Patches for https://bugzilla.samba.org/show_bug.cgi?id=11182
Ira Cooper
ira at samba.org
Wed May 6 13:11:32 MDT 2015
On Wed, May 6, 2015 at 2:53 PM, Michael Adam <obnox at samba.org> wrote:
> On 2015-05-06 at 11:20 -0700, Jeremy Allison wrote:
> > On Wed, May 06, 2015 at 02:27:41PM +0200, Stefan (metze) Metzmacher
> wrote:
> > > Hi,
> > >
> > > here's an updated patchset renaming smbXsrv_session_shutdown_send/recv
> > > to smb2srv_session_shutdown_send/recv as it only handles smb2/3.
> >
> > That's really nice work Metze - thanks ! I like the way
> > adding the smbd_smb2_session_setup_wrap_send()/_recv()
> > gets rid of the horror that was tag_state_session_ptr() :-).
> > Makes the whole sessetup SMB2 code path much cleaner.
>
> Indeed.
>
> > Also moving the code out of smbd_smb2_logoff_send()
> > into a common function smb2srv_session_shutdown_send()
> > to be called on logoff and session setup error is a
> > genius move !
>
> :) Indeed again. The main point here is also that
> there is now the queue for the outstanding requests
> and we put the cleaning of the session at the end of
> this queue.
>
> > LGTM.
> >
> > Reviewed-by: Jeremy Allison <jra at samba.org>
>
> Now I feel kind of stupid having spent my afternoon
> reviewing the patches... ;) When I thought I was done,
> Ira brought up one potential issue, the discussion of
> which kept me busy until dinner time, which is why I
> can only follow up now:
>
> In the session_shutdown helpers mentioned above,
> compounded requests are excluded from sending
> cancels. Ira points out that when there is a
> compounded request in progress, the last of which
> is a notify, and we are just at one of the earlier
> requests when the shutdown_send is called, isn't
> there a chance that we block indefinitely waiting
> for the notify to vanish from the queue since it
> in the compound and we don't send a cancel?
>
> Attached find my reviewed version of the patchset:
> - The session_shutdown helper is flagged with a Q(...)
> - I have added some refactoring of an obvious code
> duplication added by the patches.
> (the removal of the code duplication is still there
> as separate patches for squashing with metze's original patches)
> - I have done minor changes to some commit messages:
> - few typo fixes
> - added explanation of the session_shutdown helpers
> - added bug references where missing
>
> Cheers - Michael
>
I haven't reviewed Michael's patches. I did ask Michael about those issues
knowing he knew about the code.
Barring the issues mentioned, I do agree, it is a nice cleanup.
So +1 to Michael.
-Ira
> > > Am 06.05.2015 um 10:19 schrieb Stefan (metze) Metzmacher:
> > > > Hi Jeremy,
> > > >
> > > > here're the proposed patches for master regarding
> > > > https://bugzilla.samba.org/show_bug.cgi?id=11182
> > > >
> > > > The main happens when a session setup with a previous session id
> > > > removes the previous session while there's a pending change notify
> > > > request.
> > > >
> > > > Please review and push, then I'll prepare backports.
> > > >
> > > > Thanks!
> > > > metze
> > > >
> >
> > > From d95e3048e480b222348b10d03b3e31dca4443c8a Mon Sep 17 00:00:00 2001
> > > From: Stefan Metzmacher <metze at samba.org>
> > > Date: Fri, 1 May 2015 20:04:55 +0200
> > > Subject: [PATCH 01/17] s3:smbd: add a smbd_notify_cancel_by_map()
> helper
> > > function
> > >
> > > Signed-off-by: Stefan Metzmacher <metze at samba.org>
> > > ---
> > > source3/smbd/notify.c | 19 +++++++++++++------
> > > 1 file changed, 13 insertions(+), 6 deletions(-)
> > >
> > > diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c
> > > index 3f2d07c..4f4ca2f 100644
> > > --- a/source3/smbd/notify.c
> > > +++ b/source3/smbd/notify.c
> > > @@ -375,6 +375,17 @@ static void change_notify_remove_request(struct
> smbd_server_connection *sconn,
> > > TALLOC_FREE(req);
> > > }
> > >
> > > +static void smbd_notify_cancel_by_map(struct notify_mid_map *map)
> > > +{
> > > + struct smb_request *smbreq = map->req->req;
> > > + struct smbd_server_connection *sconn = smbreq->sconn;
> > > + NTSTATUS notify_status = NT_STATUS_CANCELLED;
> > > +
> > > + change_notify_reply(smbreq, notify_status,
> > > + 0, NULL, map->req->reply_fn);
> > > + change_notify_remove_request(sconn, map->req);
> > > +}
> > > +
> > >
> /****************************************************************************
> > > Delete entries by mid from the change notify pending queue. Always
> send reply.
