The branch, v4-17-stable has been updated
via 28b356ae82a VERSION: Disable GIT_SNAPSHOT for the 4.17.0rc5 release.
via f83fb43ff93 WHATSNEW: Add release notes for Samba 4.17.0rc5.
via 71c94a076ba smbXsrv_client: notify a different node to drop a
connection by client guid.
via 095ee4ce189 smbXsrv_client: correctly check in
negotiate_request.length smbXsrv_client_connection_pass[ed]_*
via 64daf27dc73 s3:tests: add test_smbXsrv_client_cross_node.sh
via fc52fe99d79 s3:tests: let test_smbXsrv_client_dead_rec.sh cleanup
the correct files
via ed1d0112616 smbd: Catch streams on non-stream shares
via 930380d4746 smbd: return NT_STATUS_OBJECT_NAME_INVALID if a share
doesn't support streams
via 3139a1063a0 smbtorture: add a test trying to create a stream on
share without streams support
via f3886349ec3 smbd: implement access checks for SMB2-GETINFO as per
MS-SMB2 3.3.5.20.1
via 5fff2048a47 smbtorture: check required access for SMB2-GETINFO
via 771aad3baa0 s4/libcli/smb2: avoid using
smb2_composite_setpathinfo() in smb2_util_setatr()
via 229d55eff3a WHATSNEW: Document new Protected Users group
via 8a7551c4ac6 WHATSNEW: add more added/updated parameters
via b3e04327601 WHATSNEW: Make MIT Kerberos 1.20 updates clearer
via e9c554c0a6a s3/winbindd: Fix bad access to sid array (with debug
level >= info)
via 3ba0c89f248 VERSION: Bump version up to Samba 4.17.0rc4...
from e6294461ad1 VERSION: Disable GIT_SNAPSHOT for the 4.17.0rc4 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 88 ++++++-
librpc/idl/messaging.idl | 1 +
selftest/knownfail | 3 +-
source3/librpc/idl/smbXsrv.idl | 28 +++
.../script/tests/test_smbXsrv_client_cross_node.sh | 95 ++++++++
.../script/tests/test_smbXsrv_client_dead_rec.sh | 2 +-
source3/selftest/tests.py | 9 +
source3/smbd/filename.c | 6 +
source3/smbd/files.c | 10 +-
source3/smbd/open.c | 2 +-
source3/smbd/smb2_getinfo.c | 28 +++
source3/smbd/smbXsrv_client.c | 266 +++++++++++++++++++--
source3/winbindd/wb_lookupusergroups.c | 2 +-
source4/libcli/smb2/util.c | 37 ++-
source4/selftest/tests.py | 1 +
source4/torture/smb2/create.c | 48 ++++
source4/torture/smb2/getinfo.c | 147 ++++++++++++
source4/torture/smb2/oplock.c | 10 +-
source4/torture/smb2/smb2.c | 1 +
20 files changed, 734 insertions(+), 52 deletions(-)
create mode 100755 source3/script/tests/test_smbXsrv_client_cross_node.sh
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 6dd9eb383e4..50344235004 100644
--- a/VERSION
+++ b/VERSION
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
-SAMBA_VERSION_RC_RELEASE=4
+SAMBA_VERSION_RC_RELEASE=5
########################################################
# To mark SVN snapshots this should be set to 'yes' #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 3591b8a4306..b060f2e5d09 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
Release Announcements
=====================
-This is the fourth release candidate of Samba 4.17. This is *not*
+This is the fifth release candidate of Samba 4.17. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
@@ -68,8 +68,8 @@ even when Samba is configured as --without-smb1-server. This
is
to ensure maximum compatibility with environments containing old
SMB1 servers.
-Bronze bit and S4U support with MIT Kerberos 1.20
--------------------------------------------------
+Bronze bit and S4U support now also with MIT Kerberos 1.20
+----------------------------------------------------------
In 2020 Microsoft Security Response Team received another Kerberos-related
report. Eventually, that led to a security update of the CVE-2020-17049,
@@ -87,17 +87,24 @@ but 'Bronze Bit' mitigation is provided only with MIT
Kerberos 1.20.
