From afbd0c3ba3ad990e3d9b231bda4fc0946587e10f Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Wed, 18 May 2022 14:40:49 +0000
Subject: [PATCH 1/3] selftest: Test for bug 15062 -- list "username" in
 netshareenum

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15062

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 3145131809269a33ad07261f94ee6e09e1850365)
---
 selftest/knownfail.d/netshareenum_user        |  1 +
 .../script/tests/test_user_in_sharelist.sh    | 22 +++++++++++++++++++
 source3/selftest/tests.py                     |  6 +++++
 3 files changed, 29 insertions(+)
 create mode 100644 selftest/knownfail.d/netshareenum_user
 create mode 100755 source3/script/tests/test_user_in_sharelist.sh

diff --git a/selftest/knownfail.d/netshareenum_user b/selftest/knownfail.d/netshareenum_user
new file mode 100644
index 00000000000..5ad1a499623
--- /dev/null
+++ b/selftest/knownfail.d/netshareenum_user
@@ -0,0 +1 @@
+.*samba3.blackbox.netshareenum_username.*
\ No newline at end of file
diff --git a/source3/script/tests/test_user_in_sharelist.sh b/source3/script/tests/test_user_in_sharelist.sh
new file mode 100755
index 00000000000..1abd554f90b
--- /dev/null
+++ b/source3/script/tests/test_user_in_sharelist.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+if [ $# -lt 2 ]; then
+    echo Usage: $0 RPCCLIENT SERVER
+    exit 1
+fi
+
+incdir=$(dirname $0)/../../../testprogs/blackbox
+. $incdir/subunit.sh
+
+failed=0
+
+RPCCLIENT="$1"; shift 1
+SERVER="$1"; shift 1
+
+"${RPCCLIENT}" "${SERVER}" -U"${USER}"%"${PASSWORD}" -c netshareenum |
+    grep "^netname: $USER\$"
+RC=$?
+testit "Verify username is listed in netshareenum due to [homes]" \
+       test $RC = 0 || failed=$((failed+1))
+
+testok $0 $failed
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 61f56666fa8..40c2fb63f62 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -1210,6 +1210,12 @@ plantestsuite("samba3.blackbox.netfileenum", "simpleserver:local",
                '$SERVER_IP',
                'tmp'])
 
+plantestsuite("samba3.blackbox.netshareenum_username", "fileserver",
+              [os.path.join(samba3srcdir,
+                            "script/tests/test_user_in_sharelist.sh"),
+               os.path.join(bindir(), "rpcclient"),
+               '$SERVER_IP'])
+
 plantestsuite("samba3.blackbox.net_tdb", "simpleserver:local",
               [os.path.join(samba3srcdir, "script/tests/test_net_tdb.sh"),
                smbclient3, '$SERVER', 'tmp', '$USERNAME', '$PASSWORD',
-- 
2.34.1


From f08a2cf6f9085d7b833ce3f146b0bf8195329a19 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Wed, 18 May 2022 15:39:23 +0200
Subject: [PATCH 2/3] srvsvc: Add a central return point to
 init_srv_share_info_ctr()

Soon there will be cleanup work to do.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15062

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 20cbade5b164c0e9eec744bd5a564110923a0c61)
---
 source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 98 +++++++++++++++++------
 1 file changed, 73 insertions(+), 25 deletions(-)

diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index ea296eaa6ab..54209e3e7b6 100644
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -622,6 +622,7 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p,
 	bool *allowed = 0;
 	union srvsvc_NetShareCtr ctr;
 	uint32_t resume_handle = resume_handle_p ? *resume_handle_p : 0;
+	WERROR ret = WERR_OK;
 
 	DEBUG(5,("init_srv_share_info_ctr\n"));
 
@@ -634,7 +635,9 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p,
 	unbecome_root();
 
         allowed = talloc_zero_array(ctx, bool, num_services);
-        W_ERROR_HAVE_NO_MEMORY(allowed);
+	if (allowed == NULL) {
+		goto nomem;
+	}
 
