Bug 1871 - SMBD incorrectly displays sender and target of WinPopUp messages.
Summary: SMBD incorrectly displays sender and target of WinPopUp messages.
Status: RESOLVED WONTFIX
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.7
Hardware: All Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-10-04 17:37 UTC by Igor Zhbanov
Modified: 2010-04-26 03:42 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Igor Zhbanov 2004-10-04 17:37:42 UTC
Hello!

To receive WinPopUp messages I am using following setting in smb.conf:
[global]
message command = echo "SMB Message From %f on %m" >> /tmp/messages; cat %s
>>/tmp/messages; rm %s

And I'm using "smbclient -M" to send messages.
But I see garbage instead of sender name (%f).

The problem is that smbd (incorrectly?) decides to decode sender and target
names from Unicode encoding while it was sent in ASCII.

Let's look in source/libsmb/climessage.c:
/****************************************************************************
start a message sequence
****************************************************************************/
int cli_message_start_build(struct cli_state *cli, char *host, char *username)
{
...
        *p++ = 4;
        p += clistr_push(cli, p, username, -1, STR_ASCII|STR_TERMINATE);
        *p++ = 4;
        p += clistr_push(cli, p, host, -1, STR_ASCII|STR_TERMINATE);
...
}

The Flg2 field in the packet is 0xC801 which means that we can handle Unicode
but sender and target names are sent in ASCII because of STR_ASCII flag which
forces ASCII encoding. (I don't know SMB protocol so I'm not sure which encoding
should be used for sender and target.)

Now let's look in source/smbd/message.c:
/****************************************************************************
  reply to a sends
****************************************************************************/
int reply_sends(connection_struct *conn,
                char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
{
...
  p += srvstr_pull_buf(inbuf, msgfrom, p, sizeof(msgfrom), STR_TERMINATE) + 1;
  p += srvstr_pull_buf(inbuf, msgto, p, sizeof(msgto), STR_TERMINATE) + 1;
...
}

/****************************************************************************
  reply to a sendstrt
****************************************************************************/
int reply_sendstrt(connection_struct *conn,
                   char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
{
...
  p += srvstr_pull_buf(inbuf, msgfrom, p, sizeof(msgfrom), STR_TERMINATE) + 1;
  p += srvstr_pull_buf(inbuf, msgto, p, sizeof(msgto), STR_TERMINATE) + 1;
...
}

When the function reply_sendstrt() extracts sender and target names from packet
it incorrectly decodes it from Unicode (while it's in ASCII!). I don't know what
for function reply_sends() is used but it contains the similar code.

If I am right the solution is here:
--- BEGIN ---
diff -ur samba-3.0.7/source/smbd/message.c samba/source/smbd/message.c
--- samba-3.0.7/source/smbd/message.c   2004-04-04 11:37:29.000000000 +0400
+++ samba/source/smbd/message.c 2004-10-05 04:07:17.000000000 +0400
@@ -127,8 +127,8 @@
   outsize = set_message(outbuf,0,0,True);

   p = smb_buf(inbuf)+1;
-  p += srvstr_pull_buf(inbuf, msgfrom, p, sizeof(msgfrom), STR_TERMINATE) + 1;
-  p += srvstr_pull_buf(inbuf, msgto, p, sizeof(msgto), STR_TERMINATE) + 1;
+  p += srvstr_pull_buf(inbuf, msgfrom, p, sizeof(msgfrom), STR_TERMINATE |
STR_ASCII) + 1;
+  p += srvstr_pull_buf(inbuf, msgto, p, sizeof(msgto), STR_TERMINATE |
STR_ASCII) + 1;

   msg = p;

@@ -169,8 +169,8 @@
   msgpos = 0;

   p = smb_buf(inbuf)+1;
-  p += srvstr_pull_buf(inbuf, msgfrom, p, sizeof(msgfrom), STR_TERMINATE) + 1;
-  p += srvstr_pull_buf(inbuf, msgto, p, sizeof(msgto), STR_TERMINATE) + 1;
+  p += srvstr_pull_buf(inbuf, msgfrom, p, sizeof(msgfrom), STR_TERMINATE |
STR_ASCII) + 1;
+  p += srvstr_pull_buf(inbuf, msgto, p, sizeof(msgto), STR_TERMINATE |
STR_ASCII) + 1;

   DEBUG( 3, ( "SMBsendstrt (from %s to %s)\n", msgfrom, msgto ) );

--- END ---

At least with this patch messages from "smbclient -M" has correct senders and
targets.

Thanks!
Comment 1 Igor Zhbanov 2004-10-04 17:43:30 UTC
Of course, there should not be new line characters in the patch before
STR_ASCII) + 1;
;-)
Comment 2 Stefan Metzmacher 2010-04-26 03:42:24 UTC
If it's still broken in 3.5, please reopen.
3.0 isn't supported anymore.