NTSTATUS do_lock_cancel(files_struct *fsp, uint32 lock_pid, SMB_BIG_UINT count, SMB_BIG_UINT offset, enum brl_flavour lock_flav) { BOOL ok = False; struct byte_range_lock *br_lck = NULL; if (!fsp->can_lock) { return fsp->is_directory ? NT_STATUS_INVALID_DEVICE_REQUEST : NT_STATUS_INVALID_HANDLE; } if (!lp_locking(fsp->conn->params)) { return NT_STATUS_DOS(ERRDOS, ERRcancelviolation); } DEBUG(10,("do_lock_cancel: cancel start=%.0f len=%.0f requested for fnum %d file %s\n", (double)offset, (double)count, fsp->fnum, fsp->fsp_name )); br_lck = brl_get_locks(NULL, fsp); if (!br_lck) { return NT_STATUS_NO_MEMORY; } ok = brl_lock_cancel(br_lck, lock_pid, procid_self(), offset, count, lock_flav); TALLOC_FREE(br_lck); if (!ok) { DEBUG(10,("do_lock_cancel: returning ERRcancelviolation.\n" )); return NT_STATUS_DOS(ERRDOS, ERRcancelviolation); } if (lock_flav == WINDOWS_LOCK && fsp->current_lock_count != NO_LOCKING_COUNT) { SMB_ASSERT(fsp->current_lock_count > 0); fsp->current_lock_count--; } return NT_STATUS_OK; }
NTSTATUS do_lock_cancel(files_struct *fsp, uint64 smblctx, uint64_t count, uint64_t offset, enum brl_flavour lock_flav, struct blocking_lock_record *blr) { bool ok = False; struct byte_range_lock *br_lck = NULL; if (!fsp->can_lock) { return fsp->is_directory ? NT_STATUS_INVALID_DEVICE_REQUEST : NT_STATUS_INVALID_HANDLE; } if (!lp_locking(fsp->conn->params)) { return NT_STATUS_DOS(ERRDOS, ERRcancelviolation); } DEBUG(10,("do_lock_cancel: cancel start=%.0f len=%.0f requested for %s file %s\n", (double)offset, (double)count, fsp_fnum_dbg(fsp), fsp_str_dbg(fsp))); br_lck = brl_get_locks(talloc_tos(), fsp); if (!br_lck) { return NT_STATUS_NO_MEMORY; } ok = brl_lock_cancel(br_lck, smblctx, messaging_server_id(fsp->conn->sconn->msg_ctx), offset, count, lock_flav, blr); TALLOC_FREE(br_lck); if (!ok) { DEBUG(10,("do_lock_cancel: returning ERRcancelviolation.\n" )); return NT_STATUS_DOS(ERRDOS, ERRcancelviolation); } decrement_current_lock_count(fsp, lock_flav); return NT_STATUS_OK; }
/* recursively descend a tree deleting all files returns the number of files deleted, or -1 on error */ int smbcli_deltree(struct smbcli_tree *tree, const char *dname) { char *mask; struct delete_state dstate; NTSTATUS status; dstate.tree = tree; dstate.total_deleted = 0; dstate.failed = false; /* it might be a file */ status = smbcli_unlink(tree, dname); if (NT_STATUS_IS_OK(smbcli_unlink(tree, dname))) { return 1; } if (NT_STATUS_EQUAL(smbcli_nt_error(tree), NT_STATUS_OBJECT_NAME_NOT_FOUND) || NT_STATUS_EQUAL(smbcli_nt_error(tree), NT_STATUS_OBJECT_PATH_NOT_FOUND) || NT_STATUS_EQUAL(smbcli_nt_error(tree), NT_STATUS_NO_SUCH_FILE) || NT_STATUS_EQUAL(smbcli_nt_error(tree), NT_STATUS_DOS(ERRDOS, ERRbadfile))) { return 0; } if (NT_STATUS_EQUAL(status, NT_STATUS_CANNOT_DELETE)) { /* it could be read-only */ status = smbcli_setatr(tree, dname, FILE_ATTRIBUTE_NORMAL, 0); if (NT_STATUS_IS_OK(smbcli_unlink(tree, dname))) { return 1; } } asprintf(&mask, "%s\\*", dname); smbcli_unlink(dstate.tree, mask); smbcli_list(dstate.tree, mask, FILE_ATTRIBUTE_DIRECTORY|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM, delete_fn, &dstate); free(mask); status = smbcli_rmdir(dstate.tree, dname); if (NT_STATUS_EQUAL(status, NT_STATUS_CANNOT_DELETE)) { /* it could be read-only */ status = smbcli_setatr(dstate.tree, dname, FILE_ATTRIBUTE_NORMAL, 0); status = smbcli_rmdir(dstate.tree, dname); } if (NT_STATUS_IS_ERR(status)) { DEBUG(2,("Failed to delete %s - %s\n", dname, smbcli_errstr(dstate.tree))); return -1; } dstate.total_deleted++; if (dstate.failed) { return -1; } return dstate.total_deleted; }
bool torture_samba3_badpath(struct torture_context *torture) { struct smbcli_state *cli_nt = NULL; struct smbcli_state *cli_dos = NULL; const char *fname = "test.txt"; const char *fname1 = "test1.txt"; const char *dirname = "testdir"; char *fpath; char *fpath1; int fnum; NTSTATUS status; bool ret = true; TALLOC_CTX *mem_ctx; bool nt_status_support; torture_assert(torture, mem_ctx = talloc_init("torture_samba3_badpath"), "talloc_init failed"); nt_status_support = lpcfg_nt_status_support(torture->lp_ctx); torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "nt status support", "yes"), ret, fail, "Could not set 'nt status support = yes'\n"); torture_assert_goto(torture, torture_open_connection(&cli_nt, torture, 0), ret, fail, "Could not open NTSTATUS connection\n"); torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "nt