[SCM] Samba Shared Repository - branch master updated
Ralph Böhme
slow at samba.org
Tue Nov 13 16:29:02 UTC 2018
The branch, master has been updated
via 5a8583ed701 libcli/smb: don't overwrite status code
via a5d1bb5c5b5 s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works
from bb93e691ca9 s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 5a8583ed701be97c33a20b2a20f6bbb8ac2f8e99
Author: Ralph Boehme <slow at samba.org>
Date: Wed Nov 7 14:00:25 2018 +0100
libcli/smb: don't overwrite status code
The original commit c5cd22b5bbce724dcd68fe94320382b3f772cabf from bug
9175 never worked, as the preceeding signing check overwrote the status
variable.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Nov 13 17:28:45 CET 2018 on sn-devel-144
commit a5d1bb5c5b5a57a2d7710dc5ab962683fe5c8e68
Author: Ralph Boehme <slow at samba.org>
Date: Tue Nov 13 12:08:10 2018 +0100
s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works
This adds a simple test that verifies that after having set
smbXcli_session_set_disconnect_expired() a session gets disconnected
when it expires.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
libcli/smb/smbXcli_base.c | 12 +++--
source4/torture/smb2/session.c | 110 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 117 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index d0cc33b8b05..40480c83aa0 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -3908,15 +3908,17 @@ static NTSTATUS smb2cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
}
if (signing_key) {
- status = smb2_signing_check_pdu(*signing_key,
- state->conn->protocol,
- &cur[1], 3);
- if (!NT_STATUS_IS_OK(status)) {
+ NTSTATUS signing_status;
+
+ signing_status = smb2_signing_check_pdu(*signing_key,
+ state->conn->protocol,
+ &cur[1], 3);
+ if (!NT_STATUS_IS_OK(signing_status)) {
/*
* If the signing check fails, we disconnect
* the connection.
*/
- return status;
+ return signing_status;
}
}
diff --git a/source4/torture/smb2/session.c b/source4/torture/smb2/session.c
index 57a5addcfcc..3917e0c09c4 100644
--- a/source4/torture/smb2/session.c
+++ b/source4/torture/smb2/session.c
@@ -1596,6 +1596,114 @@ static bool test_session_expire2e(struct torture_context *tctx)
true); /* force_encryption */
}
+static bool test_session_expire_disconnect(struct torture_context *tctx)
+{
+ NTSTATUS status;
+ bool ret = false;
+ struct smbcli_options options;
+ const char *host = torture_setting_string(tctx, "host", NULL);
+ const char *share = torture_setting_string(tctx, "share", NULL);
+ struct cli_credentials *credentials = popt_get_cmdline_credentials();
+ struct smb2_tree *tree = NULL;
+ enum credentials_use_kerberos use_kerberos;
+ char fname[256];
+ struct smb2_handle _h1;
+ struct smb2_handle *h1 = NULL;
+ struct smb2_create io1;
+ union smb_fileinfo qfinfo;
+ bool connected;
+
+ use_kerberos = cli_credentials_get_kerberos_state(credentials);
+ if (use_kerberos != CRED_MUST_USE_KERBEROS) {
+ torture_warning(tctx, "smb2.session.expire1 requires -k yes!");
+ torture_skip(tctx, "smb2.session.expire1 requires -k yes!");
+ }
+
+ cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
+
+ lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=4");
+ lpcfg_smbcli_options(tctx->lp_ctx, &options);
+ options.signing = SMB_SIGNING_REQUIRED;
+
+ status = smb2_connect(tctx,
+ host,
+ lpcfg_smb_ports(tctx->lp_ctx),
+ share,
+ lpcfg_resolve_context(tctx->lp_ctx),
+ credentials,
+ &tree,
+ tctx->ev,
+ &options,
+ lpcfg_socket_options(tctx->lp_ctx),
+ lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+ );
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_connect failed");
+
+ smbXcli_session_set_disconnect_expired(tree->session->smbXcli);
+
+ /* Add some random component to the file name. */
+ snprintf(fname, sizeof(fname), "session_expire1_%s.dat",
+ generate_random_str(tctx, 8));
+
+ smb2_util_unlink(tree, fname);
+
+ smb2_oplock_create_share(&io1, fname,
+ smb2_util_share_access(""),
+ smb2_util_oplock_level("b"));
+ io1.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+
+ status = smb2_create(tree, tctx, &io1);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_create failed");
+ _h1 = io1.out.file.handle;
+ h1 = &_h1;
+ CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+ torture_assert_int_equal(tctx, io1.out.oplock_level,
+ smb2_util_oplock_level("b"),
+ "oplock_level incorrect");
+
+ /* get the security descriptor */
+
+ ZERO_STRUCT(qfinfo);
+
+ qfinfo.access_information.level = RAW_FILEINFO_ACCESS_INFORMATION;
+ qfinfo.access_information.in.file.handle = _h1;
+
+ torture_comment(tctx, "query info => OK\n");
+
+ ZERO_STRUCT(qfinfo.access_information.out);
+ status = smb2_getinfo_file(tree, tctx, &qfinfo);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_getinfo_file failed");
+
+ torture_comment(tctx, "sleep 10 seconds\n");
+ smb_msleep(10*1000);
+
+ torture_comment(tctx, "query info => EXPIRED\n");
+ ZERO_STRUCT(qfinfo.access_information.out);
+ status = smb2_getinfo_file(tree, tctx, &qfinfo);
+ torture_assert_ntstatus_equal_goto(tctx, status,
+ NT_STATUS_NETWORK_SESSION_EXPIRED,
+ ret, done, "smb2_getinfo_file "
+ "returned unexpected status");
+
+ connected = smbXcli_conn_is_connected(tree->session->transport->conn);
+ torture_assert_goto(tctx, !connected, ret, done, "connected\n");
+
+ ret = true;
+done:
+ cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
+
+ if (h1 != NULL) {
+ smb2_util_close(tree, *h1);
+ }
+
+ talloc_free(tree);
+ lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=0");
+ return ret;
+}
+
bool test_session_bind1(struct torture_context *tctx, struct smb2_tree *tree1)
{
const char *host = torture_setting_string(tctx, "host", NULL);
@@ -1754,6 +1862,8 @@ struct torture_suite *torture_smb2_session_init(TALLOC_CTX *ctx)
torture_suite_add_simple_test(suite, "expire1e", test_session_expire1e);
torture_suite_add_simple_test(suite, "expire2s", test_session_expire2s);
torture_suite_add_simple_test(suite, "expire2e", test_session_expire2e);
+ torture_suite_add_simple_test(suite, "expire_disconnect",
+ test_session_expire_disconnect);
torture_suite_add_1smb2_test(suite, "bind1", test_session_bind1);
suite->description = talloc_strdup(suite, "SMB2-SESSION tests");
--
Samba Shared Repository
More information about the samba-cvs
mailing list