[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Fri Jun 22 07:04:02 MDT 2012
The branch, master has been updated
via ea74131 selftest/knownfail: mark ^samba4.raw.session.expire1 as knownfail
via 9c44f40 s4:torture/raw: add raw.session.expire1
via b40fa94 s3:smbd: fix warning in smbd_tevent_trace_callback() without profile support
via ad82c52 s3:serverid: don't ignore the result of dbwrap_parse_record()
from 31ad4d7 s4:torture/smb2: run smb2.session.reauth5 in a subdirectory
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit ea74131dc88e5fd0baf587cd6469a089cdc919a3
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 22 12:58:04 2012 +0200
selftest/knownfail: mark ^samba4.raw.session.expire1 as knownfail
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Jun 22 15:03:16 CEST 2012 on sn-devel-104
commit 9c44f40b8d3eb9ca87bca4367e7ceb7c1198a7f1
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 22 11:02:39 2012 +0200
s4:torture/raw: add raw.session.expire1
This demonstrates the interaction of CAP_DYNAMIC_REAUTH
and NT_STATUS_NETWORK_SESSION_EXPIRED.
metze
commit b40fa9436010a434ba7deb98ec9ed24b4900309a
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 22 12:10:00 2012 +0200
s3:smbd: fix warning in smbd_tevent_trace_callback() without profile support
metze
commit ad82c52db0a057ddb1c463f136d7ff0260d780d0
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 22 12:20:54 2012 +0200
s3:serverid: don't ignore the result of dbwrap_parse_record()
metze
-----------------------------------------------------------------------
Summary of changes:
selftest/knownfail | 1 +
source3/lib/serverid.c | 7 ++-
source3/smbd/process.c | 5 +
source4/torture/raw/session.c | 200 +++++++++++++++++++++++++++++++++++++++++
4 files changed, 212 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/knownfail b/selftest/knownfail
index 16fd77c..4206aa7 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -48,6 +48,7 @@
^samba4..*base.delete.*.deltest20a
^samba4..*base.delete.*.deltest20b
^samba4.raw.session.reauth
+^samba4.raw.session.expire1
^samba4.raw.rename.*.osxrename
^samba4.raw.rename.*.directory rename
^samba4.rpc.winreg.*security
diff --git a/source3/lib/serverid.c b/source3/lib/serverid.c
index 0033d60..4e31756 100644
--- a/source3/lib/serverid.c
+++ b/source3/lib/serverid.c
@@ -311,6 +311,7 @@ bool serverids_exist(const struct server_id *ids, int num_ids, bool *results)
struct serverid_exists_state state;
struct serverid_key key;
TDB_DATA tdbkey;
+ NTSTATUS status;
if (ids[i].unique_id == SERVERID_UNIQUE_ID_NOT_TO_VERIFY) {
results[i] = true;
@@ -325,7 +326,11 @@ bool serverids_exist(const struct server_id *ids, int num_ids, bool *results)
state.id = &ids[i];
state.exists = false;
- dbwrap_parse_record(db, tdbkey, server_exists_parse, &state);
+ status = dbwrap_parse_record(db, tdbkey, server_exists_parse, &state);
+ if (!NT_STATUS_IS_OK(status)) {
+ results[i] = false;
+ continue;
+ }
results[i] = state.exists;
}
return true;
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 465f429..77c4804 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -3172,6 +3172,11 @@ static void smbd_tevent_trace_callback(enum tevent_trace_point point,
switch (point) {
case TEVENT_TRACE_BEFORE_WAIT:
+ /*
+ * This just removes compiler warning
