[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-2192-g7c58a2f

Stefan Metzmacher metze at samba.org
Tue Jun 9 17:43:47 GMT 2009 

The branch, master has been updated
       via  7c58a2f23734f8931cb822f71277cac7bb7ffe35 (commit)
       via  8d9588390822745ad43f0df82b29704234c760b9 (commit)
       via  ebf5523b6e2ae00d820d2c2d31c2f24aab020f91 (commit)
      from  38cd0e086f50ce54d88a19aa5a6803469af90489 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 7c58a2f23734f8931cb822f71277cac7bb7ffe35
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Jun 9 18:13:53 2009 +0200

    SMB2-COMPOUND: add some tests for invalid requests
    
    TODO: check why the INVALID1 tests fails with --signing=required.
    
    metze

commit 8d9588390822745ad43f0df82b29704234c760b9
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Jun 9 19:32:30 2009 +0200

    s4:smb2srv: don't allow the related flag on the first request in a compounded chain
    
    metze

commit ebf5523b6e2ae00d820d2c2d31c2f24aab020f91
Author: Sam Liddicott <sam at liddicott.com>
Date:   Tue Jun 9 12:51:44 2009 +0100

    s4: smbcli_transport_send hit the socket right away if possible
    
    [Metze; "make test" on git master outputs exactly the same test summary
    with our without this patch (apart from the "using seed" lines)]
    
    If the transport socket is writable, then push the queue along
    rather than wait until the caller returns back to the tevent loop.
    
    This strategy keeps the sockets piping hot, and is particularly good
    for cases where reading requests from one socket causes lots of
    writes on another socket, or where lots of writes are made in a batch.
    
    It doesn't matter if the socket is not writeable yet, packet_queue_run
    will return quite cheaply in such a case.
    
    Signed-off-by: Sam Liddicott <sam at liddicott.com>
    Signed-off-by: Stefan Metzmacher <metze at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source4/libcli/raw/clitransport.c |    7 ++
 source4/smb_server/smb2/receive.c |    7 ++
 source4/torture/smb2/compound.c   |  201 +++++++++++++++++++++++++++++++++++++
 3 files changed, 215 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/libcli/raw/clitransport.c b/source4/libcli/raw/clitransport.c
index 0ced607..f5e81cd 100644
--- a/source4/libcli/raw/clitransport.c
+++ b/source4/libcli/raw/clitransport.c
@@ -593,6 +593,13 @@ void smbcli_transport_send(struct smbcli_request *req)
 		return;
 	}
 
+	packet_queue_run(req->transport->packet);
+	if (req->transport->socket->sock == NULL) {
+		req->state = SMBCLI_REQUEST_ERROR;
+		req->status = NT_STATUS_NET_WRITE_FAULT;
+		return;
+	}
+
 	if (req->one_way_request) {
 		req->state = SMBCLI_REQUEST_DONE;
 		smbcli_request_destroy(req);
diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c
index 16f888b..5ac01dc 100644
--- a/source4/smb_server/smb2/receive.c
+++ b/source4/smb_server/smb2/receive.c
@@ -470,6 +470,7 @@ NTSTATUS smbsrv_recv_smb2_request(void *private_data, DATA_BLOB blob)
 	uint32_t protocol_version;
 	uint16_t buffer_code;
 	uint32_t dynamic_size;
+	uint32_t flags;
 
 	smb_conn->statistics.last_request_time = cur_time;
 
@@ -543,6 +544,12 @@ NTSTATUS smbsrv_recv_smb2_request(void *private_data, DATA_BLOB blob)
 	 *       - make sure it's a request
 	 */
 
+	flags = IVAL(req->in.hdr, SMB2_HDR_FLAGS);
+	/* the first request should never have the related flag set */
+	if (flags & SMB2_HDR_FLAG_CHAINED) {
+		req->chain_status = NT_STATUS_INVALID_PARAMETER;
+	}
+
 	return smb2srv_reply(req);
 }
 
diff --git a/source4/torture/smb2/compound.c b/source4/torture/smb2/compound.c
index f92a669..00f6f33 100644
--- a/source4/torture/smb2/compound.c
+++ b/source4/torture/smb2/compound.c
@@ -227,6 +227,204 @@ done:
 	return ret;
 }
 