In addition to fixing the ‘Bronze Bit’ issue, Samba AD DC now fully supports
S4U2Self and S4U2Proxy Kerberos extensions.
+Note the default (Heimdal-based) KDC was already fixed in 2021,
+see https://bugzilla.samba.org/show_bug.cgi?id=14642
+
Resource Based Constrained Delegation (RBCD) support
----------------------------------------------------
Samba AD DC built with MIT Kerberos 1.20 offers RBCD support now. With MIT
Kerberos 1.20 we have complete RBCD support passing Sambas S4U testsuite.
-Note that samba-tool lacks support for setting this up yet!
+
+samba-tool delegation got the 'add-principal' and 'del-principal' subcommands
+in order to manage RBCD.
To complete RBCD support and make it useful to Administrators we added the
Asserted Identity [1] SID into the PAC for constrained delegation. This is
available for Samba AD compiled with MIT Kerberos 1.20.
+Note the default (Heimdal-based) KDC does not support RBCD yet.
+
[1]
https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview
Customizable DNS listening port
@@ -187,6 +194,45 @@ covers all the existing text output including sessions,
connections,
open files, byte-range locks, notifies and profile data with all
low-level information maintained by Samba in the respective databases.
+Protected Users security group
+------------------------------
+
+Samba AD DC now includes support for the Protected Users security
+group introduced in Windows Server 2012 R2. The feature reduces the
+attack surface of user accounts by preventing the use of weak
+encryption types. It also mitigates the effects of credential theft by
+limiting credential lifetime and scope.
+
+The protections are intended for user accounts only, and service or
+computer accounts should not be added to the Protected Users
+group. User accounts added to the group are granted the following
+security protections:
+
+ * NTLM authentication is disabled.
+ * Kerberos ticket-granting tickets (TGTs) encrypted with RC4 are
+ not issued to or accepted from affected principals. Tickets
+ encrypted with AES, and service tickets encrypted with RC4, are
+ not affected by this restriction.
+ * The lifetime of Kerberos TGTs is restricted to a maximum of four
+ hours.
+ * Kerberos constrained and unconstrained delegation is disabled.
+
+If the Protected Users group is not already present in the domain, it
+can be created with 'samba-tool group add'. The new '--special'
+parameter must be specified, with 'Protected Users' as the name of the
+group. An example command invocation is:
+
+samba-tool group add 'Protected Users' --special
+
+or against a remote server:
+
+samba-tool group add 'Protected Users' --special -H ldap://dc1.example.com -U
Administrator
+
+The Protected Users group is identified in the domain by its having a
+RID of 525. Thus, it should only be created with samba-tool and the
+'--special' parameter, as above, so that it has the required RID
+to function correctly.
+
REMOVED FEATURES
================
@@ -197,14 +243,44 @@ LanMan Authentication and password storage removed from
the AD DC
The storage and authentication with LanMan passwords has been entirely
removed from the Samba AD DC, even when "lanman auth = yes" is set.
+
smb.conf changes
================
Parameter Name Description Default
-------------- ----------- -------
dns port New default 53
- nt hash store New parameter always
- volume serial number New parameter -1
+ fruit:zero_file_id New default yes
+ nt hash store New parameter always
+ smb1 unix extensions Replaces "unix extensions"
+ volume serial number New parameter -1
+ winbind debug traceid New parameter no
+
+
+CHANGES SINCE 4.17.0rc4
+=======================
+
+o Ralph Boehme <s...@samba.org>
+ * BUG 15126: acl_xattr VFS module may unintentionally use filesystem
+ permissions instead of ACL from xattr.
+ * BUG 15153: Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1.
+ * BUG 15161: assert failed: !is_named_stream(smb_fname)") at
+ ../../lib/util/fault.c:197.
+
+o Volker Lendecke <v...@samba.org>
+ * BUG 15126: acl_xattr VFS module may unintentionally use filesystem
+ permissions instead of ACL from xattr.
+ * BUG 15161: assert failed: !is_named_stream(smb_fname)") at
+ ../../lib/util/fault.c:197.