status support", "no"), ret, fail, "Could not set 'nt status support = no'\n"); torture_assert_goto(torture, torture_open_connection(&cli_dos, torture, 1), ret, fail, "Could not open DOS connection\n"); torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "nt status support", nt_status_support ? "yes":"no"), ret, fail, "Could not set 'nt status support' back to where it was\n"); torture_assert(torture, torture_setup_dir(cli_nt, dirname), "creating test directory"); status = smbcli_chkpath(cli_nt->tree, dirname); CHECK_STATUS(torture, status, NT_STATUS_OK); status = smbcli_chkpath(cli_nt->tree, talloc_asprintf(mem_ctx, "%s\\bla", dirname)); CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND); status = smbcli_chkpath(cli_dos->tree, talloc_asprintf(mem_ctx, "%s\\bla", dirname)); CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRbadpath)); status = smbcli_chkpath(cli_nt->tree, talloc_asprintf(mem_ctx, "%s\\bla\\blub", dirname)); CHECK_STATUS(torture, status, NT_STATUS_OBJECT_PATH_NOT_FOUND); status = smbcli_chkpath(cli_dos->tree, talloc_asprintf(mem_ctx, "%s\\bla\\blub", dirname)); CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRbadpath)); torture_assert_goto(torture, fpath = talloc_asprintf(mem_ctx, "%s\\%s", dirname, fname), ret, fail, "Could not allocate fpath\n"); fnum = smbcli_open(cli_nt->tree, fpath, O_RDWR | O_CREAT, DENY_NONE); if (fnum == -1) { torture_result(torture, TORTURE_FAIL, "Could not create file %s: %s\n", fpath, smbcli_errstr(cli_nt->tree)); goto fail; } smbcli_close(cli_nt->tree, fnum); if (!(fpath1 = talloc_asprintf(mem_ctx, "%s\\%s", dirname, fname1))) { goto fail; } fnum = smbcli_open(cli_nt->tree, fpath1, O_RDWR | O_CREAT, DENY_NONE); if (fnum == -1) { torture_result(torture, TORTURE_FAIL, "Could not create file %s: %s\n", fpath1, smbcli_errstr(cli_nt->tree)); goto fail; } smbcli_close(cli_nt->tree, fnum); /* * Do a whole bunch of error code checks on chkpath */ status = smbcli_chkpath(cli_nt->tree, fpath); CHECK_STATUS(torture, status, NT_STATUS_NOT_A_DIRECTORY); status = smbcli_chkpath(cli_dos->tree, fpath); CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRbadpath)); status = smbcli_chkpath(cli_nt->tree, ".."); CHECK_STATUS(torture, status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD); status = smbcli_chkpath(cli_dos->tree, ".."); CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidpath)); status = smbcli_chkpath(cli_nt->tree, "."); CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID); status = smbcli_chkpath(cli_dos->tree, "."); CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRbadpath)); status = smbcli_chkpath(cli_nt->tree, "\t"); CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID); status = smbcli_chkpath(cli_dos->tree, "\t"); CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRbadpath)); status = smbcli_chkpath(cli_nt->tree, "\t\\bla"); CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID); status = smbcli_chkpath(cli_dos->tree, "\t\\bla"); CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRbadpath)); status = smbcli_chkpath(cli_nt->tree, "<"); CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID); status = smbcli_chkpath(cli_dos->tree, "<"); CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRbadpath)); status = smbcli_chkpath(cli_nt->tree, "<\\bla"); CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID); status = smbcli_chkpath(cli_dos->tree, "<\\bla"); CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRbadpath)); /* * .... And the same gang against getatr. Note that the DOS error codes * differ.... */ status = smbcli_getatr(cli_nt->tree, fpath, NULL, NULL, NULL); CHECK_STATUS(torture, status, NT_STATUS_OK); status = smbcli_getatr(cli_dos->tree, fpath, NULL, NULL, NULL); CHECK_STATUS(torture, status, NT_STATUS_OK); status = smbcli_getatr(cli_nt->tree, "..", NULL, NULL, NULL); CHECK_STATUS(torture, status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD); status = smbcli_getatr(cli_dos->tree, "..", NULL, NULL, NULL); CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidpath)); status = smbcli_getatr(cli_nt->tree, ".", NULL, NULL, NULL); CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID); status = smbcli_getatr(cli_dos->tree, ".", NULL, NULL, NULL); CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname)); status = smbcli_getatr(cli_nt->tree, "\t", NULL, NULL, NULL); CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID); status = smbcli_getatr(cli_dos->tree, "\t", NULL, NULL, NULL); CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname)); status = smbcli_getatr(cli_nt->tree, "\t\\bla", NULL, NULL, NULL); CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID); status = smbcli_getatr(cli_dos->tree, "\t\\bla", NULL, NULL, NULL); CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname)); status = smbcli_getatr(cli_nt->tree, "<", NULL, NULL, NULL); CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID); status = smbcli_getatr(cli_dos->tree, "<", NULL, NULL, NULL); CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname)); status = smbcli_getatr(cli_nt->tree, "<\\bla", NULL, NULL, NULL); CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID); status = smbcli_getatr(cli_dos->tree, "<\\bla", NULL, NULL, NULL); CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname)); /* Try the same set with openX. */ status = raw_smbcli_open(cli_nt->tree, "..", O_RDONLY, DENY_NONE, NULL); CHECK_STATUS(torture, status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD); status = raw_smbcli_open(cli_dos->tree, "..", O_RDONLY, DENY_NONE, NULL); CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidpath)); status = raw_smbcli_open(cli_nt->tree, ".", O_RDONLY, DENY_NONE, NULL); CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID); status = raw_smbcli_open(cli_dos->tree, ".", O_RDONLY, DENY_NONE, NULL); CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname)); status = raw_smbcli_open(cli_nt->tree, "\t", O_RDONLY, DENY_NONE, NULL); CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID); status = raw_smbcli_open(cli_dos->tree, "\t", O_RDONLY, DENY_NONE, NULL); CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname)); status = raw_smbcli_open(cli_nt->tree, "\t\\bla", O_RDONLY, DENY_NONE, NULL); CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID); status = raw_smbcli_open(cli_dos->tree, "\t\\bla", O_RDONLY, DENY_NONE, NULL); CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname)); status = raw_smbcli_open(cli_nt->tree, "<", O_RDONLY, DENY_NONE, NULL); CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID); status = raw_smbcli_open(cli_dos->tree, "<", O_RDONLY, DENY_NONE, NULL); CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname)); status = raw_smbcli_open(cli_nt->tree, "<\\bla", O_RDONLY, DENY_NONE, NULL); CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID); status = raw_smbcli_open(cli_dos->tree, "<\\bla", O_RDONLY, DENY_NONE, NULL); CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname)); /* Let's test EEXIST error code mapping. */ status = raw_smbcli_open(cli_nt->tree, fpath, O_RDONLY | O_CREAT| O_EXCL, DENY_NONE, NULL); CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_COLLISION); status = raw_smbcli_open(cli_dos->tree, fpath, O_RDONLY | O_CREAT| O_EXCL, DENY_NONE, NULL); CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS,ERRfilexists)); status = raw_smbcli_t2open(cli_nt->tree, fpath, O_RDONLY | O_CREAT| O_EXCL, DENY_NONE, NULL); if (!NT_STATUS_EQUAL(status, NT_STATUS_EAS_NOT_SUPPORTED) || !torture_setting_bool(torture, "samba3", false)) { /* Against samba3, treat EAS_NOT_SUPPORTED as acceptable */ CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_COLLISION); } status = raw_smbcli_t2open(cli_dos->tree, fpath, O_RDONLY | O_CREAT| O_EXCL, DENY_NONE, NULL); if (!NT_STATUS_EQUAL(status, NT_STATUS_DOS(ERRDOS,ERReasnotsupported)) || !torture_setting_bool(torture, "samba3", false)) { /* Against samba3, treat EAS_NOT_SUPPORTED as acceptable */ CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS,ERRfilexists)); } status = raw_smbcli_ntcreate(cli_nt->tree, fpath, NULL); CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_COLLISION); status = raw_smbcli_ntcreate(cli_dos->tree, fpath, NULL); CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS,ERRfilexists)); /* Try the rename test. */ { union smb_rename io; memset(&io, '\0', sizeof(io)); io.rename.in.pattern1 = fpath1; io.rename.in.pattern2 = fpath; /* Try with SMBmv rename. */ status = smb_raw_rename(cli_nt->tree, &io); CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_COLLISION); status = smb_raw_rename(cli_dos->tree, &io); CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS,ERRrename)); /* Try with NT rename. */ io.generic.level = RAW_RENAME_NTRENAME; io.ntrename.in.old_name = fpath1; io.ntrename.in.new_name = fpath; io.ntrename.in.attrib = 0; io.ntrename.in.cluster_size = 0; io.ntrename.in.flags = RENAME_FLAG_RENAME; status = smb_raw_rename(cli_nt->tree, &io); CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_COLLISION); status = smb_raw_rename(cli_dos->tree, &io); CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS,ERRrename)); } goto done; fail: ret = false; done: if (cli_nt != NULL) { smbcli_deltree(cli_nt->tree, dirname); torture_close_connection(cli_nt); } if (cli_dos != NULL) { torture_close_connection(cli_dos); } talloc_free(mem_ctx); return ret; }
