Bug 429 - libsmbclient fails to list servers of windows domain
Summary: libsmbclient fails to list servers of windows domain
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: libsmbclient (show other bugs)
Version: 3.0.0preX
Hardware: All Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-09-10 04:13 UTC by Stephan Kulow
Modified: 2005-11-14 09:28 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stephan Kulow 2003-09-10 04:13:09 UTC
As discussed in april (http://lists.samba.org/pipermail/samba-technical/2003-April/043899.html), 
libsmbclient fails to get NetServerEnum2 correctly with XP servers (have no NT here, but 
I guess it's the same problem) because they reply to 445 but only with nonsense. Because 
win9x refuse 445 connections, it works because of the port 139 fallback. 
 
Actually it's all a bit more complicated, but fact is: it doesn't work the way it is and this works: 
-               /* try 445 first, then 139 */ 
-               int port = cli->port?cli->port:445; 
+               /* try 139 first, then 445 */ 
+               int port = cli->port?cli->port:139; 
 
(there is a 139 later that needs to be changed to 445, but I don't want to create an attachment 
with full patch)
Comment 1 Gerald (Jerry) Carter (dead mail address) 2004-04-22 19:52:53 UTC
this should all be worked out now.
Comment 2 Stephan Kulow 2004-05-05 03:00:54 UTC
In what branch? My patch still applies cleanly against samba/branches/SAMBA_3_0 
and that makes listing work groups with svn still impossible ;( 
 
examples/libsmbclient/testbrowse: 
 
nmb packet from 10.10.103.204(137) header: id=9011 opcode=Query(0) response=Yes 
    header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes 
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 
    answers: nmb_name=MSHEIMNETZ<1d> rr_type=32 rr_class=1 ttl=300000 
    answers   0 char `...g.   hex 60000A0A67CC 
Got a positive name query response from 10.10.103.204 ( 10.10.103.204 ) 
found master browser MSHEIMNETZ, 10.10.103.204 
Connecting to host=10.10.103.204 share=IPC$ 
Connecting to 10.10.103.204 at port 445 
Serverzone is -7200 
Doing spnego session setup (blob length=16) 
server didn't supply a full spnego negprot 
using workgroup MSHEIMNETZ 10.10.103.204 
smbc_server: server_n=[10.10.103.204] server=[10.10.103.204] 
 -> server_n=[10.10.103.204] server=[10.10.103.204] 
Connecting to 10.10.103.204 at port 445 
 session request ok 
Doing spnego session setup (blob length=16) 
server didn't supply a full spnego negprot 
 session setup ok 
 tconx ok 
Server connect ok: //10.10.103.204/IPC$: 0x8123bf0 
Could not open [smb://] (0:Success) 
 
So it still tries port 445 first and then finds out, that this doesn't work 
(huch!) and for that it returns the perfect errno: 0. 
 
Comment 3 Stephan Kulow 2004-05-05 04:36:03 UTC
Hmm, it seems testbrowse was using an older version, now I get a different 
error: 
 
Could not open [smb://] (101:Network is unreachable) 
 
Debugging 
Comment 4 Stephan Kulow 2004-05-05 06:01:26 UTC
Adding some quite some debug output, I found that it tries to look up my  
work group as WORKGROUP<20> because it took the 0x1d type from the response 
it got from the server ip as server name. I wonder why it did that, but this 
patch makes it query for the server name in the response. 
 
--- libsmb/libsmbclient.c       (revision 490) 
+++ libsmb/libsmbclient.c       (working copy) 
@@ -1902,8 +1902,8 @@ 
                      * the first choice and fall back to MSBROWSE if the 
                      * wildcard query fails. 
                      */ 
-                   if (!name_status_find("*", 0, 0x1d, server_ip, server) && 
-                        !name_status_find(MSBROWSE, 1, 0x1d, server_ip, 
server)) { 
+                   if (!name_status_find("*", 0, 0x20, server_ip, server) && 
+                        !name_status_find(MSBROWSE, 1, 0x1b, server_ip, 
server)) { 
                        errno = ENOENT; 
                        return NULL; 
                    } 
 
Comment 5 Stephan Kulow 2004-05-05 06:11:56 UTC
I checked and the commit introducing that was 1.79 in cvs and it's marked in 
the commit log as untested. Now I'm puzzled what's the right thing to do here ;
( 
 
-                   if (!name_status_find("*", 0, 0, server_ip, server)) { 
+                    /* 
+                     * Do a name status query to find out the name of the 
+                     * master browser.  We use <01><02>__MSBROWSE__<02>#01 if 
+                     * *#00 fails because a domain master browser will not 
+                     * respond to a wildcard query (or, at least, an NT4 
+                     * server acting as the domain master browser will not). 
+                     * 
+                     * We might be able to use ONLY the query on MSBROWSE, but 
+                     * that's not yet been tested with all Windows versions, 
+                     * so until it is, leave the original wildcard query as 
+                     * the first choice and fall back to MSBROWSE if the 
+                     * wildcard query fails. 
+                     */ 
+                   if (!name_status_find("*", 0, 0x1d, server_ip, server) && 
+                        !name_status_find(MSBROWSE, 1, 0x1d, server_ip, 
server)) { 
 
Comment 6 Richard Sharpe 2004-05-05 09:31:25 UTC
Hmmm, I am not sure what the confusion is, but the current approach looks OK.
Comment 7 Stephan Kulow 2004-05-06 00:17:11 UTC
it queries for <1d> on the server IP and gets the work group name and then 
tries to do a nmb_lookup for <20> with that name - which of course doesn't 
return anything. 
 
This is a critical bug as with this change in samba 3.0.3, it's basically 
impossible to use smb:// ;( 
Comment 8 Richard Sharpe 2004-05-06 23:34:19 UTC
OK,

I am willing to believe that the following should work:

--- libsmb/libsmbclient.c       (revision 490) 
+++ libsmb/libsmbclient.c       (working copy) 
@@ -1902,8 +1902,8 @@ 
                      * the first choice and fall back to MSBROWSE if the 
                      * wildcard query fails. 
                      */ 
-                   if (!name_status_find("*", 0, 0x1d, server_ip, server) && 
-                        !name_status_find(MSBROWSE, 1, 0x1d, server_ip, 
server)) { 
+                   if (!name_status_find("*", 0, 0x20, server_ip, server) && 
+                        !name_status_find(MSBROWSE, 1, 0x1b, server_ip, 
server)) { 
                        errno = ENOENT; 
                        return NULL; 
                    } 

Because looking for the name of "*" against a 0x1d name does not make any sense 

Can I confirm that what you are saying is that change the name type to 0x20
above makes things work?
Comment 9 Stephan Kulow 2004-05-07 02:58:22 UTC
I don't see the difference to my patch in #4 - but yes only the 1d->20 change 
is important 
Comment 10 Stephan Kulow 2004-05-08 01:59:30 UTC
it's fixed in r559 - so if someone could hit the resolve option :) 
Comment 11 Lars Müller 2004-05-08 06:17:38 UTC
Marked as fixed on request of Stephan.  Thanks.
Comment 12 Richard Sharpe 2004-05-08 09:05:00 UTC
Perhaps we can also mark it as verified?
Comment 13 Gerald (Jerry) Carter (dead mail address) 2005-02-07 09:05:44 UTC
originally reported against one of the 3.0.0rc[1-4] releases.
Cleaning up non-production versions.
Comment 14 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:24:42 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
Comment 15 Gerald (Jerry) Carter (dead mail address) 2005-11-14 09:28:37 UTC
database cleanup