The Samba-Bugzilla – Attachment 13798 Details for
Bug 13051
"smb encrypt" setting changes are not fully applied until full smbd restart
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Possible patch for master
wip-bug13051.patch (text/plain), 3.59 KB, created by
Ralph Böhme
on 2017-11-21 14:34:57 UTC
(
hide
)
Description:
Possible patch for master
Filename:
MIME Type:
Creator:
Ralph Böhme
Created:
2017-11-21 14:34:57 UTC
Size:
3.59 KB
patch
obsolete
>From 5333e87b5c187c39347786b15f392b897b2f124d Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Tue, 21 Nov 2017 14:28:48 +0100 >Subject: [PATCH 1/2] s3/loadparm: ensure default service options are not > changed > >sDefault is initialized from _sDefault in lp_load_ex(). As we may end up >in setup_lp_context() without going through lp_load_ex(), sDefault may >still be uninitialized. > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=13051 >--- > source3/param/loadparm.c | 17 +++++++++++++++-- > 1 file changed, 15 insertions(+), 2 deletions(-) > >diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c >index 485d3f75b04..5a60177a626 100644 >--- a/source3/param/loadparm.c >+++ b/source3/param/loadparm.c >@@ -111,7 +111,7 @@ static bool defaults_saved = false; > static struct loadparm_global Globals; > > /* This is a default service used to prime a services structure */ >-static struct loadparm_service sDefault = >+static const struct loadparm_service _sDefault = > { > .valid = true, > .autoloaded = false, >@@ -249,6 +249,12 @@ static struct loadparm_service sDefault = > .dummy = "" > }; > >+/* >+ * This is a copy of the default service structure. Service options in the >+ * global section would otherwise overwrite the initial default values. >+ */ >+static struct loadparm_service sDefault; >+ > /* local variables */ > static struct loadparm_service **ServicePtrs = NULL; > static int iNumServices = 0; >@@ -961,7 +967,13 @@ static struct loadparm_context *setup_lp_context(TALLOC_CTX *mem_ctx) > return NULL; > } > >- lp_ctx->sDefault = &sDefault; >+ lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service); >+ if (lp_ctx->sDefault == NULL) { >+ DBG_ERR("talloc_zero failed\n"); >+ return NULL; >+ } >+ >+ *lp_ctx->sDefault = _sDefault; > lp_ctx->services = NULL; /* We do not want to access this directly */ > lp_ctx->bInGlobalSection = bInGlobalSection; > lp_ctx->flags = flags_list; >@@ -3851,6 +3863,7 @@ static bool lp_load_ex(const char *pszFname, > bInGlobalSection = true; > bGlobalOnly = global_only; > bAllowIncludeRegistry = allow_include_registry; >+ sDefault = _sDefault; > > lp_ctx = setup_lp_context(talloc_tos()); > >-- >2.13.6 > > >From 616794173e245ada2c489b7a1afacd414c2520ee Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Tue, 21 Nov 2017 14:34:28 +0100 >Subject: [PATCH 2/2] s3/loadparm: don't mark IPC$ as autoloaded > >A related problem that affects configuration for the hidden IPC$ >share. This share is marked a "autoloaded" and such shares are not >reloaded when requested. That resulted in the tcon to IPC$ still using >encrpytion after running the following sequence of changes: > >1. stop Samba >2. set [global] smb encrypt = required >3. start Samba >4. remove [global] smb encrypt = required >5. smbcontrol smbd reload-config >6a bin/smbclient -U slow%x //localhost/raw -c quit, or >6b bin/smbclient -U slow%x -mNT1 //localhost/raw -c ls > >In 6a the client simply encrypted packets on the IPC$ tcon. In 6b the >client got a tcon failure with NT_STATUS_ACCESS_DENIED, but silently >ignore the error. > >https://bugzilla.samba.org/show_bug.cgi?id=13051 >--- > source3/param/loadparm.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c >index 5a60177a626..c3f8b8338e5 100644 >--- a/source3/param/loadparm.c >+++ b/source3/param/loadparm.c >@@ -1605,7 +1605,7 @@ static bool lp_add_ipc(const char *ipc_name, bool guest_ok) > ServicePtrs[i]->guest_ok = guest_ok; > ServicePtrs[i]->printable = false; > ServicePtrs[i]->browseable = sDefault.browseable; >- ServicePtrs[i]->autoloaded = true; >+ ServicePtrs[i]->autoloaded = false; > > DEBUG(3, ("adding IPC service\n")); > >-- >2.13.6 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=13798">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 13051
:
13798
|
13828