> > >
> *****************************************************************************/
> > > @@ -394,9 +405,7 @@ void remove_pending_change_notify_requests_by_mid(
> > > return;
> > > }
> > >
> > > - change_notify_reply(map->req->req,
> > > - NT_STATUS_CANCELLED, 0, NULL,
> map->req->reply_fn);
> > > - change_notify_remove_request(sconn, map->req);
> > > + smbd_notify_cancel_by_map(map);
> > > }
> > >
> > > void smbd_notify_cancel_by_smbreq(const struct smb_request *smbreq)
> > > @@ -414,9 +423,7 @@ void smbd_notify_cancel_by_smbreq(const struct
> smb_request *smbreq)
> > > return;
> > > }
> > >
> > > - change_notify_reply(map->req->req,
> > > - NT_STATUS_CANCELLED, 0, NULL,
> map->req->reply_fn);
> > > - change_notify_remove_request(sconn, map->req);
> > > + smbd_notify_cancel_by_map(map);
> > > }
> > >
> > > static struct files_struct *smbd_notify_cancel_deleted_fn(
> > > --
> > > 1.9.1
> > >
> > >
> > > From 227ed247a33728327dc8bd81124c7a0352deef03 Mon Sep 17 00:00:00 2001
> > > From: Stefan Metzmacher <metze at samba.org>
> > > Date: Fri, 1 May 2015 20:02:38 +0200
> > > Subject: [PATCH 02/17] s3:smbd: use STATUS_NOTIFY_CLEANUP when closing
> a smb2
> > > directory handle
> > >
> > > Signed-off-by: Stefan Metzmacher <metze at samba.org>
> > > ---
> > > selftest/knownfail | 1 -
> > > source3/smbd/close.c | 15 +++++++++++----
> > > 2 files changed, 11 insertions(+), 5 deletions(-)
> > >
> > > diff --git a/selftest/knownfail b/selftest/knownfail
> > > index 3262c9c..26aed77 100644
> > > --- a/selftest/knownfail
> > > +++ b/selftest/knownfail
> > > @@ -189,7 +189,6 @@
> > > ^samba3.smb2.create.blob
> > > ^samba3.smb2.create.open
> > > ^samba3.smb2.notify.valid-req
> > > -^samba3.smb2.notify.dir
> > > ^samba3.smb2.notify.rec
> > > ^samba3.smb2.durable-open.delete_on_close2
> > > ^samba3.smb2.durable-v2-open.app-instance
> > > diff --git a/source3/smbd/close.c b/source3/smbd/close.c
> > > index 09be2e7..0e75bf0 100644
> > > --- a/source3/smbd/close.c
> > > +++ b/source3/smbd/close.c
> > > @@ -1050,6 +1050,13 @@ static NTSTATUS close_directory(struct
> smb_request *req, files_struct *fsp,
> > > NTSTATUS status1 = NT_STATUS_OK;
> > > const struct security_token *del_nt_token = NULL;
> > > const struct security_unix_token *del_token = NULL;
> > > + NTSTATUS notify_status;
> > > +
> > > + if (fsp->conn->sconn->using_smb2) {
> > > + notify_status = STATUS_NOTIFY_CLEANUP;
> > > + } else {
> > > + notify_status = NT_STATUS_OK;
> > > + }
> > >
> > > /*
> > > * NT can set delete_on_close of the last open
> > > @@ -1159,8 +1166,8 @@ static NTSTATUS close_directory(struct
> smb_request *req, files_struct *fsp,
> > > * now fail as the directory has been deleted.
