Changeset 989 for vendor/current/source4
- Timestamp:
- Nov 25, 2016, 8:04:54 PM (9 years ago)
- Location:
- vendor/current/source4
- Files:
-
- 2 added
- 37 edited
-
dns_server/dns_crypto.c (modified) (5 diffs)
-
dns_server/dns_server.c (modified) (3 diffs)
-
dsdb/samdb/ldb_modules/objectclass_attrs.c (modified) (1 diff)
-
dsdb/samdb/ldb_modules/ranged_results.c (modified) (2 diffs)
-
heimdal/kdc/misc.c (modified) (1 diff)
-
heimdal/lib/asn1/krb5.asn1 (modified) (1 diff)
-
heimdal/lib/krb5/mcache.c (modified) (4 diffs)
-
lib/wmi/wmi_wrap.c (modified) (1 diff)
-
librpc/rpc/dcerpc.c (modified) (4 diffs)
-
librpc/rpc/dcerpc.h (modified) (1 diff)
-
ntvfs/posix/posix_eadb.c (modified) (6 diffs)
-
ntvfs/posix/wscript_build (modified) (1 diff)
-
ntvfs/wscript_build (modified) (1 diff)
-
param/pyparam.c (modified) (2 diffs)
-
rpc_server/common/server_info.c (modified) (1 diff)
-
rpc_server/dcerpc_server.c (modified) (6 diffs)
-
rpc_server/dcerpc_server.h (modified) (1 diff)
-
rpc_server/dcesrv_auth.c (modified) (7 diffs)
-
rpc_server/wkssvc/dcesrv_wkssvc.c (modified) (1 diff)
-
rpc_server/wscript_build (modified) (4 diffs)
-
scripting/bin/samba_spnupdate (modified) (1 diff)
-
selftest/tests.py (modified) (4 diffs)
-
smb_server/service_smb.c (modified) (2 diffs)
-
smb_server/wscript_build (modified) (1 diff)
-
smbd/server.c (modified) (2 diffs)
-
torture/raw/read.c (modified) (3 diffs)
-
torture/rpc/lsa.c (modified) (1 diff)
-
torture/smb2/dosmode.c (added)
-
torture/smb2/getinfo.c (modified) (2 diffs)
-
torture/smb2/ioctl.c (modified) (8 diffs)
-
torture/smb2/lock.c (modified) (2 diffs)
-
torture/smb2/read.c (modified) (3 diffs)
-
torture/smb2/replay.c (modified) (6 diffs)
-
torture/smb2/smb2.c (modified) (1 diff)
-
torture/smb2/util.c (modified) (6 diffs)
-
torture/smb2/wscript_build (modified) (1 diff)
-
torture/vfs/acl_xattr.c (added)
-
torture/vfs/vfs.c (modified) (1 diff)
-
torture/wscript_build (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
vendor/current/source4/dns_server/dns_crypto.c
r988 r989 147 147 tkey = dns_find_tkey(dns->tkeys, state->tsig->name); 148 148 if (tkey == NULL) { 149 /* 150 * We must save the name for use in the TSIG error 151 * response and have no choice here but to save the 152 * keyname from the TSIG request. 153 */ 154 state->key_name = talloc_strdup(state->mem_ctx, 155 state->tsig->name); 156 if (state->key_name == NULL) { 157 return WERR_NOMEM; 158 } 149 159 state->tsig_error = DNS_RCODE_BADKEY; 150 160 return DNS_ERR(NOTAUTH); 161 } 162 163 /* 164 * Remember the keyname that found an existing tkey, used 165 * later to fetch the key with dns_find_tkey() when signing 166 * and adding a TSIG record with MAC. 167 */ 168 state->key_name = talloc_strdup(state->mem_ctx, tkey->name); 169 if (state->key_name == NULL) { 170 return WERR_NOMEM; 151 171 } 152 172 … … 208 228 } 209 229 210 /*FIXME: Why is there too much padding? */211 buffer_len -= 2;212 213 230 /* Now we also need to count down the additional record counter */ 214 231 arcount = RSVAL(buffer, 10); … … 218 235 buffer, buffer_len, &sig); 219 236 if (NT_STATUS_EQUAL(NT_STATUS_ACCESS_DENIED, status)) { 220 return DNS_ERR(BADKEY); 237 state->tsig_error = DNS_RCODE_BADSIG; 238 return DNS_ERR(NOTAUTH); 221 239 } 222 240 … … 227 245 228 246 state->authenticated = true; 229 state->key_name = talloc_strdup(state->mem_ctx, tkey->name); 230 if (state->key_name == NULL) { 231 return WERR_NOMEM; 232 } 233 247 248 return WERR_OK; 249 } 250 251 static WERROR dns_tsig_compute_mac(TALLOC_CTX *mem_ctx, 252 struct dns_request_state *state, 253 struct dns_name_packet *packet, 254 struct dns_server_tkey *tkey, 255 time_t current_time, 256 DATA_BLOB *_psig) 257 { 258 NTSTATUS status; 259 enum ndr_err_code ndr_err; 260 DATA_BLOB packet_blob, tsig_blob, sig; 261 uint8_t *buffer = NULL; 262 uint8_t *p = NULL; 263 size_t buffer_len = 0; 264 struct dns_fake_tsig_rec *check_rec = talloc_zero(mem_ctx, 265 struct dns_fake_tsig_rec); 266 size_t mac_size = 0; 267 268 if (check_rec == NULL) { 269 return WERR_NOMEM; 270 } 271 272 /* first build and verify check packet */ 273 check_rec->name = talloc_strdup(check_rec, tkey->name); 274 if (check_rec->name == NULL) { 275 return WERR_NOMEM; 276 } 277 check_rec->rr_class = DNS_QCLASS_ANY; 278 check_rec->ttl = 0; 279 check_rec->algorithm_name = talloc_strdup(check_rec, tkey->algorithm); 280 if (check_rec->algorithm_name == NULL) { 281 return WERR_NOMEM; 282 } 283 check_rec->time_prefix = 0; 284 check_rec->time = current_time; 285 check_rec->fudge = 300; 286 check_rec->error = state->tsig_error; 287 check_rec->other_size = 0; 288 check_rec->other_data = NULL; 289 290 ndr_err = ndr_push_struct_blob(&packet_blob, mem_ctx, packet, 291 (ndr_push_flags_fn_t)ndr_push_dns_name_packet); 292 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { 293 DEBUG(1, ("Failed to push packet: %s!\n", 294 ndr_errstr(ndr_err))); 295 return DNS_ERR(SERVER_FAILURE); 296 } 297 298 ndr_err = ndr_push_struct_blob(&tsig_blob, mem_ctx, check_rec, 299 (ndr_push_flags_fn_t)ndr_push_dns_fake_tsig_rec); 300 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { 301 DEBUG(1, ("Failed to push packet: %s!\n", 302 ndr_errstr(ndr_err))); 303 return DNS_ERR(SERVER_FAILURE); 304 } 305 306 if (state->tsig != NULL) { 307 mac_size = state->tsig->rdata.tsig_record.mac_size; 308 } 309 310 buffer_len = mac_size; 311 312 buffer_len += packet_blob.length; 313 if (buffer_len < packet_blob.length) { 314 return WERR_INVALID_PARAM; 315 } 316 buffer_len += tsig_blob.length; 317 if (buffer_len < tsig_blob.length) { 318 return WERR_INVALID_PARAM; 319 } 320 321 buffer = talloc_zero_array(mem_ctx, uint8_t, buffer_len); 322 if (buffer == NULL) { 323 return WERR_NOMEM; 324 } 325 326 p = buffer; 327 328 /* 329 * RFC 2845 "4.2 TSIG on Answers", how to lay out the buffer 330 * that we're going to sign: 331 * 1. MAC of request (if present) 332 * 2. Outgoing packet 333 * 3. TSIG record 334 */ 335 if (mac_size > 0) { 336 memcpy(p, state->tsig->rdata.tsig_record.mac, mac_size); 337 p += mac_size; 338 } 339 340 memcpy(p, packet_blob.data, packet_blob.length); 341 p += packet_blob.length; 342 343 memcpy(p, tsig_blob.data, tsig_blob.length); 344 345 status = gensec_sign_packet(tkey->gensec, mem_ctx, buffer, buffer_len, 346 buffer, buffer_len, &sig); 347 if (!NT_STATUS_IS_OK(status)) { 348 return ntstatus_to_werror(status); 349 } 350 351 *_psig = sig; 234 352 return WERR_OK; 235 353 } … … 242 360 { 243 361 WERROR werror; 244 NTSTATUS status;245 enum ndr_err_code ndr_err;246 362 time_t current_time = time(NULL); 247 DATA_BLOB packet_blob, tsig_blob, sig; 248 uint8_t *buffer = NULL; 249 size_t buffer_len = 0; 250 struct dns_server_tkey * tkey = NULL; 251 struct dns_res_rec *tsig = talloc_zero(mem_ctx, struct dns_res_rec); 252 253 struct dns_fake_tsig_rec *check_rec = talloc_zero(mem_ctx, 254 struct dns_fake_tsig_rec); 255 363 struct dns_res_rec *tsig = NULL; 364 DATA_BLOB sig = (DATA_BLOB) { 365 .data = NULL, 366 .length = 0 367 }; 368 369 tsig = talloc_zero(mem_ctx, struct dns_res_rec); 256 370 if (tsig == NULL) { 257 371 return WERR_NOMEM; 258 372 } 259 373 260 if (check_rec == NULL) { 261 return WERR_NOMEM; 262 } 263 264 tkey = dns_find_tkey(dns->tkeys, state->key_name); 265 if (tkey == NULL) { 266 /* FIXME: read up on what to do when we can't find a key */ 267 return WERR_OK; 268 } 269 270 /* first build and verify check packet */ 271 check_rec->name = talloc_strdup(check_rec, tkey->name); 272 if (check_rec->name == NULL) { 273 return WERR_NOMEM; 274 } 275 check_rec->rr_class = DNS_QCLASS_ANY; 276 check_rec->ttl = 0; 277 check_rec->algorithm_name = talloc_strdup(check_rec, tkey->algorithm); 278 if (check_rec->algorithm_name == NULL) { 279 return WERR_NOMEM; 280 } 281 check_rec->time_prefix = 0; 282 check_rec->time = current_time; 283 check_rec->fudge = 300; 284 check_rec->error = state->tsig_error; 285 check_rec->other_size = 0; 286 check_rec->other_data = NULL; 287 288 ndr_err = ndr_push_struct_blob(&packet_blob, mem_ctx, packet, 289 (ndr_push_flags_fn_t)ndr_push_dns_name_packet); 290 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { 291 DEBUG(1, ("Failed to push packet: %s!\n", 292 ndr_errstr(ndr_err))); 293 return DNS_ERR(SERVER_FAILURE); 294 } 295 296 ndr_err = ndr_push_struct_blob(&tsig_blob, mem_ctx, check_rec, 297 (ndr_push_flags_fn_t)ndr_push_dns_fake_tsig_rec); 298 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { 299 DEBUG(1, ("Failed to push packet: %s!