When we try a ChangePasswordUser3 against a NT4 DC, we generate a DCERPC request PDU with 1216 bytes. We fragment this at the SMB layer into a write request with 1024 bytes and a trans request with 192 bytes. This works fine with Windows 2000 and higher and also with Samba, but Windows NT4 returns NT_STATUS_PIPE_BUSY to the trans request. We need some research for the real fix. I guess we have to create a HACK to make it working at all...
Created attachment 6506 [details] Possible patch for master (needs testing) Günther, please test this patch against NT4, w2k and older samba versions and send me captures. (can I upload your captures, which demostrate the bug?) From reading the code this should work against samba, even against samba 2.0.0.
Günther any chance to get that tested for rc2?
Created attachment 6539 [details] Possible better patches for master (needs testing) Günther please test with this patch. Please also test rpcclient with spoolss, as well as the wbinfo change user password against NT4 and others. Please also use valgrind while testing. The first patch (1/3) which only changes the buffer size from 1024 to 4280 should be enough to fix the problem. But it would be ugly to have 8540 bytes just for buffer on a possible idle connection. As winbindd uses 3 ncacn_np_ip connections we would have 3*8540 bytes. So we better try to use dynamic buffers instead of fixed size buffers (patch 2/3). The 3rd patch (3/3) is trivial... metze
I've done some tests, the change itself look good. But there're bugs in the cli_trans_format() code, I have started a fix, but I need to clean it up.
Marking this as a blocker for now. As it discovered more problems with our cli_trans_send/recv code and other areas in libsmb/. I'll upload possible fixes later
Created attachment 6552 [details] Patch for the main problem (for v3-6) This patch only fixes one half of the problem, it depends on the following patches
Created attachment 6553 [details] Patch for the cli_trans and cli_read/write problems (for master) Volker, if you're fine with this changes, please push them to master and then attach the cherry-picked patches for v3-6-test to this bug, thanks!
Comment on attachment 6553 [details] Patch for the cli_trans and cli_read/write problems (for master) Jeremy, it would be nice if you could also have a look at this. Most of the problem was triggered by the small max_xmit of NT4 (4356), but in theory the problems can happen with each [nt]trans[2][s] call.
Comment on attachment 6553 [details] Patch for the cli_trans and cli_read/write problems (for master) Ok, went through really carefully and this looks good to me. I'll do more testing tomorrow morning before I go on vacation).
Comment on attachment 6553 [details] Patch for the cli_trans and cli_read/write problems (for master) Looks very good to me. Thanks!
Both patches have been pushed to master. Re-assigning to Karolin for inclusion in 3.6.0. Jeremy.
Hi Karo, please run the following to pick the required patches from "Patch for the cli_trans and cli_read/write problems (for master)" git cherry-pick -x fdfb5e95fee67bb7~15..fdfb5e95fee67bb7~1 (you can add the bug reference with git commit --amend then:-) Günther still needs to review the patches for the main problem...
Comment on attachment 6552 [details] Patch for the main problem (for v3-6) looks good, and tested. winbind properly falls back with this patch: Password change with chgpasswd_user3 failed with: NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE, retrying chgpasswd_user2
Karolin, please add the first patch to 3-6-test, thanks!
(In reply to comment #14) > Karolin, please add the first patch to 3-6-test, thanks! Pushed to v3-6-test.
(In reply to comment #12) > Hi Karo, > > please run the following to pick the required patches from > "Patch for the cli_trans and cli_read/write problems (for master)" > > git cherry-pick -x fdfb5e95fee67bb7~15..fdfb5e95fee67bb7~1 user@host:/data/git/samba/v3-6-test> git cherry-pick -x fdfb5e95fee67bb7~15..fdfb5e95fee67bb7~1 fatal: Cannot find 'fdfb5e95fee67bb7~15..fdfb5e95fee67bb7~1' I tried to cherry-pick the following commits manually: 49cdf171a5198495aead9ace43963e805331e20b 173fc258e443d97e4ea37f2bee99c21ad15ab484 a25936f1b1300a76b08a6bd435bd7ccc388279d5 3dd1ebd21ee99d130f6dd30326ddafe3f00a50d0 2ae565b681a6307886b888ee5b576c12916eb0db 428a86c92b5b35e28c7d6921f2999616cdc1bc20 6f7af1b0388d30c8a06c495713066b90ded00780 0a8fd50bd806e925a915c74cb86733481b2144f6 5146c9ba9df063d6611abe356f9262adb027b091 10bb088cf1e005fd047c09afcf6b5b8999d416fe 1dd24ac06a7472f53b06bc0aaa54cb22c8da0f78 5d06b2197b5fd95aaf0394d1bdba957bac6c3570 73128b7cc7f536f80072a19cb69527c53d9a6c2f f0ba1afe5f7dbafaf22c3028864de0f3910f675f fdfb5e95fee67bb7bb3942270031d9260e0505b0 The last one fails with conflicts. Could you please add a patch, please? Thanks!
Created attachment 6584 [details] Patch for the cli_trans and cli_read/write problems (for v3-6-test)
=> Karolin
Pushed to v3-6-test. Closing out bug report. Thanks!