> > > */
> > >
> > > - if(NT_STATUS_IS_OK(status)) {
> > > - remove_pending_change_notify_requests_by_fid(fsp,
> NT_STATUS_DELETE_PENDING);
> > > + if (NT_STATUS_IS_OK(status)) {
> > > + notify_status = NT_STATUS_DELETE_PENDING;
> > > }
> > > } else {
> > > if (!del_share_mode(lck, fsp)) {
> > > @@ -1169,10 +1176,10 @@ static NTSTATUS close_directory(struct
> smb_request *req, files_struct *fsp,
> > > }
> > >
> > > TALLOC_FREE(lck);
> > > - remove_pending_change_notify_requests_by_fid(
> > > - fsp, NT_STATUS_OK);
> > > }
> > >
> > > + remove_pending_change_notify_requests_by_fid(fsp, notify_status);
> > > +
> > > status1 = fd_close(fsp);
> > >
> > > if (!NT_STATUS_IS_OK(status1)) {
> > > --
> > > 1.9.1
> > >
> > >
> > > From 8aef6501d53dd38002f1f9531ffd3bacbd5de245 Mon Sep 17 00:00:00 2001
> > > From: Stefan Metzmacher <metze at samba.org>
> > > Date: Fri, 1 May 2015 20:02:38 +0200
> > > Subject: [PATCH 03/17] s3:smbd: use STATUS_NOTIFY_CLEANUP on smb2
> logoff
> > > (explicit and implicit) and tdis
> > >
> > > Signed-off-by: Stefan Metzmacher <metze at samba.org>
> > > ---
> > > source3/smbd/notify.c | 14 ++++++++++++++
> > > 1 file changed, 14 insertions(+)
> > >
> > > diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c
> > > index 4f4ca2f..b3079d2 100644
> > > --- a/source3/smbd/notify.c
> > > +++ b/source3/smbd/notify.c
> > > @@ -379,8 +379,22 @@ static void smbd_notify_cancel_by_map(struct
> notify_mid_map *map)
> > > {
> > > struct smb_request *smbreq = map->req->req;
> > > struct smbd_server_connection *sconn = smbreq->sconn;
> > > + struct smbd_smb2_request *smb2req = smbreq->smb2req;
> > > NTSTATUS notify_status = NT_STATUS_CANCELLED;
> > >
> > > + if (smb2req != NULL) {
> > > + if (smb2req->session == NULL) {
> > > + notify_status = STATUS_NOTIFY_CLEANUP;
> > > + } else if (!NT_STATUS_IS_OK(smb2req->session->status)) {
> > > + notify_status = STATUS_NOTIFY_CLEANUP;
> > > + }
> > > + if (smb2req->tcon == NULL) {
> > > + notify_status = STATUS_NOTIFY_CLEANUP;
> > > + } else if (!NT_STATUS_IS_OK(smb2req->tcon->status)) {
> > > + notify_status = STATUS_NOTIFY_CLEANUP;
> > > + }
> > > + }
> > > +
> > > change_notify_reply(smbreq, notify_status,
> > > 0, NULL, map->req->reply_fn);
> > > change_notify_remove_request(sconn, map->req);
> > > --
> > > 1.9.1
> > >
> > >
> > > From 3d9590a8ab4b8fee4e35228020ee6a52b2ce6f16 Mon Sep 17 00:00:00 2001
> > > From: Stefan Metzmacher <metze at samba.org>
> > > Date: Fri, 1 May 2015 20:19:42 +0200
> > > Subject: [PATCH 04/17] s4:torture/smb2: verify STATUS_NOTIFY_CLEANUP
> return
> > > value
> > >
> > > Signed-off-by: Stefan Metzmacher <metze at samba.org>
> > > ---
> > > source4/torture/smb2/notify.c | 2 ++
> > > 1 file changed, 2 insertions(+)
> > >
> > > diff --git a/source4/torture/smb2/notify.c
> b/source4/torture/smb2/notify.c
> > > index 0f572b6..6c1bf3a 100644
> > > --- a/source4/torture/smb2/notify.c
> > > +++ b/source4/torture/smb2/notify.c
> > > @@ -1309,6 +1309,7 @@ static bool
> torture_smb2_notify_tree_disconnect_1(
> > > CHECK_STATUS(status, NT_STATUS_OK);
> > >
> > > status = smb2_notify_recv(req, torture, &(notify.smb2));
> > > + CHECK_STATUS(status, STATUS_NOTIFY_CLEANUP);
> > > CHECK_VAL(notify.smb2.out.num_changes, 0);
> > >
> > > done:
> > > @@ -1377,6 +1378,7 @@ static bool torture_smb2_notify_ulogoff(struct
> torture_context *torture,
> > > CHECK_STATUS(status, NT_STATUS_OK);
> > >
> > > status = smb2_notify_recv(req, torture, &(notify.smb2));
> > > + CHECK_STATUS(status, STATUS_NOTIFY_CLEANUP);
> > > CHECK_VAL(notify.smb2.out.num_changes, 0);
> > >
> > > done:
> > > --
> > > 1.9.1
> > >
> > >
> > > From a19aca28e87629d519b9a0d9d6cca3c0736d0e23 Mon Sep 17 00:00:00 2001
> > > From: Stefan Metzmacher <metze at samba.org>
> > > Date: Fri, 1 May 2015 20:20:50 +0200
> > > Subject: [PATCH 05/17] s4:torture/smb2: add smb2.notify.close test
> > >
> > > Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182
> > >
