[SCM] Samba Shared Repository - branch v4-9-test updated
Karolin Seeger
kseeger at samba.org
Tue Dec 4 16:28:02 UTC 2018
The branch, v4-9-test has been updated
via b2ef0e08a9b CVE-2018-16853: fix crash in expired passowrd case
via a26e6160b33 CVE-2018-16853: Do not segfault if client is not set
via a2f4d49c1c5 CVE-2018-16853: Add a test to verify s4u2self doesn't crash
via 09f9bb28371 CVE-2018-16853: The ticket in check_policy_as can actually be a TGS
via d2a6e3e1bb4 CVE-2018-16853: Fix kinit test on system lacking ldbsearch
via 2332c99cba7 libcli/smb: don't overwrite status code
via 739ce2c7335 s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works
via f678c6f06f0 ldb_controls: Add some talloc error checking for controls
via f4105adc285 sync_passwords: Remove dirsync cookie logging for continuous operation
via 517df6d3da3 dirsync: Allow arbitrary length cookies
via a816ca4004a PEP8: fix E231: missing whitespace after ','
from b3d376b7d4d VERSION: Bump version up to 4.9.4.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test
- Log -----------------------------------------------------------------
commit b2ef0e08a9beda7231629dce6875a8c37360acf8
Author: Isaac Boukris <iboukris at gmail.com>
Date: Wed Nov 7 22:53:35 2018 +0200
CVE-2018-16853: fix crash in expired passowrd case
When calling encode_krb5_padata_sequence() make sure to
pass a null terminated array as required.
Fixes expired passowrd case in samba4.blackbox.kinit test.
Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Tue Dec 4 17:27:18 CET 2018 on sn-devel-144
commit a26e6160b3361f02d9d91f04114b8a03adf11780
Author: Andreas Schneider <asn at samba.org>
Date: Wed Sep 28 07:22:32 2016 +0200
CVE-2018-16853: Do not segfault if client is not set
This can be triggered with FAST but we don't support this yet.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit a2f4d49c1c545d9a64d34d0413f3e840d8f109f6
Author: Isaac Boukris <iboukris at gmail.com>
Date: Sat Aug 18 16:01:59 2018 +0300
CVE-2018-16853: Add a test to verify s4u2self doesn't crash
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571
Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 09f9bb2837180ca27085b27aa636bfbae975f294
Author: Isaac Boukris <iboukris at gmail.com>
Date: Sat Aug 18 00:40:30 2018 +0300
CVE-2018-16853: The ticket in check_policy_as can actually be a TGS
This happens when we are called from S4U2Self flow, and in that case
kdcreq->client is NULL. Use the name from client entry instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571
Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit d2a6e3e1bb4609224fc9316abaaa156b3f71cb34
Author: Isaac Boukris <iboukris at gmail.com>
Date: Sat Aug 18 15:32:43 2018 +0300
CVE-2018-16853: Fix kinit test on system lacking ldbsearch
By fixing bindir variable name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571
Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 2332c99cba77bea1113014011d840b2005a4a75f
Author: Ralph Boehme <slow at samba.org>
Date: Wed Nov 7 14:00:25 2018 +0100
libcli/smb: don't overwrite status code
The original commit c5cd22b5bbce724dcd68fe94320382b3f772cabf from bug
9175 never worked, as the preceeding signing check overwrote the status
variable.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Nov 13 17:28:45 CET 2018 on sn-devel-144
(cherry picked from commit 5a8583ed701be97c33a20b2a20f6bbb8ac2f8e99)
commit 739ce2c733521fe53a74927f9c801ba503cc1586
Author: Ralph Boehme <slow at samba.org>
Date: Tue Nov 13 12:08:10 2018 +0100
s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works
This adds a simple test that verifies that after having set
smbXcli_session_set_disconnect_expired() a session gets disconnected
when it expires.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit a5d1bb5c5b5a57a2d7710dc5ab962683fe5c8e68)
commit f678c6f06f03b81cec1ea38ee1a4f4c67c38dcfe
Author: Garming Sam <garming at catalyst.net.nz>
Date: Wed Nov 14 10:29:01 2018 +1300
ldb_controls: Add some talloc error checking for controls
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit ad8bb6fcd08be28c40f2522d640333e9e69b7852)
commit f4105adc285f8414aaaacd3bfd80973737327608
Author: Garming Sam <garming at catalyst.net.nz>
Date: Mon Nov 19 11:05:59 2018 +1300
sync_passwords: Remove dirsync cookie logging for continuous operation
Under normal operation, users shouldn't see giant cookies in their logs.
