[SCM] Samba Shared Repository - branch master updated
Noel Power
npower at samba.org
Wed Sep 28 19:35:01 UTC 2022
The branch, master has been updated
via 318da783e9d s3: smbtorture3: Add new SMB2-DFS-SHARE-NON-DFS-PATH test.
via f3dc1a42f57 s3: torture: Fix test SMB2-DFS-PATHS to pass against Windows server 2022.
from d89400b6201 samba-tool dsacl: Add additional unit test for delete subcommand
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 318da783e9df83550d86fcefcf89f55a77addcbe
Author: Jeremy Allison <jra at samba.org>
Date: Tue Sep 27 10:37:41 2022 -0700
s3: smbtorture3: Add new SMB2-DFS-SHARE-NON-DFS-PATH test.
Uses non-DFS names and DFS-names against a DFS share, shows that Windows
looks correctly at the DFS flag when SMB2 requests are
made on a DFS share. Passes against Windows 2022.
Mark as knownfail for smbd.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Wed Sep 28 19:34:29 UTC 2022 on sn-devel-184
commit f3dc1a42f578bec784d01b8caf6ff13e230116a2
Author: Jeremy Allison <jra at samba.org>
Date: Mon Sep 26 18:05:49 2022 -0700
s3: torture: Fix test SMB2-DFS-PATHS to pass against Windows server 2022.
There is only one difference between Windows 2022 and Windows 2008.
Opening an empty ("") DFS path succeeds in opening the share
root on Windows 2008 but fails with NT_STATUS_INVALID_PARAMETER
on Windows 2022. Allow the test to cope with both.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
-----------------------------------------------------------------------
Summary of changes:
selftest/knownfail.d/dfs_paths | 1 +
source3/selftest/tests.py | 16 +++
source3/torture/proto.h | 1 +
source3/torture/test_smb2.c | 247 +++++++++++++++++++++++++++++++++++++++--
source3/torture/torture.c | 4 +
5 files changed, 262 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/knownfail.d/dfs_paths b/selftest/knownfail.d/dfs_paths
index 64ddfc9160a..127c0492f51 100644
--- a/selftest/knownfail.d/dfs_paths
+++ b/selftest/knownfail.d/dfs_paths
@@ -1,5 +1,6 @@
^samba3.smbtorture_s3.smb2.SMB2-DFS-PATHS.smbtorture\(fileserver\)
^samba3.smbtorture_s3.smb2.SMB2-NON-DFS-SHARE.smbtorture\(fileserver\)
+^samba3.smbtorture_s3.smb2.SMB2-DFS-SHARE-NON-DFS-PATH.smbtorture\(fileserver\)
^samba3.smbtorture_s3.smb1.SMB1-DFS-PATHS.smbtorture\(fileserver\)
^samba3.smbtorture_s3.smb1.SMB1-DFS-SEARCH-PATHS.smbtorture\(fileserver\)
^samba3.smbtorture_s3.smb1.SMB1-DFS-OPERATIONS.smbtorture\(fileserver\)
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 68959ba0b90..04e47fa962f 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -264,6 +264,22 @@ plantestsuite("samba3.smbtorture_s3.smb2.SMB2-NON-DFS-SHARE",
smbtorture3,
"-mSMB2"])
+#
+# SMB2-DFS-SHARE-NON-DFS-PATH needs to run against a special share msdfs-pathname-share
+# This is an empty DFS share with no links, used merely to test
+# incoming non-DFS pathnames and how they map to local paths.