> > > Signed-off-by: Stefan Metzmacher <metze at samba.org>
> > > ---
> > > source4/torture/smb2/notify.c | 70
> +++++++++++++++++++++++++++++++++++++++++++
> > > 1 file changed, 70 insertions(+)
> > >
> > > diff --git a/source4/torture/smb2/notify.c
> b/source4/torture/smb2/notify.c
> > > index 6c1bf3a..d2b3594 100644
> > > --- a/source4/torture/smb2/notify.c
> > > +++ b/source4/torture/smb2/notify.c
> > > @@ -1318,6 +1318,75 @@ done:
> > > }
> > >
> > > /*
> > > + basic testing of change notifies followed by a close
> > > +*/
> > > +
> > > +static bool torture_smb2_notify_close(struct torture_context *torture,
> > > + struct smb2_tree *tree1)
> > > +{
> > > + bool ret = true;
> > > + NTSTATUS status;
> > > + union smb_notify notify;
> > > + union smb_open io;
> > > + struct smb2_handle h1;
> > > + struct smb2_request *req;
> > > +
> > > + smb2_deltree(tree1, BASEDIR);
> > > + smb2_util_rmdir(tree1, BASEDIR);
> > > +
> > > + torture_comment(torture, "TESTING CHANGE NOTIFY FOLLOWED BY
> ULOGOFF\n");
> > > +
> > > + /*
> > > + get a handle on the directory
> > > + */
> > > + ZERO_STRUCT(io.smb2);
> > > + io.generic.level = RAW_OPEN_SMB2;
> > > + io.smb2.in.create_flags = 0;
> > > + io.smb2.in.desired_access = SEC_FILE_ALL;
> > > + io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
> > > + io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
> > > + io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
> > > + NTCREATEX_SHARE_ACCESS_WRITE;
> > > + io.smb2.in.alloc_size = 0;
> > > + io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
> > > + io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
> > > + io.smb2.in.security_flags = 0;
> > > + io.smb2.in.fname = BASEDIR;
> > > +
> > > + status = smb2_create(tree1, torture, &(io.smb2));
> > > + CHECK_STATUS(status, NT_STATUS_OK);
> > > +
> > > + io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
> > > + status = smb2_create(tree1, torture, &(io.smb2));
> > > + CHECK_STATUS(status, NT_STATUS_OK);
> > > + h1 = io.smb2.out.file.handle;
> > > +
> > > + /* ask for a change notify,
> > > + on file or directory name changes */
> > > + ZERO_STRUCT(notify.smb2);
> > > + notify.smb2.level = RAW_NOTIFY_SMB2;
> > > + notify.smb2.in.buffer_size = 1000;
> > > + notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
> > > + notify.smb2.in.file.handle = h1;
> > > + notify.smb2.in.recursive = true;
> > > +
> > > + req = smb2_notify_send(tree1, &(notify.smb2));
> > > +
> > > + WAIT_FOR_ASYNC_RESPONSE(req);
> > > +
> > > + status = smb2_util_close(tree1, h1);
> > > + CHECK_STATUS(status, NT_STATUS_OK);
> > > +
> > > + status = smb2_notify_recv(req, torture, &(notify.smb2));
> > > + CHECK_STATUS(status, STATUS_NOTIFY_CLEANUP);
> > > + CHECK_VAL(notify.smb2.out.num_changes, 0);
> > > +
> > > +done:
> > > + smb2_deltree(tree1, BASEDIR);
> > > + return ret;
> > > +}
> > > +
> > > +/*
> > > basic testing of change notifies followed by a ulogoff
> > > */
> > >
> > > @@ -2133,6 +2202,7 @@ struct torture_suite
> *torture_smb2_notify_init(void)
> > > torture_suite_add_1smb2_test(suite, "tdis",
> torture_smb2_notify_tree_disconnect);
> > > torture_suite_add_1smb2_test(suite, "tdis1",
> torture_smb2_notify_tree_disconnect_1);
> > > torture_suite_add_2smb2_test(suite, "mask-change",
> torture_smb2_notify_mask_change);
> > > + torture_suite_add_1smb2_test(suite, "close",
> torture_smb2_notify_close);
> > > torture_suite_add_1smb2_test(suite, "logoff",
> torture_smb2_notify_ulogoff);
> > > torture_suite_add_1smb2_test(suite, "tree",
> torture_smb2_notify_tree);
> > > torture_suite_add_2smb2_test(suite, "basedir",
> torture_smb2_notify_basedir);
> > > --
> > > 1.9.1
> > >
> > >
> > > From 20dc433dda00cf9576e8ce553c5ee0a3cc725a47 Mon Sep 17 00:00:00 2001
> > > From: Stefan Metzmacher <metze at samba.org>
> > > Date: Fri, 1 May 2015 20:20:50 +0200
> > > Subject: [PATCH 06/17] s4:torture/smb2: add smb2.notify.invalid-reauth
> test
> > >
> > > An invalid reauth closes the session.
