +++++++ source4/torture/smb2/timestamps.c | 208 +++++++++++++ 43 files changed, 2109 insertions(+), 238 deletions(-) create mode 100755 python/samba/tests/krb5/test_idmap_nss.py create mode 100755 source3/script/tests/test_delete_veto_files_only_rmdir.sh create mode 100755 source3/script/tests/test_veto_rmdir.sh Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index b487cba796e..b86cd446d7a 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ ######################################################## SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=14 -SAMBA_VERSION_RELEASE=10 +SAMBA_VERSION_RELEASE=11 ######################################################## # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index f81a31d49b0..ea20a3ea952 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,90 @@ + =============================== + Release Notes for Samba 4.14.11 + December 15, 2021 + =============================== + + +This is the latest stable release of the Samba 4.14 release series. + +Important Notes +=============== + +There have been a few regressions in the security release 4.14.10: + +o CVE-2020-25717: A user on the domain can become root on domain members. + https://www.samba.org/samba/security/CVE-2020-25717.html + PLEASE [RE-]READ! + The instructions have been updated and some workarounds + initially adviced for 4.14.10 are no longer required and + should be reverted in most cases. + +o BUG-14902: User with multiple spaces (eg Fred<space><space>Nurk) become + un-deletable. While this release should fix this bug, it is + adviced to have a look at the bug report for more detailed + information, see https://bugzilla.samba.org/show_bug.cgi?id=14902. + +Changes since 4.14.10 +--------------------- + +o Jeremy Allison <j...@samba.org> + * BUG 14878: Recursive directory delete with veto files is broken. + * BUG 14879: A directory containing dangling symlinks cannot be deleted by + SMB2 alone when they are the only entry in the directory. + +o Andrew Bartlett <abart...@samba.org> + * BUG 14656: Spaces incorrectly collapsed in ldb attributes. + * BUG 14694: Ensure that the LDB request has not timed out during filter + processing as the LDAP server MaxQueryDuration is otherwise not honoured. + * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired + side effects for the local nt token. + * BUG 14902: User with multiple spaces (eg Fred<space><space>Nurk) become un- + deletable. + +o Ralph Boehme <s...@samba.org> + * BUG 14127: Avoid storing NTTIME_THAW (-2) as value on disk + * BUG 14922: Kerberos authentication on standalone server in MIT realm + broken. + * BUG 14923: Segmentation fault when joining the domain. + +o Alexander Bokovoy <a...@samba.org> + * BUG 14903: Support for ROLE_IPA_DC is incomplete. + +o Stefan Metzmacher <me...@samba.org> + * BUG 14788: Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before + smbd_smb2_ioctl_send. + * BUG 14899: winbindd doesn't start when "allow trusted domains" is off. + * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired + side effects for the local nt token. + +o Joseph Sutton <josephsut...@catalyst.net.nz> + * BUG 14694: Ensure that the LDB request has not timed out during filter + processing as the LDAP server MaxQueryDuration is otherwise not honoured. + * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired + side effects for the local nt token. + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- =============================== Release Notes for Samba 4.14.10 November 9, 2021 @@ -103,8 +190,7 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- ============================== diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c index 0cdae141ead..6ebbe8f3179 100644 --- a/auth/gensec/schannel.c +++ b/auth/gensec/schannel.c @@ -1080,6 +1080,7 @@ static NTSTATUS schannel_server_start(struct gensec_security *gensec_security) case