We still log the initial cookie retrieved from the cache database, which
should still be helpful for identifying corrupt cookies.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit ac90c9faa783fc133229e7c163471d96440ff30e)
commit 517df6d3da3ee988d1da96cbba20cbf401ead04e
Author: Garming Sam <garming at catalyst.net.nz>
Date: Fri Oct 26 13:38:02 2018 +1300
dirsync: Allow arbitrary length cookies
The length of the cookie is proportional to the number of DCs ever in
the domain (as it stores the uptodateness vector which has stale
invocationID).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit b7a0d3b110697923a31e353905d3b1bd9385ea9b)
commit a816ca4004a784a423ef5e4cf195361554f24412
Author: Joe Guo <joeg at catalyst.net.nz>
Date: Mon Jul 30 18:19:05 2018 +1200
PEP8: fix E231: missing whitespace after ','
Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(part of commit 12d3fbe15cb58b57c60499103101e3a845378859 from master
cherry-picked to v4-9-test)
-----------------------------------------------------------------------
Summary of changes:
lib/ldb/common/ldb_controls.c | 108 ++++++++++++++++++++++++++++--
libcli/smb/smbXcli_base.c | 12 ++--
python/samba/netcmd/user.py | 9 +--
source4/kdc/mit-kdb/kdb_samba_policies.c | 24 ++++++-
source4/kdc/mit_samba.c | 7 +-
source4/torture/smb2/session.c | 110 +++++++++++++++++++++++++++++++
testprogs/blackbox/test_kinit_mit.sh | 20 ++++--
7 files changed, 265 insertions(+), 25 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/ldb/common/ldb_controls.c b/lib/ldb/common/ldb_controls.c
index a83768a352c..e0f0eb48f3a 100644
--- a/lib/ldb/common/ldb_controls.c
+++ b/lib/ldb/common/ldb_controls.c
@@ -520,6 +520,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
control->ctxid_len);
if (control->contextId == NULL) {
ldb_oom(ldb);
+ talloc_free(ctrl);
return NULL;
}
} else {
@@ -534,13 +535,20 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
if (LDB_CONTROL_CMP(control_strings, LDB_CONTROL_DIRSYNC_NAME) == 0) {
struct ldb_dirsync_control *control;
const char *p;
- char cookie[1024];
+ char *cookie = NULL;
int crit, max_attrs, ret;
uint32_t flags;
- cookie[0] = '\0';
+ cookie = talloc_zero_array(ctrl, char,
+ strlen(control_strings) + 1);
+ if (cookie == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
+
p = &(control_strings[sizeof(LDB_CONTROL_DIRSYNC_NAME)]);
- ret = sscanf(p, "%d:%u:%d:%1023[^$]", &crit, &flags, &max_attrs, cookie);
+ ret = sscanf(p, "%d:%u:%d:%[^$]", &crit, &flags, &max_attrs, cookie);
if ((ret < 3) || (crit < 0) || (crit > 1) || (max_attrs < 0)) {
ldb_set_errstring(ldb,
@@ -561,6 +569,11 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
ctrl->oid = LDB_CONTROL_DIRSYNC_OID;
ctrl->critical = crit;
control = talloc(ctrl, struct ldb_dirsync_control);
+ if (control == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
control->flags = flags;
control->max_attributes = max_attrs;
if (*cookie) {
@@ -575,6 +588,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
control->cookie = (char *)talloc_memdup(control, cookie, control->cookie_len);
if (control->cookie == NULL) {
ldb_oom(ldb);
+ talloc_free(ctrl);
return NULL;
}
} else {
@@ -582,17 +596,25 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
control->cookie_len = 0;
}
ctrl->data = control;
+ TALLOC_FREE(cookie);
return ctrl;
}
if (LDB_CONTROL_CMP(control_strings, LDB_CONTROL_DIRSYNC_EX_NAME) == 0) {
struct ldb_dirsync_control *control;
const char *p;
- char cookie[1024];
+ char *cookie = NULL;
int crit, max_attrs, ret;
uint32_t flags;
- cookie[0] = '\0';
+ cookie = talloc_zero_array(ctrl, char,
+ strlen(control_strings) + 1);
+ if (cookie == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
+
p = &(control_strings[sizeof(LDB_CONTROL_DIRSYNC_EX_NAME)]);
ret = sscanf(p, "%d:%u:%d:%1023[^$]", &crit, &flags, &max_attrs, cookie);
@@ -615,6 +637,11 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
ctrl->oid = LDB_CONTROL_DIRSYNC_EX_OID;
ctrl->critical = crit;
control = talloc(ctrl, struct ldb_dirsync_control);
+ if (control == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
control->flags = flags;
control->max_attributes = max_attrs;
if (*cookie) {