\n", 300 ndr_errstr(ndr_err))); 301 return DNS_ERR(SERVER_FAILURE); 302 } 303 304 buffer_len = packet_blob.length + tsig_blob.length; 305 buffer = talloc_zero_array(mem_ctx, uint8_t, buffer_len); 306 if (buffer == NULL) { 307 return WERR_NOMEM; 308 } 309 310 memcpy(buffer, packet_blob.data, packet_blob.length); 311 memcpy(buffer+packet_blob.length, tsig_blob.data, tsig_blob.length); 312 313 314 status = gensec_sign_packet(tkey->gensec, mem_ctx, buffer, buffer_len, 315 buffer, buffer_len, &sig); 316 if (!NT_STATUS_IS_OK(status)) { 317 return ntstatus_to_werror(status); 318 } 319 320 tsig->name = talloc_strdup(tsig, check_rec->name); 374 if (state->tsig_error == DNS_RCODE_OK) { 375 struct dns_server_tkey *tkey = dns_find_tkey( 376 dns->tkeys, state->key_name); 377 if (tkey == NULL) { 378 return DNS_ERR(SERVER_FAILURE); 379 } 380 381 werror = dns_tsig_compute_mac(mem_ctx, state, packet, 382 tkey, current_time, &sig); 383 if (!W_ERROR_IS_OK(werror)) { 384 return werror; 385 } 386 } 387 388 tsig->name = talloc_strdup(tsig, state->key_name); 321 389 if (tsig->name == NULL) { 322 390 return WERR_NOMEM; 323 391 } 324 tsig->rr_class = check_rec->rr_class;392 tsig->rr_class = DNS_QCLASS_ANY; 325 393 tsig->rr_type = DNS_QTYPE_TSIG; 326 394 tsig->ttl = 0; 327 395 tsig->length = UINT16_MAX; 328 tsig->rdata.tsig_record.algorithm_name = talloc_strdup(tsig, 329 check_rec->algorithm_name); 330 tsig->rdata.tsig_record.time_prefix = check_rec->time_prefix; 331 tsig->rdata.tsig_record.time = check_rec->time; 332 tsig->rdata.tsig_record.fudge = check_rec->fudge; 396 tsig->rdata.tsig_record.algorithm_name = talloc_strdup(tsig, "gss-tsig"); 397 tsig->rdata.tsig_record.time_prefix = 0; 398 tsig->rdata.tsig_record.time = current_time; 399 tsig->rdata.tsig_record.fudge = 300; 333 400 tsig->rdata.tsig_record.error = state->tsig_error; 334 401 tsig->rdata.tsig_record.original_id = packet->id; 335 402 tsig->rdata.tsig_record.other_size = 0; 336 403 tsig->rdata.tsig_record.other_data = NULL; 337 tsig->rdata.tsig_record.mac_size = sig.length; 338 tsig->rdata.tsig_record.mac = talloc_memdup(tsig, sig.data, sig.length); 339 404 if (sig.length > 0) { 405 tsig->rdata.tsig_record.mac_size = sig.length; 406 tsig->rdata.tsig_record.mac = talloc_memdup(tsig, sig.data, sig.length); 407 } 340 408 341 409 if (packet->arcount == 0) { -
vendor/current/source4/dns_server/dns_server.c
r988 r989 153 153 } 154 154 155 ret = dns_verify_tsig(dns, state, &state->state, &state->in_packet, in);156 if (!W_ERROR_IS_OK(ret)) {157 DEBUG(1, ("Failed to verify TSIG!\n"));158 state->dns_err = werr_to_dns_err(ret);159 tevent_req_done(req);160 return tevent_req_post(req, ev);161 }162 163 155 if (state->in_packet.operation & DNS_FLAG_REPLY) { 164 156 DEBUG(1, ("Won't reply to replies.\n")); … … 176 168 177 169 state->out_packet = state->in_packet; 170 171 ret = dns_verify_tsig(dns, state, &state->state, &state->out_packet, in); 172 if (!W_ERROR_IS_OK(ret)) { 173 state->dns_err = werr_to_dns_err(ret); 174 tevent_req_done(req); 175 return tevent_req_post(req, ev); 176 } 178 177 179 178 switch (state->in_packet.operation & DNS_OPCODE) { … … 237 236 } 238 237 if ((state->dns_err != DNS_RCODE_OK) && 239 (state->dns_err != DNS_RCODE_NXDOMAIN)) { 238 (state->dns_err != DNS_RCODE_NXDOMAIN) && 239 (state->dns_err != DNS_RCODE_NOTAUTH)) 240 { 240 241 goto drop; 241 242 } -
vendor/current/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
r988 r989 420 420 } 421 421 422 /* 423 * We skip this check under dbcheck to allow fixing of other 424 * attributes even if an attribute is missing. This matters 425 * for CN=RID Set as the required attribute rIDNextRid is not 426 * replicated. 427 */ 422 428 if (found_must_contain[0] != NULL && 423 ldb_msg_check_string_attribute(msg, "isDeleted", "TRUE") == 0) { 429 ldb_msg_check_string_attribute(msg, "isDeleted", "TRUE") == 0 && 430 ldb_request_get_control(ac->req, DSDB_CONTROL_DBCHECK) == NULL) { 424 431 ldb_asprintf_errstring(ldb, "objectclass_attrs: at least one mandatory attribute ('%s') on entry '%s' wasn't specified!", 425 432 found_must_contain[0], -
vendor/current/source4/dsdb/samdb/ldb_modules/ranged_results.c
r988 r989 202 202 for (i = 0; req->op.search.attrs && req->op.search.attrs[i]; i++) { 203 203 char *p; 204 size_t range_len = strlen(";range="); 205 204 206 new_attrs = talloc_realloc(req, new_attrs, const char *, i+2); 205 207 new_attrs[i] = req->op.search.attrs[i]; … … 209 211 continue; 210 212 } 211 if (strncasecmp(p, ";range=", strlen(";range=")) != 0) {213 if (strncasecmp(p, ";range=", range_len) != 0) { 212 214 continue; 213 215 } 214 216 end = (unsigned int)-1; 215 if (sscanf(p , ";range=%u-*", &start) != 1) {216 if (sscanf(p , ";range=%u-%u", &start, &end) != 2) {217 if (sscanf(p + range_len, "%u-*", &start) != 1) { 218 if (sscanf(p + range_len, "%u-%u", &start, &end) != 2) { 217 219 ldb_asprintf_errstring(ldb, 218 220 "range request error: " -
vendor/current/source4/heimdal/kdc/misc.c
r988 r989 41 41 krb5_const_principal principal, 42 42 unsigned flags, 43 krb5 uint32 *kvno_ptr,43 krb5int32 *kvno_ptr, 44 44 HDB **db, 45 45 hdb_entry_ex **h) -
vendor/current/source4/heimdal/lib/asn1/krb5.asn1
r988 r989 361 361 EncryptedData ::= SEQUENCE { 362 362 etype[0] ENCTYPE, -- EncryptionType 363 kvno[1] krb5 uint32 OPTIONAL,363 kvno[1] krb5int32 OPTIONAL, 364 364 cipher[2] OCTET STRING -- ciphertext 365 365 } -
vendor/current/source4/heimdal/lib/krb5/mcache.c
r988 r989 156 156 } 157 157 158 static void KRB5_CALLCONV 159 mcc_destroy_internal(krb5_context context, 160 krb5_mcache *m) 161 { 162 struct link *l; 163 164 if (m->primary_principal != NULL) { 165 krb5_free_principal (context, m->primary_principal); 166 m->primary_principal = NULL; 167 } 168 m->dead = 1; 169 170 l = m->creds; 171 while (l != NULL) { 172 struct link *old; 173 174 krb5_free_cred_contents (context, &l->cred); 175 old = l; 176 l = l->next; 177 free (old); 178 } 179 180 m->creds = NULL; 181 return; 182 } 183 158 184 static krb5_error_code KRB5_CALLCONV 159 185 mcc_initialize(krb5_context context, … … 162 188 { 163 189 krb5_mcache *m = MCACHE(id); 190 /* 191 * It's important to destroy any existing 192 * creds here, that matches the baheviour 193 * of all other backends and also the 194 * MEMORY: backend in MIT. 195 */ 196 mcc_destroy_internal(context, m); 164 197 m->dead = 0; 198 m->kdc_offset = 0; 165 199 m->mtime = time(NULL); 166 200 return krb5_copy_principal (context, … … 196 230 { 197 231 krb5_mcache **n, *m = MCACHE(id); 198 struct link *l;199 232 200 233 if (m->refcnt == 0) … … 212 245 } 213 246 HEIMDAL_MUTEX_unlock(&mcc_mutex); 214 if (m->primary_principal != NULL) { 215 krb5_free_principal (context, m->primary_principal); 216 m->primary_principal = NULL; 217 } 218 m->dead = 1; 219 220 l = m->creds; 221 while (l != NULL) { 222 struct link *old; 223 224 krb5_free_cred_contents (context, &l->cred); 225 old = l; 226 l = l->next; 227 free (old); 228 } 229 m->creds = NULL; 247 mcc_destroy_internal(context, m); 230 248 } 231 249 return 0; -
vendor/current/source4/lib/wmi/wmi_wrap.c
r988 r989 40 40 /* attribute recognised by some compilers to avoid 'unused' warnings */ 41 41 #ifndef SWIGUNUSED 42 # if defined(__GNUC__) 43 # if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)) 44 # define SWIGUNUSED __attribute__ ((__unused__)) 45 # else 46 # define SWIGUNUSED 47 # endif 48 # elif defined(__ICC) 42 # ifdef HAVE___ATTRIBUTE__ 49 43 # define SWIGUNUSED __attribute__ ((__unused__)) 50 44 # else -
vendor/current/source4/librpc/rpc/dcerpc.c
r988 r989 156 156 c->srv_max_xmit_frag = 5840; 157 157 c->srv_max_recv_frag = 5840; 158 c->max_total_response_size = DCERPC_NCACN_RESPONSE_DEFAULT_MAX_SIZE; 158 159 c->pending = NULL; 159 160 … … 1415 1416 /* the bind_ack might contain a reply set of credentials */ 1416 1417 if (pkt->auth_length != 0 && sec->tmp_auth_info.in != NULL) { 1417 uint32_t auth_length;1418 1419 1418 status = dcerpc_pull_auth_trailer(pkt, sec->tmp_auth_info.mem, 1420 1419 &pkt->u.bind_ack.auth_info, 1421 1420 sec->tmp_auth_info.in, 1422 &auth_length, true);1421 NULL, true); 1423 1422 if (tevent_req_nterror(req, status)) { 1424 1423 return; … … 1578 1577 length = pkt->u.response.stub_and_verifier.length; 1579 1578 1580 if (req->payload.length + length > DCERPC_NCACN_PAYLOAD_MAX_SIZE) {1579 if (req->payload.length + length > c->max_total_response_size) { 1581 1580 DEBUG(2,("Unexpected total payload 0x%X > 0x%X dcerpc response\n", 1582 1581 (unsigned)req->payload.length + length, 1583 DCERPC_NCACN_PAYLOAD_MAX_SIZE));1582 (unsigned)c->max_total_response_size)); 1584 1583 dcerpc_connection_dead(c, NT_STATUS_RPC_PROTOCOL_ERROR); 1585 1584 return; … … 2435 2434 /* the alter_resp might contain a reply set of credentials */ 2436 2435 if (pkt->auth_length != 0 && sec->tmp_auth_info.in != NULL) { 2437 uint32_t auth_length;2438 2439 2436 status = dcerpc_pull_auth_trailer(pkt, sec->tmp_auth_info.mem, 2440 2437 &pkt->u.alter_resp.auth_info, 2441 2438 sec->tmp_auth_info.in, 2442 &auth_length, true);2439 NULL, true); 2443 2440 if (tevent_req_nterror(req, status)) { 2444 2441 return; -
vendor/current/source4/librpc/rpc/dcerpc.h
r988 r989 108 108 /* the next context_id to be assigned */ 109 109 uint32_t next_context_id; 110 111 /* The maximum total payload of reassembled response pdus */ 112 size_t max_total_response_size; 110 113 }; 111 114 -
vendor/current/source4/ntvfs/posix/posix_eadb.c
