From 5333e87b5c187c39347786b15f392b897b2f124d Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Tue, 21 Nov 2017 14:28:48 +0100 Subject: [PATCH 1/2] s3/loadparm: ensure default service options are not changed sDefault is initialized from _sDefault in lp_load_ex(). As we may end up in setup_lp_context() without going through lp_load_ex(), sDefault may still be uninitialized. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13051 --- source3/param/loadparm.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 485d3f75b04..5a60177a626 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -111,7 +111,7 @@ static bool defaults_saved = false; static struct loadparm_global Globals; /* This is a default service used to prime a services structure */ -static struct loadparm_service sDefault = +static const struct loadparm_service _sDefault = { .valid = true, .autoloaded = false, @@ -249,6 +249,12 @@ static struct loadparm_service sDefault = .dummy = "" }; +/* + * This is a copy of the default service structure. Service options in the + * global section would otherwise overwrite the initial default values. + */ +static struct loadparm_service sDefault; + /* local variables */ static struct loadparm_service **ServicePtrs = NULL; static int iNumServices = 0; @@ -961,7 +967,13 @@ static struct loadparm_context *setup_lp_context(TALLOC_CTX *mem_ctx) return NULL; } - lp_ctx->sDefault = &sDefault; + lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service); + if (lp_ctx->sDefault == NULL) { + DBG_ERR("talloc_zero failed\n"); + return NULL; + } + + *lp_ctx->sDefault = _sDefault; lp_ctx->services = NULL; /* We do not want to access this directly */ lp_ctx->bInGlobalSection = bInGlobalSection; lp_ctx->flags = flags_list; @@ -3851,6 +3863,7 @@ static bool lp_load_ex(const char *pszFname, bInGlobalSection = true; bGlobalOnly = global_only; bAllowIncludeRegistry = allow_include_registry; + sDefault = _sDefault; lp_ctx = setup_lp_context(talloc_tos()); -- 2.13.6 From 616794173e245ada2c489b7a1afacd414c2520ee Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Tue, 21 Nov 2017 14:34:28 +0100 Subject: [PATCH 2/2] s3/loadparm: don't mark IPC$ as autoloaded A related problem that affects configuration for the hidden IPC$ share. This share is marked a "autoloaded" and such shares are not reloaded when requested. That resulted in the tcon to IPC$ still using encrpytion after running the following sequence of changes: 1. stop Samba 2. set [global] smb encrypt = required 3. start Samba 4. remove [global] smb encrypt = required 5. smbcontrol smbd reload-config 6a bin/smbclient -U slow%x //localhost/raw -c quit, or 6b bin/smbclient -U slow%x -mNT1 //localhost/raw -c ls In 6a the client simply encrypted packets on the IPC$ tcon. In 6b the client got a tcon failure with NT_STATUS_ACCESS_DENIED, but silently ignore the error. https://bugzilla.samba.org/show_bug.cgi?id=13051 --- source3/param/loadparm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 5a60177a626..c3f8b8338e5 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -1605,7 +1605,7 @@ static bool lp_add_ipc(const char *ipc_name, bool guest_ok) ServicePtrs[i]->guest_ok = guest_ok; ServicePtrs[i]->printable = false; ServicePtrs[i]->browseable = sDefault.browseable; - ServicePtrs[i]->autoloaded = true; + ServicePtrs[i]->autoloaded = false; DEBUG(3, ("adding IPC service\n")); -- 2.13.6