/* we have a full request in our receive buffer - match it to a pending request and process */ static NTSTATUS smbcli_transport_finish_recv(void *private_data, DATA_BLOB blob) { struct smbcli_transport *transport = talloc_get_type(private_data, struct smbcli_transport); uint8_t *buffer, *hdr, *vwv; int len; uint16_t wct=0, mid = 0, op = 0; struct smbcli_request *req = NULL; buffer = blob.data; len = blob.length; hdr = buffer+NBT_HDR_SIZE; vwv = hdr + HDR_VWV; /* see if it could be an oplock break request */ if (smbcli_handle_oplock_break(transport, len, hdr, vwv)) { talloc_free(buffer); return NT_STATUS_OK; } /* at this point we need to check for a readbraw reply, as these can be any length */ if (transport->readbraw_pending) { transport->readbraw_pending = 0; /* it must match the first entry in the pending queue as the client is not allowed to have outstanding readbraw requests */ req = transport->pending_recv; if (!req) goto error; req->in.buffer = buffer; talloc_steal(req, buffer); req->in.size = len; req->in.allocated = req->in.size; goto async; } if (len >= MIN_SMB_SIZE) { /* extract the mid for matching to pending requests */ mid = SVAL(hdr, HDR_MID); wct = CVAL(hdr, HDR_WCT); op = CVAL(hdr, HDR_COM); } /* match the incoming request against the list of pending requests */ for (req=transport->pending_recv; req; req=req->next) { if (req->mid == mid) break; } /* see if it's a ntcancel reply for the current MID */ req = smbcli_handle_ntcancel_reply(req, len, hdr); if (!req) { DEBUG(1,("Discarding unmatched reply with mid %d op %d\n", mid, op)); goto error; } /* fill in the 'in' portion of the matching request */ req->in.buffer = buffer; talloc_steal(req, buffer); req->in.size = len; req->in.allocated = req->in.size; /* handle NBT session replies */ if (req->in.size >= 4 && req->in.buffer[0] != 0) { req->status = NT_STATUS_OK; goto async; } /* handle non-SMB replies */ if (req->in.size < NBT_HDR_SIZE + MIN_SMB_SIZE) { req->state = SMBCLI_REQUEST_ERROR; goto error; } if (req->in.size < NBT_HDR_SIZE + MIN_SMB_SIZE + VWV(wct)) { DEBUG(2,("bad reply size for mid %d\n", mid)); req->status = NT_STATUS_UNSUCCESSFUL; req->state = SMBCLI_REQUEST_ERROR; goto error; } req->in.hdr = hdr; req->in.vwv = vwv; req->in.wct = wct; if (req->in.size >= NBT_HDR_SIZE + MIN_SMB_SIZE + VWV(wct)) { req->in.data = req->in.vwv + VWV(wct) + 2; req->in.data_size = SVAL(req->in.vwv, VWV(wct)); if (req->in.size < NBT_HDR_SIZE + MIN_SMB_SIZE + VWV(wct) + req->in.data_size) { DEBUG(3,("bad data size for mid %d\n", mid)); /* blergh - w2k3 gives a bogus data size values in some openX replies */ req->in.data_size = req->in.size - (NBT_HDR_SIZE + MIN_SMB_SIZE + VWV(wct)); } } req->in.ptr = req->in.data; req->flags2 = SVAL(req->in.hdr, HDR_FLG2); smb_setup_bufinfo(req); if (!(req->flags2 & FLAGS2_32_BIT_ERROR_CODES)) { int eclass = CVAL(req->in.hdr,HDR_RCLS); int code = SVAL(req->in.hdr,HDR_ERR); if (eclass == 0 && code == 0) { transport->error.e.nt_status = NT_STATUS_OK; } else { transport->error.e.nt_status = NT_STATUS_DOS(eclass, code); } } else { transport->error.e.nt_status = NT_STATUS(IVAL(req->in.hdr, HDR_RCLS)); } req->status = transport->error.e.nt_status; if (NT_STATUS_IS_OK(req->status)) { transport->error.etype = ETYPE_NONE; } else { transport->error.etype = ETYPE_SMB; } if (!smbcli_request_check_sign_mac(req)) { transport->error.etype = ETYPE_SOCKET; transport->error.e.socket_error = SOCKET_READ_BAD_SIG; req->state = SMBCLI_REQUEST_ERROR; req->status = NT_STATUS_ACCESS_DENIED; goto error; }; async: /* if this request has an async handler then call that to notify that the reply has been received. This might destroy the request so it must happen last */ req->state = SMBCLI_REQUEST_DONE; if (req->recv_helper.fn) { /* * let the recv helper decide in * what state the request really is */ req->state = req->recv_helper.fn(req); /* if more parts are needed, wait for them */ if (req->state <= SMBCLI_REQUEST_RECV) { return NT_STATUS_OK; } } DLIST_REMOVE(transport->pending_recv, req); if (req->async.fn) { req->async.fn(req); } return NT_STATUS_OK; error: if (req) { DLIST_REMOVE(transport->pending_recv, req); req->state = SMBCLI_REQUEST_ERROR; if (req->async.fn) { req->async.fn(req); } } else { talloc_free(buffer); } return NT_STATUS_OK; }