         /* Count the number of entries. */
         for (snum = 0; snum < num_services; snum++) {
@@ -652,7 +655,7 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p,
         }
 
 	if (!num_entries || (resume_handle >= num_entries)) {
-		return WERR_OK;
+		goto done;
 	}
 
 	/* Calculate alloc entries. */
@@ -660,11 +663,15 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p,
 	switch (info_ctr->level) {
 	case 0:
 		ctr.ctr0 = talloc_zero(ctx, struct srvsvc_NetShareCtr0);
-		W_ERROR_HAVE_NO_MEMORY(ctr.ctr0);
+		if (ctr.ctr0 == NULL) {
+			goto nomem;
+		}
 
 		ctr.ctr0->count = alloc_entries;
 		ctr.ctr0->array = talloc_zero_array(ctx, struct srvsvc_NetShareInfo0, alloc_entries);
-		W_ERROR_HAVE_NO_MEMORY(ctr.ctr0->array);
+		if (ctr.ctr0->array == NULL) {
+			goto nomem;
+		}
 
 		for (snum = 0; snum < num_services; snum++) {
 			if (allowed[snum] &&
@@ -677,11 +684,15 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p,
 
 	case 1:
 		ctr.ctr1 = talloc_zero(ctx, struct srvsvc_NetShareCtr1);
-		W_ERROR_HAVE_NO_MEMORY(ctr.ctr1);
+		if (ctr.ctr1 == NULL) {
+			goto nomem;
+		}
 
 		ctr.ctr1->count = alloc_entries;
 		ctr.ctr1->array = talloc_zero_array(ctx, struct srvsvc_NetShareInfo1, alloc_entries);
-		W_ERROR_HAVE_NO_MEMORY(ctr.ctr1->array);
+		if (ctr.ctr1->array == NULL) {
+			goto nomem;
+		}
 
 		for (snum = 0; snum < num_services; snum++) {
 			if (allowed[snum] &&
@@ -694,11 +705,15 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p,
 
 	case 2:
 		ctr.ctr2 = talloc_zero(ctx, struct srvsvc_NetShareCtr2);
-		W_ERROR_HAVE_NO_MEMORY(ctr.ctr2);
+		if (ctr.ctr2 == NULL) {
+			goto nomem;
+		}
 
 		ctr.ctr2->count = alloc_entries;
 		ctr.ctr2->array = talloc_zero_array(ctx, struct srvsvc_NetShareInfo2, alloc_entries);
-		W_ERROR_HAVE_NO_MEMORY(ctr.ctr2->array);
+		if (ctr.ctr2->array == NULL) {
+			goto nomem;
+		}
 
 		for (snum = 0; snum < num_services; snum++) {
 			if (allowed[snum] &&
@@ -712,11 +727,15 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p,
 
 	case 501:
 		ctr.ctr501 = talloc_zero(ctx, struct srvsvc_NetShareCtr501);
-		W_ERROR_HAVE_NO_MEMORY(ctr.ctr501);
+		if (ctr.ctr501 == NULL) {
+			goto nomem;
+		}
 
 		ctr.ctr501->count = alloc_entries;
 		ctr.ctr501->array = talloc_zero_array(ctx, struct srvsvc_NetShareInfo501, alloc_entries);
-		W_ERROR_HAVE_NO_MEMORY(ctr.ctr501->array);
+		if (ctr.ctr501->array == NULL) {
+			goto nomem;
+		}
 
 		for (snum = 0; snum < num_services; snum++) {
 			if (allowed[snum] &&
@@ -729,11 +748,15 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p,
 
 	case 502:
 		ctr.ctr502 = talloc_zero(ctx, struct srvsvc_NetShareCtr502);
-		W_ERROR_HAVE_NO_MEMORY(ctr.ctr502);
+		if (ctr.ctr502 == NULL) {
+			goto nomem;
+		}
 
 		ctr.ctr502->count = alloc_entries;
 		ctr.ctr502->array = talloc_zero_array(ctx, struct srvsvc_NetShareInfo502, alloc_entries);
-		W_ERROR_HAVE_NO_MEMORY(ctr.ctr502->array);
+		if (ctr.ctr502->array == NULL) {
+			goto nomem;
+		}
 
