[SCM] Samba Shared Repository - branch master updated

Stefan Metzmacher metze at samba.org
Fri Jun 22 07:04:02 MDT 2012 

The branch, master has been updated
       via  ea74131 selftest/knownfail: mark ^samba4.raw.session.expire1 as knownfail
       via  9c44f40 s4:torture/raw: add raw.session.expire1
       via  b40fa94 s3:smbd: fix warning in smbd_tevent_trace_callback() without profile support
       via  ad82c52 s3:serverid: don't ignore the result of dbwrap_parse_record()
      from  31ad4d7 s4:torture/smb2: run smb2.session.reauth5 in a subdirectory

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit ea74131dc88e5fd0baf587cd6469a089cdc919a3
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Jun 22 12:58:04 2012 +0200

    selftest/knownfail: mark ^samba4.raw.session.expire1 as knownfail
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Fri Jun 22 15:03:16 CEST 2012 on sn-devel-104

commit 9c44f40b8d3eb9ca87bca4367e7ceb7c1198a7f1
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Jun 22 11:02:39 2012 +0200

    s4:torture/raw: add raw.session.expire1
    
    This demonstrates the interaction of CAP_DYNAMIC_REAUTH
    and NT_STATUS_NETWORK_SESSION_EXPIRED.
    
    metze

commit b40fa9436010a434ba7deb98ec9ed24b4900309a
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Jun 22 12:10:00 2012 +0200

    s3:smbd: fix warning in smbd_tevent_trace_callback() without profile support
    
    metze

commit ad82c52db0a057ddb1c463f136d7ff0260d780d0
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Jun 22 12:20:54 2012 +0200

    s3:serverid: don't ignore the result of dbwrap_parse_record()
    
    metze

-----------------------------------------------------------------------

Summary of changes:
 selftest/knownfail            |    1 +
 source3/lib/serverid.c        |    7 ++-
 source3/smbd/process.c        |    5 +
 source4/torture/raw/session.c |  200 +++++++++++++++++++++++++++++++++++++++++
 4 files changed, 212 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/selftest/knownfail b/selftest/knownfail
index 16fd77c..4206aa7 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -48,6 +48,7 @@
 ^samba4..*base.delete.*.deltest20a
 ^samba4..*base.delete.*.deltest20b
 ^samba4.raw.session.reauth
+^samba4.raw.session.expire1
 ^samba4.raw.rename.*.osxrename
 ^samba4.raw.rename.*.directory rename
 ^samba4.rpc.winreg.*security
diff --git a/source3/lib/serverid.c b/source3/lib/serverid.c
index 0033d60..4e31756 100644
--- a/source3/lib/serverid.c
+++ b/source3/lib/serverid.c
@@ -311,6 +311,7 @@ bool serverids_exist(const struct server_id *ids, int num_ids, bool *results)
 		struct serverid_exists_state state;
 		struct serverid_key key;
 		TDB_DATA tdbkey;
+		NTSTATUS status;
 
 		if (ids[i].unique_id == SERVERID_UNIQUE_ID_NOT_TO_VERIFY) {
 			results[i] = true;
@@ -325,7 +326,11 @@ bool serverids_exist(const struct server_id *ids, int num_ids, bool *results)
 
 		state.id = &ids[i];
 		state.exists = false;
-		dbwrap_parse_record(db, tdbkey, server_exists_parse, &state);
+		status = dbwrap_parse_record(db, tdbkey, server_exists_parse, &state);
+		if (!NT_STATUS_IS_OK(status)) {
+			results[i] = false;
+			continue;
+		}
 		results[i] = state.exists;
 	}
 	return true;
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 465f429..77c4804 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -3172,6 +3172,11 @@ static void smbd_tevent_trace_callback(enum tevent_trace_point point,
 
 	switch (point) {
 	case TEVENT_TRACE_BEFORE_WAIT:
+		/*
+		 * This just removes compiler warning
+		 * without profile support
+		 */
+		conn->smbd_idle_profstamp = 0;
 		START_PROFILE_STAMP(smbd_idle, conn->smbd_idle_profstamp);
 		break;
 	case TEVENT_TRACE_AFTER_WAIT:
diff --git a/source4/torture/raw/session.c b/source4/torture/raw/session.c
index 21fb4da..5b5b782 100644
--- a/source4/torture/raw/session.c
+++ b/source4/torture/raw/session.c
@@ -26,6 +26,7 @@
 #include "param/param.h"
 #include "torture/util.h"
 #include "auth/credentials/credentials.h"
+#include "libcli/resolve/resolve.h"
 
 
 static bool test_session_reauth1(struct torture_context *tctx,
@@ -223,6 +224,204 @@ static bool test_session_reauth2(struct torture_context *tctx,
 	return true;
 }
 