+
+o Stefan Metzmacher <me...@samba.org>
+ * BUG 15159: Cross-node multi-channel reconnects result in SMB2 Negotiate
+ returning NT_STATUS_NOT_SUPPORTED.
+
+o Noel Power <noel.po...@suse.com>
+ * BUG 15160: winbind at info level debug can coredump when processing
+ wb_lookupusergroups.
+
CHANGES SINCE 4.17.0rc3
=======================
diff --git a/librpc/idl/messaging.idl b/librpc/idl/messaging.idl
index d6929c799ad..5d217c03f5b 100644
--- a/librpc/idl/messaging.idl
+++ b/librpc/idl/messaging.idl
@@ -138,6 +138,7 @@ interface messaging
MSG_SMBXSRV_SESSION_CLOSE = 0x0600,
MSG_SMBXSRV_CONNECTION_PASS = 0x0601,
MSG_SMBXSRV_CONNECTION_PASSED = 0x0602,
+ MSG_SMBXSRV_CONNECTION_DROP = 0x0603,
/* source4 and NTVFS smb server messages */
MSG_BRL_RETRY = 0x0700,
diff --git a/selftest/knownfail b/selftest/knownfail
index 0b4c5a44a7f..82dd7e1e8b4 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -176,6 +176,7 @@
^samba4.smb2.oplock.stream1 # samba 4 oplocks are a mess
^samba4.smb2.oplock.statopen1\(ad_dc_ntvfs\)$ # fails with ACCESS_DENIED on a
SYNCHRONIZE_ACCESS open
^samba4.smb2.getinfo.complex # streams on directories does not work
+^samba4.smb2.getinfo.getinfo_access\(ad_dc_ntvfs\) # Access checks not
implemented
^samba4.smb2.getinfo.qfs_buffercheck # S4 does not do the
INFO_LENGTH_MISMATCH/BUFFER_OVERFLOW thingy
^samba4.smb2.getinfo.qfile_buffercheck # S4 does not do the
INFO_LENGTH_MISMATCH/BUFFER_OVERFLOW thingy
^samba4.smb2.getinfo.qsec_buffercheck # S4 does not do the BUFFER_TOO_SMALL
thingy
@@ -207,10 +208,8 @@
^samba3.smb2.oplock.stream1
^samba3.smb2.streams.rename
^samba3.smb2.streams.rename2
-^samba3.smb2.streams.attributes1\(.*\)
^samba3.smb2.streams streams_xattr.rename\(nt4_dc\)
^samba3.smb2.streams streams_xattr.rename2\(nt4_dc\)
-^samba3.smb2.streams streams_xattr.attributes1\(nt4_dc\)
^samba3.smb2.getinfo.complex
^samba3.smb2.getinfo.fsinfo # quotas don't work yet
^samba3.smb2.setinfo.setinfo
diff --git a/source3/librpc/idl/smbXsrv.idl b/source3/librpc/idl/smbXsrv.idl
index fc502009b3b..ec65a5c1a61 100644
--- a/source3/librpc/idl/smbXsrv.idl
+++ b/source3/librpc/idl/smbXsrv.idl
@@ -143,6 +143,7 @@ interface smbXsrv
boolean8 server_multi_channel_enabled;
hyper next_channel_id;
[ignore] struct tevent_req *connection_pass_subreq;
+ [ignore] struct tevent_req *connection_drop_subreq;
/*
* A List of pending breaks.
@@ -194,6 +195,33 @@ interface smbXsrv
[in] smbXsrv_connection_passB blob
);
+ /*
+ * smbXsrv_connection_drop is used in the MSG_SMBXSRV_CONNECTION_DROP
+ * message as reaction the record is deleted.
