[SCM] Samba Shared Repository - branch master updated
Ralph Böhme
slow at samba.org
Wed May 22 20:10:02 UTC 2019
The branch, master has been updated
via 30622ed876c smbd: Fix a panic
via febb933fc7b smbtorture: Add a test to make smbd panic
via ebf95e62bd0 smbd: Enable "smbd:suicide mode" for smb2
from 31de52ed2ef s4-ntvfs: Remove untested ntvfs_cifsposix backend
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 30622ed876cffff305a9b03686edb48de987704f
Author: Volker Lendecke <vl at samba.org>
Date: Tue May 21 15:26:55 2019 +0200
smbd: Fix a panic
Opening a file with a stale (smbd died) LEVEL_II oplock makes
vfs_set_filelen-> ... ->contend_level2_oplocks_begin_default
trigger the immediate leading to do_break_to_none. This goes through
because fsp->oplock_type is not initialized yet, thus 0. Also,
file_has_read_oplocks is still valid, because the smbd that has died
could not clean up the brlock.tdb entry.
Later in the code the exclusive oplock is granted, which is then found
by do_break_to_none, making it panic.
This patch just runs the direct FTRUNCATE instead of vfs_set_filelen.
This means the contend_level2_oplock code is skipped.
The relevant break (LEVEL_II to NONE) is now done in delay_for_oplock()
with the nice effect of removing a comment that was very confusing to
me.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13957
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed May 22 20:09:29 UTC 2019 on sn-devel-184
commit febb933fc7bcba56af845fde61615a9fcbd67b07
Author: Volker Lendecke <vl at samba.org>
Date: Tue May 21 14:53:46 2019 +0200
smbtorture: Add a test to make smbd panic
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13957
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit ebf95e62bd03a7344b3a141c3e7102aac721f25a
Author: Volker Lendecke <vl at samba.org>
Date: Tue May 21 14:52:22 2019 +0200
smbd: Enable "smbd:suicide mode" for smb2
The next commit needs an smbd to just exit and leave data behind in the
locking.tdb file. Don't make it harder to eventually phase out SMB1: Do
the test in SMB2.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13957
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
-----------------------------------------------------------------------
Summary of changes:
selftest/knownfail | 1 +
source3/smbd/open.c | 13 ++++----
source3/smbd/smb2_server.c | 12 +++++++
source4/torture/smb2/oplock.c | 75 +++++++++++++++++++++++++++++++++++++++++++
4 files changed, 94 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/knownfail b/selftest/knownfail
index 5bc18a69168..2c31bf91619 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -142,6 +142,7 @@
^samba4.smb2.oplock.exclusive9\(.*\)$
^samba4.smb2.oplock.brl3\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.levelii500\(.*\)$ # samba 4 oplocks are a mess
+^samba4.smb2.oplock.levelii502\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.brl1\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.batch22\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.batch19\(.*\)$ # samba 4 oplocks are a mess
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index ec7906b4b77..0a4abe0d820 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -1911,12 +1911,7 @@ static bool delay_for_oplock(files_struct *fsp,
break_to = e_lease_type & ~delay_mask;
if (will_overwrite) {
- /*
- * we'll decide about SMB2_LEASE_READ later.
- *
- * Maybe the break will be deferred
- */
- break_to &= ~SMB2_LEASE_HANDLE;
+ break_to &= ~(SMB2_LEASE_HANDLE|SMB2_LEASE_READ);
}
DEBUG(10, ("entry %u: e_lease_type %u, will_overwrite: %u\n",
@@ -3675,13 +3670,17 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
(!S_ISFIFO(fsp->fsp_name->st.st_ex_mode))) {
int ret;
- ret = vfs_set_filelen(fsp, 0);
+ ret = SMB_VFS_FTRUNCATE(fsp, 0);
if (ret != 0) {
status = map_nt_error_from_unix(errno);
TALLOC_FREE(lck);
fd_close(fsp);
return status;
}
+ notify_fname(fsp->conn, NOTIFY_ACTION_MODIFIED,
+ FILE_NOTIFY_CHANGE_SIZE
+ | FILE_NOTIFY_CHANGE_ATTRIBUTES,
+ fsp->fsp_name->base_name);
}
/*