+static bool test_session_expire1(struct torture_context *tctx)
+{
+	NTSTATUS status;
+	bool ret = false;
+	struct smbcli_options options;
+	struct smbcli_session_options session_options;
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	struct cli_credentials *credentials = cmdline_credentials;
+	struct smbcli_state *cli = NULL;
+	enum credentials_use_kerberos use_kerberos;
+	char fname[256];
+	union smb_fileinfo qfinfo;
+	uint16_t vuid;
+	uint16_t fnum;
+	struct smb_composite_sesssetup io_sesssetup;
+	size_t i;
+
+	use_kerberos = cli_credentials_get_kerberos_state(credentials);
+	if (use_kerberos != CRED_MUST_USE_KERBEROS) {
+		torture_warning(tctx, "smb2.session.expire1 requires -k yes!");
+		torture_skip(tctx, "smb2.session.expire1 requires -k yes!");
+	}
+
+	torture_assert_int_equal(tctx, use_kerberos, CRED_MUST_USE_KERBEROS,
+				 "please use -k yes");
+
+	lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=4");
+
+	lpcfg_smbcli_options(tctx->lp_ctx, &options);
+
+	lpcfg_smbcli_session_options(tctx->lp_ctx, &session_options);
+
+	status = smbcli_full_connection(tctx, &cli,
+					host,
+					lpcfg_smb_ports(tctx->lp_ctx),
+					share, NULL,
+					lpcfg_socket_options(tctx->lp_ctx),
+					credentials,
+					lpcfg_resolve_context(tctx->lp_ctx),
+					tctx->ev, &options, &session_options,
+					lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smbcli_full_connection failed");
+
+	vuid = cli->session->vuid;
+
+	/* Add some random component to the file name. */
+	snprintf(fname, 256, "session_expire1_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smbcli_unlink(cli->tree, fname);
+
+	fnum = smbcli_nt_create_full(cli->tree, fname, 0,
+				     SEC_RIGHTS_FILE_ALL,
+				     FILE_ATTRIBUTE_NORMAL,
+				     NTCREATEX_SHARE_ACCESS_NONE,
+				     NTCREATEX_DISP_OPEN_IF,
+				     NTCREATEX_OPTIONS_DELETE_ON_CLOSE,
+				     0);
+	torture_assert_ntstatus_ok_goto(tctx, smbcli_nt_error(cli->tree), ret,
+					done, "create file");
+	torture_assert_goto(tctx, fnum > 0, ret, done, "create file");
+
+	/* get the access information */
+
+	ZERO_STRUCT(qfinfo);
+
+	qfinfo.access_information.level = RAW_FILEINFO_ACCESS_INFORMATION;
+	qfinfo.access_information.in.file.fnum = fnum;
+
+	for (i=0; i < 2; i++) {
+		torture_comment(tctx, "query info => OK\n");
+		ZERO_STRUCT(qfinfo.access_information.out);
+		status = smb_raw_fileinfo(cli->tree, tctx, &qfinfo);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"raw_fileinfo failed");
+
+		torture_comment(tctx, "sleep 5 seconds\n");
+		smb_msleep(5*1000);
+	}
+
+	/*
+	 * the krb5 library may not handle expired creds
+	 * well, lets start with an empty ccache.
+	 */
+	cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
+
+	/*
+	 * now with CAP_DYNAMIC_REAUTH
+	 *
+	 * This should trigger NT_STATUS_NETWORK_SESSION_EXPIRED
+	 */
+	ZERO_STRUCT(io_sesssetup);
+	io_sesssetup.in.sesskey      = cli->transport->negotiate.sesskey;
+	io_sesssetup.in.capabilities = cli->transport->negotiate.capabilities;
+	io_sesssetup.in.capabilities |= CAP_DYNAMIC_REAUTH;
+	io_sesssetup.in.credentials  = credentials;
+	io_sesssetup.in.workgroup    = lpcfg_workgroup(tctx->lp_ctx);
+	io_sesssetup.in.gensec_settings = lpcfg_gensec_settings(tctx,
+							tctx->lp_ctx);
+
+	torture_comment(tctx, "reauth with CAP_DYNAMIC_REAUTH => OK\n");
+	ZERO_STRUCT(io_sesssetup.out);
+	status = smb_composite_sesssetup(cli->session, &io_sesssetup);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"reauth failed");