ROLE_DOMAIN_BDC: case ROLE_DOMAIN_PDC: case ROLE_ACTIVE_DIRECTORY_DC: + case ROLE_IPA_DC: return NT_STATUS_OK; default: return NT_STATUS_NOT_IMPLEMENTED; diff --git a/docs-xml/smbdotconf/filename/deletevetofiles.xml b/docs-xml/smbdotconf/filename/deletevetofiles.xml index 581dc05396d..570d4ac60a0 100644 --- a/docs-xml/smbdotconf/filename/deletevetofiles.xml +++ b/docs-xml/smbdotconf/filename/deletevetofiles.xml @@ -4,9 +4,12 @@ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> <para>This option is used when Samba is attempting to - delete a directory that contains one or more vetoed directories - (see the <smbconfoption name="veto files"/> - option). If this option is set to <constant>no</constant> (the default) then if a vetoed + delete a directory that contains one or more vetoed files + or directories or non-visible files or directories (such + as dangling symlinks that point nowhere). + (see the <smbconfoption name="veto files"/>, <smbconfoption name="hide special files"/>, + <smbconfoption name="hide unreadable"/>, <smbconfoption name="hide unwriteable files"/> + options). If this option is set to <constant>no</constant> (the default) then if a vetoed directory contains any non-vetoed files or directories then the directory delete will fail. This is usually what you want.</para> diff --git a/lib/ldb/ldb_key_value/ldb_kv.c b/lib/ldb/ldb_key_value/ldb_kv.c index ed0f760b5a2..aea6f0c1be0 100644 --- a/lib/ldb/ldb_key_value/ldb_kv.c +++ b/lib/ldb/ldb_key_value/ldb_kv.c @@ -2078,6 +2078,8 @@ static int ldb_kv_handle_request(struct ldb_module *module, } } + ac->timeout_timeval = tv; + /* set a spy so that we do not try to use the request context * if it is freed before ltdb_callback fires */ ac->spy = talloc(req, struct ldb_kv_req_spy); diff --git a/lib/ldb/ldb_key_value/ldb_kv.h b/lib/ldb/ldb_key_value/ldb_kv.h index f9dffae2dcf..ac474b04b4c 100644 --- a/lib/ldb/ldb_key_value/ldb_kv.h +++ b/lib/ldb/ldb_key_value/ldb_kv.h @@ -152,6 +152,16 @@ struct ldb_kv_context { struct ldb_module *module; struct ldb_request *req; + /* + * Required as we might not get to the event loop before the + * timeout, so we need some old-style cooperative multitasking + * here. + */ + struct timeval timeout_timeval; + + /* Used to throttle calls to gettimeofday() */ + size_t timeout_counter; + bool request_terminated; struct ldb_kv_req_spy *spy; diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c b/lib/ldb/ldb_key_value/ldb_kv_index.c index 1cc042aa84f..d70e5f619ef 100644 --- a/lib/ldb/ldb_key_value/ldb_kv_index.c +++ b/lib/ldb/ldb_key_value/ldb_kv_index.c @@ -2352,6 +2352,47 @@ static int ldb_kv_index_filter(struct ldb_kv_private *ldb_kv, for (i = 0; i < num_keys; i++) { int ret; bool matched; + + /* + * Check the time every 64 records, to reduce calls to + * gettimeofday(). This is a compromise, not all + * calls to ldb_match_message() will take the same + * time, most will run quickly but by luck it might be + * possible to have 64 records that are slow, doing a + * recursive search via LDAP_MATCHING_RULE_IN_CHAIN. + * + * Thankfully this is after index processing so only + * on the subset that matches some index (but still + * possibly a big one like objectclass=user) + */ + if (i % 64 == 0) { + struct timeval now = tevent_timeval_current(); + int timeval_cmp = tevent_timeval_compare(&ac->timeout_timeval, + &now); + + /* + * The search has taken too long. This is the + * most likely place for our time to expire, + * as we are checking the records after the + * index set intersection. This is now the + * slow process of checking if the records + * actually match. + * + * The tevent based timeout is not likely to + * be hit, sadly, as we don't run an event + * loop. + * + * While we are indexed and most of the work + * should have been done already, the + * ldb_match_* calls can be quite expensive if + * the caller uses LDAP_MATCHING_RULE_IN_CHAIN + */ + if (timeval_cmp <= 0) { + talloc_free(keys); + return LDB_ERR_TIME_LIMIT_EXCEEDED; + } + } + msg = ldb_msg_new(ac); if (!msg) { talloc_free(keys); diff --git a/lib/ldb/ldb_key_value/ldb_kv_search.c b/lib/ldb/ldb_key_value/ldb_kv_search.c index a0e1762bc90..46031b99c16 100644 --- a/lib/ldb/ldb_key_value/ldb_kv_search.c +++ b/lib/ldb/ldb_key_value/ldb_kv_search.c @@ -314,7 +314,8 @@ static int search_func(_UNUSED_ struct ldb_kv_private *ldb_kv, struct ldb_context *ldb; struct ldb_kv_context *ac; struct ldb_message *msg, *filtered_msg; - int ret; + struct timeval now; + int ret, timeval_cmp; bool matched; ac = talloc_get_type(state, struct ldb_kv_context); @@ -341,6 +342,36 @@ static int search_func(_UNUSED_ struct ldb_kv_private *ldb_kv, return 0; } + /* + * Check the time every 64 records, to reduce calls to + * gettimeofday(). This is a compromise, not all calls to + * ldb_match_message() will take the same time, most will fail + * quickly but by luck it might be possible to have 64 records + * that are slow, doing a recursive search via + * LDAP_MATCHING_RULE_IN_CHAIN. + */ + if (ac->timeout_counter++ % 64 == 0) { + now = tevent_timeval_current(); + timeval_cmp = tevent_timeval_compare(&ac->timeout_timeval, + &now); + + /* + * The search has taken too long. This is the most + * likely place for our time to expire, as we are in + * an un-indexed search and we return the data from + * within this loop. The tevent based timeout is not + * likely to be hit, sadly. + * + * ldb_match_msg_error() can be quite expensive if a + * LDAP_MATCHING_RULE_IN_CHAIN extended match was + * specified. + */ + if (timeval_cmp <= 0) { + ac->error = LDB_ERR_TIME_LIMIT_EXCEEDED; + return -1; + } + } + msg = ldb_msg_new(ac); if (!msg) { ac->error = LDB_ERR_OPERATIONS_ERROR; diff --git a/lib/util/tests/time.c b/lib/util/tests/time.c index fce0eef5e2e..d94f50355d0 100644 --- a/lib/util/tests/time.c +++ b/lib/util/tests/time.c @@ -34,8 +34,9 @@ static bool test_null_time(struct torture_context *tctx) static bool test_null_nttime(struct torture_context *tctx) { - torture_assert(tctx, null_nttime(-1), "-1"); - torture_assert(tctx, null_nttime(-1), "-1"); + torture_assert(tctx, null_nttime(0), "0"); + torture_assert(tctx, !null_nttime(NTTIME_FREEZE), "-1"); + torture_assert(tctx, !null_nttime(NTTIME_THAW), "-2"); torture_assert(tctx, !null_nttime(42), "42"); return true; } diff --git a/lib/util/time.c b/lib/util/time.c index e8b58e87268..680bfe7c282 100644 --- a/lib/util/time.c +++ b/lib/util/time.c @@ -180,7 +180,7 @@ check if it's a null NTTIME **/ _PUBLIC_ bool null_nttime(NTTIME t) { - return t == 0 || t == (NTTIME)-1; + return t == 0; } /******************************************************************* @@ -1133,10 +1133,10 @@ struct timespec nt_time_to_full_timespec(NTTIME nt) if (nt == NTTIME_OMIT) { return make_omit_timespec(); } - if (nt == NTTIME_FREEZE) { + if (nt == NTTIME_FREEZE || nt == NTTIME_THAW) { /* - * This should be returned as SAMBA_UTIME_FREEZE in the - * future. + * This should be returned as SAMBA_UTIME_FREEZE or + * SAMBA_UTIME_THAW in the future. */ return make_omit_timespec(); } diff --git a/lib/util/time.h b/lib/util/time.h index 04945b5f25f..d3dfde77e2b 100644 --- a/lib/util/time.h +++ b/lib/util/time.h @@ -63,6 +63,7 @@ * implement this yet. */ #define NTTIME_FREEZE UINT64_MAX +#define NTTIME_THAW (UINT64_MAX - 1) #define SAMBA_UTIME_NOW UTIME_NOW #define SAMBA_UTIME_OMIT UTIME_OMIT diff --git a/libcli/smb/smb2cli_tcon.c b/libcli/smb/smb2cli_tcon.c index 8863bae0764..7bbae8ea3b3 100644 --- a/libcli/smb/smb2cli_tcon.c +++ b/libcli/smb/smb2cli_tcon.c @@ -23,42 +23,38 @@ #include "../libcli/smb/smb_common.h" #include "../libcli/smb/smbXcli_base.h" -struct smb2cli_tcon_state { - struct tevent_context *ev; - struct smbXcli_conn *conn; - uint32_t timeout_msec; +struct smb2cli_raw_tcon_state { struct smbXcli_session *session; struct smbXcli_tcon *tcon; uint8_t fixed[8]; uint8_t dyn_pad[1]; }; -static void smb2cli_tcon_done(struct tevent_req *subreq); - -struct tevent_req *smb2cli_tcon_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct smbXcli_conn *conn, - uint32_t timeout_msec, - struct smbXcli_session *session, - struct smbXcli_tcon *tcon, - uint16_t flags, - const char *unc) +static void smb2cli_raw_tcon_done(struct tevent_req *subreq); + +struct tevent_req *smb2cli_raw_tcon_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct smbXcli_conn *conn, + uint32_t additional_flags, + uint32_t clear_flags, + uint32_t timeout_msec, + struct smbXcli_session *session, + struct smbXcli_tcon *tcon, + uint16_t tcon_flags, + const char *unc) { - struct tevent_req *req, *subreq; - struct smb2cli_tcon_state *state; - uint8_t *fixed; - uint8_t *dyn; + struct tevent_req *req = NULL; + struct smb2cli_raw_tcon_state *state = NULL; + struct tevent_req *subreq = NULL; + uint8_t *fixed = NULL; + uint8_t *dyn = NULL; size_t dyn_len; - uint32_t additional_flags = 0; - uint32_t clear_flags = 0; - req = tevent_req_create(mem_ctx, &state, struct smb2cli_tcon_state); + req = tevent_req_create(mem_ctx, &state, + struct smb2cli_raw_tcon_state); if (req == NULL) { return NULL; } - state->ev = ev; - state->conn = conn; - state->timeout_msec = timeout_msec; state->session = session; state->tcon = tcon; @@ -77,7 +73,7 @@ struct tevent_req *smb2cli_tcon_send(TALLOC_CTX *mem_ctx, fixed = state->fixed; SSVAL(fixed, 0, 9); if (smbXcli_conn_protocol(conn) >= PROTOCOL_SMB3_10) { - SSVAL(fixed, 2, flags); + SSVAL(fixed, 2, tcon_flags); } else { SSVAL(fixed, 2, 0); /* Reserved */ } @@ -89,10 +85,6 @@ struct tevent_req *smb2cli_tcon_send(TALLOC_CTX *mem_ctx, dyn_len = sizeof(state->dyn_pad); } - if (smbXcli_session_is_authenticated(state->session)) { - additional_flags |= SMB2_HDR_FLAG_SIGNED; - } - subreq = smb2cli_req_send(state, ev, conn, SMB2_OP_TCON, additional_flags, clear_flags, timeout_msec, @@ -104,19 +96,17 @@ struct tevent_req *smb2cli_tcon_send(TALLOC_CTX *mem_ctx, if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); } - tevent_req_set_callback(subreq, smb2cli_tcon_done, req); + tevent_req_set_callback(subreq, smb2cli_raw_tcon_done, req); return req; } -static void smb2cli_tcon_validate(struct tevent_req *subreq); - -static void smb2cli_tcon_done(struct tevent_req *subreq) +static void smb2cli_raw_tcon_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data( subreq, struct tevent_req); - struct smb2cli_tcon_state *state = tevent_req_data( - req, struct smb2cli_tcon_state); + struct smb2cli_raw_tcon_state *state = tevent_req_data( + req, struct smb2cli_raw_tcon_state); NTSTATUS status; struct iovec *iov; uint8_t *body; @@ -156,6 +146,129 @@ static void smb2cli_tcon_done(struct tevent_req *subreq) share_capabilities, maximal_access); + tevent_req_done(req); +} + +NTSTATUS smb2cli_raw_tcon_recv(struct tevent_req *req) +{ + return tevent_req_simple_recv_ntstatus(req); +} + +NTSTATUS smb2cli_raw_tcon(struct smbXcli_conn *conn, + uint32_t additional_flags, + uint32_t clear_flags, + uint32_t timeout_msec, + struct smbXcli_session *session, + struct smbXcli_tcon *tcon, + uint16_t tcon_flags, + const char *unc) +{ + TALLOC_CTX *frame = talloc_stackframe(); + struct tevent_context *ev; + struct tevent_req *req; + NTSTATUS status = NT_STATUS_NO_MEMORY; + + if (smbXcli_conn_has_async_calls(conn)) { + /* + * Can't use sync call while an async call is in flight + */ + status = NT_STATUS_INVALID_PARAMETER; + goto fail; + } + ev = samba_tevent_context_init(frame); + if (ev == NULL) { + goto fail; + } + req = smb2cli_raw_tcon_send(frame, ev, conn, + additional_flags, clear_flags, + timeout_msec, session, tcon, + tcon_flags, unc); + if (req == NULL) { + goto fail; + } + if (!tevent_req_poll_ntstatus(req, ev, &status)) { + goto fail; + } -- Samba Shared Repository