+static bool test_compound_invalid1(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	struct smb2_handle hd;
+	struct smb2_create cr;
+	NTSTATUS status;
+	const char *fname = "compound_invalid1.dat";
+	struct smb2_close cl;
+	bool ret = true;
+	struct smb2_request *req[2];
+	DATA_BLOB data;
+
+	smb2_transport_credits_ask_num(tree->session->transport, 2);
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_transport_credits_ask_num(tree->session->transport, 1);
+
+	ZERO_STRUCT(cr);
+	cr.in.security_flags		= 0x00;
+	cr.in.oplock_level		= 0;
+	cr.in.impersonation_level	= NTCREATEX_IMPERSONATION_IMPERSONATION;
+	cr.in.create_flags		= 0x00000000;
+	cr.in.reserved			= 0x00000000;
+	cr.in.desired_access		= SEC_RIGHTS_FILE_ALL;
+	cr.in.file_attributes		= FILE_ATTRIBUTE_NORMAL;
+	cr.in.share_access		= NTCREATEX_SHARE_ACCESS_READ |
+					  NTCREATEX_SHARE_ACCESS_WRITE |
+					  NTCREATEX_SHARE_ACCESS_DELETE;
+	cr.in.create_disposition	= NTCREATEX_DISP_OPEN_IF;
+	cr.in.create_options		= NTCREATEX_OPTIONS_SEQUENTIAL_ONLY |
+					  NTCREATEX_OPTIONS_ASYNC_ALERT	|
+					  NTCREATEX_OPTIONS_NON_DIRECTORY_FILE |
+					  0x00200000;
+	cr.in.fname			= fname;
+
+	smb2_transport_compound_start(tree->session->transport, 2);
+
+	/* passing the first request with the related flag is invalid */
+	smb2_transport_compound_set_related(tree->session->transport, true);
+
+	req[0] = smb2_create_send(tree, &cr);
+
+	hd.data[0] = UINT64_MAX;
+	hd.data[1] = UINT64_MAX;
+
+	ZERO_STRUCT(cl);
+	cl.in.file.handle = hd;
+	req[1] = smb2_close_send(tree, &cl);
+
+	status = smb2_create_recv(req[0], tree, &cr);
+	/* TODO: check why this fails with --signing=required */
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+	status = smb2_close_recv(req[1], &cl);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	smb2_util_unlink(tree, fname);
+done:
+	return ret;
+}
+
+static bool test_compound_invalid2(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	struct smb2_handle hd;
+	struct smb2_create cr;
+	NTSTATUS status;
+	const char *fname = "compound_invalid2.dat";
+	struct smb2_close cl;
+	bool ret = true;
+	struct smb2_request *req[5];
+
+	smb2_transport_credits_ask_num(tree->session->transport, 5);
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_transport_credits_ask_num(tree->session->transport, 1);
+
+	ZERO_STRUCT(cr);
+	cr.in.security_flags		= 0x00;
+	cr.in.oplock_level		= 0;
+	cr.in.impersonation_level	= NTCREATEX_IMPERSONATION_IMPERSONATION;
+	cr.in.create_flags		= 0x00000000;
+	cr.in.reserved			= 0x00000000;
+	cr.in.desired_access		= SEC_RIGHTS_FILE_ALL;
+	cr.in.file_attributes		= FILE_ATTRIBUTE_NORMAL;
+	cr.in.share_access		= NTCREATEX_SHARE_ACCESS_READ |
+					  NTCREATEX_SHARE_ACCESS_WRITE |
+					  NTCREATEX_SHARE_ACCESS_DELETE;
+	cr.in.create_disposition	= NTCREATEX_DISP_OPEN_IF;
+	cr.in.create_options		= NTCREATEX_OPTIONS_SEQUENTIAL_ONLY |
+					  NTCREATEX_OPTIONS_ASYNC_ALERT	|
+					  NTCREATEX_OPTIONS_NON_DIRECTORY_FILE |
+					  0x00200000;
+	cr.in.fname			= fname;
+
+	smb2_transport_compound_start(tree->session->transport, 5);
+
+	req[0] = smb2_create_send(tree, &cr);
+
+	hd.data[0] = UINT64_MAX;
+	hd.data[1] = UINT64_MAX;
+
+	smb2_transport_compound_set_related(tree->session->transport, true);
+
+	ZERO_STRUCT(cl);
+	cl.in.file.handle = hd;
+	req[1] = smb2_close_send(tree, &cl);
+	/* strange that this is not generating invalid parameter */
+	smb2_transport_compound_set_related(tree->session->transport, false);
+	req[2] = smb2_close_send(tree, &cl);
+	req[3] = smb2_close_send(tree, &cl);