/* test session ops */ static BOOL test_session(struct smbcli_state *cli, TALLOC_CTX *mem_ctx) { NTSTATUS status; BOOL ret = True; struct smbcli_session *session; struct smbcli_session *session2; struct smbcli_session *session3; struct smbcli_session *session4; struct cli_credentials *anon_creds; struct smbcli_session *sessions[15]; struct composite_context *composite_contexts[15]; struct smbcli_tree *tree; struct smb_composite_sesssetup setup; struct smb_composite_sesssetup setups[15]; union smb_open io; union smb_write wr; union smb_close cl; int fnum; const char *fname = BASEDIR "\\test.txt"; uint8_t c = 1; int i; printf("TESTING SESSION HANDLING\n"); if (!torture_setup_dir(cli, BASEDIR)) { return False; } printf("create a second security context on the same transport\n"); session = smbcli_session_init(cli->transport, mem_ctx, False); setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */ setup.in.workgroup = lp_workgroup(); setup.in.credentials = cmdline_credentials; status = smb_composite_sesssetup(session, &setup); CHECK_STATUS(status, NT_STATUS_OK); session->vuid = setup.out.vuid; printf("create a third security context on the same transport, with vuid set\n"); session2 = smbcli_session_init(cli->transport, mem_ctx, False); session2->vuid = session->vuid; setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */ setup.in.workgroup = lp_workgroup(); setup.in.credentials = cmdline_credentials; status = smb_composite_sesssetup(session2, &setup); CHECK_STATUS(status, NT_STATUS_OK); session2->vuid = setup.out.vuid; printf("vuid1=%d vuid2=%d vuid3=%d\n", cli->session->vuid, session->vuid, session2->vuid); if (cli->transport->negotiate.capabilities & CAP_EXTENDED_SECURITY) { /* Samba4 currently fails this - we need to determine if this insane behaviour is important */ if (session2->vuid == session->vuid) { printf("server allows the user to re-use an existing vuid in session setup \n"); } } else { CHECK_NOT_VALUE(session2->vuid, session->vuid); } talloc_free(session2); if (cli->transport->negotiate.capabilities & CAP_EXTENDED_SECURITY) { printf("create a fourth security context on the same transport, without extended security\n"); session3 = smbcli_session_init(cli->transport, mem_ctx, False); session3->vuid = session->vuid; setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities &= ~CAP_EXTENDED_SECURITY; /* force a non extended security login (should fail) */ setup.in.workgroup = lp_workgroup(); setup.in.credentials = cmdline_credentials; status = smb_composite_sesssetup(session3, &setup); CHECK_STATUS(status, NT_STATUS_LOGON_FAILURE); printf("create a fouth anonymous security context on the same transport, without extended security\n"); session4 = smbcli_session_init(cli->transport, mem_ctx, False); session4->vuid = session->vuid; setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities &= ~CAP_EXTENDED_SECURITY; /* force a non extended security login (should fail) */ setup.in.workgroup = lp_workgroup(); anon_creds = cli_credentials_init(mem_ctx); cli_credentials_set_conf(anon_creds); cli_credentials_set_anonymous(anon_creds); setup.in.credentials = anon_creds; status = smb_composite_sesssetup(session3, &setup); CHECK_STATUS(status, NT_STATUS_OK); talloc_free(session4); } printf("use the same tree as the existing connection\n"); tree = smbcli_tree_init(session, mem_ctx, False); tree->tid = cli->tree->tid; printf("create a file using the new vuid\n"); io.generic.level = RAW_OPEN_NTCREATEX; io.ntcreatex.in.root_fid = 0; io.ntcreatex.in.flags = 0; io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; io.ntcreatex.in.create_options = 0; io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL; io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE; io.ntcreatex.in.alloc_size = 0; io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE; io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS; io.ntcreatex.in.security_flags = 0; io.ntcreatex.in.fname = fname; status = smb_raw_open(tree, mem_ctx, &io); CHECK_STATUS(status, NT_STATUS_OK); fnum = io.ntcreatex.out.file.fnum; printf("write using the old vuid\n"); wr.generic.level = RAW_WRITE_WRITEX; wr.writex.in.file.fnum = fnum; wr.writex.in.offset = 0; wr.writex.in.wmode = 0; wr.writex.in.remaining = 0; wr.writex.in.count = 1; wr.writex.in.data = &c; status = smb_raw_write(cli->tree, &wr); CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE); printf("write with the new vuid\n"); status = smb_raw_write(tree, &wr); CHECK_STATUS(status, NT_STATUS_OK); CHECK_VALUE(wr.writex.out.nwritten, 1); printf("logoff the new vuid\n"); status = smb_raw_ulogoff(session); CHECK_STATUS(status, NT_STATUS_OK); printf("the new vuid should not now be accessible\n"); status = smb_raw_write(tree, &wr); CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE); printf("second logoff for the new vuid should fail\n"); status = smb_raw_ulogoff(session); CHECK_STATUS(status, NT_STATUS_DOS(ERRSRV, ERRbaduid)); talloc_free(session); printf("the fnum should have been auto-closed\n"); cl.close.level = RAW_CLOSE_CLOSE; cl.close.in.file.fnum = fnum; cl.close.in.write_time = 0; status = smb_raw_close(cli->tree, &cl); CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE); printf("create %d secondary security contexts on the same transport\n", (int)ARRAY_SIZE(sessions)); for (i=0; i <ARRAY_SIZE(sessions); i++) { setups[i].in.sesskey = cli->transport->negotiate.sesskey; setups[i].in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */ setups[i].in.workgroup = lp_workgroup(); setups[i].in.credentials = cmdline_credentials; sessions[i] = smbcli_session_init(cli->transport, mem_ctx, False); composite_contexts[i] = smb_composite_sesssetup_send(sessions[i], &setups[i]); } /* flush the queue */ for (i=0; i < ARRAY_SIZE(sessions); i++) { event_loop_once(composite_contexts[0]->event_ctx); } printf("finishing %d secondary security contexts on the same transport\n", (int)ARRAY_SIZE(sessions)); for (i=0; i< ARRAY_SIZE(sessions); i++) { status = smb_composite_sesssetup_recv(composite_contexts[i]); CHECK_STATUS(status, NT_STATUS_OK); sessions[i]->vuid = setups[i].out.vuid; printf("VUID: %d\n", sessions[i]->vuid); status = smb_raw_ulogoff(sessions[i]); CHECK_STATUS(status, NT_STATUS_OK); } talloc_free(tree); done: return ret; }
/* test tree with ulogoff this demonstrates that a tcon isn't autoclosed by a ulogoff the tcon can be reused using any other valid session later */ static BOOL test_tree_ulogoff(struct smbcli_state *cli, TALLOC_CTX *mem_ctx) { NTSTATUS status; BOOL ret = True; const char *share, *host; struct smbcli_session *session1; struct smbcli_session *session2; struct smb_composite_sesssetup setup; struct smbcli_tree *tree; union smb_tcon tcon; union smb_open io; union smb_write wr; int fnum1, fnum2; const char *fname1 = BASEDIR "\\test1.txt"; const char *fname2 = BASEDIR "\\test2.txt"; uint8_t c = 1; printf("TESTING TREE with ulogoff\n"); if (!torture_setup_dir(cli, BASEDIR)) { return False; } share = lp_parm_string(-1, "torture", "share"); host = lp_parm_string(-1, "torture", "host"); printf("create the first new sessions\n"); session1 = smbcli_session_init(cli->transport, mem_ctx, False); setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities = cli->transport->negotiate.capabilities; setup.in.workgroup = lp_workgroup(); setup.in.credentials = cmdline_credentials; status = smb_composite_sesssetup(session1, &setup); CHECK_STATUS(status, NT_STATUS_OK); session1->vuid = setup.out.vuid; printf("vuid1=%d\n", session1->vuid); printf("create a tree context on the with vuid1\n"); tree = smbcli_tree_init(session1, mem_ctx, False); tcon.generic.level = RAW_TCON_TCONX; tcon.tconx.in.flags = 0; tcon.tconx.in.password = data_blob(NULL, 0); tcon.tconx.in.path = talloc_asprintf(mem_ctx, "\\\\%s\\%s", host, share); tcon.tconx.in.device = "A:"; status = smb_raw_tcon(tree, mem_ctx, &tcon); CHECK_STATUS(status, NT_STATUS_OK); tree->tid = tcon.tconx.out.tid; printf("tid=%d\n", tree->tid); printf("create a file using vuid1\n"); io.generic.level = RAW_OPEN_NTCREATEX; io.ntcreatex.in.root_fid = 0; io.ntcreatex.in.flags = 0; io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; io.ntcreatex.in.create_options = 0; io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL; io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE; io.ntcreatex.in.alloc_size = 