/* sync version of smb_composite_sesssetup */ NTSTATUS smb_composite_sesssetup(struct smbcli_session *session, struct smb_composite_sesssetup *io) { struct composite_context *c = smb_composite_sesssetup_send(session, io); return smb_composite_sesssetup_recv(c); }
/* test session ops */ static BOOL test_session(struct smbcli_state *cli, TALLOC_CTX *mem_ctx) { NTSTATUS status; BOOL ret = True; struct smbcli_session *session; struct smbcli_session *session2; struct smbcli_session *session3; struct smbcli_session *session4; struct cli_credentials *anon_creds; struct smbcli_session *sessions[15]; struct composite_context *composite_contexts[15]; struct smbcli_tree *tree; struct smb_composite_sesssetup setup; struct smb_composite_sesssetup setups[15]; union smb_open io; union smb_write wr; union smb_close cl; int fnum; const char *fname = BASEDIR "\\test.txt"; uint8_t c = 1; int i; printf("TESTING SESSION HANDLING\n"); if (!torture_setup_dir(cli, BASEDIR)) { return False; } printf("create a second security context on the same transport\n"); session = smbcli_session_init(cli->transport, mem_ctx, False); setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */ setup.in.workgroup = lp_workgroup(); setup.in.credentials = cmdline_credentials; status = smb_composite_sesssetup(session, &setup); CHECK_STATUS(status, NT_STATUS_OK); session->vuid = setup.out.vuid; printf("create a third security context on the same transport, with vuid set\n"); session2 = smbcli_session_init(cli->transport, mem_ctx, False); session2->vuid = session->vuid; setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */ setup.in.workgroup = lp_workgroup(); setup.in.credentials = cmdline_credentials; status = smb_composite_sesssetup(session2, &setup); CHECK_STATUS(status, NT_STATUS_OK); session2->vuid = setup.out.vuid; printf("vuid1=%d vuid2=%d vuid3=%d\n", cli->session->vuid, session->vuid, session2->vuid); if (cli->transport->negotiate.capabilities & CAP_EXTENDED_SECURITY) { /* Samba4 currently fails this - we need to determine if this insane behaviour is important */ if (session2->vuid == session->vuid) { printf("server allows the user to re-use an existing vuid in session setup \n"); } } else { CHECK_NOT_VALUE(session2->vuid, session->vuid); } talloc_free(session2); if (cli->transport->negotiate.capabilities & CAP_EXTENDED_SECURITY) { printf("create a fourth security context on the same transport, without extended security\n"); session3 = smbcli_session_init(cli->transport, mem_ctx, False); session3->vuid = session->vuid; setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities &= ~CAP_EXTENDED_SECURITY; /* force a non extended security login (should fail) */ setup.in.workgroup = lp_workgroup(); setup.in.credentials = cmdline_credentials; status = smb_composite_sesssetup(session3, &setup); CHECK_STATUS(status, NT_STATUS_LOGON_FAILURE); printf("create a fouth anonymous security context on the same transport, without extended security\n"); session4 = smbcli_session_init(cli->transport, mem_ctx, False); session4->vuid = session->vuid; setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities &= ~CAP_EXTENDED_SECURITY; /* force a non extended security login (should fail) */ setup.in.workgroup = lp_workgroup(); anon_creds = cli_credentials_init(mem_ctx); cli_credentials_set_conf(anon_creds); cli_credentials_set_anonymous(anon_creds); setup.in.credentials = anon_creds; status = smb_composite_sesssetup(session3, &setup); CHECK_STATUS(status, NT_STATUS_OK); talloc_free(session4); } printf("use the same tree as the existing connection\n"); tree = smbcli_tree_init(session, mem_ctx, False); tree->tid = cli->tree->tid; printf("create a file using the new vuid\n"); io.generic.level = RAW_OPEN_NTCREATEX; io.ntcreatex.in.root_fid = 0; io.ntcreatex.in.flags = 0; io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; io.ntcreatex.in.create_options = 0; io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL; io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE; io.ntcreatex.in.alloc_size = 0; io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE; io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS; io.ntcreatex.in.security_flags = 0; io.ntcreatex.in.fname = fname; status = smb_raw_open(tree, mem_ctx, &io); CHECK_STATUS(status, NT_STATUS_OK); fnum = io.ntcreatex.out.file.fnum; printf("write using the old vuid\n"); wr.generic.level = RAW_WRITE_WRITEX; wr.writex.in.file.fnum = fnum; wr.writex.in.offset = 0; wr.writex.in.wmode = 0; wr.writex.in.remaining = 0; wr.writex.in.count = 1; wr.writex.in.data = &c; status = smb_raw_write(cli->tree, &wr); CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE); printf("write with the new vuid\n"); status = smb_raw_write(tree, &wr); CHECK_STATUS(status, NT_STATUS_OK); CHECK_VALUE(wr.writex.out.nwritten, 1); printf("logoff the new vuid\n"); status = smb_raw_ulogoff(session); CHECK_STATUS(status, NT_STATUS_OK); printf("the new vuid should not now be accessible\n"); status = smb_raw_write(tree, &wr); CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE); printf("second logoff for the new vuid should fail\n"); status = smb_raw_ulogoff(session); CHECK_STATUS(status, NT_STATUS_DOS(ERRSRV, ERRbaduid)); talloc_free(session); printf("the fnum should have been auto-closed\n"); cl.close.level = RAW_CLOSE_CLOSE; cl.close.in.file.fnum = fnum; cl.close.in.write_time = 0; status = smb_raw_close(cli->tree, &cl); CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE); printf("create %d secondary security contexts on the same transport\n", (int)ARRAY_SIZE(sessions)); for (i=0; i <ARRAY_SIZE(sessions); i++) { setups[i].in.sesskey = cli->transport->negotiate.sesskey; setups[i].in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */ setups[i].in.workgroup = lp_workgroup(); setups[i].in.credentials = cmdline_credentials; sessions[i] = smbcli_session_init(cli->transport, mem_ctx, False); composite_contexts[i] = smb_composite_sesssetup_send(sessions[i], &setups[i]); } /* flush the queue */ for (i=0; i < ARRAY_SIZE(sessions); i++) { event_loop_once(composite_contexts[0]->event_ctx); } printf("finishing %d secondary security contexts on the same transport\n", (int)ARRAY_SIZE(sessions)); for (i=0; i< ARRAY_SIZE(sessions); i++) { status = smb_composite_sesssetup_recv(composite_contexts[i]); CHECK_STATUS(status, NT_STATUS_OK); sessions[i]->vuid = setups[i].out.vuid; printf("VUID: %d\n", sessions[i]->vuid); status = smb_raw_ulogoff(sessions[i]); CHECK_STATUS(status, NT_STATUS_OK); } talloc_free(tree); done: return ret; }