+	smb2_transport_compound_set_related(tree->session->transport, true);
+	req[4] = smb2_close_send(tree, &cl);
+
+	status = smb2_create_recv(req[0], tree, &cr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_close_recv(req[1], &cl);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_close_recv(req[2], &cl);
+	CHECK_STATUS(status, NT_STATUS_FILE_CLOSED);
+	status = smb2_close_recv(req[3], &cl);
+	CHECK_STATUS(status, NT_STATUS_FILE_CLOSED);
+	status = smb2_close_recv(req[4], &cl);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	smb2_util_unlink(tree, fname);
+done:
+	return ret;
+}
+
+static bool test_compound_invalid3(struct torture_context *tctx,
+				   struct smb2_tree *tree)
+{
+	struct smb2_handle hd;
+	struct smb2_create cr;
+	NTSTATUS status;
+	const char *fname = "compound_invalid3.dat";
+	struct smb2_close cl;
+	bool ret = true;
+	struct smb2_request *req[5];
+
+	smb2_transport_credits_ask_num(tree->session->transport, 5);
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_transport_credits_ask_num(tree->session->transport, 1);
+
+	ZERO_STRUCT(cr);
+	cr.in.security_flags		= 0x00;
+	cr.in.oplock_level		= 0;
+	cr.in.impersonation_level	= NTCREATEX_IMPERSONATION_IMPERSONATION;
+	cr.in.create_flags		= 0x00000000;
+	cr.in.reserved			= 0x00000000;
+	cr.in.desired_access		= SEC_RIGHTS_FILE_ALL;
+	cr.in.file_attributes		= FILE_ATTRIBUTE_NORMAL;
+	cr.in.share_access		= NTCREATEX_SHARE_ACCESS_READ |
+					  NTCREATEX_SHARE_ACCESS_WRITE |
+					  NTCREATEX_SHARE_ACCESS_DELETE;
+	cr.in.create_disposition	= NTCREATEX_DISP_OPEN_IF;
+	cr.in.create_options		= NTCREATEX_OPTIONS_SEQUENTIAL_ONLY |
+					  NTCREATEX_OPTIONS_ASYNC_ALERT	|
+					  NTCREATEX_OPTIONS_NON_DIRECTORY_FILE |
+					  0x00200000;
+	cr.in.fname			= fname;
+
+	smb2_transport_compound_start(tree->session->transport, 5);
+
+	req[0] = smb2_create_send(tree, &cr);
+
+	hd.data[0] = UINT64_MAX;
+	hd.data[1] = UINT64_MAX;
+
+	ZERO_STRUCT(cl);
+	cl.in.file.handle = hd;
+	req[1] = smb2_close_send(tree, &cl);
+	req[2] = smb2_close_send(tree, &cl);
+	/* flipping the related flag is invalid */
+	smb2_transport_compound_set_related(tree->session->transport, true);
+	req[3] = smb2_close_send(tree, &cl);
+	req[4] = smb2_close_send(tree, &cl);
+
+	status = smb2_create_recv(req[0], tree, &cr);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	status = smb2_close_recv(req[1], &cl);
+	CHECK_STATUS(status, NT_STATUS_FILE_CLOSED);
+	status = smb2_close_recv(req[2], &cl);
+	CHECK_STATUS(status, NT_STATUS_FILE_CLOSED);
+	status = smb2_close_recv(req[3], &cl);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+	status = smb2_close_recv(req[4], &cl);
+	CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
+
+	smb2_util_unlink(tree, fname);
+done:
+	return ret;
+}
+
 struct torture_suite *torture_smb2_compound_init(void)
 {
 	struct torture_suite *suite =
@@ -235,6 +433,9 @@ struct torture_suite *torture_smb2_compound_init(void)
 	torture_suite_add_1smb2_test(suite, "RELATED1", test_compound_related1);
 	torture_suite_add_1smb2_test(suite, "RELATED2", test_compound_related2);
 	torture_suite_add_1smb2_test(suite, "UNRELATED1", test_compound_unrelated1);
+	torture_suite_add_1smb2_test(suite, "INVALID1", test_compound_invalid1);
+	torture_suite_add_1smb2_test(suite, "INVALID2", test_compound_invalid2);
+	torture_suite_add_1smb2_test(suite, "INVALID3", test_compound_invalid3);
 
 	suite->description = talloc_strdup(suite, "SMB2-COMPOUND tests");
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list