Bug 2231 - smbclient can only list the root directory listing when connecting to a Netware CIFS Share.
Summary: smbclient can only list the root directory listing when connecting to a Netwa...
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: smbclient (show other bugs)
Version: 3.0.9
Hardware: All Linux
: P3 minor
Target Milestone: none
Assignee: Jeremy Allison
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-01-10 22:41 UTC by Brad Ellis
Modified: 2005-08-24 10:24 UTC (History)
0 users

See Also:


Attachments
Proposed patch. (584 bytes, patch)
2005-01-11 18:23 UTC, Jeremy Allison
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Brad Ellis 2005-01-10 22:42:22 UTC
When trying to obtain a directory listing using
smbclient on a redhat linux box from a Netware 
CIFS Share (netware 5.0), it is only possible to
obtain a directory listing from the root of the Novell
CIFS Share.

smbclient -v reports "Version 3.0.9-1.3E.1"

smbclient sends "dirname\\*" in the TRANSACT2_FINDFIST command.
A Windows XP client sends "dirname\*"

The Netware CIFS server interprets "dirname\\*" as a request for
the directory listing of "\*" and not "dirname\*".

The result of this is that it is only possible to get a directory
listing of the root of a novell cifs share, and not sub-directories.

You could argue that Novell need to address this, but given that
a Windows XP client sends "dirname\*" and not "dirname\\*" it would be 
difficult to sustain this argument.

The following change to client/client.c (from a version 3.0.9 source)
seems to result in the desired behaviour.
Function:    cmd_dir
C Line Number: ~596.
Existing Code:
        if (next_token_nr(NULL,buf,NULL,sizeof(buf))) {
                dos_format(p);
                if (*p == '\\')
                        pstrcpy(mask,p);
                else
                        pstrcat(mask,p);
        } else {
              pstrcat(mask,"\\*");
        }
Suggested Replacement Code:
        if (next_token_nr(NULL,buf,NULL,sizeof(buf))) {
                dos_format(p);
                if (*p == '\\')
                        pstrcpy(mask,p);
                else
                        pstrcat(mask,p);
        } else {
                if(strlen(mask) == 0) {
                        pstrcat(mask,"\\*");
                } else {
                        pstrcat(mask,"*");
                }
        }

Notes:
I'm not sure what happens to the leading \ that this put at the
begining of the mask - it is most likely stripped elsewhere as it
doesn't appear in the packets that go across the network.

A packet dump from the XP client can be included if required, but
this was expected to be reproducable.

---

Partial TCP Packet Dump without Mod for directory ntinst:
16:11:28.001714 x.y.z.199.41058 > x.y.z.76.netbios-ssn: P [tcp sum ok] 532:627
(95) ack 259 win 5840
>>> NBT Packet
NBT Session Packet
Flags=0x0
Length=91 (0x5b)

SMB PACKET: SMBtrans2 (REQUEST)
SMB Command   =  0x32
Error class   =  0x0
Error code    =  0 (0x0)
Flags1        =  0x8
Flags2        =  0x1
Tree ID       =  25285 (0x62c5)
Proc ID       =  17555 (0x4493)
UID           =  14342 (0x3806)
MID           =  6 (0x6)
Word Count    =  15 (0xf)
TRANSACT2_FINDFIRST param_length=23 data_length=0
TotParam=23 (0x17)
TotData=0 (0x0)
MaxParam=10 (0xa)
MaxData=65535 (0xffff)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=23 (0x17)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=91 (0x5b)
SetupCnt=1 (0x1)
TransactionName=Attribute=HIDDEN SYSTEM DIR
SearchCount=512 (0x200)
Flags=0x6
Level=1 (0x1)
File=ntinst\\*

Partial TCP Packet Dump without Mod for directory "\":
16:28:12.330276 130.194.11.199.41063 > 130.194.97.76.netbios-ssn: P [tcp sum 
ok] 484:571(87) ack 220 win 5840
>>> NBT Packet
NBT Session Packet
Flags=0x0
Length=83 (0x53)