@@ -630,6 +657,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
control->cookie = (char *)talloc_memdup(control, cookie, control->cookie_len);
if (control->cookie == NULL) {
ldb_oom(ldb);
+ talloc_free(ctrl);
return NULL;
}
} else {
@@ -637,6 +665,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
control->cookie_len = 0;
}
ctrl->data = control;
+ TALLOC_FREE(cookie);
return ctrl;
}
@@ -662,6 +691,11 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
ctrl->oid = LDB_CONTROL_ASQ_OID;
ctrl->critical = crit;
control = talloc(ctrl, struct ldb_asq_control);
+ if (control == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
control->request = 1;
control->source_attribute = talloc_strdup(control, attr);
control->src_attr_len = strlen(attr);
@@ -693,6 +727,11 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
control = NULL;
} else {
control = talloc(ctrl, struct ldb_extended_dn_control);
+ if (control == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
control->type = type;
}
@@ -723,6 +762,12 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
ctrl->oid = LDB_CONTROL_SD_FLAGS_OID;
ctrl->critical = crit;
control = talloc(ctrl, struct ldb_sd_flags_control);
+ if (control == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
+
control->secinfo_flags = secinfo_flags;
ctrl->data = control;
@@ -749,6 +794,12 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
ctrl->oid = LDB_CONTROL_SEARCH_OPTIONS_OID;
ctrl->critical = crit;
control = talloc(ctrl, struct ldb_search_options_control);
+ if (control == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
+
control->search_options = search_options;
ctrl->data = control;
@@ -865,6 +916,12 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
ctrl->oid = LDB_CONTROL_PAGED_RESULTS_OID;
ctrl->critical = crit;
control = talloc(ctrl, struct ldb_paged_control);
+ if (control == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
+
control->size = size;
if (cookie[0] != '\0') {
int len = ldb_base64_decode(cookie);
@@ -879,6 +936,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
control->cookie = talloc_memdup(control, cookie, control->cookie_len);
if (control->cookie == NULL) {
ldb_oom(ldb);
+ talloc_free(ctrl);
return NULL;
}
} else {
@@ -912,12 +970,36 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
ctrl->oid = LDB_CONTROL_SERVER_SORT_OID;
ctrl->critical = crit;
control = talloc_array(ctrl, struct ldb_server_sort_control *, 2);
+ if (control == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
+
control[0] = talloc(control, struct ldb_server_sort_control);
+ if (control[0] == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
+
control[0]->attributeName = talloc_strdup(control, attr);
- if (rule[0])
+ if (control[0]->attributeName == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
+
+ if (rule[0]) {
control[0]->orderingRule = talloc_strdup(control, rule);
- else
+ if (control[0]->orderingRule == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
+ } else {
control[0]->orderingRule = NULL;
+ }
control[0]->reverse = rev;
control[1] = NULL;
ctrl->data = control;
@@ -1179,7 +1261,19 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
ctrl->oid = LDB_CONTROL_VERIFY_NAME_OID;
ctrl->critical = crit;
control = talloc(ctrl, struct ldb_verify_name_control);
+ if (control == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
+
control->gc = talloc_strdup(control, gc);
+ if (control->gc == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
+
control->gc_len = strlen(gc);
control->flags = flags;
ctrl->data = control;
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index d0cc33b8b05..40480c83aa0 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -3908,15 +3908,17 @@ static NTSTATUS smb2cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
}
if (signing_key) {
- status = smb2_signing_check_pdu(*signing_key,
- state->conn->protocol,
- &cur[1], 3);
- if (!NT_STATUS_IS_OK(status)) {
+ NTSTATUS signing_status;
+
+ signing_status = smb2_signing_check_pdu(*signing_key,
+ state->conn->protocol,
+ &cur[1], 3);
+ if (!NT_STATUS_IS_OK(signing_status)) {
/*
* If the signing check fails, we disconnect
* the connection.