+ */
+ typedef struct {
+ GUID client_guid;
+ server_id src_server_id;
+ NTTIME xconn_connect_time;
+ server_id dst_server_id;
+ NTTIME client_connect_time;
+ } smbXsrv_connection_drop0;
+
+ typedef union {
+ [case(0)] smbXsrv_connection_drop0 *info0;
+ [default] hyper *dummy;
+ } smbXsrv_connection_dropU;
+
+ typedef [public] struct {
+ smbXsrv_version_values version;
+ [value(0)] uint32 reserved;
+ [switch_is(version)] smbXsrv_connection_dropU info;
+ } smbXsrv_connection_dropB;
+
+ void smbXsrv_connection_drop_decode(
+ [in] smbXsrv_connection_dropB blob
+ );
+
/* sessions */
typedef [public,bitmap8bit] bitmap {
diff --git a/source3/script/tests/test_smbXsrv_client_cross_node.sh
b/source3/script/tests/test_smbXsrv_client_cross_node.sh
new file mode 100755
index 00000000000..ff826924b49
--- /dev/null
+++ b/source3/script/tests/test_smbXsrv_client_cross_node.sh
@@ -0,0 +1,95 @@
+#!/bin/bash
+#
+# Test smbd let cluster node 0 destroy the connection,
+# if the client with a specific client-guid connections to node 1
+#
+
+if [ $# -lt 4 ]; then
+ echo Usage: test_smbXsrv_client_cross_node.sh SERVERCONFFILE NODE0
NODE1 SHARENAME
+ exit 1
+fi
+
+CONF=$1
+NODE0=$2
+NODE1=$3
+SHARE=$4
+
+SMBCLIENT="$BINDIR/smbclient"
+SMBSTATUS="$BINDIR/smbstatus"
+
+incdir=$(dirname "$0")/../../../testprogs/blackbox
+. "$incdir"/subunit.sh
+
+failed=0
+
+test_smbclient()
+{
+ name="$1"
+ server="$2"
+ share="$3"
+ cmd="$4"
+ shift
+ shift
+ subunit_start_test "$name"
+ output=$($VALGRIND $SMBCLIENT //$server/$share -c "$cmd" "$@" 2>&1)
+ status=$?
+ if [ x$status = x0 ]; then
+ subunit_pass_test "$name"
+ else
+ echo "$output" | subunit_fail_test "$name"
+ fi
+ return $status
+}
+
+cd "$SELFTEST_TMPDIR" || exit 1
+
+# Create the smbclient communication pipes.
+rm -f smbclient-stdin smbclient-stdout smbclient-stderr
+mkfifo smbclient-stdin smbclient-stdout smbclient-stderr
+
+UID_WRAPPER_ROOT=1
+export UID_WRAPPER_ROOT
+
+smbstatus_num_sessions()
+{
+ UID_WRAPPER_INITIAL_RUID=0 UID_WRAPPER_INITIAL_EUID=0 "$SMBSTATUS"
"$CONF" --json | jq -M '.sessions | length'
+}
+
+testit_grep "step1: smbstatus 0 sessions" '^0$' smbstatus_num_sessions ||
failed=$(expr $failed + 1)
+
+test_smbclient "smbclient against node0[${NODE0}]" "${NODE0}" "${SHARE}" "ls"
-U"${DC_USERNAME}"%"${DC_PASSWORD}" \
+ --option="libsmb:client_guid=6112f7d3-9528-4a2a-8861-0ca129aae6c4" \
+ || failed=$(expr $failed + 1)
+
+testit_grep "step2: smbstatus 0 sessions" '^0$' smbstatus_num_sessions ||
failed=$(expr $failed + 1)
+
+CLI_FORCE_INTERACTIVE=1
+export CLI_FORCE_INTERACTIVE
+
+testit "start backgroup smbclient against node0[${NODE0}]" true ||
failed=$(expr $failed + 1)
+
+# Connect a first time
+${SMBCLIENT} //"${NODE0}"/"${SHARE}" -U"${DC_USERNAME}"%"${DC_PASSWORD}" \
+ --option="libsmb:client_guid=6112f7d3-9528-4a2a-8861-0ca129aae6c4" \
+ <smbclient-stdin >smbclient-stdout 2>smbclient-stderr &
+CLIENT_PID=$!