r988 r989 22 22 #include "includes.h" 23 23 #include "lib/tdb_wrap/tdb_wrap.h" 24 #ifdef WITH_NTVFS_FILESERVER 24 25 #include "vfs_posix.h" 26 #endif 25 27 #include "posix_eadb.h" 26 28 … … 144 146 } 145 147 146 NTSTATUS pull_xattr_blob_tdb(struct pvfs_state *pvfs_state,147 TALLOC_CTX *mem_ctx,148 const char *attr_name,149 const char *fname,150 int fd,151 size_t estimated_size,152 DATA_BLOB *blob)153 {154 return pull_xattr_blob_tdb_raw(pvfs_state->ea_db,mem_ctx,attr_name,fname,fd,estimated_size,blob);155 }156 157 148 /* 158 149 push a xattr as a blob, using ea_tdb … … 200 191 return status; 201 192 } 202 NTSTATUS push_xattr_blob_tdb(struct pvfs_state *pvfs_state,203 const char *attr_name,204 const char *fname,205 int fd,206 const DATA_BLOB *blob)207 {208 return push_xattr_blob_tdb_raw(pvfs_state->ea_db, attr_name, fname, fd, blob);209 }210 193 211 194 … … 235 218 236 219 /* 237 delete a xattr238 */239 NTSTATUS delete_posix_eadb(struct pvfs_state *pvfs_state, const char *attr_name,240 const char *fname, int fd)241 {242 return delete_posix_eadb_raw(pvfs_state->ea_db,243 attr_name, fname, fd);244 }245 246 247 /*248 220 delete all xattrs for a file 249 221 */ … … 272 244 273 245 /* 274 delete all xattrs for a file275 */276 NTSTATUS unlink_posix_eadb(struct pvfs_state *pvfs_state, const char *fname)277 {278 return unlink_posix_eadb_raw(pvfs_state->ea_db, fname, -1);279 }280 281 /*282 246 list all xattrs for a file 283 247 */ … … 289 253 fname, fd, 100, list); 290 254 } 255 256 #ifdef WITH_NTVFS_FILESERVER 257 NTSTATUS pull_xattr_blob_tdb(struct pvfs_state *pvfs_state, 258 TALLOC_CTX *mem_ctx, 259 const char *attr_name, 260 const char *fname, 261 int fd, 262 size_t estimated_size, 263 DATA_BLOB *blob) 264 { 265 return pull_xattr_blob_tdb_raw(pvfs_state->ea_db,mem_ctx,attr_name,fname,fd,estimated_size,blob); 266 } 267 268 NTSTATUS push_xattr_blob_tdb(struct pvfs_state *pvfs_state, 269 const char *attr_name, 270 const char *fname, 271 int fd, 272 const DATA_BLOB *blob) 273 { 274 return push_xattr_blob_tdb_raw(pvfs_state->ea_db, attr_name, fname, fd, blob); 275 } 276 277 /* 278 delete a xattr 279 */ 280 NTSTATUS delete_posix_eadb(struct pvfs_state *pvfs_state, const char *attr_name, 281 const char *fname, int fd) 282 { 283 return delete_posix_eadb_raw(pvfs_state->ea_db, 284 attr_name, fname, fd); 285 } 286 287 /* 288 delete all xattrs for a file 289 */ 290 NTSTATUS unlink_posix_eadb(struct pvfs_state *pvfs_state, const char *fname) 291 { 292 return unlink_posix_eadb_raw(pvfs_state->ea_db, fname, -1); 293 } 294 295 #endif -
vendor/current/source4/ntvfs/posix/wscript_build
r988 r989 1 1 #!/usr/bin/env python 2 2 3 bld.SAMBA_SUBSYSTEM('pvfs_acl', 4 source='pvfs_acl.c', 5 autoproto='vfs_acl_proto.h', 6 deps='events samba-modules', 7 ) 3 if bld.CONFIG_SET('WITH_NTVFS_FILESERVER'): 4 bld.SAMBA_SUBSYSTEM('pvfs_acl', 5 source='pvfs_acl.c', 6 autoproto='vfs_acl_proto.h', 7 deps='events samba-modules', 8 ) 8 9 9 10 10 bld.SAMBA_MODULE('pvfs_acl_xattr',11 source='pvfs_acl_xattr.c',12 subsystem='pvfs_acl',13 init_function='pvfs_acl_xattr_init',14 deps='NDR_XATTR events'15 11 bld.SAMBA_MODULE('pvfs_acl_xattr', 12 source='pvfs_acl_xattr.c', 13 subsystem='pvfs_acl', 14 init_function='pvfs_acl_xattr_init', 15 deps='NDR_XATTR events' 16 ) 16 17 17 18 18 bld.SAMBA_MODULE('pvfs_acl_nfs4',19 source='pvfs_acl_nfs4.c',20 subsystem='pvfs_acl',21 init_function='pvfs_acl_nfs4_init',22 deps='NDR_NFS4ACL samdb events'23 19 bld.SAMBA_MODULE('pvfs_acl_nfs4', 20 source='pvfs_acl_nfs4.c', 21 subsystem='pvfs_acl', 22 init_function='pvfs_acl_nfs4_init', 23 deps='NDR_NFS4ACL samdb events' 24 ) 24 25 25 26 26 bld.SAMBA_SUBSYSTEM('pvfs_aio',27 source='pvfs_aio.c',28 deps='tevent',29 enabled=False30 27 bld.SAMBA_SUBSYSTEM('pvfs_aio', 28 source='pvfs_aio.c', 29 deps='tevent', 30 enabled=False 31 ) 31 32 32 33 33 bld.SAMBA_MODULE('ntvfs_posix',34 source='vfs_posix.c pvfs_util.c pvfs_search.c pvfs_dirlist.c pvfs_fileinfo.c pvfs_unlink.c pvfs_mkdir.c pvfs_open.c pvfs_read.c pvfs_flush.c pvfs_write.c pvfs_fsinfo.c pvfs_qfileinfo.c pvfs_setfileinfo.c pvfs_rename.c pvfs_resolve.c pvfs_shortname.c pvfs_lock.c pvfs_oplock.c pvfs_wait.c pvfs_seek.c pvfs_ioctl.c pvfs_xattr.c pvfs_streams.c pvfs_notify.c pvfs_sys.c xattr_system.c',35 autoproto='vfs_posix_proto.h',36 subsystem='ntvfs',37 init_function='ntvfs_posix_init',38 deps='NDR_XATTR attr ntvfs_common MESSAGING LIBWBCLIENT_OLD pvfs_acl pvfs_aio posix_eadb',39 internal_module=True40 34 bld.SAMBA_MODULE('ntvfs_posix', 35 source='vfs_posix.c pvfs_util.c pvfs_search.c pvfs_dirlist.c pvfs_fileinfo.c pvfs_unlink.c pvfs_mkdir.c pvfs_open.c pvfs_read.c pvfs_flush.c pvfs_write.c pvfs_fsinfo.c pvfs_qfileinfo.c pvfs_setfileinfo.c pvfs_rename.c pvfs_resolve.c pvfs_shortname.c pvfs_lock.c pvfs_oplock.c pvfs_wait.c pvfs_seek.c pvfs_ioctl.c pvfs_xattr.c pvfs_streams.c pvfs_notify.c pvfs_sys.c xattr_system.c', 36 autoproto='vfs_posix_proto.h', 37 subsystem='ntvfs', 38 init_function='ntvfs_posix_init', 39 deps='NDR_XATTR attr ntvfs_common MESSAGING LIBWBCLIENT_OLD pvfs_acl pvfs_aio posix_eadb', 40 internal_module=True 41 ) 41 42 42 43 -
vendor/current/source4/ntvfs/wscript_build
r988 r989 6 6 deps='tevent samba-modules', 7 7 private_library=True, 8 enabled=bld.AD_DC_BUILD_IS_ENABLED()8 enabled=bld.CONFIG_SET('WITH_NTVFS_FILESERVER') 9 9 ) 10 10 11 if bld.AD_DC_BUILD_IS_ENABLED(): 12 bld.RECURSE('posix') 11 bld.RECURSE('posix') 12 if bld.CONFIG_SET('WITH_NTVFS_FILESERVER'): 13 13 bld.RECURSE('common') 14 14 bld.RECURSE('unixuid') 15 15 bld.RECURSE('sysdep') 16 16 17 bld.SAMBA_MODULE('ntvfs_cifs',18 source='cifs/vfs_cifs.c',19 subsystem='ntvfs',20 init_function='ntvfs_cifs_init',21 deps='LIBCLI_SMB smbclient-raw param_options'22 17 bld.SAMBA_MODULE('ntvfs_cifs', 18 source='cifs/vfs_cifs.c', 19 subsystem='ntvfs', 20 init_function='ntvfs_cifs_init', 21 deps='LIBCLI_SMB smbclient-raw param_options' 22 ) 23 23 24 24 25 bld.SAMBA_MODULE('ntvfs_smb2',26 source='smb2/vfs_smb2.c',27 subsystem='ntvfs',28 init_function='ntvfs_smb2_init',29 deps='LIBCLI_SMB smbclient-raw param_options'30 25 bld.SAMBA_MODULE('ntvfs_smb2', 26 source='smb2/vfs_smb2.c', 27 subsystem='ntvfs', 28 init_function='ntvfs_smb2_init', 29 deps='LIBCLI_SMB smbclient-raw param_options' 30 ) 31 31 32 32 33 bld.SAMBA_MODULE('ntvfs_simple',34 source='simple/vfs_simple.c simple/svfs_util.c',35 autoproto='simple/proto.h',36 subsystem='ntvfs',37 init_function='ntvfs_simple_init',38 deps='talloc'39 33 bld.SAMBA_MODULE('ntvfs_simple', 34 source='simple/vfs_simple.c simple/svfs_util.c', 35 autoproto='simple/proto.h', 36 subsystem='ntvfs', 37 init_function='ntvfs_simple_init', 38 deps='talloc' 39 ) 40 40 41 41 42 bld.SAMBA_MODULE('ntvfs_cifsposix',43 source='cifs_posix_cli/vfs_cifs_posix.c cifs_posix_cli/svfs_util.c',44 autoproto='cifs_posix_cli/proto.h',45 subsystem='ntvfs',46 init_function='ntvfs_cifs_posix_init',47 deps='talloc'48 42 bld.SAMBA_MODULE('ntvfs_cifsposix', 43 source='cifs_posix_cli/vfs_cifs_posix.c cifs_posix_cli/svfs_util.c', 44 autoproto='cifs_posix_cli/proto.h', 45 subsystem='ntvfs', 46 init_function='ntvfs_cifs_posix_init', 47 deps='talloc' 48 ) 49 49 50 50 51 bld.SAMBA_MODULE('ntvfs_print',52 source='print/vfs_print.c',53 subsystem='ntvfs',54 init_function='ntvfs_print_init',55 deps='talloc'56 51 bld.SAMBA_MODULE('ntvfs_print', 52 source='print/vfs_print.c', 53 subsystem='ntvfs', 54 init_function='ntvfs_print_init', 55 deps='talloc' 56 ) 57 57 58 58 59 bld.SAMBA_MODULE('ntvfs_ipc',60 source='ipc/vfs_ipc.c ipc/ipc_rap.c ipc/rap_server.c',61 autoproto='ipc/proto.h',62 subsystem='ntvfs',63 init_function='ntvfs_ipc_init',64 deps='NDR_NAMED_PIPE_AUTH npa_tstream gssapi samba-credentials DCERPC_SHARE'65 59 bld.SAMBA_MODULE('ntvfs_ipc', 60 source='ipc/vfs_ipc.c ipc/ipc_rap.c ipc/rap_server.c', 61 autoproto='ipc/proto.h', 62 subsystem='ntvfs', 63 init_function='ntvfs_ipc_init', 64 deps='NDR_NAMED_PIPE_AUTH npa_tstream gssapi samba-credentials DCERPC_SHARE' 65 ) 66 66 67 67 68 bld.SAMBA_MODULE('ntvfs_nbench',69 source='nbench/vfs_nbench.c',70 subsystem='ntvfs',71 init_function='ntvfs_nbench_init',72 deps='talloc'73 68 bld.SAMBA_MODULE('ntvfs_nbench', 69 source='nbench/vfs_nbench.c', 70 subsystem='ntvfs', 71 init_function='ntvfs_nbench_init', 72 deps='talloc' 73 ) 74 74 75 75 -
vendor/current/source4/param/pyparam.c
r988 r989 322 322 323 323 } 324 325 static PyObject *py_lp_log_level(PyObject *self, PyObject *unused) 326 { 327 int ret = DEBUGLEVEL_CLASS[DBGC_CLASS]; 328 return PyInt_FromLong(ret); 329 } 330 324 331 325 332 static PyObject *py_samdb_url(PyObject *self, PyObject *unused) … … 358 365 { "dump", py_lp_dump, METH_VARARGS, 359 366 "S.dump(stream, show_defaults=False)" }, 367 { "log_level", py_lp_log_level, METH_NOARGS, 368 "S.log_level() -> int\n Get the active log level" }, 360 369 { "dump_a_parameter", py_lp_dump_a_parameter, METH_VARARGS, 361 370 "S.dump_a_parameter(stream, name, service_name)" }, -
vendor/current/source4/rpc_server/common/server_info.c
r988 r989 27 27 #include "param/param.h" 28 28 #include "rpc_server/common/common.h" 29 #include "rpc_server/common/share.h"30 29 #include "libds/common/roles.h" 31 30 -
vendor/current/source4/rpc_server/dcerpc_server.c