> > >
> > > Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182
> > >
> > > Signed-off-by: Stefan Metzmacher <metze at samba.org>
> > > ---
> > > source4/torture/smb2/notify.c | 82
> +++++++++++++++++++++++++++++++++++++++++++
> > > 1 file changed, 82 insertions(+)
> > >
> > > diff --git a/source4/torture/smb2/notify.c
> b/source4/torture/smb2/notify.c
> > > index d2b3594..33df249 100644
> > > --- a/source4/torture/smb2/notify.c
> > > +++ b/source4/torture/smb2/notify.c
> > > @@ -1455,6 +1455,87 @@ done:
> > > return ret;
> > > }
> > >
> > > +/*
> > > + basic testing of change notifies followed by an invalid reauth
> > > +*/
> > > +
> > > +static bool torture_smb2_notify_invalid_reauth(struct torture_context
> *torture,
> > > + struct smb2_tree *tree1,
> > > + struct smb2_tree *tree2)
> > > +{
> > > + bool ret = true;
> > > + NTSTATUS status;
> > > + union smb_notify notify;
> > > + union smb_open io;
> > > + struct smb2_handle h1;
> > > + struct smb2_request *req;
> > > + struct cli_credentials *invalid_creds;
> > > +
> > > + smb2_deltree(tree2, BASEDIR);
> > > + smb2_util_rmdir(tree2, BASEDIR);
> > > +
> > > + torture_comment(torture, "TESTING CHANGE NOTIFY FOLLOWED BY
> invalid REAUTH\n");
> > > +
> > > + /*
> > > + get a handle on the directory
> > > + */
> > > + ZERO_STRUCT(io.smb2);
> > > + io.generic.level = RAW_OPEN_SMB2;
> > > + io.smb2.in.create_flags = 0;
> > > + io.smb2.in.desired_access = SEC_FILE_ALL;
> > > + io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
> > > + io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
> > > + io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
> > > + NTCREATEX_SHARE_ACCESS_WRITE;
> > > + io.smb2.in.alloc_size = 0;
> > > + io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
> > > + io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
> > > + io.smb2.in.security_flags = 0;
> > > + io.smb2.in.fname = BASEDIR;
> > > +
> > > + status = smb2_create(tree1, torture, &(io.smb2));
> > > + CHECK_STATUS(status, NT_STATUS_OK);
> > > +
> > > + io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
> > > + status = smb2_create(tree1, torture, &(io.smb2));
> > > + CHECK_STATUS(status, NT_STATUS_OK);
> > > + h1 = io.smb2.out.file.handle;
> > > +
> > > + /* ask for a change notify,
> > > + on file or directory name changes */
> > > + ZERO_STRUCT(notify.smb2);
> > > + notify.smb2.level = RAW_NOTIFY_SMB2;
> > > + notify.smb2.in.buffer_size = 1000;
> > > + notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
> > > + notify.smb2.in.file.handle = h1;
> > > + notify.smb2.in.recursive = true;
> > > +
> > > + req = smb2_notify_send(tree1, &(notify.smb2));
> > > +
> > > + WAIT_FOR_ASYNC_RESPONSE(req);
> > > +
> > > + invalid_creds = cli_credentials_init(torture);
> > > + torture_assert(torture, (invalid_creds != NULL), "talloc error");
> > > + cli_credentials_set_username(invalid_creds,
> "__none__invalid__none__", CRED_SPECIFIED);
> > > + cli_credentials_set_domain(invalid_creds,
> "__none__invalid__none__", CRED_SPECIFIED);
> > > + cli_credentials_set_password(invalid_creds,
> "__none__invalid__none__", CRED_SPECIFIED);
> > > + cli_credentials_set_realm(invalid_creds, NULL, CRED_SPECIFIED);
> > > + cli_credentials_set_workstation(invalid_creds, "",
> CRED_UNINITIALISED);
> > > +
> > > + status = smb2_session_setup_spnego(tree1->session,
> > > + invalid_creds,
> > > + 0 /* previous_session_id */);
> > > + CHECK_STATUS(status, NT_STATUS_LOGON_FAILURE);
> > > +
> > > + status = smb2_notify_recv(req, torture, &(notify.smb2));
> > > + CHECK_STATUS(status, STATUS_NOTIFY_CLEANUP);
> > > + CHECK_VAL(notify.smb2.out.num_changes, 0);