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 5057cf68d7b..7b6e82ba2f0 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -30,6 +30,7 @@
#include "../librpc/gen_ndr/krb5pac.h"
#include "lib/util/iov_buf.h"
#include "auth.h"
+#include "libcli/smb/smbXcli_base.h"
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
@@ -447,6 +448,17 @@ static NTSTATUS smbd_smb2_inbuf_parse_compound(struct smbXsrv_connection *xconn,
*/
if (len < SMB2_HDR_BODY + 2) {
+
+ if ((len == 5) &&
+ (IVAL(hdr, 0) == SMB_SUICIDE_PACKET) &&
+ lp_parm_bool(-1, "smbd", "suicide mode", false)) {
+ uint8_t exitcode = CVAL(hdr, 4);
+ DBG_WARNING("SUICIDE: Exiting immediately "
+ "with code %"PRIu8"\n",
+ exitcode);
+ exit(exitcode);
+ }
+
DEBUG(10, ("%d bytes left, expected at least %d\n",
(int)len, SMB2_HDR_BODY));
goto inval;
diff --git a/source4/torture/smb2/oplock.c b/source4/torture/smb2/oplock.c
index 885bf1a9e3a..30bbd92e7ec 100644
--- a/source4/torture/smb2/oplock.c
+++ b/source4/torture/smb2/oplock.c
@@ -26,6 +26,7 @@
#include "libcli/smb2/smb2_calls.h"
#include "libcli/smb_composite/smb_composite.h"
#include "libcli/resolve/resolve.h"
+#include "libcli/smb/smbXcli_base.h"
#include "lib/cmdline/popt_common.h"
#include "lib/events/events.h"
@@ -3895,6 +3896,78 @@ static void levelII501_timeout_cb(struct tevent_context *ev,
state->done = true;
}
+static bool test_smb2_oplock_levelII502(struct torture_context *tctx,
+ struct smb2_tree *tree1,
+ struct smb2_tree *tree2)
+
+{
+ const char *fname = BASEDIR "\\test_levelII502.dat";
+ NTSTATUS status;
+ union smb_open io;
+ struct smb2_close closeio;
+ struct smb2_handle h;
+
+ status = torture_smb2_testdir(tree1, BASEDIR, &h);
+ torture_assert_ntstatus_ok(tctx, status, "Error creating directory");
+
+ /* cleanup */
+ smb2_util_unlink(tree1, fname);
+
+ /*
+ base ntcreatex parms
+ */
+ ZERO_STRUCT(io.smb2);
+ io.generic.level = RAW_OPEN_SMB2;
+ io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+ io.smb2.in.alloc_size = 0;
+ io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+ io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+ io.smb2.in.create_options = 0;
+ io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+ io.smb2.in.security_flags = 0;
+ io.smb2.in.fname = fname;
+
+ torture_comment(
+ tctx,
+ "LEVELII502: Open a stale LEVEL2 oplock with OVERWRITE");
+
+ io.smb2.in.desired_access = SEC_RIGHTS_FILE_READ |
+ SEC_RIGHTS_FILE_WRITE;
+ io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+ NTCREATEX_SHARE_ACCESS_WRITE;
+ io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
+ io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_II;
+ status = smb2_create(tree1, tctx, &(io.smb2));
+ torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+ torture_assert(tctx,
+ io.smb2.out.oplock_level==SMB2_OPLOCK_LEVEL_II,
+ "Did not get LEVEL_II oplock\n");
+
+ status = smbXcli_conn_samba_suicide(
+ tree1->session->transport->conn, 93);
+ torture_assert_ntstatus_ok(tctx, status, "suicide failed");
+
+ sleep(1);
+
+ io.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
+ io.smb2.in.create_disposition = NTCREATEX_DISP_OVERWRITE;
+
+ status = smb2_create(tree2, tctx, &(io.smb2));
+ torture_assert_ntstatus_ok(tctx, status, "Error opening the file");
+ torture_assert(tctx,
+ io.smb2.out.oplock_level==SMB2_OPLOCK_LEVEL_BATCH,
+ "Did not get BATCH oplock\n");
+
+ closeio = (struct smb2_close) {
+ .in.file.handle = io.smb2.out.file.handle,
+ };
+ status = smb2_close(tree2, &closeio);
+ torture_assert_ntstatus_equal(
+ tctx, status, NT_STATUS_OK, "close failed");
+
+ return true;
+}
+
struct torture_suite *torture_smb2_oplocks_init(TALLOC_CTX *ctx)
{
struct torture_suite *suite =
@@ -3941,6 +4014,8 @@ struct torture_suite *torture_smb2_oplocks_init(TALLOC_CTX *ctx)
torture_suite_add_1smb2_test(suite, "levelii500", test_smb2_oplock_levelII500);
torture_suite_add_2smb2_test(suite, "levelii501",
test_smb2_oplock_levelII501);
+ torture_suite_add_2smb2_test(suite, "levelii502",
+ test_smb2_oplock_levelII502);
suite->description = talloc_strdup(suite, "SMB2-OPLOCK tests");
return suite;
--
Samba Shared Repository
More information about the samba-cvs
mailing list