r988 r989 409 409 p->max_recv_frag = 5840; 410 410 p->max_xmit_frag = 5840; 411 p->max_total_request_size = DCERPC_NCACN_REQUEST_DEFAULT_MAX_SIZE; 411 412 412 413 *_p = p; … … 804 805 TALLOC_FREE(call->context); 805 806 807 if (call->fault_code == DCERPC_NCA_S_PROTO_ERROR) { 808 return dcesrv_bind_nak(call, 809 DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED); 810 } 811 806 812 if (auth->auth_level != DCERPC_AUTH_LEVEL_NONE) { 807 813 /* … … 936 942 if (!dcesrv_auth_auth3(call)) { 937 943 call->conn->auth_state.auth_invalid = true; 944 if (call->fault_code != 0) { 945 return dcesrv_fault_disconnect(call, call->fault_code); 946 } 938 947 } 939 948 … … 1105 1114 auth_ok = dcesrv_auth_alter(call); 1106 1115 if (!auth_ok) { 1107 if (call->in_auth_info.auth_type == DCERPC_AUTH_TYPE_NONE) { 1108 return dcesrv_fault_disconnect(call, 1109 DCERPC_FAULT_ACCESS_DENIED); 1116 if (call->fault_code != 0) { 1117 return dcesrv_fault_disconnect(call, call->fault_code); 1110 1118 } 1111 1119 } … … 1533 1541 * Up to 4 MByte are allowed by all fragments 1534 1542 */ 1535 available = DCERPC_NCACN_PAYLOAD_MAX_SIZE;1543 available = dce_conn->max_total_request_size; 1536 1544 if (er->stub_and_verifier.length > available) { 1537 1545 dcesrv_call_disconnect_after(existing, … … 1586 1594 * Up to 4 MByte are allowed by all fragments 1587 1595 */ 1588 if (call->pkt.u.request.alloc_hint > DCERPC_NCACN_PAYLOAD_MAX_SIZE) {1596 if (call->pkt.u.request.alloc_hint > dce_conn->max_total_request_size) { 1589 1597 dcesrv_call_disconnect_after(call, 1590 1598 "dcesrv_auth_request - initial alloc hint too large"); -
vendor/current/source4/rpc_server/dcerpc_server.h
r988 r989 274 274 /* the association group the connection belongs to */ 275 275 struct dcesrv_assoc_group *assoc_group; 276 277 /* The maximum total payload of reassembled request pdus */ 278 size_t max_total_request_size; 276 279 }; 277 280 -
vendor/current/source4/rpc_server/dcesrv_auth.c
r988 r989 45 45 struct dcesrv_auth *auth = &dce_conn->auth_state; 46 46 NTSTATUS status; 47 uint32_t auth_length;48 47 49 48 if (pkt->auth_length == 0) { … … 56 55 status = dcerpc_pull_auth_trailer(pkt, call, &pkt->u.bind.auth_info, 57 56 &call->in_auth_info, 58 &auth_length, false); 59 if (!NT_STATUS_IS_OK(status)) { 57 NULL, true); 58 if (!NT_STATUS_IS_OK(status)) { 59 /* 60 * This will cause a 61 * DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED 62 * in the caller 63 */ 64 call->fault_code = DCERPC_NCA_S_PROTO_ERROR; 60 65 return false; 61 66 } … … 242 247 struct dcesrv_connection *dce_conn = call->conn; 243 248 NTSTATUS status; 244 uint32_t auth_length;245 249 246 250 if (pkt->auth_length == 0) { … … 258 262 259 263 status = dcerpc_pull_auth_trailer(pkt, call, &pkt->u.auth3.auth_info, 260 &call->in_auth_info, &auth_length, true); 261 if (!NT_STATUS_IS_OK(status)) { 264 &call->in_auth_info, NULL, true); 265 if (!NT_STATUS_IS_OK(status)) { 266 /* 267 * Windows returns DCERPC_NCA_S_FAULT_REMOTE_NO_MEMORY 268 * instead of DCERPC_NCA_S_PROTO_ERROR. 269 */ 270 call->fault_code = DCERPC_NCA_S_FAULT_REMOTE_NO_MEMORY; 262 271 return false; 263 272 } … … 325 334 struct dcesrv_connection *dce_conn = call->conn; 326 335 NTSTATUS status; 327 uint32_t auth_length;328 336 329 337 /* on a pure interface change there is no auth blob */ … … 336 344 337 345 if (dce_conn->auth_state.auth_finished) { 346 call->fault_code = DCERPC_FAULT_ACCESS_DENIED; 338 347 return false; 339 348 } … … 345 354 346 355 status = dcerpc_pull_auth_trailer(pkt, call, &pkt->u.alter.auth_info, 347 &call->in_auth_info, &auth_length, true); 348 if (!NT_STATUS_IS_OK(status)) { 356 &call->in_auth_info, NULL, true); 357 if (!NT_STATUS_IS_OK(status)) { 358 call->fault_code = DCERPC_NCA_S_PROTO_ERROR; 359 return false; 360 } 361 362 if (call->in_auth_info.auth_type == DCERPC_AUTH_TYPE_NONE) { 363 call->fault_code = DCERPC_FAULT_ACCESS_DENIED; 349 364 return false; 350 365 } -
vendor/current/source4/rpc_server/wkssvc/dcesrv_wkssvc.c
r988 r989 25 25 #include "librpc/gen_ndr/ndr_srvsvc.h" 26 26 #include "rpc_server/common/common.h" 27 #include "rpc_server/common/share.h"28 27 #include "param/param.h" 29 28 -
vendor/current/source4/rpc_server/wscript_build
r988 r989 2 2 3 3 bld.SAMBA_SUBSYSTEM('DCERPC_SHARE', 4 source='common/s erver_info.c common/share_info.c',4 source='common/share_info.c', 5 5 autoproto='common/share.h', 6 6 deps='ldb', 7 enabled=bld. AD_DC_BUILD_IS_ENABLED()7 enabled=bld.CONFIG_SET('WITH_NTVFS_FILESERVER'), 8 8 ) 9 9 10 10 bld.SAMBA_SUBSYSTEM('DCERPC_COMMON', 11 source='common/ forward.c common/reply.c dcesrv_auth.c common/loadparm.c',11 source='common/server_info.c common/forward.c common/reply.c dcesrv_auth.c common/loadparm.c', 12 12 autoproto='common/proto.h', 13 13 deps='ldb DCERPC_SHARE samba_server_gensec', … … 55 55 subsystem='dcerpc_server', 56 56 init_function='dcerpc_server_srvsvc_init', 57 deps='DCERPC_COMMON NDR_SRVSVC share ntvfs' 57 deps='DCERPC_COMMON NDR_SRVSVC share ntvfs', 58 enabled=bld.CONFIG_SET('WITH_NTVFS_FILESERVER') 58 59 ) 59 60 … … 89 90 init_function='dcerpc_server_winreg_init', 90 91 deps='registry ndr-standard', 91 internal_module=True 92 internal_module=True, 93 enabled=bld.CONFIG_SET('WITH_NTVFS_FILESERVER') 92 94 ) 93 95 … … 133 135 init_function='dcerpc_server_spoolss_init', 134 136 deps='DCERPC_COMMON NDR_SPOOLSS ntptr RPC_NDR_SPOOLSS', 135 internal_module=True 137 internal_module=True, 138 enabled=bld.CONFIG_SET('WITH_NTVFS_FILESERVER') 136 139 ) 137 140 -
vendor/current/source4/scripting/bin/samba_spnupdate
r988 r989 220 220 try: 221 221 binding_options = "seal" 222 if int(lp.get("log level")) >= 5:222 if lp.log_level() >= 5: 223 223 binding_options += ",print" 224 224 drs = drsuapi.drsuapi('ncacn_ip_tcp:%s[%s]' % (server, binding_options), lp, creds) -
vendor/current/source4/selftest/tests.py
r988 r989 301 301 ntvfsargs = ["--option=torture:sharedelay=100000", "--option=torture:oplocktimeout=3", "--option=torture:writetimeupdatedelay=500000"] 302 302 303 # smb2.change_notify_disabled must only run against env fileserver-notify-disabled 304 smb2 = filter(lambda x: "smb2.change_notify_disabled" not in x, smbtorture4_testsuites("smb2.")) 303 # Filter smb2 tests that should not run against ad_dc_ntvfs 304 smb2_s3only = ["smb2.change_notify_disabled", "smb2.dosmode"] 305 smb2 = [x for x in smbtorture4_testsuites("smb2.") if x not in smb2_s3only] 305 306 306 307 #The QFILEINFO-IPC test needs to be on ipc$ … … 358 359 # DNS tests 359 360 plantestsuite_loadlist("samba.tests.dns", "fl2003dc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) 361 362 plantestsuite_loadlist("samba.tests.dns_tkey", "fl2008r2dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_tkey.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) 360 363 361 364 for t in smbtorture4_testsuites("dns_internal."): … … 508 511 plantestsuite("samba.ntlm_auth.(%s:local)" % env, "%s:local" % env, [os.path.join(samba3srcdir, "script/tests/test_ntlm_auth_s3.sh"), valgrindify(python), samba3srcdir, ntlm_auth3, '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', configuration]) 509 512 513 for env in ["s4member_dflt_domain", "s4member"]: 514 for cmd in ["id", "getent"]: 515 users = ["$DC_USERNAME", "$DC_USERNAME@$REALM"] 516 if env == "s4member": 517 users = ["$DOMAIN/$DC_USERNAME", "$DC_USERNAME@$REALM"] 518 for usr in users: 519 plantestsuite("samba4.winbind.dom_name_parse.cmd", env, "%s/dom_parse.sh %s %s" % (bbdir,cmd,usr)) 510 520 511 521 nsstest4 = binpath("nsstest") … … 537 547 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.dcerpc.srvsvc") 538 548 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.timecmd") 549 550 # test fsmo show 551 for env in ["ad_dc_ntvfs", "fl2000dc", "fl2003dc", "fl2008r2dc"]: 552 planpythontestsuite(env + ":local", "samba.tests.samba_tool.fsmo") 539 553 540 554 # We run this test against both AD DC implemetnations because it is -
vendor/current/source4/smb_server/service_smb.c
r988 r989 35 35 #include "param/param.h" 36 36 #include "file_server/file_server.h" 37 37 #include "ntvfs/ntvfs.h" 38 #include "lib/cmdline/popt_common.h" 38 39 /* 39 40 open the smb server sockets … … 87 88 NTSTATUS server_service_smb_init(void) 88 89 { 90 ntvfs_init(cmdline_lp_ctx); 89 91 share_init(); 90 92 return register_server_service("smb", smbsrv_task_init); -
vendor/current/source4/smb_server/wscript_build
r988 r989 6 6 subsystem='service', 7 7 init_function='server_service_smb_init', 8 deps='SMB_SERVER netif shares samba-hostconfig ',8 deps='SMB_SERVER netif shares samba-hostconfig POPT_SAMBA', 9 9 internal_module=False, 10 10 enabled=bld.CONFIG_SET('WITH_NTVFS_FILESERVER') -
vendor/current/source4/smbd/server.c
r988 r989 29 29 #include "system/dir.h" 30 30 #include "system/filesys.h" 31 #include "ntvfs/ntvfs.h"32 31 #include "ntptr/ntptr.h" 33 32 #include "auth/gensec/gensec.h" … … 410 409 of the spoolss RPC server instead? */ 411 410 412 ntvfs_init(cmdline_lp_ctx); /* FIXME: maybe run this in the initialization functions413 of the SMB[,2] server instead? */414 415 411 process_model_init(cmdline_lp_ctx); 416 412 -
vendor/current/source4/torture/raw/read.c