> > > +
> > > +done:
> > > + smb2_deltree(tree2, BASEDIR);
> > > + return ret;
> > > +}
> > > +
> > > static void tcp_dis_handler(struct smb2_transport *t, void *p)
> > > {
> > > struct smb2_tree *tree = (struct smb2_tree *)p;
> > > @@ -2204,6 +2285,7 @@ struct torture_suite
> *torture_smb2_notify_init(void)
> > > torture_suite_add_2smb2_test(suite, "mask-change",
> torture_smb2_notify_mask_change);
> > > torture_suite_add_1smb2_test(suite, "close",
> torture_smb2_notify_close);
> > > torture_suite_add_1smb2_test(suite, "logoff",
> torture_smb2_notify_ulogoff);
> > > + torture_suite_add_2smb2_test(suite, "invalid-reauth",
> torture_smb2_notify_invalid_reauth);
> > > torture_suite_add_1smb2_test(suite, "tree",
> torture_smb2_notify_tree);
> > > torture_suite_add_2smb2_test(suite, "basedir",
> torture_smb2_notify_basedir);
> > > torture_suite_add_2smb2_test(suite, "double",
> torture_smb2_notify_double);
> > > --
> > > 1.9.1
> > >
> > >
> > > From 4e6d97ee5efbbbd093fd0a966811585a8c305e05 Mon Sep 17 00:00:00 2001
> > > From: Stefan Metzmacher <metze at samba.org>
> > > Date: Sat, 2 May 2015 09:57:03 +0200
> > > Subject: [PATCH 07/17] s4:torture/smb2: add
> smb2.notify.session-reconnect test
> > >
> > > Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182
> > >
> > > Signed-off-by: Stefan Metzmacher <metze at samba.org>
> > > ---
> > > source4/torture/smb2/notify.c | 81
> +++++++++++++++++++++++++++++++++++++++++++
> > > 1 file changed, 81 insertions(+)
> > >
> > > diff --git a/source4/torture/smb2/notify.c
> b/source4/torture/smb2/notify.c
> > > index 33df249..b804ebc 100644
> > > --- a/source4/torture/smb2/notify.c
> > > +++ b/source4/torture/smb2/notify.c
> > > @@ -1456,6 +1456,86 @@ done:
> > > }
> > >
> > > /*
> > > + basic testing of change notifies followed by a session reconnect
> > > +*/
> > > +
> > > +static bool torture_smb2_notify_session_reconnect(struct
> torture_context *torture,
> > > + struct smb2_tree *tree1)
> > > +{
> > > + bool ret = true;
> > > + NTSTATUS status;
> > > + union smb_notify notify;
> > > + union smb_open io;
> > > + struct smb2_handle h1;
> > > + struct smb2_request *req;
> > > + uint64_t previous_session_id = 0;
> > > + struct smb2_session *session2 = NULL;
> > > +
> > > + smb2_deltree(tree1, BASEDIR);
> > > + smb2_util_rmdir(tree1, BASEDIR);
> > > +
> > > + torture_comment(torture, "TESTING CHANGE NOTIFY FOLLOWED BY
> SESSION RECONNECT\n");
> > > +
> > > + /*
> > > + get a handle on the directory
> > > + */
> > > + ZERO_STRUCT(io.smb2);
> > > + io.generic.level = RAW_OPEN_SMB2;
> > > + io.smb2.in.create_flags = 0;
> > > + io.smb2.in.desired_access = SEC_FILE_ALL;
> > > + io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
> > > + io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
> > > + io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
> > > + NTCREATEX_SHARE_ACCESS_WRITE;
> > > + io.smb2.in.alloc_size = 0;
> > > + io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
> > > + io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
> > > + io.smb2.in.security_flags = 0;
> > > + io.smb2.in.fname = BASEDIR;
> > > +
> > > + status = smb2_create(tree1, torture, &(io.smb2));
> > > + CHECK_STATUS(status, NT_STATUS_OK);
> > > +
> > > + io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
> > > + status = smb2_create(tree1, torture, &(io.smb2));
> > > + CHECK_STATUS(status, NT_STATUS_OK);
> > > + h1 = io.smb2.out.file.handle;
> > > +
> > > + /* ask for a change notify,
> > > + on file or directory name changes */
> > > + ZERO_STRUCT(notify.smb2);
> > > + notify.smb2.level = RAW_NOTIFY_SMB2;