 		for (snum = 0; snum < num_services; snum++) {
 			if (allowed[snum] &&
@@ -746,11 +769,15 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p,
 
 	case 1004:
 		ctr.ctr1004 = talloc_zero(ctx, struct srvsvc_NetShareCtr1004);
-		W_ERROR_HAVE_NO_MEMORY(ctr.ctr1004);
+		if (ctr.ctr1004 == NULL) {
+			goto nomem;
+		}
 
 		ctr.ctr1004->count = alloc_entries;
 		ctr.ctr1004->array = talloc_zero_array(ctx, struct srvsvc_NetShareInfo1004, alloc_entries);
-		W_ERROR_HAVE_NO_MEMORY(ctr.ctr1004->array);
+		if (ctr.ctr1004->array == NULL) {
+			goto nomem;
+		}
 
 		for (snum = 0; snum < num_services; snum++) {
 			if (allowed[snum] &&
@@ -763,11 +790,15 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p,
 
 	case 1005:
 		ctr.ctr1005 = talloc_zero(ctx, struct srvsvc_NetShareCtr1005);
-		W_ERROR_HAVE_NO_MEMORY(ctr.ctr1005);
+		if (ctr.ctr1005 == NULL) {
+			goto nomem;
+		}
 
 		ctr.ctr1005->count = alloc_entries;
 		ctr.ctr1005->array = talloc_zero_array(ctx, struct srvsvc_NetShareInfo1005, alloc_entries);
-		W_ERROR_HAVE_NO_MEMORY(ctr.ctr1005->array);
+		if (ctr.ctr1005->array == NULL) {
+			goto nomem;
+		}
 
 		for (snum = 0; snum < num_services; snum++) {
 			if (allowed[snum] &&
@@ -780,11 +811,15 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p,
 
 	case 1006:
 		ctr.ctr1006 = talloc_zero(ctx, struct srvsvc_NetShareCtr1006);
-		W_ERROR_HAVE_NO_MEMORY(ctr.ctr1006);
+		if (ctr.ctr1006 == NULL) {
+			goto nomem;
+		}
 
 		ctr.ctr1006->count = alloc_entries;
 		ctr.ctr1006->array = talloc_zero_array(ctx, struct srvsvc_NetShareInfo1006, alloc_entries);
-		W_ERROR_HAVE_NO_MEMORY(ctr.ctr1006->array);
+		if (ctr.ctr1006->array == NULL) {
+			goto nomem;
+		}
 
 		for (snum = 0; snum < num_services; snum++) {
 			if (allowed[snum] &&
@@ -797,11 +832,15 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p,
 
 	case 1007:
 		ctr.ctr1007 = talloc_zero(ctx, struct srvsvc_NetShareCtr1007);
-		W_ERROR_HAVE_NO_MEMORY(ctr.ctr1007);
+		if (ctr.ctr1007 == NULL) {
+			goto nomem;
+		}
 
 		ctr.ctr1007->count = alloc_entries;
 		ctr.ctr1007->array = talloc_zero_array(ctx, struct srvsvc_NetShareInfo1007, alloc_entries);
-		W_ERROR_HAVE_NO_MEMORY(ctr.ctr1007->array);
+		if (ctr.ctr1007->array == NULL) {
+			goto nomem;
+		}
 
 		for (snum = 0; snum < num_services; snum++) {
 			if (allowed[snum] &&
@@ -814,11 +853,15 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p,
 
 	case 1501:
 		ctr.ctr1501 = talloc_zero(ctx, struct srvsvc_NetShareCtr1501);
-		W_ERROR_HAVE_NO_MEMORY(ctr.ctr1501);
+		if (ctr.ctr1501 == NULL) {
+			goto nomem;
+		}
 
 		ctr.ctr1501->count = alloc_entries;
 		ctr.ctr1501->array = talloc_zero_array(ctx, struct sec_desc_buf, alloc_entries);
-		W_ERROR_HAVE_NO_MEMORY(ctr.ctr1501->array);
+		if (ctr.ctr1501->array == NULL) {
+			goto nomem;
+		}
 
 		for (snum = 0; snum < num_services; snum++) {
 			if (allowed[snum] &&
@@ -834,7 +877,8 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p,
 	default:
 		DEBUG(5,("init_srv_share_info_ctr: unsupported switch value %d\n",
 			info_ctr->level));
-		return WERR_INVALID_LEVEL;
+		ret = WERR_INVALID_LEVEL;
+		goto done;
 	}
 