r988 r989 20 20 #include "includes.h" 21 21 #include "libcli/raw/libcliraw.h" 22 #include "libcli/raw/raw_proto.h" 22 23 #include "system/time.h" 23 24 #include "system/filesys.h" … … 374 375 const char *test_data = "TEST DATA"; 375 376 unsigned int seed = time(NULL); 377 struct smbcli_request *smbreq = NULL; 378 unsigned int i; 376 379 377 380 buf = talloc_zero_array(tctx, uint8_t, maxsize); … … 422 425 423 426 smbcli_write(cli->tree, fnum, 0, test_data, 0, strlen(test_data)); 427 428 printf("Checking reserved fields are [0]\n"); 429 io.readx.in.file.fnum = fnum; 430 io.readx.in.offset = 0; 431 io.readx.in.remaining = 0; 432 io.readx.in.read_for_execute = false; 433 io.readx.in.mincnt = strlen(test_data); 434 io.readx.in.maxcnt = strlen(test_data); 435 smbreq = smb_raw_read_send(cli->tree, &io); 436 if (smbreq == NULL) { 437 ret = false; 438 torture_fail_goto(tctx, done, "smb_raw_read_send failed\n"); 439 } 440 if (!smbcli_request_receive(smbreq) || 441 smbcli_request_is_error(smbreq)) { 442 status = smbcli_request_destroy(smbreq); 443 torture_fail_goto(tctx, done, "receive failed\n"); 444 } 445 446 if (smbreq->in.wct != 12) { 447 ret = false; 448 printf("Incorrect wct %u (should be 12)\n", 449 (unsigned int)smbreq->in.wct); 450 status = smbcli_request_destroy(smbreq); 451 torture_fail_goto(tctx, done, "bad wct\n"); 452 } 453 454 /* Ensure VWV8 - WVW11 are zero. */ 455 for (i = 8; i < 12; i++) { 456 uint16_t br = SVAL(smbreq->in.vwv, VWV(i)); 457 if (br != 0) { 458 status = smbcli_request_destroy(smbreq); 459 ret = false; 460 printf("reserved field %u is %u not zero\n", 461 i, 462 (unsigned int)br); 463 torture_fail_goto(tctx, done, "bad reserved field\n"); 464 } 465 } 466 467 smbcli_request_destroy(smbreq); 424 468 425 469 printf("Trying small read\n"); -
vendor/current/source4/torture/rpc/lsa.c
r988 r989 3184 3184 int kvno = cli_credentials_get_kvno(credentials); 3185 3185 int expected_kvno = 0; 3186 krb5 uint32 t_kvno = 0;3186 krb5int32 t_kvno = 0; 3187 3187 const char *host = torture_setting_string(tctx, "host", NULL); 3188 3188 krb5_error_code k5ret; -
vendor/current/source4/torture/smb2/getinfo.c
r988 r989 127 127 } 128 128 129 /* 130 test granted access when desired access includes 131 FILE_EXECUTE and does not include FILE_READ_DATA 132 */ 133 static bool torture_smb2_fileinfo_grant_read(struct torture_context *tctx) 134 { 135 struct smb2_tree *tree; 136 bool ret; 137 struct smb2_handle hfile, hdir; 138 NTSTATUS status; 139 uint32_t file_granted_access, dir_granted_access; 140 141 ret = torture_smb2_connection(tctx, &tree); 142 torture_assert(tctx, ret, "connection failed"); 143 144 status = torture_smb2_testfile_access( 145 tree, FNAME, &hfile, SEC_FILE_EXECUTE | SEC_FILE_READ_ATTRIBUTE); 146 torture_assert_ntstatus_ok(tctx, status, 147 "Unable to create test file " FNAME "\n"); 148 status = 149 torture_smb2_get_allinfo_access(tree, hfile, &file_granted_access); 150 torture_assert_ntstatus_ok(tctx, status, 151 "Unable to query test file access "); 152 torture_assert_int_equal(tctx, file_granted_access, 153 SEC_FILE_EXECUTE | SEC_FILE_READ_ATTRIBUTE, 154 "granted file access "); 155 smb2_util_close(tree, hfile); 156 157 status = torture_smb2_testdir_access( 158 tree, DNAME, &hdir, SEC_FILE_EXECUTE | SEC_FILE_READ_ATTRIBUTE); 159 torture_assert_ntstatus_ok(tctx, status, 160 "Unable to create test dir " DNAME "\n"); 161 status = 162 torture_smb2_get_allinfo_access(tree, hdir, &dir_granted_access); 163 torture_assert_ntstatus_ok(tctx, status, 164 "Unable to query test dir access "); 165 torture_assert_int_equal(tctx, dir_granted_access, 166 SEC_FILE_EXECUTE | SEC_FILE_READ_ATTRIBUTE, 167 "granted dir access "); 168 smb2_util_close(tree, hdir); 169 170 return true; 171 } 129 172 130 173 /* … … 445 488 torture_suite_add_simple_test(suite, "qsec_buffercheck", 446 489 torture_smb2_qsec_buffercheck); 490 torture_suite_add_simple_test(suite, "granted", 491 torture_smb2_fileinfo_grant_read); 447 492 return suite; 448 493 } -
vendor/current/source4/torture/smb2/ioctl.c
r988 r989 274 274 { 275 275 bool ok; 276 uint32_t initial_access = desired_access; 277 278 if (size > 0) { 279 initial_access |= SEC_FILE_APPEND_DATA; 280 } 276 281 277 282 smb2_util_unlink(tree, fname); … … 280 285 fname, 281 286 fh, 282 desired_access,287 initial_access, 283 288 file_attributes); 284 torture_assert(torture, ok, "file open");289 torture_assert(torture, ok, "file create"); 285 290 286 291 if (size > 0) { … … 288 293 torture_assert(torture, ok, "write pattern"); 289 294 } 295 296 if (initial_access != desired_access) { 297 smb2_util_close(tree, *fh); 298 ok = test_setup_open(torture, tree, mem_ctx, 299 fname, 300 fh, 301 desired_access, 302 file_attributes); 303 torture_assert(torture, ok, "file open"); 304 } 305 290 306 return true; 291 307 } … … 1240 1256 enum ndr_err_code ndr_ret; 1241 1257 bool ok; 1242 1243 /* no read permission on src */ 1244 ok = test_setup_copy_chunk(torture, tree, tmp_ctx, 1245 1, /* 1 chunk */ 1258 /* read permission on src */ 1259 ok = test_setup_copy_chunk(torture, tree, tmp_ctx, 1, /* 1 chunk */ 1246 1260 &src_h, 4096, /* fill 4096 byte src file */ 1247 SEC_RIGHTS_FILE_WRITE, 1248 &dest_h, 0, /* 0 byte dest file */ 1249 SEC_RIGHTS_FILE_ALL, 1250 &cc_copy, 1251 &ioctl); 1261 SEC_FILE_READ_DATA | SEC_FILE_READ_ATTRIBUTE, 1262 &dest_h, 0, /* 0 byte dest file */ 1263 SEC_RIGHTS_FILE_ALL, &cc_copy, &ioctl); 1264 if (!ok) { 1265 torture_fail(torture, "setup copy chunk error"); 1266 } 1267 1268 cc_copy.chunks[0].source_off = 0; 1269 cc_copy.chunks[0].target_off = 0; 1270 cc_copy.chunks[0].length = 4096; 1271 1272 ndr_ret = ndr_push_struct_blob( 1273 &ioctl.smb2.in.out, tmp_ctx, &cc_copy, 1274 (ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy); 1275 torture_assert_ndr_success(torture, ndr_ret, 1276 "ndr_push_srv_copychunk_copy"); 1277 1278 status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2); 1279 torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK, 1280 "FSCTL_SRV_COPYCHUNK"); 1281 1282 smb2_util_close(tree, src_h); 1283 smb2_util_close(tree, dest_h); 1284 1285 /* execute permission on src */ 1286 ok = test_setup_copy_chunk(torture, tree, tmp_ctx, 1, /* 1 chunk */ 1287 &src_h, 4096, /* fill 4096 byte src file */ 1288 SEC_FILE_EXECUTE | SEC_FILE_READ_ATTRIBUTE, 1289 &dest_h, 0, /* 0 byte dest file */ 1290 SEC_RIGHTS_FILE_ALL, &cc_copy, &ioctl); 1291 if (!ok) { 1292 torture_fail(torture, "setup copy chunk error"); 1293 } 1294 1295 cc_copy.chunks[0].source_off = 0; 1296 cc_copy.chunks[0].target_off = 0; 1297 cc_copy.chunks[0].length = 4096; 1298 1299 ndr_ret = ndr_push_struct_blob( 1300 &ioctl.smb2.in.out, tmp_ctx, &cc_copy, 1301 (ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy); 1302 torture_assert_ndr_success(torture, ndr_ret, 1303 "ndr_push_srv_copychunk_copy"); 1304 1305 status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2); 1306 torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK, 1307 "FSCTL_SRV_COPYCHUNK"); 1308 1309 smb2_util_close(tree, src_h); 1310 smb2_util_close(tree, dest_h); 1311 1312 /* neither read nor execute permission on src */ 1313 ok = test_setup_copy_chunk(torture, tree, tmp_ctx, 1, /* 1 chunk */ 1314 &src_h, 4096, /* fill 4096 byte src file */ 1315 SEC_FILE_READ_ATTRIBUTE, &dest_h, 1316 0, /* 0 byte dest file */ 1317 SEC_RIGHTS_FILE_ALL, &cc_copy, &ioctl); 1252 1318 if (!ok) { 1253 1319 torture_fail(torture, "setup copy chunk error"); … … 1273 1339 1274 1340 /* no write permission on dest */ 1275 ok = test_setup_copy_chunk(torture, tree, tmp_ctx, 1276 1, /* 1 chunk */ 1277 &src_h, 4096, /* fill 4096 byte src file */ 1278 SEC_RIGHTS_FILE_ALL, 1279 &dest_h, 0, /* 0 byte dest file */ 1280 (SEC_RIGHTS_FILE_READ 1281 | SEC_RIGHTS_FILE_EXECUTE), 1282 &cc_copy, 1283 &ioctl); 1341 ok = test_setup_copy_chunk( 1342 torture, tree, tmp_ctx, 1, /* 1 chunk */ 1343 &src_h, 4096, /* fill 4096 byte src file */ 1344 SEC_FILE_READ_DATA | SEC_FILE_READ_ATTRIBUTE, &dest_h, 1345 0, /* 0 byte dest file */ 1346 (SEC_RIGHTS_FILE_ALL & 1347 ~(SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)), 1348 &cc_copy, &ioctl); 1284 1349 if (!ok) { 1285 1350 torture_fail(torture, "setup copy chunk error"); … … 1305 1370 1306 1371 /* no read permission on dest */ 1307 ok = test_setup_copy_chunk(torture, tree, tmp_ctx, 1308 1, /* 1 chunk */ 1372 ok = test_setup_copy_chunk(torture, tree, tmp_ctx, 1, /* 1 chunk */ 1309 1373 &src_h, 4096, /* fill 4096 byte src file */ 1310 SEC_RIGHTS_FILE_ALL, 1311 &dest_h, 0, /* 0 byte dest file */ 1312 (SEC_RIGHTS_FILE_WRITE 1313 | SEC_RIGHTS_FILE_EXECUTE), 1314 &cc_copy, 1315 &ioctl); 1374 SEC_FILE_READ_DATA | SEC_FILE_READ_ATTRIBUTE, 1375 &dest_h, 0, /* 0 byte dest file */ 1376 (SEC_RIGHTS_FILE_ALL & ~SEC_FILE_READ_DATA), 1377 &cc_copy, &ioctl); 1316 1378 if (!ok) { 1317 1379 torture_fail(torture, "setup copy chunk error"); … … 2478 2540 smb2_util_close(tree, fh); 2479 2541 2542 talloc_free(tmp_ctx); 2543 return true; 2544 } 2545 2546 static bool test_ioctl_compress_notsup_get(struct torture_context *torture, 2547 struct smb2_tree *tree) 2548 { 2549 struct smb2_handle fh; 2550 NTSTATUS status; 2551 TALLOC_CTX *tmp_ctx = talloc_new(tree); 2552 bool ok; 2553 uint16_t compression_fmt; 2554 2555 ok = test_setup_create_fill(torture, tree, tmp_ctx, 2556 FNAME, &fh, 0, SEC_RIGHTS_FILE_ALL, 2557 FILE_ATTRIBUTE_NORMAL); 2558 torture_assert(torture, ok, "setup compression file"); 2559 2560 /* skip if the server DOES support compression */ 2561 status = test_ioctl_compress_fs_supported(torture, tree, tmp_ctx, &fh, 2562 &ok); 2563 torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS"); 2564 if (ok) { 2565 smb2_util_close(tree, fh); 2566 torture_skip(torture, "FS compression supported\n"); 2567 } 2568 2569 /* 2570 * Despite not supporting compression, we should get a successful 2571 * response indicating that the file is uncompressed - like WS2016. 