+
+exec 100>smbclient-stdin 101<smbclient-stdout 102<smbclient-stderr
+
+testit "sleep 1 second" true || failed=$(expr $failed + 1)
+sleep 1
+
+testit_grep "step3: smbstatus 1 session" '^1$' smbstatus_num_sessions ||
failed=$(expr $failed + 1)
+
+# Connect a second time
+unset CLI_FORCE_INTERACTIVE
+test_smbclient "smbclient against node1[${NODE1}]" "${NODE1}" "${SHARE}" "ls"
-U"${DC_USERNAME}"%"${DC_PASSWORD}" \
+ --option="libsmb:client_guid=6112f7d3-9528-4a2a-8861-0ca129aae6c4" \
+ || failed=$(expr $failed + 1)
+
+kill $CLIENT_PID
+rm -f smbclient-stdin smbclient-stdout smbclient-stderr
+
+testit_grep "step24: smbstatus 0 sessions" '^0$' smbstatus_num_sessions ||
failed=$(expr $failed + 1)
+
+testok "$0" "$failed"
diff --git a/source3/script/tests/test_smbXsrv_client_dead_rec.sh
b/source3/script/tests/test_smbXsrv_client_dead_rec.sh
index a29350878bd..0a287370944 100755
--- a/source3/script/tests/test_smbXsrv_client_dead_rec.sh
+++ b/source3/script/tests/test_smbXsrv_client_dead_rec.sh
@@ -62,7 +62,7 @@ ${SMBCLIENT} //"${SERVER}"/"${SHARE}"
-U"${USER}"%"${PASSWORD}" \
--option="libsmb:client_guid=6112f7d3-9528-4a2a-8861-0ca129aae6c4" \
-c exit
-rm -f smbclient-stdin smbclient-stdout aio_outstanding_testfile
+rm -f smbclient-stdin smbclient-stdout smbclient-stderr
#
# Ensure the panic count didn't change.
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index afb326029dc..01ec90e9878 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -1080,6 +1080,8 @@ for t in tests:
elif t == "smb2.twrp":
# This is being driven by samba3.blackbox.shadow_copy_torture
pass
+ elif t == "smb2.create_no_streams":
+ plansmbtorture4testsuite(t, "fileserver",
'//$SERVER_IP/nfs4acl_simple_40 -U$USERNAME%$PASSWORD')
elif t == "rpc.wkssvc":
plansmbtorture4testsuite(t, "ad_member", '//$SERVER/tmp
-U$DC_USERNAME%$DC_PASSWORD')
elif t == "rpc.srvsvc":
@@ -1368,6 +1370,13 @@ plantestsuite("samba3.blackbox.smbXsrv_client_dead_rec",
"fileserver:local",
'$SERVER_IP',
"tmp"])
+plantestsuite("samba3.blackbox.smbXsrv_client_cross_node",
"clusteredmember:local",
+ [os.path.join(samba3srcdir,
+ "script/tests/test_smbXsrv_client_cross_node.sh"),
+ configuration,
+ 'ctdb0', 'ctdb1',
+ "tmp"])
+
env = 'fileserver'
plantestsuite("samba3.blackbox.virus_scanner", "%s:local" % (env),
[os.path.join(samba3srcdir,
diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index ca94b7ec7f9..0be8e320ffa 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -1120,6 +1120,12 @@ static NTSTATUS filename_convert_dirfsp_nosymlink(
goto fail;
}
+ if ((streamname != NULL) &&
+ ((conn->fs_capabilities & FILE_NAMED_STREAMS) == 0)) {
+ status = NT_STATUS_OBJECT_NAME_INVALID;
+ goto fail;
+ }
+
if (!posix) {
bool name_has_wild = ms_has_wild(dirname);
name_has_wild |= ms_has_wild(fname_rel);
diff --git a/source3/smbd/files.c b/source3/smbd/files.c
index b494a8b789a..179c3e11a76 100644
--- a/source3/smbd/files.c
+++ b/source3/smbd/files.c
@@ -565,8 +565,14 @@ NTSTATUS openat_pathref_fsp(const struct files_struct
*dirfsp,
return NT_STATUS_OK;
}
- if (!(conn->fs_capabilities & FILE_NAMED_STREAMS) ||
- !is_named_stream(smb_fname)) {