SMB PACKET: SMBtrans2 (REQUEST)
SMB Command   =  0x32
Error class   =  0x0
Error code    =  0 (0x0)
Flags1        =  0x8
Flags2        =  0x1
Tree ID       =  25417 (0x6349)
Proc ID       =  17580 (0x44ac)
UID           =  14193 (0x3771)
MID           =  5 (0x5)
Word Count    =  15 (0xf)
TRANSACT2_FINDFIRST param_length=15 data_length=0
TotParam=15 (0xf)
TotData=0 (0x0)
MaxParam=10 (0xa)
MaxData=65535 (0xffff)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=15 (0xf)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=83 (0x53)
SetupCnt=1 (0x1)
TransactionName=Attribute=HIDDEN SYSTEM DIR
SearchCount=512 (0x200)
Flags=0x6
Level=1 (0x1)
File=*


Partial TCP Packet Dump with Mod for dir of ntinst:

16:11:25.712186 130.194.11.199.41054 > 130.194.97.76.netbios-ssn: P [tcp sum 
ok] 534:628(94) ack 259 win 5840
>>> NBT Packet
NBT Session Packet
Flags=0x0
Length=90 (0x5a)

SMB PACKET: SMBtrans2 (REQUEST)
SMB Command   =  0x32
Error class   =  0x0
Error code    =  0 (0x0)
Flags1        =  0x8
Flags2        =  0x1
Tree ID       =  25284 (0x62c4)
Proc ID       =  17554 (0x4492)
UID           =  14339 (0x3803)
MID           =  6 (0x6)
Word Count    =  15 (0xf)
TRANSACT2_FINDFIRST param_length=22 data_length=0
TotParam=22 (0x16)
TotData=0 (0x0)
MaxParam=10 (0xa)
MaxData=65535 (0xffff)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=22 (0x16)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=90 (0x5a)
SetupCnt=1 (0x1)
TransactionName=Attribute=HIDDEN SYSTEM DIR
SearchCount=512 (0x200)
Flags=0x6
Level=1 (0x1)
File=ntinst\*


Partial TCP Packet Dump with Mod for dir of "\":

16:28:15.907325 130.194.11.199.41067 > 130.194.97.76.netbios-ssn: P [tcp sum 
ok] 486:573(87) ack 220 win 5840
>>> NBT Packet
NBT Session Packet
Flags=0x0
Length=83 (0x53)

SMB PACKET: SMBtrans2 (REQUEST)
SMB Command   =  0x32
Error class   =  0x0
Error code    =  0 (0x0)
Flags1        =  0x8
Flags2        =  0x1
Tree ID       =  25419 (0x634b)
Proc ID       =  17581 (0x44ad)
UID           =  14387 (0x3833)
MID           =  5 (0x5)
Word Count    =  15 (0xf)
TRANSACT2_FINDFIRST param_length=15 data_length=0
TotParam=15 (0xf)
TotData=0 (0x0)
MaxParam=10 (0xa)
MaxData=65535 (0xffff)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=15 (0xf)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=83 (0x53)
SetupCnt=1 (0x1)
TransactionName=Attribute=HIDDEN SYSTEM DIR
SearchCount=512 (0x200)
Flags=0x6
Level=1 (0x1)
File=*
Comment 1 Brad Ellis 2005-01-10 22:57:02 UTC
I recehecked the packet sent by a windows xp client - and
noticed that it has a preceeding "\" resulting in the submitted
"file" field.

This also explains why in my notes there is a comment about the
leading "\" being stripped. It appears that the output of
tcpdump -Xvvn removes this from the file entry, but displays it in
the packet. 

(Ethereal refers to the "file" field as "Search Pattern" and doesn't remove
the leading "\".)

Apologies for any confusion created here.

Cheers,
Brad.
Comment 2 Gerald (Jerry) Carter (dead mail address) 2005-01-11 06:49:03 UTC
jeremy, this might interest you.
Comment 3 Jeremy Allison 2005-01-11 18:23:56 UTC
Created attachment 885 [details]
Proposed patch.
Comment 4 Jeremy Allison 2005-01-11 18:25:59 UTC
Fixed for 3.0.11. Thanks !
Jeremy.
Comment 5 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:24:02 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.