2572 */ 2573 status = test_ioctl_compress_get(torture, tmp_ctx, tree, fh, 2574 &compression_fmt); 2575 torture_assert_ntstatus_ok(torture, status, "FSCTL_GET_COMPRESSION"); 2576 2577 torture_assert(torture, (compression_fmt == COMPRESSION_FORMAT_NONE), 2578 "initial compression state not NONE"); 2579 2580 smb2_util_close(tree, fh); 2581 talloc_free(tmp_ctx); 2582 return true; 2583 } 2584 2585 static bool test_ioctl_compress_notsup_set(struct torture_context *torture, 2586 struct smb2_tree *tree) 2587 { 2588 struct smb2_handle fh; 2589 NTSTATUS status; 2590 TALLOC_CTX *tmp_ctx = talloc_new(tree); 2591 bool ok; 2592 2593 ok = test_setup_create_fill(torture, tree, tmp_ctx, 2594 FNAME, &fh, 0, SEC_RIGHTS_FILE_ALL, 2595 FILE_ATTRIBUTE_NORMAL); 2596 torture_assert(torture, ok, "setup compression file"); 2597 2598 /* skip if the server DOES support compression */ 2599 status = test_ioctl_compress_fs_supported(torture, tree, tmp_ctx, &fh, 2600 &ok); 2601 torture_assert_ntstatus_ok(torture, status, "SMB2_GETINFO_FS"); 2602 if (ok) { 2603 smb2_util_close(tree, fh); 2604 torture_skip(torture, "FS compression supported\n"); 2605 } 2606 2607 status = test_ioctl_compress_set(torture, tmp_ctx, tree, fh, 2608 COMPRESSION_FORMAT_DEFAULT); 2609 torture_assert_ntstatus_equal(torture, status, 2610 NT_STATUS_NOT_SUPPORTED, 2611 "FSCTL_GET_COMPRESSION"); 2612 2613 smb2_util_close(tree, fh); 2480 2614 talloc_free(tmp_ctx); 2481 2615 return true; … … 4850 4984 torture_suite_add_1smb2_test(suite, "compress_perms", 4851 4985 test_ioctl_compress_perms); 4986 torture_suite_add_1smb2_test(suite, "compress_notsup_get", 4987 test_ioctl_compress_notsup_get); 4988 torture_suite_add_1smb2_test(suite, "compress_notsup_set", 4989 test_ioctl_compress_notsup_set); 4852 4990 torture_suite_add_1smb2_test(suite, "network_interface_info", 4853 4991 test_ioctl_network_interface_info); -
vendor/current/source4/torture/smb2/lock.c
r988 r989 3030 3030 done: 3031 3031 smb2_util_close(tree, h); 3032 smb2_deltree(tree, BASEDIR); 3033 return ret; 3034 } 3035 3036 /** 3037 * Test lock interaction between smbd and ctdb with tombstone records. 3038 * 3039 * Re-locking an unlocked record could lead to a deadlock between 3040 * smbd and ctdb. Make sure we don't regress. 3041 * 3042 * https://bugzilla.samba.org/show_bug.cgi?id=12005 3043 * https://bugzilla.samba.org/show_bug.cgi?id=10008 3044 */ 3045 static bool test_deadlock(struct torture_context *torture, 3046 struct smb2_tree *tree) 3047 { 3048 NTSTATUS status; 3049 bool ret = true; 3050 struct smb2_handle _h; 3051 struct smb2_handle *h = NULL; 3052 uint8_t buf[200]; 3053 const char *fname = BASEDIR "\\deadlock.txt"; 3054 3055 if (!lpcfg_clustering(torture->lp_ctx)) { 3056 torture_skip(torture, "Test must be run on a ctdb cluster\n"); 3057 return true; 3058 } 3059 3060 status = torture_smb2_testdir(tree, BASEDIR, &_h); 3061 torture_assert_ntstatus_ok(torture, status, 3062 "torture_smb2_testdir failed"); 3063 smb2_util_close(tree, _h); 3064 3065 status = torture_smb2_testfile(tree, fname, &_h); 3066 torture_assert_ntstatus_ok_goto(torture, status, ret, done, 3067 "torture_smb2_testfile failed"); 3068 h = &_h; 3069 3070 ZERO_STRUCT(buf); 3071 status = smb2_util_write(tree, *h, buf, 0, ARRAY_SIZE(buf)); 3072 torture_assert_ntstatus_ok_goto(torture, status, ret, done, 3073 "smb2_util_write failed"); 3074 3075 status = test_smb2_lock(tree, *h, 0, 1, true); 3076 torture_assert_ntstatus_ok_goto(torture, status, ret, done, 3077 "test_smb2_lock failed"); 3078 3079 status = test_smb2_unlock(tree, *h, 0, 1); 3080 torture_assert_ntstatus_ok_goto(torture, status, ret, done, 3081 "test_smb2_unlock failed"); 3082 3083 status = test_smb2_lock(tree, *h, 0, 1, true); 3084 torture_assert_ntstatus_ok_goto(torture, status, ret, done, 3085 "test_smb2_lock failed"); 3086 3087 status = test_smb2_unlock(tree, *h, 0, 1); 3088 torture_assert_ntstatus_ok_goto(torture, status, ret, done, 3089 "test_smb2_unlock failed"); 3090 3091 done: 3092 if (h != NULL) { 3093 smb2_util_close(tree, *h); 3094 } 3032 3095 smb2_deltree(tree, BASEDIR); 3033 3096 return ret; … … 3069 3132 torture_suite_add_1smb2_test(suite, "truncate", test_truncate); 3070 3133 torture_suite_add_1smb2_test(suite, "replay", test_replay); 3134 torture_suite_add_1smb2_test(suite, "ctdb-delrec-deadlock", test_deadlock); 3071 3135 3072 3136 suite->description = talloc_strdup(suite, "SMB2-LOCK tests"); -
vendor/current/source4/torture/smb2/read.c
r988 r989 28 28 29 29 30 #define CHECK_STATUS(status, correct) do { \ 31 if (!NT_STATUS_EQUAL(status, correct)) { \ 32 printf("(%s) Incorrect status %s - should be %s\n", \ 33 __location__, nt_errstr(status), nt_errstr(correct)); \ 34 ret = false; \ 35 goto done; \ 36 }} while (0) 37 38 #define CHECK_VALUE(v, correct) do { \ 39 if ((v) != (correct)) { \ 40 printf("(%s) Incorrect value %s=%u - should be %u\n", \ 41 __location__, #v, (unsigned)v, (unsigned)correct); \ 42 ret = false; \ 43 goto done; \ 44 }} while (0) 30 #define CHECK_STATUS(_status, _expected) \ 31 torture_assert_ntstatus_equal_goto(torture, _status, _expected, \ 32 ret, done, "Incorrect status") 33 34 #define CHECK_VALUE(v, correct) \ 35 torture_assert_int_equal_goto(torture, v, correct, \ 36 ret, done, "Incorrect value") 45 37 46 38 #define FNAME "smb2_readtest.dat" … … 235 227 } 236 228 229 static bool test_read_access(struct torture_context *torture, 230 struct smb2_tree *tree) 231 { 232 bool ret = true; 233 NTSTATUS status; 234 struct smb2_handle h; 235 uint8_t buf[64 * 1024]; 236 struct smb2_read rd; 237 TALLOC_CTX *tmp_ctx = talloc_new(tree); 238 239 ZERO_STRUCT(buf); 240 241 /* create a file */ 242 smb2_util_unlink(tree, FNAME); 243 244 status = torture_smb2_testfile(tree, FNAME, &h); 245 CHECK_STATUS(status, NT_STATUS_OK); 246 247 status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf)); 248 CHECK_STATUS(status, NT_STATUS_OK); 249 250 status = smb2_util_close(tree, h); 251 CHECK_STATUS(status, NT_STATUS_OK); 252 253 /* open w/ READ access - success */ 254 status = torture_smb2_testfile_access( 255 tree, FNAME, &h, SEC_FILE_READ_ATTRIBUTE | SEC_FILE_READ_DATA); 256 CHECK_STATUS(status, NT_STATUS_OK); 257 258 ZERO_STRUCT(rd); 259 rd.in.file.handle = h; 260 rd.in.length = 5; 261 rd.in.offset = 0; 262 status = smb2_read(tree, tree, &rd); 263 CHECK_STATUS(status, NT_STATUS_OK); 264 265 status = smb2_util_close(tree, h); 266 CHECK_STATUS(status, NT_STATUS_OK); 267 268 /* open w/ EXECUTE access - success */ 269 status = torture_smb2_testfile_access( 270 tree, FNAME, &h, SEC_FILE_READ_ATTRIBUTE | SEC_FILE_EXECUTE); 271 CHECK_STATUS(status, NT_STATUS_OK); 272 273 ZERO_STRUCT(rd); 274 rd.in.file.handle = h; 275 rd.in.length = 5; 276 rd.in.offset = 0; 277 status = smb2_read(tree, tree, &rd); 278 CHECK_STATUS(status, NT_STATUS_OK); 279 280 status = smb2_util_close(tree, h); 281 CHECK_STATUS(status, NT_STATUS_OK); 282 283 /* open without READ or EXECUTE access - access denied */ 284 status = torture_smb2_testfile_access(tree, FNAME, &h, 285 SEC_FILE_READ_ATTRIBUTE); 286 CHECK_STATUS(status, NT_STATUS_OK); 287 288 ZERO_STRUCT(rd); 289 rd.in.file.handle = h; 290 rd.in.length = 5; 291 rd.in.offset = 0; 292 status = smb2_read(tree, tree, &rd); 293 CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); 294 295 status = smb2_util_close(tree, h); 296 CHECK_STATUS(status, NT_STATUS_OK); 297 298 done: 299 talloc_free(tmp_ctx); 300 return ret; 301 } 237 302 238 303 /* … … 246 311 torture_suite_add_1smb2_test(suite, "position", test_read_position); 247 312 torture_suite_add_1smb2_test(suite, "dir", test_read_dir); 313 torture_suite_add_1smb2_test(suite, "access", test_read_access); 248 314 249 315 suite->description = talloc_strdup(suite, "SMB2-READ tests"); -
vendor/current/source4/torture/smb2/replay.c
r988 r989 95 95 #define BASEDIR "replaytestdir" 96 96 97 st atic struct{97 struct break_info { 98 98 struct torture_context *tctx; 99 99 struct smb2_handle handle; … … 103 103 int failures; 104 104 NTSTATUS failure_status; 105 } break_info; 105 }; 106 107 static struct break_info break_info; 108 109 static void torture_reset_break_info(struct torture_context *tctx, 110 struct break_info *r) 111 { 112 ZERO_STRUCTP(r); 113 r->tctx = tctx; 114 } 106 115 107 116 static void torture_oplock_ack_callback(struct smb2_request *req) … … 161 170 req->async.private_data = NULL; 162 171 return true; 172 } 173 174 /** 175 * Timer handler function notifies the registering function that time is up 176 */ 177 static void timeout_cb(struct tevent_context *ev, 178 struct tevent_timer *te, 179 struct timeval current_time, 180 void *private_data) 181 { 182 bool *timesup = (bool *)private_data; 183 *timesup = true; 184 return; 185 } 186 187 /** 188 * Wait a short period of time to receive a single oplock break request 189 */ 190 static void torture_wait_for_oplock_break(struct torture_context *tctx) 191 { 192 TALLOC_CTX *tmp_ctx = talloc_new(NULL); 193 struct tevent_timer *te = NULL; 194 struct timeval ne; 195 bool timesup = false; 196 int old_count = break_info.count; 197 198 /* Wait .1 seconds for an oplock break */ 199 ne = tevent_timeval_current_ofs(0, 100000); 200 201 te = tevent_add_timer(tctx->ev, tmp_ctx, ne, timeout_cb, ×up); 202 if (te == NULL) { 203 torture_comment(tctx, "Failed to wait for an oplock break. " 204 "test results may not be accurate."); 205 goto done; 206 } 207 208 while (!timesup && break_info.count < old_count + 1) { 209 if (tevent_loop_once(tctx->ev) != 0) { 210 torture_comment(tctx, "Failed to wait for an oplock " 211 "break. test results may not be " 212 "accurate."); 213 goto done; 214 } 215 } 216 217 done: 218 /* 219 * We don't know if the timed event fired and was freed, we received 220 * our oplock break, or some other event triggered the loop. Thus, 221 * we create a tmp_ctx to be able to safely free/remove the timed 222 * event in all 3 cases. 