0; io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE; io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS; io.ntcreatex.in.security_flags = 0; io.ntcreatex.in.fname = fname1; status = smb_raw_open(tree, mem_ctx, &io); CHECK_STATUS(status, NT_STATUS_OK); fnum1 = io.ntcreatex.out.file.fnum; printf("write using vuid1\n"); wr.generic.level = RAW_WRITE_WRITEX; wr.writex.in.file.fnum = fnum1; wr.writex.in.offset = 0; wr.writex.in.wmode = 0; wr.writex.in.remaining = 0; wr.writex.in.count = 1; wr.writex.in.data = &c; status = smb_raw_write(tree, &wr); CHECK_STATUS(status, NT_STATUS_OK); CHECK_VALUE(wr.writex.out.nwritten, 1); printf("ulogoff the vuid1\n"); status = smb_raw_ulogoff(session1); CHECK_STATUS(status, NT_STATUS_OK); printf("create the second new sessions\n"); session2 = smbcli_session_init(cli->transport, mem_ctx, False); setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities = cli->transport->negotiate.capabilities; setup.in.workgroup = lp_workgroup(); setup.in.credentials = cmdline_credentials; status = smb_composite_sesssetup(session2, &setup); CHECK_STATUS(status, NT_STATUS_OK); session2->vuid = setup.out.vuid; printf("vuid2=%d\n", session2->vuid); printf("use the existing tree with vuid2\n"); tree->session = session2; printf("create a file using vuid2\n"); io.generic.level = RAW_OPEN_NTCREATEX; io.ntcreatex.in.root_fid = 0; io.ntcreatex.in.flags = 0; io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; io.ntcreatex.in.create_options = 0; io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL; io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE; io.ntcreatex.in.alloc_size = 0; io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE; io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS; io.ntcreatex.in.security_flags = 0; io.ntcreatex.in.fname = fname2; status = smb_raw_open(tree, mem_ctx, &io); CHECK_STATUS(status, NT_STATUS_OK); fnum2 = io.ntcreatex.out.file.fnum; printf("write using vuid2\n"); wr.generic.level = RAW_WRITE_WRITEX; wr.writex.in.file.fnum = fnum2; wr.writex.in.offset = 0; wr.writex.in.wmode = 0; wr.writex.in.remaining = 0; wr.writex.in.count = 1; wr.writex.in.data = &c; status = smb_raw_write(tree, &wr); CHECK_STATUS(status, NT_STATUS_OK); CHECK_VALUE(wr.writex.out.nwritten, 1); printf("ulogoff the vuid2\n"); status = smb_raw_ulogoff(session2); CHECK_STATUS(status, NT_STATUS_OK); /* this also demonstrates that SMBtdis doesn't need a valid vuid */ printf("disconnect the existing tree connection\n"); status = smb_tree_disconnect(tree); CHECK_STATUS(status, NT_STATUS_OK); printf("disconnect the existing tree connection\n"); status = smb_tree_disconnect(tree); CHECK_STATUS(status, NT_STATUS_DOS(ERRSRV,ERRinvnid)); /* close down the new tree */ talloc_free(tree); done: return ret; }
/* Reply to an SMBtrans or SMBtrans2 request */ static void reply_trans_generic(struct smbsrv_request *req, uint8_t command) { struct smb_trans2 *trans; int i; uint16_t param_ofs, data_ofs; uint16_t param_count, data_count; uint16_t param_total, data_total; /* parse request */ if (req->in.wct < 14) { smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER); return; } trans = talloc(req, struct smb_trans2); if (trans == NULL) { smbsrv_send_error(req, NT_STATUS_NO_MEMORY); return; } param_total = SVAL(req->in.vwv, VWV(0)); data_total = SVAL(req->in.vwv, VWV(1)); trans->in.max_param = SVAL(req->in.vwv, VWV(2)); trans->in.max_data = SVAL(req->in.vwv, VWV(3)); trans->in.max_setup = CVAL(req->in.vwv, VWV(4)); trans->in.flags = SVAL(req->in.vwv, VWV(5)); trans->in.timeout = IVAL(req->in.vwv, VWV(6)); param_count = SVAL(req->in.vwv, VWV(9)); param_ofs = SVAL(req->in.vwv, VWV(10)); data_count = SVAL(req->in.vwv, VWV(11)); data_ofs = SVAL(req->in.vwv, VWV(12)); trans->in.setup_count = CVAL(req->in.vwv, VWV(13)); if (req->in.wct != 14 + trans->in.setup_count) { smbsrv_send_error(req, NT_STATUS_DOS(ERRSRV, ERRerror)); return; } /* parse out the setup words */ trans->in.setup = talloc_array(trans, uint16_t, trans->in.setup_count); if (trans->in.setup_count && !trans->in.setup) { smbsrv_send_error(req, NT_STATUS_NO_MEMORY); return; } for (i=0;i<trans->in.setup_count;i++) { trans->in.setup[i] = SVAL(req->in.vwv, VWV(14+i)); } if (command == SMBtrans) { req_pull_string(&req->in.bufinfo, &trans->in.trans_name, req->in.data, -1, STR_TERMINATE); } if (!req_pull_blob(&req->in.bufinfo, req->in.hdr + param_ofs, param_count, &trans->in.params) || !req_pull_blob(&req->in.bufinfo, req->in.hdr + data_ofs, data_count, &trans->in.data)) { smbsrv_send_error(req, NT_STATUS_FOOBAR); return; } /* is it a partial request? if so, then send a 'send more' message */ if (param_total > param_count || data_total > data_count) { reply_trans_continue(req, command, trans); return; } reply_trans_complete(req, command, trans); }
