On Wed, Apr 15, 2009 at 08:59:29PM +0200, Peter Rindfuss wrote:
> Remy Zandwijk wrote:
> > Peter Rindfuss wrote:
> >> On 15.04.2009 15:12, Karolin Seeger wrote:
> >>
> >>> The code change between 3.2.9 is really small and it was not the
> >>> intention
> >>> to introduce the bug, but maybe it happened.
> >>>
> >> I went from 3.2.8 to 3.2.10, i.e. the bug could have been introduced
> >> either in 3.2.9 or 3.2.10.
> >>
> >> In the meantime, I reverted to 3.2.8, and things are ok again.
> >
> >
> > FWIW: I've setup a virgin PDC based on 3.2.10 and I could join a XP-SP2
> > machine without problems.
> >
> > -Remy
> >
>
> Remy,
>
> I can confirm this. For testing purposes, I installed a "fresh" WinXP
> SP2 on a PC. I had no problems to join this machine to 3.2.10, but after
> the next login, the problems showed up as described.
Here are the changes in the rpc subsystems between 3.2.8 and 3.2.10,
as a "reverse" patch (will return 3.2.10 rpc to 3.2.8). Can you apply
this and test if it fixes the problems ? My current theory is the
fixes we've applied to srv_netlog_nt.c in order to support Beta Windows7
clients whilst working with Microsoft engineers.
If you want to confirm this, just replace rpc_server/srv_netlog_nt.c in
3.2.10 with the version from 3.2.8 and see if that fixes the problem.
If it does, I have a theory I'd like to test...
Thanks,
Jeremy.
diff -u -r samba-3.2.10/source/rpc_server/srv_lsa_nt.c
samba-3.2.8/source/rpc_server/srv_lsa_nt.c
--- samba-3.2.10/source/rpc_server/srv_lsa_nt.c 2009-04-01 04:43:23.000000000
-0700
+++ samba-3.2.8/source/rpc_server/srv_lsa_nt.c 2009-02-03 08:10:07.000000000
-0800
@@ -830,10 +830,6 @@
&names,
&mapped_count);
- if (NT_STATUS_IS_ERR(status)) {
- return status;
- }
-
/* Convert from lsa_TranslatedName2 to lsa_TranslatedName */
names_out = TALLOC_ARRAY(p->mem_ctx, struct lsa_TranslatedName,
num_sids);
diff -u -r samba-3.2.10/source/rpc_server/srv_netlog_nt.c
samba-3.2.8/source/rpc_server/srv_netlog_nt.c
--- samba-3.2.10/source/rpc_server/srv_netlog_nt.c 2009-04-01
04:43:23.000000000 -0700
+++ samba-3.2.8/source/rpc_server/srv_netlog_nt.c 2009-02-03
08:10:07.000000000 -0800
@@ -474,32 +474,6 @@
uint32_t srv_flgs;
struct netr_Credential srv_chal_out;
- /* According to Microsoft (see bugid #6099)
- * Windows 7 looks at the negotiate_flags
- * returned in this structure *even if the
- * call fails with access denied ! So in order
- * to allow Win7 to connect to a Samba NT style
- * PDC we set the flags before we know if it's
- * an error or not.