223 */ 224 talloc_free(tmp_ctx); 225 226 return; 163 227 } 164 228 … … 1429 1493 } 1430 1494 1495 static bool test_channel_sequence_table(struct torture_context *tctx, 1496 struct smb2_tree *tree, 1497 bool do_replay, 1498 uint16_t opcode) 1499 { 1500 NTSTATUS status; 1501 TALLOC_CTX *mem_ctx = talloc_new(tctx); 1502 struct smb2_handle handle; 1503 struct smb2_handle *phandle = NULL; 1504 struct smb2_create io; 1505 struct GUID create_guid = GUID_random(); 1506 bool ret = true; 1507 const char *fname = BASEDIR "\\channel_sequence.dat"; 1508 uint16_t csn = 0; 1509 uint16_t limit = UINT16_MAX - 0x7fff; 1510 int i; 1511 struct { 1512 uint16_t csn; 1513 bool csn_rand_low; 1514 bool csn_rand_high; 1515 NTSTATUS expected_status; 1516 } tests[] = { 1517 { 1518 .csn = 0, 1519 .expected_status = NT_STATUS_OK, 1520 },{ 1521 .csn = 0x7fff + 1, 1522 .expected_status = NT_STATUS_FILE_NOT_AVAILABLE, 1523 },{ 1524 .csn = 0x7fff + 2, 1525 .expected_status = NT_STATUS_FILE_NOT_AVAILABLE, 1526 },{ 1527 .csn = -1, 1528 .csn_rand_high = true, 1529 .expected_status = NT_STATUS_FILE_NOT_AVAILABLE, 1530 },{ 1531 .csn = 0xffff, 1532 .expected_status = NT_STATUS_FILE_NOT_AVAILABLE, 1533 },{ 1534 .csn = 0x7fff, 1535 .expected_status = NT_STATUS_OK, 1536 },{ 1537 .csn = 0x7ffe, 1538 .expected_status = NT_STATUS_FILE_NOT_AVAILABLE, 1539 },{ 1540 .csn = 0, 1541 .expected_status = NT_STATUS_FILE_NOT_AVAILABLE, 1542 },{ 1543 .csn = -1, 1544 .csn_rand_low = true, 1545 .expected_status = NT_STATUS_FILE_NOT_AVAILABLE, 1546 },{ 1547 .csn = 0x7fff + 1, 1548 .expected_status = NT_STATUS_OK, 1549 },{ 1550 .csn = 0xffff, 1551 .expected_status = NT_STATUS_OK, 1552 },{ 1553 .csn = 0, 1554 .expected_status = NT_STATUS_OK, 1555 },{ 1556 .csn = 1, 1557 .expected_status = NT_STATUS_OK, 1558 },{ 1559 .csn = 0, 1560 .expected_status = NT_STATUS_FILE_NOT_AVAILABLE, 1561 },{ 1562 .csn = 1, 1563 .expected_status = NT_STATUS_OK, 1564 },{ 1565 .csn = 0xffff, 1566 .expected_status = NT_STATUS_FILE_NOT_AVAILABLE, 1567 } 1568 }; 1569 1570 smb2cli_session_reset_channel_sequence(tree->session->smbXcli, 0); 1571 1572 csn = smb2cli_session_current_channel_sequence(tree->session->smbXcli); 1573 torture_comment(tctx, "Testing create with channel sequence number: 0x%04x\n", csn); 1574 1575 smb2_oplock_create_share(&io, fname, 1576 smb2_util_share_access("RWD"), 1577 smb2_util_oplock_level("b")); 1578 io.in.durable_open = false; 1579 io.in.durable_open_v2 = true; 1580 io.in.create_guid = create_guid; 1581 io.in.timeout = UINT32_MAX; 1582 1583 torture_assert_ntstatus_ok_goto(tctx, 1584 smb2_create(tree, mem_ctx, &io), 1585 ret, done, "failed to call smb2_create"); 1586 1587 handle = io.out.file.handle; 1588 phandle = &handle; 1589 1590 for (i=0; i <ARRAY_SIZE(tests); i++) { 1591 1592 const char *opstr = ""; 1593 union smb_fileinfo qfinfo; 1594 1595 csn = tests[i].csn; 1596 1597 if (tests[i].csn_rand_low) { 1598 csn = rand() % limit; 1599 } else if (tests[i].csn_rand_high) { 1600 csn = rand() % limit + 0x7fff; 1601 } 1602 1603 switch (opcode) { 1604 case SMB2_OP_WRITE: 1605 opstr = "write"; 1606 break; 1607 case SMB2_OP_IOCTL: 1608 opstr = "ioctl"; 1609 break; 1610 case SMB2_OP_SETINFO: 1611 opstr = "setinfo"; 1612 break; 1613 default: 1614 break; 1615 } 1616 1617 smb2cli_session_reset_channel_sequence(tree->session->smbXcli, csn); 1618 csn = smb2cli_session_current_channel_sequence(tree->session->smbXcli); 1619 1620 torture_comment(tctx, "Testing %s (replay: %s) with CSN 0x%04x, expecting: %s\n", 1621 opstr, do_replay ? "true" : "false", csn, 1622 nt_errstr(tests[i].expected_status)); 1623 1624 if (do_replay) { 1625 smb2cli_session_start_replay(tree->session->smbXcli); 1626 } 1627 1628 switch (opcode) { 1629 case SMB2_OP_WRITE: { 1630 DATA_BLOB blob = data_blob_talloc(tctx, NULL, 255); 1631 1632 generate_random_buffer(blob.data, blob.length); 1633 1634 status = smb2_util_write(tree, handle, blob.data, 0, blob.length); 1635 if (NT_STATUS_IS_OK(status)) { 1636 struct smb2_read rd; 1637 1638 rd = (struct smb2_read) { 1639 .in.file.handle = handle, 1640 .in.length = blob.length, 1641 .in.offset = 0 1642 }; 1643 1644 torture_assert_ntstatus_ok_goto(tctx, 1645 smb2_read(tree, tree, &rd), 1646 ret, done, "failed to read after write"); 1647 1648 torture_assert_data_blob_equal(tctx, 1649 rd.out.data, blob, 1650 "read/write mismatch"); 1651 } 1652 break; 1653 } 1654 case SMB2_OP_IOCTL: { 1655 union smb_ioctl ioctl; 1656 ioctl = (union smb_ioctl) { 1657 .smb2.level = RAW_IOCTL_SMB2, 1658 .smb2.in.file.handle = handle, 1659 .smb2.in.function = FSCTL_CREATE_OR_GET_OBJECT_ID, 1660 .smb2.in.max_response_size = 64, 1661 .smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL 1662 }; 1663 status = smb2_ioctl(tree, mem_ctx, &ioctl.smb2); 1664 break; 1665 } 1666 case SMB2_OP_SETINFO: { 1667 union smb_setfileinfo sfinfo; 1668 ZERO_STRUCT(sfinfo); 1669 sfinfo.generic.level = RAW_SFILEINFO_POSITION_INFORMATION; 1670 sfinfo.generic.in.file.handle = handle; 1671 sfinfo.position_information.in.position = 0x1000; 1672 status = smb2_setinfo_file(tree, &sfinfo); 1673 break; 1674 } 1675 default: 1676 break; 1677 } 1678 1679 qfinfo = (union smb_fileinfo) { 1680 .generic.level = RAW_SFILEINFO_POSITION_INFORMATION, 1681 .generic.in.file.handle = handle 1682 }; 1683 1684 torture_assert_ntstatus_ok_goto(tctx, 1685 smb2_getinfo_file(tree, mem_ctx, &qfinfo), 1686 ret, done, "failed to read after write"); 1687 1688 if (do_replay) { 1689 smb2cli_session_stop_replay(tree->session->smbXcli); 1690 } 1691 1692 torture_assert_ntstatus_equal_goto(tctx, 1693 status, tests[i].expected_status, 1694 ret, done, "got unexpected failure code"); 1695 1696 } 1697 done: 1698 if (phandle != NULL) { 1699 smb2_util_close(tree, *phandle); 1700 } 1701 1702 smb2_util_unlink(tree, fname); 1703 1704 return ret; 1705 } 1706 1707 static bool test_channel_sequence(struct torture_context *tctx, 1708 struct smb2_tree *tree) 1709 { 1710 TALLOC_CTX *mem_ctx = talloc_new(tctx); 1711 bool ret = true; 1712 const char *fname = BASEDIR "\\channel_sequence.dat"; 1713 struct smb2_transport *transport1 = tree->session->transport; 1714 struct smb2_handle handle; 1715 uint32_t server_capabilities; 1716 uint16_t opcodes[] = { SMB2_OP_WRITE, SMB2_OP_IOCTL, SMB2_OP_SETINFO }; 1717 int i; 1718 1719 if (smbXcli_conn_protocol(transport1->conn) < PROTOCOL_SMB3_00) { 1720 torture_skip(tctx, "SMB 3.X Dialect family required for " 1721 "Replay tests\n"); 1722 } 1723 1724 server_capabilities = smb2cli_conn_server_capabilities( 1725 tree->session->transport->conn); 1726 if (!(server_capabilities & SMB2_CAP_MULTI_CHANNEL)) { 1727 torture_skip(tctx, 1728 "Server does not support multi-channel."); 1729 } 1730 1731 torture_comment(tctx, "Testing channel sequence numbers\n"); 1732 1733 torture_assert_ntstatus_ok_goto(tctx, 1734 torture_smb2_testdir(tree, BASEDIR, &handle), 1735 ret, done, "failed to setup test directory"); 1736 1737 smb2_util_close(tree, handle); 1738 smb2_util_unlink(tree, fname); 1739 1740 for (i=0; i <ARRAY_SIZE(opcodes); i++) { 1741 torture_assert(tctx, 1742 test_channel_sequence_table(tctx, tree, false, opcodes[i]), 1743 "failed to test CSN without replay flag"); 1744 torture_assert(tctx, 1745 test_channel_sequence_table(tctx, tree, true, opcodes[i]), 1746 "failed to test CSN with replay flag"); 1747 } 1748 1749 done: 1750 1751 smb2_util_unlink(tree, fname); 1752 smb2_deltree(tree, BASEDIR); 1753 1754 talloc_free(tree); 1755 talloc_free(mem_ctx); 1756 1757 return ret; 1758 } 1759 1431 1760 /** 1432 1761 * Test Durablity V2 Create Replay Detection on Multi Channel … … 1957 2286 } 1958 2287 2288 2289 /** 2290 * Test Error Codes when a DurableHandleReqV2 with matching CreateGuid is 2291 * re-sent with or without SMB2_FLAGS_REPLAY_OPERATION 2292 */ 2293 static bool test_replay6(struct torture_context *tctx, struct smb2_tree *tree) 2294 { 2295 NTSTATUS status; 2296 TALLOC_CTX *mem_ctx = talloc_new(tctx); 2297 struct smb2_handle _h; 2298 struct smb2_handle *h = NULL; 2299 struct smb2_create io, ref1; 2300 union smb_fileinfo qfinfo; 2301 struct GUID create_guid = GUID_random(); 2302 bool ret = true; 2303 const char *fname = BASEDIR "\\replay6.dat"; 2304 struct smb2_transport *transport = tree->session->transport; 2305 2306 if (smbXcli_conn_protocol(transport->conn) < PROTOCOL_SMB3_00) { 2307 torture_skip(tctx, "SMB 3.X Dialect family required for " 2308 "replay tests\n"); 2309 } 2310 2311 torture_reset_break_info(tctx, &break_info); 2312 tree->session->transport->oplock.handler = torture_oplock_ack_handler; 2313 tree->session->transport->oplock.private_data = tree; 2314 2315 torture_comment(tctx, "Error Codes for DurableHandleReqV2 Replay\n"); 2316 smb2_util_unlink(tree, fname); 2317 status = torture_smb2_testdir(tree, BASEDIR, &_h); 2318 CHECK_STATUS(status, NT_STATUS_OK); 2319 smb2_util_close(tree, _h); 2320 torture_wait_for_oplock_break(tctx); 2321 CHECK_VAL(break_info.count, 0); 2322 torture_reset_break_info(tctx, &break_info); 2323 2324 smb2_oplock_create_share(&io, fname, 2325 smb2_util_share_access("RWD"), 2326 smb2_util_oplock_level("b")); 2327 io.in.durable_open = false; 2328 io.in.durable_open_v2 = true; 2329 io.in.persistent_open = false; 2330 io.in.create_guid = create_guid; 2331 io.in.timeout = UINT32_MAX; 2332 2333 status = smb2_create(tree, mem_ctx, &io); 2334 CHECK_STATUS(status, NT_STATUS_OK); 2335 ref1 = io; 2336 _h = io.out.file.handle; 2337 h = &_h; 2338 CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE); 2339 CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b")); 2340 CHECK_VAL(io.out.durable_open, false); 2341 CHECK_VAL(io.out.durable_open_v2, true); 2342 2343 io.