+ if (is_named_stream(smb_fname) &&
+ ((conn->fs_capabilities & FILE_NAMED_STREAMS) == 0)) {
+ DBG_DEBUG("stream open [%s] on non-stream share\n",
+ smb_fname_str_dbg(smb_fname));
+ return NT_STATUS_OBJECT_NAME_INVALID;
+ }
+
+ if (!is_named_stream(smb_fname)) {
/*
* openat_pathref_fullname() will make "full_fname" a
* talloc child of the smb_fname->fsp. Don't use
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 3dd9f69b8cc..c24c55d6a76 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -6310,7 +6310,7 @@ NTSTATUS create_file_default(connection_struct *conn,
}
if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
- status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ status = NT_STATUS_OBJECT_NAME_INVALID;
goto fail;
}
}
diff --git a/source3/smbd/smb2_getinfo.c b/source3/smbd/smb2_getinfo.c
index 0320dcc5fde..23322e7b85f 100644
--- a/source3/smbd/smb2_getinfo.c
+++ b/source3/smbd/smb2_getinfo.c
@@ -303,6 +303,34 @@ static struct tevent_req
*smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx,
ZERO_STRUCT(write_time_ts);
+ /*
+ * MS-SMB2 3.3.5.20.1 "Handling SMB2_0_INFO_FILE"
+ *
+ * FileBasicInformation, FileAllInformation,
+ * FileNetworkOpenInformation, FileAttributeTagInformation
+ * require FILE_READ_ATTRIBUTES.
+ *
+ * FileFullEaInformation requires FILE_READ_EA.
+ */
+ switch (in_file_info_class) {
+ case FSCC_FILE_BASIC_INFORMATION:
+ case FSCC_FILE_ALL_INFORMATION:
+ case FSCC_FILE_NETWORK_OPEN_INFORMATION:
+ case FSCC_FILE_ATTRIBUTE_TAG_INFORMATION:
+ if (!(fsp->access_mask & SEC_FILE_READ_ATTRIBUTE)) {
+ tevent_req_nterror(req,
NT_STATUS_ACCESS_DENIED);
+ return tevent_req_post(req, ev);
+ }
+ break;
+
+ case FSCC_FILE_FULL_EA_INFORMATION:
+ if (!(fsp->access_mask & SEC_FILE_READ_EA)) {
+ tevent_req_nterror(req,
NT_STATUS_ACCESS_DENIED);
+ return tevent_req_post(req, ev);
+ }
+ break;
+ }
+
switch (in_file_info_class) {
case FSCC_FILE_FULL_EA_INFORMATION:
file_info_level = SMB2_FILE_FULL_EA_INFORMATION;
diff --git a/source3/smbd/smbXsrv_client.c b/source3/smbd/smbXsrv_client.c
index 079ca80ad12..d7a6fa35bf0 100644
--- a/source3/smbd/smbXsrv_client.c
+++ b/source3/smbd/smbXsrv_client.c
@@ -346,6 +346,55 @@ static NTSTATUS smb2srv_client_connection_pass(struct
smbd_smb2_request *smb2req
return NT_STATUS_OK;
}
+static NTSTATUS smb2srv_client_connection_drop(struct smbd_smb2_request
*smb2req,
+ struct smbXsrv_client_global0
*global)
+{
+ DATA_BLOB blob;
+ enum ndr_err_code ndr_err;
+ NTSTATUS status;
+ struct smbXsrv_connection_drop0 drop_info0;
+ struct smbXsrv_connection_dropB drop_blob;
+ struct iovec iov;
+
+ drop_info0 = (struct smbXsrv_connection_drop0) {
+ .client_guid = global->client_guid,
+ .src_server_id = smb2req->xconn->client->global->server_id,
+ .xconn_connect_time =
smb2req->xconn->client->global->initial_connect_time,
+ .dst_server_id = global->server_id,
+ .client_connect_time = global->initial_connect_time,
+ };
+
+ ZERO_STRUCT(drop_blob);
+ drop_blob.version = smbXsrv_version_global_current();
+ drop_blob.info.info0 = &drop_info0;
+
+ if (DEBUGLVL(DBGLVL_DEBUG)) {
+ NDR_PRINT_DEBUG(smbXsrv_connection_dropB, &drop_blob);
--
Samba Shared Repository