*/
- return status;
+ return signing_status;
}
}
diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py
index cc43c08a824..5af76c9be7d 100644
--- a/python/samba/netcmd/user.py
+++ b/python/samba/netcmd/user.py
@@ -1881,7 +1881,7 @@ samba-tool user syncpasswords --terminate \\
self.samdb_url = H
self.dirsync_filter = dirsync_filter
self.dirsync_attrs = dirsync_attrs
- self.dirsync_controls = ["dirsync:1:0:0","extended_dn:1:0"];
+ self.dirsync_controls = ["dirsync:1:0:0", "extended_dn:1:0"];
self.password_attrs = password_attrs
self.decrypt_samba_gpg = decrypt_samba_gpg
self.sync_command = sync_command
@@ -1905,7 +1905,7 @@ samba-tool user syncpasswords --terminate \\
self.current_pid = None
self.outf.write("Initialized cache_ldb[%s]\n" % (cache_ldb))
msgs = self.cache.parse_ldif(add_ldif)
- changetype,msg = next(msgs)
+ changetype, msg = next(msgs)
ldif = self.cache.write_ldif(msg, ldb.CHANGETYPE_NONE)
self.outf.write("%s" % ldif)
else:
@@ -2103,8 +2103,9 @@ samba-tool user syncpasswords --terminate \\
assert len(res_controls) > 0
assert res_controls[0].oid == "1.2.840.113556.1.4.841"
res_controls[0].critical = True
- self.dirsync_controls = [str(res_controls[0]),"extended_dn:1:0"]
- log_msg("dirsyncControls: %r\n" % self.dirsync_controls)
+ self.dirsync_controls = [str(res_controls[0]), "extended_dn:1:0"]
+ # This cookie can be extremely long
+ # log_msg("dirsyncControls: %r\n" % self.dirsync_controls)
modify_ldif = "dn: %s\n" % (self.cache_dn)
modify_ldif += "changetype: modify\n"
diff --git a/source4/kdc/mit-kdb/kdb_samba_policies.c b/source4/kdc/mit-kdb/kdb_samba_policies.c
index de5813bde2f..fc80329f221 100644
--- a/source4/kdc/mit-kdb/kdb_samba_policies.c
+++ b/source4/kdc/mit-kdb/kdb_samba_policies.c
@@ -81,6 +81,7 @@ krb5_error_code kdb_samba_db_check_policy_as(krb5_context context,
char *netbios_name = NULL;
char *realm = NULL;
bool password_change = false;
+ krb5_const_principal client_princ;
DATA_BLOB int_data = { NULL, 0 };
krb5_data d;
krb5_pa_data **e_data;
@@ -90,7 +91,10 @@ krb5_error_code kdb_samba_db_check_policy_as(krb5_context context,
return KRB5_KDB_DBNOTINITED;
}
- if (ks_is_kadmin(context, kdcreq->client)) {
+ /* Prefer canonicalised name from client entry */
+ client_princ = client ? client->princ : kdcreq->client;
+
+ if (client_princ == NULL || ks_is_kadmin(context, client_princ)) {
return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
}
@@ -111,7 +115,7 @@ krb5_error_code kdb_samba_db_check_policy_as(krb5_context context,
goto done;
}
- code = krb5_unparse_name(context, kdcreq->client, &client_name);
+ code = krb5_unparse_name(context, client_princ, &client_name);
if (code) {
goto done;
}
@@ -457,6 +461,14 @@ void kdb_samba_db_audit_as_req(krb5_context context,
krb5_timestamp authtime,
krb5_error_code error_code)
{
+ /*
+ * FIXME: This segfaulted with a FAST test
+ * FIND_FAST: <unknown client> for <unknown server>, Unknown FAST armor type 0
+ */
+ if (client == NULL) {
+ return;
+ }
+
samba_bad_password_count(client, error_code);
/* TODO: perform proper audit logging for addresses */
@@ -469,6 +481,14 @@ void kdb_samba_db_audit_as_req(krb5_context context,
krb5_timestamp authtime,
krb5_error_code error_code)
{
+ /*
+ * FIXME: This segfaulted with a FAST test
+ * FIND_FAST: <unknown client> for <unknown server>, Unknown FAST armor type 0
+ */
+ if (client == NULL) {
+ return;
+ }
+
samba_bad_password_count(client, error_code);
}
#endif
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
index 414e67c6a98..eacca0903ec 100644
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -865,7 +865,7 @@ krb5_error_code encode_krb5_padata_sequence(krb5_pa_data *const *rep, krb5_data
static void samba_kdc_build_edata_reply(NTSTATUS nt_status, DATA_BLOB *e_data)
{
krb5_error_code ret = 0;
- krb5_pa_data pa, *ppa = NULL;
+ krb5_pa_data pa, *ppa[2];
krb5_data *d = NULL;