> > > + notify.smb2.in.buffer_size = 1000;
> > > + notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
> > > + notify.smb2.in.file.handle = h1;
> > > + notify.smb2.in.recursive = true;
> > > +
> > > + req = smb2_notify_send(tree1, &(notify.smb2));
> > > +
> > > + WAIT_FOR_ASYNC_RESPONSE(req);
> > > +
> > > + previous_session_id =
> smb2cli_session_current_id(tree1->session->smbXcli);
> > > + torture_assert(torture, torture_smb2_session_setup(torture,
> > > + tree1->session->transport,
> > > + previous_session_id,
> > > + torture, &session2),
> > > + "session setup with previous_session_id failed");
> > > +
> > > + status = smb2_notify_recv(req, torture, &(notify.smb2));
> > > + CHECK_STATUS(status, STATUS_NOTIFY_CLEANUP);
> > > + CHECK_VAL(notify.smb2.out.num_changes, 0);
> > > +
> > > + status = smb2_logoff(tree1->session);
> > > + CHECK_STATUS(status, NT_STATUS_USER_SESSION_DELETED);
> > > +
> > > + status = smb2_logoff(session2);
> > > + CHECK_STATUS(status, NT_STATUS_OK);
> > > +done:
> > > + smb2_deltree(tree1, BASEDIR);
> > > + return ret;
> > > +}
> > > +
> > > +/*
> > > basic testing of change notifies followed by an invalid reauth
> > > */
> > >
> > > @@ -2285,6 +2365,7 @@ struct torture_suite
> *torture_smb2_notify_init(void)
> > > torture_suite_add_2smb2_test(suite, "mask-change",
> torture_smb2_notify_mask_change);
> > > torture_suite_add_1smb2_test(suite, "close",
> torture_smb2_notify_close);
> > > torture_suite_add_1smb2_test(suite, "logoff",
> torture_smb2_notify_ulogoff);
> > > + torture_suite_add_1smb2_test(suite, "session-reconnect",
> torture_smb2_notify_session_reconnect);
> > > torture_suite_add_2smb2_test(suite, "invalid-reauth",
> torture_smb2_notify_invalid_reauth);
> > > torture_suite_add_1smb2_test(suite, "tree",
> torture_smb2_notify_tree);
> > > torture_suite_add_2smb2_test(suite, "basedir",
> torture_smb2_notify_basedir);
> > > --
> > > 1.9.1
> > >
> > >
> > > From 10c41f4a6635cbfed0df3457604256f0592fe423 Mon Sep 17 00:00:00 2001
> > > From: Stefan Metzmacher <metze at samba.org>
> > > Date: Sat, 2 May 2015 16:09:40 +0200
> > > Subject: [PATCH 08/17] s3:smbXsrv_session: clear smb2req->session of
> pending
> > > requests in smbXsrv_session_destructor()
> > >
> > > This won't be needed typically needed as the caller is supposted to
> cancel
> > > the requests already, but this makes sure we don't keep dangling
> pointers.
> > >
> > > Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182
> > >
> > > Signed-off-by: Stefan Metzmacher <metze at samba.org>
> > > ---
> > > source3/smbd/smbXsrv_session.c | 23 +++++++++++++++++++++++
> > > 1 file changed, 23 insertions(+)
> > >
> > > diff --git a/source3/smbd/smbXsrv_session.c
> b/source3/smbd/smbXsrv_session.c
> > > index a49e246..41625fc 100644
> > > --- a/source3/smbd/smbXsrv_session.c
> > > +++ b/source3/smbd/smbXsrv_session.c
> > > @@ -1066,6 +1066,29 @@ NTSTATUS
> smb2srv_session_close_previous_recv(struct tevent_req *req)
> > > static int smbXsrv_session_destructor(struct smbXsrv_session *session)
> > > {
> > > NTSTATUS status;
> > > + struct smbXsrv_connection *xconn = NULL;
> > > +
> > > + if (session->client != NULL) {
> > > + xconn = session->client->connections;
> > > + }
> > > +
> > > + for (; xconn != NULL; xconn = xconn->next) {
> > > + struct smbd_smb2_request *preq;
> > > +
> > > + for (preq = xconn->smb2.requests; preq != NULL; preq =
> preq->next) {
> > > + if (preq->session != session) {
> > > + continue;
> > > + }
> > > +
> > > + preq->session = NULL;
> > > + /*
> > > + * If we no longer have a session we can't
> > > + * sign or encrypt replies.