/* basic testing of all RAW_CLOSE_* calls */ BOOL torture_raw_close(struct torture_context *torture) { struct smbcli_state *cli; BOOL ret = True; TALLOC_CTX *mem_ctx; union smb_close io; union smb_flush io_flush; int fnum; const char *fname = "\\torture_close.txt"; time_t basetime = (time(NULL) + 3*86400) & ~1; union smb_fileinfo finfo, finfo2; NTSTATUS status; if (!torture_open_connection(&cli, 0)) { return False; } mem_ctx = talloc_init("torture_raw_close"); #define REOPEN do { \ fnum = create_complex_file(cli, mem_ctx, fname); \ if (fnum == -1) { \ printf("(%d) Failed to create %s\n", __LINE__, fname); \ ret = False; \ goto done; \ }} while (0) #define CHECK_STATUS(status, correct) do { \ if (!NT_STATUS_EQUAL(status, correct)) { \ printf("(%d) Incorrect status %s - should be %s\n", \ __LINE__, nt_errstr(status), nt_errstr(correct)); \ ret = False; \ goto done; \ }} while (0) REOPEN; io.close.level = RAW_CLOSE_CLOSE; io.close.in.file.fnum = fnum; io.close.in.write_time = basetime; status = smb_raw_close(cli->tree, &io); CHECK_STATUS(status, NT_STATUS_OK); status = smb_raw_close(cli->tree, &io); CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE); printf("testing close.in.write_time\n"); /* the file should have the write time set */ finfo.generic.level = RAW_FILEINFO_ALL_INFO; finfo.generic.in.file.path = fname; status = smb_raw_pathinfo(cli->tree, mem_ctx, &finfo); CHECK_STATUS(status, NT_STATUS_OK); if (basetime != nt_time_to_unix(finfo.all_info.out.write_time)) { printf("Incorrect write time on file - %s - %s\n", timestring(mem_ctx, basetime), nt_time_string(mem_ctx, finfo.all_info.out.write_time)); dump_all_info(mem_ctx, &finfo); ret = False; } printf("testing other times\n"); /* none of the other times should be set to that time */ if (nt_time_equal(&finfo.all_info.out.write_time, &finfo.all_info.out.access_time) || nt_time_equal(&finfo.all_info.out.write_time, &finfo.all_info.out.create_time) || nt_time_equal(&finfo.all_info.out.write_time, &finfo.all_info.out.change_time)) { printf("Incorrect times after close - only write time should be set\n"); dump_all_info(mem_ctx, &finfo); ret = False; } smbcli_unlink(cli->tree, fname); REOPEN; finfo2.generic.level = RAW_FILEINFO_ALL_INFO; finfo2.generic.in.file.path = fname; status = smb_raw_pathinfo(cli->tree, mem_ctx, &finfo2); CHECK_STATUS(status, NT_STATUS_OK); io.close.level = RAW_CLOSE_CLOSE; io.close.in.file.fnum = fnum; io.close.in.write_time = 0; status = smb_raw_close(cli->tree, &io); CHECK_STATUS(status, NT_STATUS_OK); /* the file should have the write time set equal to access time */ finfo.generic.level = RAW_FILEINFO_ALL_INFO; finfo.generic.in.file.path = fname; status = smb_raw_pathinfo(cli->tree, mem_ctx, &finfo); CHECK_STATUS(status, NT_STATUS_OK); if (!nt_time_equal(&finfo.all_info.out.write_time, &finfo2.all_info.out.write_time)) { printf("Incorrect write time on file - 0 time should be ignored\n"); dump_all_info(mem_ctx, &finfo); ret = False; } printf("testing splclose\n"); /* check splclose on a file */ REOPEN; io.splclose.level = RAW_CLOSE_SPLCLOSE; io.splclose.in.file.fnum = fnum; status = smb_raw_close(cli->tree, &io); CHECK_STATUS(status, NT_STATUS_DOS(ERRSRV, ERRerror)); printf("testing flush\n"); smbcli_close(cli->tree, fnum); io_flush.flush.level = RAW_FLUSH_FLUSH; io_flush.flush.in.file.fnum = fnum; status = smb_raw_flush(cli->tree, &io_flush); CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE); io_flush.flush_all.level = RAW_FLUSH_ALL; status = smb_raw_flush(cli->tree, &io_flush); CHECK_STATUS(status, NT_STATUS_OK); REOPEN; io_flush.flush.level = RAW_FLUSH_FLUSH; io_flush.flush.in.file.fnum = fnum; status = smb_raw_flush(cli->tree, &io_flush); CHECK_STATUS(status, NT_STATUS_OK); printf("Testing SMBexit\n"); smb_raw_exit(cli->session); io_flush.flush.level = RAW_FLUSH_FLUSH; io_flush.flush.in.file.fnum = fnum; status = smb_raw_flush(cli->tree, &io_flush); CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE); done: smbcli_close(cli->tree, fnum); smbcli_unlink(cli->tree, fname); torture_close_connection(cli); talloc_free(mem_ctx); return ret; }