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY; 2344 io.in.create_disposition = NTCREATEX_DISP_OPEN; 2345 smb2cli_session_start_replay(tree->session->smbXcli); 2346 status = smb2_create(tree, mem_ctx, &io); 2347 smb2cli_session_stop_replay(tree->session->smbXcli); 2348 CHECK_STATUS(status, NT_STATUS_OK); 2349 CHECK_CREATE_OUT(&io, &ref1); 2350 torture_wait_for_oplock_break(tctx); 2351 CHECK_VAL(break_info.count, 0); 2352 torture_reset_break_info(tctx, &break_info); 2353 2354 qfinfo = (union smb_fileinfo) { 2355 .generic.level = RAW_SFILEINFO_POSITION_INFORMATION, 2356 .generic.in.file.handle = *h 2357 }; 2358 torture_comment(tctx, "Trying getinfo\n"); 2359 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo); 2360 CHECK_STATUS(status, NT_STATUS_OK); 2361 CHECK_VAL(qfinfo.position_information.out.position, 0); 2362 2363 smb2cli_session_start_replay(tree->session->smbXcli); 2364 status = smb2_create(tree, mem_ctx, &io); 2365 smb2cli_session_stop_replay(tree->session->smbXcli); 2366 CHECK_STATUS(status, NT_STATUS_OK); 2367 torture_assert_u64_not_equal_goto(tctx, 2368 io.out.file.handle.data[0], 2369 ref1.out.file.handle.data[0], 2370 ret, done, "data 0"); 2371 torture_assert_u64_not_equal_goto(tctx, 2372 io.out.file.handle.data[1], 2373 ref1.out.file.handle.data[1], 2374 ret, done, "data 1"); 2375 torture_wait_for_oplock_break(tctx); 2376 CHECK_VAL(break_info.count, 1); 2377 CHECK_VAL(break_info.level, smb2_util_oplock_level("s")); 2378 torture_reset_break_info(tctx, &break_info); 2379 2380 /* 2381 * Resend the matching Durable V2 Create without 2382 * SMB2_FLAGS_REPLAY_OPERATION. This triggers an oplock break and still 2383 * gets NT_STATUS_DUPLICATE_OBJECTID 2384 */ 2385 status = smb2_create(tree, mem_ctx, &io); 2386 CHECK_STATUS(status, NT_STATUS_DUPLICATE_OBJECTID); 2387 torture_wait_for_oplock_break(tctx); 2388 CHECK_VAL(break_info.count, 0); 2389 torture_reset_break_info(tctx, &break_info); 2390 2391 /* 2392 * According to MS-SMB2 3.3.5.9.10 if Durable V2 Create is replayed and 2393 * FileAttributes or CreateDisposition do not match the earlier Create 2394 * request the Server fails request with 2395 * NT_STATUS_INVALID_PARAMETER. But through this test we see that server 2396 * does not really care about changed FileAttributes or 2397 * CreateDisposition. 2398 */ 2399 io.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY; 2400 io.in.create_disposition = NTCREATEX_DISP_OPEN; 2401 smb2cli_session_start_replay(tree->session->smbXcli); 2402 status = smb2_create(tree, mem_ctx, &io); 2403 smb2cli_session_stop_replay(tree->session->smbXcli); 2404 CHECK_STATUS(status, NT_STATUS_OK); 2405 torture_assert_u64_not_equal_goto(tctx, 2406 io.out.file.handle.data[0], 2407 ref1.out.file.handle.data[0], 2408 ret, done, "data 0"); 2409 torture_assert_u64_not_equal_goto(tctx, 2410 io.out.file.handle.data[1], 2411 ref1.out.file.handle.data[1], 2412 ret, done, "data 1"); 2413 torture_wait_for_oplock_break(tctx); 2414 CHECK_VAL(break_info.count, 0); 2415 2416 done: 2417 if (h != NULL) { 2418 smb2_util_close(tree, *h); 2419 } 2420 2421 smb2_util_unlink(tree, fname); 2422 smb2_deltree(tree, BASEDIR); 2423 2424 talloc_free(tree); 2425 talloc_free(mem_ctx); 2426 2427 return ret; 2428 } 2429 1959 2430 struct torture_suite *torture_smb2_replay_init(void) 1960 2431 { … … 1972 2443 torture_suite_add_1smb2_test(suite, "replay-dhv2-lease3", test_replay_dhv2_lease3); 1973 2444 torture_suite_add_1smb2_test(suite, "replay-dhv2-lease-oplock", test_replay_dhv2_lease_oplock); 2445 torture_suite_add_1smb2_test(suite, "channel-sequence", test_channel_sequence); 1974 2446 torture_suite_add_1smb2_test(suite, "replay3", test_replay3); 1975 2447 torture_suite_add_1smb2_test(suite, "replay4", test_replay4); 1976 2448 torture_suite_add_1smb2_test(suite, "replay5", test_replay5); 2449 torture_suite_add_1smb2_test(suite, "replay6", test_replay6); 1977 2450 1978 2451 suite->description = talloc_strdup(suite, "SMB2 REPLAY tests"); -
vendor/current/source4/torture/smb2/smb2.c
r988 r989 171 171 torture_suite_add_suite(suite, torture_smb2_session_init()); 172 172 torture_suite_add_suite(suite, torture_smb2_replay_init()); 173 torture_suite_add_simple_test(suite, "dosmode", torture_smb2_dosmode); 173 174 174 175 torture_suite_add_suite(suite, torture_smb2_doc_init()); -
vendor/current/source4/torture/smb2/util.c
r988 r989 262 262 } 263 263 264 /* 265 get granted access of a file handle 266 */ 267 NTSTATUS torture_smb2_get_allinfo_access(struct smb2_tree *tree, 268 struct smb2_handle handle, 269 uint32_t *granted_access) 270 { 271 NTSTATUS status; 272 TALLOC_CTX *tmp_ctx = talloc_new(tree); 273 union smb_fileinfo io; 274 275 io.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION; 276 io.generic.in.file.handle = handle; 277 278 status = smb2_getinfo_file(tree, tmp_ctx, &io); 279 if (!NT_STATUS_IS_OK(status)) { 280 DEBUG(0, ("getinfo failed - %s\n", nt_errstr(status))); 281 goto out; 282 } 283 284 *granted_access = io.all_info2.out.access_mask; 285 286 out: 287 talloc_free(tmp_ctx); 288 return status; 289 } 290 264 291 /** 265 292 * open a smb2 tree connect … … 429 456 } 430 457 431 432 458 /* 433 459 create and return a handle to a test file 434 */ 435 NTSTATUS torture_smb2_testfile(struct smb2_tree *tree, const char *fname, 436 struct smb2_handle *handle) 460 with a specific access mask 461 */ 462 NTSTATUS torture_smb2_testfile_access(struct smb2_tree *tree, const char *fname, 463 struct smb2_handle *handle, 464 uint32_t desired_access) 437 465 { 438 466 struct smb2_create io; … … 441 469 ZERO_STRUCT(io); 442 470 io.in.oplock_level = 0; 443 io.in.desired_access = SEC_RIGHTS_FILE_ALL;471 io.in.desired_access = desired_access; 444 472 io.in.file_attributes = FILE_ATTRIBUTE_NORMAL; 445 473 io.in.create_disposition = NTCREATEX_DISP_OPEN_IF; … … 460 488 461 489 /* 490 create and return a handle to a test file 491 */ 492 NTSTATUS torture_smb2_testfile(struct smb2_tree *tree, const char *fname, 493 struct smb2_handle *handle) 494 { 495 return torture_smb2_testfile_access(tree, fname, handle, 496 SEC_RIGHTS_FILE_ALL); 497 } 498 499 /* 462 500 create and return a handle to a test directory 463 */ 464 NTSTATUS torture_smb2_testdir(struct smb2_tree *tree, const char *fname, 465 struct smb2_handle *handle) 501 with specific desired access 502 */ 503 NTSTATUS torture_smb2_testdir_access(struct smb2_tree *tree, const char *fname, 504 struct smb2_handle *handle, 505 uint32_t desired_access) 466 506 { 467 507 struct smb2_create io; … … 470 510 ZERO_STRUCT(io); 471 511 io.in.oplock_level = 0; 472 io.in.desired_access = SEC_RIGHTS_DIR_ALL;512 io.in.desired_access = desired_access; 473 513 io.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY; 474 514 io.in.create_disposition = NTCREATEX_DISP_OPEN_IF; … … 485 525 } 486 526 527 /* 528 create and return a handle to a test directory 529 */ 530 NTSTATUS torture_smb2_testdir(struct smb2_tree *tree, const char *fname, 531 struct smb2_handle *handle) 532 { 533 return torture_smb2_testdir_access(tree, fname, handle, 534 SEC_RIGHTS_DIR_ALL); 535 } 487 536 488 537 /* -
vendor/current/source4/torture/smb2/wscript_build
r988 r989 5 5 smb2.c durable_open.c durable_v2_open.c oplock.c dir.c lease.c create.c 6 6 acls.c read.c compound.c streams.c ioctl.c rename.c 7 session.c delete-on-close.c replay.c notify_disabled.c ''',7 session.c delete-on-close.c replay.c notify_disabled.c dosmode.c''', 8 8 subsystem='smbtorture', 9 9 deps='LIBCLI_SMB2 POPT_CREDENTIALS torture NDR_IOCTL', -
vendor/current/source4/torture/vfs/vfs.c
r988 r989 108 108 109 109 torture_suite_add_suite(suite, torture_vfs_fruit()); 110 torture_suite_add_suite(suite, torture_acl_xattr()); 110 111 111 112 torture_register_suite(suite); -
vendor/current/source4/torture/wscript_build
r988 r989 270 270 271 271 bld.SAMBA_MODULE('TORTURE_VFS', 272 source='vfs/vfs.c vfs/fruit.c ',272 source='vfs/vfs.c vfs/fruit.c vfs/acl_xattr.c', 273 273 subsystem='smbtorture', 274 274 deps='LIBCLI_SMB POPT_CREDENTIALS TORTURE_UTIL smbclient-raw TORTURE_RAW',
Note:
See TracChangeset
for help on using the changeset viewer.