+ * without profile support
+ */
+ conn->smbd_idle_profstamp = 0;
START_PROFILE_STAMP(smbd_idle, conn->smbd_idle_profstamp);
break;
case TEVENT_TRACE_AFTER_WAIT:
diff --git a/source4/torture/raw/session.c b/source4/torture/raw/session.c
index 21fb4da..5b5b782 100644
--- a/source4/torture/raw/session.c
+++ b/source4/torture/raw/session.c
@@ -26,6 +26,7 @@
#include "param/param.h"
#include "torture/util.h"
#include "auth/credentials/credentials.h"
+#include "libcli/resolve/resolve.h"
static bool test_session_reauth1(struct torture_context *tctx,
@@ -223,6 +224,204 @@ static bool test_session_reauth2(struct torture_context *tctx,
return true;
}
+static bool test_session_expire1(struct torture_context *tctx)
+{
+ NTSTATUS status;
+ bool ret = false;
+ struct smbcli_options options;
+ struct smbcli_session_options session_options;
+ const char *host = torture_setting_string(tctx, "host", NULL);
+ const char *share = torture_setting_string(tctx, "share", NULL);
+ struct cli_credentials *credentials = cmdline_credentials;
+ struct smbcli_state *cli = NULL;
+ enum credentials_use_kerberos use_kerberos;
+ char fname[256];
+ union smb_fileinfo qfinfo;
+ uint16_t vuid;
+ uint16_t fnum;
+ struct smb_composite_sesssetup io_sesssetup;
+ size_t i;
+
+ use_kerberos = cli_credentials_get_kerberos_state(credentials);
+ if (use_kerberos != CRED_MUST_USE_KERBEROS) {
+ torture_warning(tctx, "smb2.session.expire1 requires -k yes!");
+ torture_skip(tctx, "smb2.session.expire1 requires -k yes!");
+ }
+
+ torture_assert_int_equal(tctx, use_kerberos, CRED_MUST_USE_KERBEROS,
+ "please use -k yes");
+
+ lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=4");
+
+ lpcfg_smbcli_options(tctx->lp_ctx, &options);
+
+ lpcfg_smbcli_session_options(tctx->lp_ctx, &session_options);
+
+ status = smbcli_full_connection(tctx, &cli,
+ host,
+ lpcfg_smb_ports(tctx->lp_ctx),
+ share, NULL,
+ lpcfg_socket_options(tctx->lp_ctx),
+ credentials,
+ lpcfg_resolve_context(tctx->lp_ctx),
+ tctx->ev, &options, &session_options,
+ lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smbcli_full_connection failed");
+
+ vuid = cli->session->vuid;
+
+ /* Add some random component to the file name. */
+ snprintf(fname, 256, "session_expire1_%s.dat",
+ generate_random_str(tctx, 8));
+
+ smbcli_unlink(cli->tree, fname);
+
+ fnum = smbcli_nt_create_full(cli->tree, fname, 0,
+ SEC_RIGHTS_FILE_ALL,
+ FILE_ATTRIBUTE_NORMAL,
+ NTCREATEX_SHARE_ACCESS_NONE,
+ NTCREATEX_DISP_OPEN_IF,
+ NTCREATEX_OPTIONS_DELETE_ON_CLOSE,
+ 0);
+ torture_assert_ntstatus_ok_goto(tctx, smbcli_nt_error(cli->tree), ret,
+ done, "create file");
+ torture_assert_goto(tctx, fnum > 0, ret, done, "create file");
+
+ /* get the access information */
+
+ ZERO_STRUCT(qfinfo);
+
+ qfinfo.access_information.level = RAW_FILEINFO_ACCESS_INFORMATION;
+ qfinfo.access_information.in.file.fnum = fnum;
+
+ for (i=0; i < 2; i++) {
+ torture_comment(tctx, "query info => OK\n");
+ ZERO_STRUCT(qfinfo.access_information.out);
+ status = smb_raw_fileinfo(cli->tree, tctx, &qfinfo);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "raw_fileinfo failed");
+
+ torture_comment(tctx, "sleep 5 seconds\n");
+ smb_msleep(5*1000);
+ }
+
+ /*
+ * the krb5 library may not handle expired creds
+ * well, lets start with an empty ccache.