if (!e_data)
@@ -886,9 +886,10 @@ static void samba_kdc_build_edata_reply(NTSTATUS nt_status, DATA_BLOB *e_data)
SIVAL(pa.contents, 4, 0);
SIVAL(pa.contents, 8, 1);
- ppa = &pa;
+ ppa[0] = &pa;
+ ppa[1] = NULL;
- ret = encode_krb5_padata_sequence(&ppa, &d);
+ ret = encode_krb5_padata_sequence(ppa, &d);
free(pa.contents);
if (ret) {
return;
diff --git a/source4/torture/smb2/session.c b/source4/torture/smb2/session.c
index 57a5addcfcc..3917e0c09c4 100644
--- a/source4/torture/smb2/session.c
+++ b/source4/torture/smb2/session.c
@@ -1596,6 +1596,114 @@ static bool test_session_expire2e(struct torture_context *tctx)
true); /* force_encryption */
}
+static bool test_session_expire_disconnect(struct torture_context *tctx)
+{
+ NTSTATUS status;
+ bool ret = false;
+ struct smbcli_options options;
+ const char *host = torture_setting_string(tctx, "host", NULL);
+ const char *share = torture_setting_string(tctx, "share", NULL);
+ struct cli_credentials *credentials = popt_get_cmdline_credentials();
+ struct smb2_tree *tree = NULL;
+ enum credentials_use_kerberos use_kerberos;
+ char fname[256];
+ struct smb2_handle _h1;
+ struct smb2_handle *h1 = NULL;
+ struct smb2_create io1;
+ union smb_fileinfo qfinfo;
+ bool connected;
+
+ use_kerberos = cli_credentials_get_kerberos_state(credentials);
+ if (use_kerberos != CRED_MUST_USE_KERBEROS) {
+ torture_warning(tctx, "smb2.session.expire1 requires -k yes!");
+ torture_skip(tctx, "smb2.session.expire1 requires -k yes!");
+ }
+
+ cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
+
+ lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=4");
+ lpcfg_smbcli_options(tctx->lp_ctx, &options);
+ options.signing = SMB_SIGNING_REQUIRED;
+
+ status = smb2_connect(tctx,
+ host,
+ lpcfg_smb_ports(tctx->lp_ctx),
+ share,
+ lpcfg_resolve_context(tctx->lp_ctx),
+ credentials,
+ &tree,
+ tctx->ev,
+ &options,
+ lpcfg_socket_options(tctx->lp_ctx),
+ lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+ );
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_connect failed");
+
+ smbXcli_session_set_disconnect_expired(tree->session->smbXcli);
+
+ /* Add some random component to the file name. */
+ snprintf(fname, sizeof(fname), "session_expire1_%s.dat",
+ generate_random_str(tctx, 8));
+
+ smb2_util_unlink(tree, fname);
+
+ smb2_oplock_create_share(&io1, fname,
+ smb2_util_share_access(""),
+ smb2_util_oplock_level("b"));
+ io1.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+
+ status = smb2_create(tree, tctx, &io1);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_create failed");
+ _h1 = io1.out.file.handle;
+ h1 = &_h1;
+ CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+ torture_assert_int_equal(tctx, io1.out.oplock_level,
+ smb2_util_oplock_level("b"),
+ "oplock_level incorrect");
+
+ /* get the security descriptor */
+
+ ZERO_STRUCT(qfinfo);
+
+ qfinfo.access_information.level = RAW_FILEINFO_ACCESS_INFORMATION;
+ qfinfo.access_information.in.file.handle = _h1;
+
+ torture_comment(tctx, "query info => OK\n");
+
+ ZERO_STRUCT(qfinfo.access_information.out);
+ status = smb2_getinfo_file(tree, tctx, &qfinfo);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_getinfo_file failed");
+
+ torture_comment(tctx, "sleep 10 seconds\n");
+ smb_msleep(10*1000);
+
+ torture_comment(tctx, "query info => EXPIRED\n");
+ ZERO_STRUCT(qfinfo.access_information.out);
+ status = smb2_getinfo_file(tree, tctx, &qfinfo);
+ torture_assert_ntstatus_equal_goto(tctx, status,
+ NT_STATUS_NETWORK_SESSION_EXPIRED,
+ ret, done, "smb2_getinfo_file "
+ "returned unexpected status");
+
+ connected = smbXcli_conn_is_connected(tree->session->transport->conn);
+ torture_assert_goto(tctx, !connected, ret, done, "connected\n");
+
+ ret = true;
+done:
+ cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
+
+ if (h1 != NULL) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list