+#
+plantestsuite("samba3.smbtorture_s3.smb2.SMB2-DFS-SHARE-NON-DFS-PATH",
+ "fileserver",
+ [os.path.join(samba3srcdir,
+ "script/tests/test_smbtorture_s3.sh"),
+ 'SMB2-DFS-SHARE-NON-DFS-PATH',
+ '//$SERVER_IP/msdfs-pathname-share',
+ '$USERNAME',
+ '$PASSWORD',
+ smbtorture3,
+ "-mSMB2"])
+
#
# SMB1-DFS-PATHS needs to run against a special share msdfs-pathname-share
# This is an empty DFS share with no links, used merely to test
diff --git a/source3/torture/proto.h b/source3/torture/proto.h
index 7093e8a7665..7b00da26181 100644
--- a/source3/torture/proto.h
+++ b/source3/torture/proto.h
@@ -122,6 +122,7 @@ bool run_smb2_quota1(int dummy);
bool run_smb2_stream_acl(int dummy);
bool run_smb2_dfs_paths(int dummy);
bool run_smb2_non_dfs_share(int dummy);
+bool run_smb2_dfs_share_non_dfs_path(int dummy);
bool run_smb1_dfs_paths(int dummy);
bool run_smb1_dfs_search_paths(int dummy);
bool run_smb1_dfs_operations(int dummy);
diff --git a/source3/torture/test_smb2.c b/source3/torture/test_smb2.c
index 234b39fedec..01664b14390 100644
--- a/source3/torture/test_smb2.c
+++ b/source3/torture/test_smb2.c
@@ -4059,15 +4059,41 @@ bool run_smb2_dfs_paths(int dummy)
return false;
}
- /* An "" (empty) server name should open and match the share root. */
- ino_matched = smb2_inode_matches(cli,
- dfs_root_share_name,
- root_ino,
- "");
- if (!ino_matched) {
- printf("%s:%d Failed to match ino number for %s\n",
+ /*
+ * An "" DFS empty server name should open and match the share root on
+ * Windows 2008. Windows 2022 returns NT_STATUS_INVALID_PARAMETER
+ * for a DFS empty server name.
+ */
+ status = get_smb2_inode(cli,
+ "",
+ &test_ino);
+ if (NT_STATUS_IS_OK(status)) {
+ /*
+ * Windows 2008 - open succeeded. Proceed to
+ * check ino number.
+ */
+ ino_matched = smb2_inode_matches(cli,
+ dfs_root_share_name,
+ root_ino,
+ "");
+ if (!ino_matched) {
+ printf("%s:%d Failed to match ino number for %s\n",
+ __FILE__,
+ __LINE__,
+ "");
+ return false;
+ }
+ }
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+ /*
+ * For Windows 2022 we expect to fail with
+ * NT_STATUS_INVALID_PARAMETER. Anything else is
+ * unexpected.
+ */
+ printf("%s:%d Unexpected error (%s) getting ino number for %s\n",
__FILE__,
__LINE__,
+ nt_errstr(status),
"");
return false;
}
@@ -4495,3 +4521,210 @@ bool run_smb2_non_dfs_share(int dummy)
(void)smb2_dfs_delete(cli, "file");
return retval;
}
+
+/*
+ * Add a test that sends a non-DFS path and does not set the
+ * SMB2 flag FLAGS2_DFS_PATHNAMES to a DFS
+ * share. Windows passes this (it just treats the
+ * pathnames as non-DFS).
+ */
+
+bool run_smb2_dfs_share_non_dfs_path(int dummy)
+{
+ struct cli_state *cli = NULL;
+ NTSTATUS status;
+ bool dfs_supported = false;
+ uint64_t fid_persistent = 0;
+ uint64_t fid_volatile = 0;
+ bool retval = false;
+ char *dfs_filename = NULL;
+ uint64_t root_ino = (uint64_t)-1;
+ bool ino_matched = false;
+
+ printf("Starting SMB2-DFS-SHARE-NON-DFS-PATH\n");
+
+ if (!torture_init_connection(&cli)) {
+ return false;
+ }
+
+ status = smbXcli_negprot(cli->conn,
+ cli->timeout,
+ PROTOCOL_SMB2_02,
+ PROTOCOL_SMB3_11);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smbXcli_negprot returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_session_setup_creds(cli, torture_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_session_setup returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_tree_connect(cli, share, "?????", NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_tree_connect returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ dfs_supported = smbXcli_conn_dfs_supported(cli->conn);
+ if (!dfs_supported) {
+ printf("Server %s does not support DFS\n",
+ smbXcli_conn_remote_name(cli->conn));
+ return false;
+ }
+ /* Ensure this is a DFS share. */
+ dfs_supported = smbXcli_tcon_is_dfs_share(cli->smb2.tcon);