> > > + */
> > > + preq->do_signing = false;
> > > + preq->do_encryption = false;
> > > + }
> > > + }
> > >
> > > status = smbXsrv_session_logoff(session);
> > > if (!NT_STATUS_IS_OK(status)) {
> > > --
> > > 1.9.1
> > >
> > >
> > > From 2793e29e742f45db2c05c8e571a9cdfe0d96468e Mon Sep 17 00:00:00 2001
> > > From: Stefan Metzmacher <metze at samba.org>
> > > Date: Sat, 2 May 2015 16:17:34 +0200
> > > Subject: [PATCH 09/17] s3:smbXsrv_session: clear smb2req->session of
> pending
> > > requests in smbXsrv_session_logoff_all_callback()
> > >
> > > smbXsrv_session_logoff_all_callback() is called when the last transport
> > > connection is gone, which means we won't need to sign any response...
> > >
> > > Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182
> > >
> > > Signed-off-by: Stefan Metzmacher <metze at samba.org>
> > > ---
> > > source3/smbd/smbXsrv_session.c | 23 +++++++++++++++++++++++
> > > 1 file changed, 23 insertions(+)
> > >
> > > diff --git a/source3/smbd/smbXsrv_session.c
> b/source3/smbd/smbXsrv_session.c
> > > index 41625fc..5ee4bbe 100644
> > > --- a/source3/smbd/smbXsrv_session.c
> > > +++ b/source3/smbd/smbXsrv_session.c
> > > @@ -1503,6 +1503,7 @@ static int
> smbXsrv_session_logoff_all_callback(struct db_record *local_rec,
> > > TDB_DATA val;
> > > void *ptr = NULL;
> > > struct smbXsrv_session *session = NULL;
> > > + struct smbXsrv_connection *xconn = NULL;
> > > NTSTATUS status;
> > >
> > > val = dbwrap_record_get_value(local_rec);
> > > @@ -1519,6 +1520,28 @@ static int
> smbXsrv_session_logoff_all_callback(struct db_record *local_rec,
> > > session = talloc_get_type_abort(ptr, struct smbXsrv_session);
> > >
> > > session->db_rec = local_rec;
> > > +
> > > + if (session->client != NULL) {
> > > + xconn = session->client->connections;
> > > + }
> > > + for (; xconn != NULL; xconn = xconn->next) {
> > > + struct smbd_smb2_request *preq;
> > > +
> > > + for (preq = xconn->smb2.requests; preq != NULL; preq =
> preq->next) {
> > > + if (preq->session != session) {
> > > + continue;
> > > + }
> > > +
> > > + preq->session = NULL;
> > > + /*
> > > + * If we no longer have a session we can't
> > > + * sign or encrypt replies.
> > > + */
> > > + preq->do_signing = false;
> > > + preq->do_encryption = false;
> > > + }
> > > + }
> > > +
> > > status = smbXsrv_session_logoff(session);
> > > if (!NT_STATUS_IS_OK(status)) {
> > > if (NT_STATUS_IS_OK(state->first_status)) {
> > > --
> > > 1.9.1
> > >
> > >
> > > From 9ef38da3bd9e69e01da1a69fad30d824d355bcdf Mon Sep 17 00:00:00 2001
> > > From: Stefan Metzmacher <metze at samba.org>
> > > Date: Sat, 2 May 2015 09:57:03 +0200
> > > Subject: [PATCH 10/17] s3:smbXsrv_session: add
> > > smb2srv_session_shutdown_send/recv helper functions
> > >
> > > Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182
> > >
> > > Signed-off-by: Stefan Metzmacher <metze at samba.org>
> > > ---
> > > source3/smbd/globals.h | 5 ++
> > > source3/smbd/smbXsrv_session.c | 121
> +++++++++++++++++++++++++++++++++++++++++
> > > 2 files changed, 126 insertions(+)
> > >
> > > diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
> > > index c7e2608..22cf5d6 100644
> > > --- a/source3/smbd/globals.h
> > > +++ b/source