- */
-
- /* 0x000001ff */
- srv_flgs = NETLOGON_NEG_ACCOUNT_LOCKOUT |
- NETLOGON_NEG_PERSISTENT_SAMREPL |
- NETLOGON_NEG_ARCFOUR |
- NETLOGON_NEG_PROMOTION_COUNT |
- NETLOGON_NEG_CHANGELOG_BDC |
- NETLOGON_NEG_FULL_SYNC_REPL |
- NETLOGON_NEG_MULTIPLE_SIDS |
- NETLOGON_NEG_REDO |
- NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL;
-
- if (lp_server_schannel() != false) {
- srv_flgs |= NETLOGON_NEG_SCHANNEL;
- }
-
- *r->out.negotiate_flags = srv_flgs;
-
/* We use this as the key to store the creds: */
/* r->in.computer_name */
@@ -547,9 +521,16 @@
return NT_STATUS_ACCESS_DENIED;
}
+ srv_flgs = 0x000001ff;
+
+ if (lp_server_schannel() != false) {
+ srv_flgs |= NETLOGON_NEG_SCHANNEL;
+ }
+
/* set up the LSA AUTH 2 response */
memcpy(r->out.return_credentials->data, &srv_chal_out.data,
sizeof(r->out.return_credentials->data));
+ *r->out.negotiate_flags = srv_flgs;
fstrcpy(p->dc->mach_acct, r->in.account_name);
fstrcpy(p->dc->remote_machine, r->in.computer_name);
@@ -701,7 +682,7 @@
/* set up the LSA Server Password Set response */
memcpy(r->out.return_authenticator, &cred_out,
- sizeof(*(r->out.return_authenticator)));
+ sizeof(r->out.return_authenticator));
TALLOC_FREE(sampass);
return status;
@@ -1361,10 +1342,11 @@
/****************************************************************
****************************************************************/
-NTSTATUS _netr_LogonGetCapabilities(pipes_struct *p,
- struct netr_LogonGetCapabilities *r)
+WERROR _netr_NETRLOGONDUMMYROUTINE1(pipes_struct *p,
+ struct netr_NETRLOGONDUMMYROUTINE1 *r)
{
- return NT_STATUS_NOT_IMPLEMENTED;
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
}
/****************************************************************
diff -u -r samba-3.2.10/source/rpc_server/srv_pipe.c
samba-3.2.8/source/rpc_server/srv_pipe.c
--- samba-3.2.10/source/rpc_server/srv_pipe.c 2009-04-01 04:43:23.000000000
-0700
+++ samba-3.2.8/source/rpc_server/srv_pipe.c 2009-02-03 08:10:07.000000000
-0800
@@ -2101,11 +2101,7 @@
auth_len = p->hdr.auth_len;
- if (auth_len < RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN ||
- auth_len > RPC_HEADER_LEN +
- RPC_HDR_REQ_LEN +
- RPC_HDR_AUTH_LEN +
- auth_len) {
+ if (auth_len != RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) {
DEBUG(0,("Incorrect auth_len %u.\n", (unsigned int)auth_len ));
return False;
}
diff -u -r samba-3.2.10/source/rpc_server/srv_pipe_hnd.c
samba-3.2.8/source/rpc_server/srv_pipe_hnd.c
--- samba-3.2.10/source/rpc_server/srv_pipe_hnd.c 2009-04-01
04:43:23.000000000 -0700
+++ samba-3.2.8/source/rpc_server/srv_pipe_hnd.c 2009-02-03
08:10:07.000000000 -0800
@@ -601,7 +601,7 @@
* will not fit in the initial buffer of size 0x1068 --jerry
22/01/2002
*/
- if(prs_offset(&p->in_data.data) + data_len > MAX_RPC_DATA_SIZE) {
+ if(prs_offset(&p->in_data.data) + data_len > 15*1024*1024) {
DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) +
(%u)\n",
(unsigned int)prs_data_size(&p->in_data.data),
(unsigned int)data_len ));
set_incoming_fault(p);
diff -u -r samba-3.2.10/source/rpc_server/srv_samr_nt.c
samba-3.2.8/source/rpc_server/srv_samr_nt.c
--- samba-3.2.10/source/rpc_server/srv_samr_nt.c 2009-04-01
04:43:23.000000000 -0700
+++ samba-3.2.8/source/rpc_server/srv_samr_nt.c 2009-02-03 08:10:07.000000000
-0800
@@ -1177,7 +1177,9 @@
*r->out.sam = samr_array;
*r->out.num_entries = num_groups;
+ /* this was missing, IMHO:
*r->out.resume_handle = num_groups + *r->in.resume_handle;
+ */
DEBUG(5,("_samr_EnumDomainGroups: %d\n", __LINE__));
diff -u -r samba-3.2.10/source/rpc_server/srv_spoolss_nt.c
samba-3.2.8/source/rpc_server/srv_spoolss_nt.c
--- samba-3.2.10/source/rpc_server/srv_spoolss_nt.c 2009-04-01
04:43:23.000000000 -0700
+++ samba-3.2.8/source/rpc_server/srv_spoolss_nt.c 2009-02-03
08:10:07.000000000 -0800
@@ -4729,10 +4729,6 @@
return WERR_INVALID_PARAM;
}
- if (offered > MAX_RPC_DATA_SIZE) {
- return WERR_INVALID_PARAM;
- }
-
rpcbuf_move(q_u->buffer, &r_u->buffer);
buffer = r_u->buffer;
@@ -5090,10 +5086,6 @@
return WERR_INVALID_PARAM;
}
- if (offered > MAX_RPC_DATA_SIZE) {
- return WERR_INVALID_PARAM;
- }
-
rpcbuf_move(q_u->buffer, &r_u->buffer);
buffer = r_u->buffer;
@@ -5755,10 +5747,6 @@
return WERR_INVALID_PARAM;
}
- if (offered > MAX_RPC_DATA_SIZE) {
- return WERR_INVALID_PARAM;
- }
-
rpcbuf_move(q_u->buffer, &r_u->buffer);
buffer = r_u->buffer;
@@ -6832,10 +6820,6 @@
return WERR_INVALID_PARAM;
}
- if (offered > MAX_RPC_DATA_SIZE) {
- return WERR_INVALID_PARAM;
- }
-
rpcbuf_move(q_u->buffer, &r_u->buffer);
buffer = r_u->buffer;
@@ -7212,10 +7196,6 @@
return WERR_INVALID_PARAM;
}
- if (offered > MAX_RPC_DATA_SIZE) {
- return WERR_INVALID_PARAM;
- }
-
rpcbuf_move(q_u->buffer, &r_u->buffer);
buffer = r_u->buffer;
@@ -7283,10 +7263,6 @@
return WERR_INVALID_PARAM;
}
- if (offered > MAX_RPC_DATA_SIZE) {
- return WERR_INVALID_PARAM;
- }
-
rpcbuf_move(q_u->buffer, &r_u->buffer);
buffer = r_u->buffer;
@@ -7695,10 +7671,6 @@
return WERR_INVALID_PARAM;
}
- if (offered > MAX_RPC_DATA_SIZE) {
- return WERR_INVALID_PARAM;
- }
-
rpcbuf_move(q_u->buffer, &r_u->buffer);
buffer = r_u->buffer;
@@ -8108,10 +8080,6 @@
return WERR_INVALID_PARAM;
}
- if (offered > MAX_RPC_DATA_SIZE) {
- return WERR_INVALID_PARAM;
- }
-
rpcbuf_move(q_u->buffer, &r_u->buffer);
buffer = r_u->buffer;
@@ -8739,10 +8707,6 @@
return WERR_INVALID_PARAM;
}
- if (offered > MAX_RPC_DATA_SIZE) {
- return WERR_INVALID_PARAM;
- }
-
rpcbuf_move(q_u->buffer, &r_u->buffer);
buffer = r_u->buffer;
@@ -8822,10 +8786,6 @@
return WERR_INVALID_PARAM;
}
- if (offered > MAX_RPC_DATA_SIZE) {
- return WERR_INVALID_PARAM;
- }
-
rpcbuf_move(q_u->buffer, &r_u->buffer);
buffer = r_u->buffer;
@@ -8954,10 +8914,6 @@
return WERR_INVALID_PARAM;
}
- if (offered > MAX_RPC_DATA_SIZE) {
- return WERR_INVALID_PARAM;
- }
-
rpcbuf_move(q_u->buffer, &r_u->buffer);
buffer = r_u->buffer;
@@ -9134,10 +9090,6 @@
return WERR_INVALID_PARAM;
}
- if (offered > MAX_RPC_DATA_SIZE) {
- return WERR_INVALID_PARAM;
- }
-
rpcbuf_move(q_u->buffer, &r_u->buffer);
buffer = r_u->buffer;
@@ -9779,10 +9731,6 @@
return WERR_INVALID_PARAM;
}
- if (offered > MAX_RPC_DATA_SIZE) {
- return WERR_INVALID_PARAM;
- }
-
rpcbuf_move(q_u->buffer, &r_u->buffer);
buffer = r_u->buffer;
diff -u -r samba-3.2.10/source/rpc_server/srv_srvsvc_nt.c
samba-3.2.8/source/rpc_server/srv_srvsvc_nt.c
--- samba-3.2.10/source/rpc_server/srv_srvsvc_nt.c 2009-04-01
04:43:23.000000000 -0700
+++ samba-3.2.8/source/rpc_server/srv_srvsvc_nt.c 2009-02-03
08:10:07.000000000 -0800
@@ -2316,8 +2316,6 @@
/*allow one struct srvsvc_NetDiskInfo0 for null terminator*/
- r->out.info->count = 0;
-
for(i = 0; i < MAX_SERVER_DISK_ENTRIES -1 && (disk_name =
next_server_disk_enum(&resume)); i++) {
r->out.info->count++;
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