+ */
+ cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
+
+ /*
+ * now with CAP_DYNAMIC_REAUTH
+ *
+ * This should trigger NT_STATUS_NETWORK_SESSION_EXPIRED
+ */
+ ZERO_STRUCT(io_sesssetup);
+ io_sesssetup.in.sesskey = cli->transport->negotiate.sesskey;
+ io_sesssetup.in.capabilities = cli->transport->negotiate.capabilities;
+ io_sesssetup.in.capabilities |= CAP_DYNAMIC_REAUTH;
+ io_sesssetup.in.credentials = credentials;
+ io_sesssetup.in.workgroup = lpcfg_workgroup(tctx->lp_ctx);
+ io_sesssetup.in.gensec_settings = lpcfg_gensec_settings(tctx,
+ tctx->lp_ctx);
+
+ torture_comment(tctx, "reauth with CAP_DYNAMIC_REAUTH => OK\n");
+ ZERO_STRUCT(io_sesssetup.out);
+ status = smb_composite_sesssetup(cli->session, &io_sesssetup);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "reauth failed");
+ torture_assert_int_equal_goto(tctx, io_sesssetup.out.vuid, vuid,
+ ret, done, "reauth");
+
+ for (i=0; i < 2; i++) {
+ torture_comment(tctx, "query info => OK\n");
+ ZERO_STRUCT(qfinfo.access_information.out);
+ status = smb_raw_fileinfo(cli->tree, tctx, &qfinfo);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "raw_fileinfo failed");
+
+ torture_comment(tctx, "sleep 5 seconds\n");
+ smb_msleep(5*1000);
+
+ torture_comment(tctx, "query info => EXPIRED\n");
+ ZERO_STRUCT(qfinfo.access_information.out);
+ status = smb_raw_fileinfo(cli->tree, tctx, &qfinfo);
+ torture_assert_ntstatus_equal_goto(tctx, status,
+ NT_STATUS_NETWORK_SESSION_EXPIRED,
+ ret, done, "raw_fileinfo expired");
+
+ /*
+ * the krb5 library may not handle expired creds
+ * well, lets start with an empty ccache.
+ */
+ cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
+
+ torture_comment(tctx, "reauth with CAP_DYNAMIC_REAUTH => OK\n");
+ ZERO_STRUCT(io_sesssetup.out);
+ status = smb_composite_sesssetup(cli->session, &io_sesssetup);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "reauth failed");
+ torture_assert_int_equal_goto(tctx, io_sesssetup.out.vuid, vuid,
+ ret, done, "reauth");
+ }
+
+ torture_comment(tctx, "query info => OK\n");
+ ZERO_STRUCT(qfinfo.access_information.out);
+ status = smb_raw_fileinfo(cli->tree, tctx, &qfinfo);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "raw_fileinfo failed");
+
+ /*
+ * the krb5 library may not handle expired creds
+ * well, lets start with an empty ccache.
+ */
+ cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
+
+ /*
+ * now without CAP_DYNAMIC_REAUTH
+ *
+ * This should not trigger NT_STATUS_NETWORK_SESSION_EXPIRED
+ */
+ torture_comment(tctx, "reauth without CAP_DYNAMIC_REAUTH => OK\n");
+ io_sesssetup.in.capabilities &= ~CAP_DYNAMIC_REAUTH;
+
+ ZERO_STRUCT(io_sesssetup.out);
+ status = smb_composite_sesssetup(cli->session, &io_sesssetup);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "reauth failed");
+ torture_assert_int_equal_goto(tctx, io_sesssetup.out.vuid, vuid,
+ ret, done, "reauth");
+
+ for (i=0; i < 2; i++) {
+ torture_comment(tctx, "query info => OK\n");
+
+ ZERO_STRUCT(qfinfo.access_information.out);
+ status = smb_raw_fileinfo(cli->tree, tctx, &qfinfo);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "raw_fileinfo failed");
+
+ torture_comment(tctx, "sleep 5 seconds\n");
+ smb_msleep(5*1000);
+ }
+
+ torture_comment(tctx, "query info => OK\n");
+ ZERO_STRUCT(qfinfo.access_information.out);
+ status = smb_raw_fileinfo(cli->tree, tctx, &qfinfo);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "raw_fileinfo failed");
+
+ ret = true;
+done:
+ if (fnum > 0) {
+ smbcli_close(cli->tree, fnum);
+ }
+
+ talloc_free(cli);
+ lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=0");
+ return ret;
+}
+
struct torture_suite *torture_raw_session(TALLOC_CTX *mem_ctx)
{
struct torture_suite *suite = torture_suite_create(mem_ctx, "session");
@@ -230,6 +429,7 @@ struct torture_suite *torture_raw_session(TALLOC_CTX *mem_ctx)
torture_suite_add_1smb_test(suite, "reauth1", test_session_reauth1);
torture_suite_add_1smb_test(suite, "reauth2", test_session_reauth2);
+ torture_suite_add_simple_test(suite, "expire1", test_session_expire1);
return suite;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list