+	torture_assert_int_equal_goto(tctx, io_sesssetup.out.vuid, vuid,
+				      ret, done, "reauth");
+
+	for (i=0; i < 2; i++) {
+		torture_comment(tctx, "query info => OK\n");
+		ZERO_STRUCT(qfinfo.access_information.out);
+		status = smb_raw_fileinfo(cli->tree, tctx, &qfinfo);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"raw_fileinfo failed");
+
+		torture_comment(tctx, "sleep 5 seconds\n");
+		smb_msleep(5*1000);
+
+		torture_comment(tctx, "query info => EXPIRED\n");
+		ZERO_STRUCT(qfinfo.access_information.out);
+		status = smb_raw_fileinfo(cli->tree, tctx, &qfinfo);
+		torture_assert_ntstatus_equal_goto(tctx, status,
+					NT_STATUS_NETWORK_SESSION_EXPIRED,
+					ret, done, "raw_fileinfo expired");
+
+		/*
+		 * the krb5 library may not handle expired creds
+		 * well, lets start with an empty ccache.
+		 */
+		cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
+
+		torture_comment(tctx, "reauth with CAP_DYNAMIC_REAUTH => OK\n");
+		ZERO_STRUCT(io_sesssetup.out);
+		status = smb_composite_sesssetup(cli->session, &io_sesssetup);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"reauth failed");
+		torture_assert_int_equal_goto(tctx, io_sesssetup.out.vuid, vuid,
+					      ret, done, "reauth");
+	}
+
+	torture_comment(tctx, "query info => OK\n");
+	ZERO_STRUCT(qfinfo.access_information.out);
+	status = smb_raw_fileinfo(cli->tree, tctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"raw_fileinfo failed");
+
+	/*
+	 * the krb5 library may not handle expired creds
+	 * well, lets start with an empty ccache.
+	 */
+	cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
+
+	/*
+	 * now without CAP_DYNAMIC_REAUTH
+	 *
+	 * This should not trigger NT_STATUS_NETWORK_SESSION_EXPIRED
+	 */
+	torture_comment(tctx, "reauth without CAP_DYNAMIC_REAUTH => OK\n");
+	io_sesssetup.in.capabilities &= ~CAP_DYNAMIC_REAUTH;
+
+	ZERO_STRUCT(io_sesssetup.out);
+	status = smb_composite_sesssetup(cli->session, &io_sesssetup);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"reauth failed");
+	torture_assert_int_equal_goto(tctx, io_sesssetup.out.vuid, vuid,
+				      ret, done, "reauth");
+
+	for (i=0; i < 2; i++) {
+		torture_comment(tctx, "query info => OK\n");
+
+		ZERO_STRUCT(qfinfo.access_information.out);
+		status = smb_raw_fileinfo(cli->tree, tctx, &qfinfo);
+		torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+						"raw_fileinfo failed");
+
+		torture_comment(tctx, "sleep 5 seconds\n");
+		smb_msleep(5*1000);
+	}
+
+	torture_comment(tctx, "query info => OK\n");
+	ZERO_STRUCT(qfinfo.access_information.out);
+	status = smb_raw_fileinfo(cli->tree, tctx, &qfinfo);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"raw_fileinfo failed");
+
+	ret = true;
+done:
+	if (fnum > 0) {
+		smbcli_close(cli->tree, fnum);
+	}
+
+	talloc_free(cli);
+	lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=0");
+	return ret;
+}
+
 struct torture_suite *torture_raw_session(TALLOC_CTX *mem_ctx)
 {
 	struct torture_suite *suite = torture_suite_create(mem_ctx, "session");
@@ -230,6 +429,7 @@ struct torture_suite *torture_raw_session(TALLOC_CTX *mem_ctx)
 
 	torture_suite_add_1smb_test(suite, "reauth1", test_session_reauth1);
 	torture_suite_add_1smb_test(suite, "reauth2", test_session_reauth2);
+	torture_suite_add_simple_test(suite, "expire1", test_session_expire1);
 
 	return suite;
 }


-- 
Samba Shared Repository

More information about the samba-cvs mailing list