+ if (!dfs_supported) {
+ printf("Share %s is not a DFS share.\n",
+ cli->share);
+ return false;
+ }
+ /* Come up with a "valid" SMB2 DFS name. */
+ dfs_filename = talloc_asprintf(talloc_tos(),
+ "%s\\%s\\file",
+ smbXcli_conn_remote_name(cli->conn),
+ cli->share);
+ if (dfs_filename == NULL) {
+ printf("Out of memory\n");
+ return false;
+ }
+
+ /* Get the root of the share ino. */
+ status = get_smb2_inode(cli,
+ "SERVER\\SHARE",
+ &root_ino);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("%s:%d get_smb2_inode on %s returned %s\n",
+ __FILE__,
+ __LINE__,
+ "SERVER\\SHARE",
+ nt_errstr(status));
+ goto err;
+ }
+
+ /* Create a dfs_filename. */
+ status = smb2cli_create(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ dfs_filename,
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_SYNCHRONIZE|
+ SEC_STD_DELETE |
+ SEC_FILE_READ_DATA|
+ SEC_FILE_READ_ATTRIBUTE, /* desired_access, */
+ FILE_ATTRIBUTE_NORMAL, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_CREATE, /* create_disposition, */
+ 0, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, /* struct smb_create_returns * */
+ talloc_tos(), /* mem_ctx. */
+ NULL); /* struct smb2_create_blobs * */
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("%s:%d smb2cli_create on %s returned %s\n",
+ __FILE__,
+ __LINE__,
+ dfs_filename,
+ nt_errstr(status));
+ goto err;
+ }
+
+ /* Close the handle we just opened. */
+ smb2cli_close(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ 0, /* flags */
+ fid_persistent,
+ fid_volatile);
+
+ fid_persistent = 0;
+ fid_volatile = 0;
+
+ /*
+ * Force the share to be non-DFS, as far as the client
+ * is concerned.
+ */
+ smb2cli_tcon_set_values(cli->smb2.tcon,
+ cli->smb2.session,
+ smb2cli_tcon_current_id(cli->smb2.tcon),
+ 0,
+ smb2cli_tcon_flags(cli->smb2.tcon),
+ smb2cli_tcon_capabilities(cli->smb2.tcon) &
+ ~SMB2_SHARE_CAP_DFS,
+ 0);
+
+ /*
+ * Prove we can still use non-DFS pathnames on a DFS
+ * share so long as we don't set the FLAGS2_DFS_PATHNAMES
+ * in the SMB2 request.
+ */
+ status = smb2cli_create(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ "file",
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_SYNCHRONIZE|
+ SEC_STD_DELETE |
+ SEC_FILE_READ_DATA|
+ SEC_FILE_READ_ATTRIBUTE, /* desired_access, */
+ FILE_ATTRIBUTE_NORMAL, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_OPEN, /* create_disposition, */
+ 0, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, /* struct smb_create_returns * */
+ talloc_tos(), /* mem_ctx. */
+ NULL); /* struct smb2_create_blobs * */
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("%s:%d smb2cli_create on %s returned %s\n",
+ __FILE__,
+ __LINE__,
+ "file",
+ nt_errstr(status));
+ goto err;
+ }
+
+ /*
+ * Show that now we're using non-DFS pathnames
+ * on a DFS share, "" opens the root of the share.
+ */
+ ino_matched = smb2_inode_matches(cli,
+ "SERVER\\SHARE",
+ root_ino,
+ "");
+ if (!ino_matched) {
+ printf("%s:%d Failed to match ino number for %s\n",
+ __FILE__,
+ __LINE__,
+ "");
+ goto err;
+ }
+
+ retval = true;
+
+ err:
+
+ if (fid_volatile != 0) {
+ smb2cli_close(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ 0, /* flags */
+ fid_persistent,
+ fid_volatile);
+ }
+ (void)smb2_dfs_delete(cli, "file");
+ (void)smb2_dfs_delete(cli, dfs_filename);
+ return retval;
+}
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index ee50fd8ee09..65fbd4b5aa0 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -15365,6 +15365,10 @@ static struct {
.name = "SMB2-NON-DFS-SHARE",
.fn = run_smb2_non_dfs_share,
},
+ {
+ .name = "SMB2-DFS-SHARE-NON-DFS-PATH",
+ .fn = run_smb2_dfs_share_non_dfs_path,
+ },
{
.name = "SMB1-DFS-PATHS",
.fn = run_smb1_dfs_paths,
--
Samba Shared Repository
More information about the samba-cvs
mailing list