 	*total_entries = alloc_entries;
@@ -847,8 +891,12 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p,
 	}
 
 	info_ctr->ctr = ctr;
-
-	return WERR_OK;
+	ret = WERR_OK;
+	goto done;
+nomem:
+	ret = WERR_NOT_ENOUGH_MEMORY;
+done:
+	return ret;
 }
 
 /*******************************************************************
-- 
2.34.1


From 5c8f94eaef3396f8adfde8d71803b3afa8f17f0d Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Wed, 18 May 2022 16:01:08 +0200
Subject: [PATCH 3/3] srvsvc: Announce [username] in NetShareEnum

This patch has two flaws: First, it does not cover api_RNetShareEnum()
for SMB1, and the second one is: To make this elegant, we would have
to restructure our share handling. It is really only listing shares
for which we have to pull in everything from smb.conf, registry,
usershares and potentially printers. What we should do is modify our
loadparm handling to only load share definitions on demand and for
listing shares handle all the potential sources specially. Add code
that walks the registry shares without adding them to our services
list and so on.

This patch is the quick&dirty way to fix the bug, the alternative
would be weeks or more. And hopefully nobody notices the SMB1
problem...

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15062

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 18 17:42:20 UTC 2022 on sn-devel-184

(cherry picked from commit 04e0e02c6951e327130210e44deb87b9a303cdb3)
---
 selftest/knownfail.d/netshareenum_user    |  1 -
 source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 16 +++++++++++++++-
 2 files changed, 15 insertions(+), 2 deletions(-)
 delete mode 100644 selftest/knownfail.d/netshareenum_user

diff --git a/selftest/knownfail.d/netshareenum_user b/selftest/knownfail.d/netshareenum_user
deleted file mode 100644
index 5ad1a499623..00000000000
--- a/selftest/knownfail.d/netshareenum_user
+++ /dev/null
@@ -1 +0,0 @@
-.*samba3.blackbox.netshareenum_username.*
\ No newline at end of file
diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index 54209e3e7b6..0bd79b595a9 100644
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -610,6 +610,9 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p,
 				      uint32_t *total_entries,
 				      bool all_shares)
 {
+	struct dcesrv_call_state *dce_call = p->dce_call;
+	struct auth_session_info *session_info =
+		dcesrv_call_session_info(dce_call);
 	const struct loadparm_substitution *lp_sub =
 		loadparm_s3_global_substitution();
 	uint32_t num_entries = 0;
@@ -622,6 +625,9 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p,
 	bool *allowed = 0;
 	union srvsvc_NetShareCtr ctr;
 	uint32_t resume_handle = resume_handle_p ? *resume_handle_p : 0;
+	const char *unix_name = session_info->unix_info->unix_name;
+	int existing_home = lp_servicenumber(unix_name);
+	int added_home = -1;
 	WERROR ret = WERR_OK;
 
 	DEBUG(5,("init_srv_share_info_ctr\n"));
@@ -631,9 +637,14 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p,
 	delete_and_reload_printers();
 	load_usershare_shares(NULL, connections_snum_used);
 	load_registry_shares();
-	num_services = lp_numservices();
 	unbecome_root();
 
+	if (existing_home == -1) {
+		added_home = register_homes_share(unix_name);
+	}
+
+	num_services = lp_numservices();
+
         allowed = talloc_zero_array(ctx, bool, num_services);
 	if (allowed == NULL) {
 		goto nomem;
@@ -896,6 +907,9 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p,
 nomem:
 	ret = WERR_NOT_ENOUGH_MEMORY;
 done:
+	if (added_home != -1) {
+		lp_killservice(added_home);
+	}
 	return ret;
 }
 
-- 
2.34.1