The branch, master has been updated via 75dff77 s4: smbtorture: leases - show stat opens grant leases and can be broken. via cec2a38 s3: smbd: leases - losen paranoia check. Stat opens can grant leases. via 2d3db5e s3: smbd: leases - new torture test shows stat opens can get leases. via 1cea6e5 s3: smbd: signing. Ensure we respond correctly to an SMB2 negprot with SMB2_NEGOTIATE_SIGNING_REQUIRED. from 7a46156 regedit: Rename variable to fix compile warning
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 75dff778c5f13c008419cf292d2ea73cf3a33d7b Author: Jeremy Allison <j...@samba.org> Date: Wed Feb 18 11:51:53 2015 -0800 s4: smbtorture: leases - show stat opens grant leases and can be broken. https://bugzilla.samba.org/show_bug.cgi?id=11102 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Böhme <s...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Thu Feb 19 23:10:43 CET 2015 on sn-devel-104 commit cec2a38e971ac83260f3a9a5c4ac7095f8d23d65 Author: Jeremy Allison <j...@samba.org> Date: Wed Feb 18 11:49:27 2015 -0800 s3: smbd: leases - losen paranoia check. Stat opens can grant leases. https://bugzilla.samba.org/show_bug.cgi?id=11102 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Böhme <s...@samba.org> commit 2d3db5e7930af9dd2a70727b2f2828bd73a1ec3b Author: Jeremy Allison <j...@samba.org> Date: Wed Feb 18 11:48:31 2015 -0800 s3: smbd: leases - new torture test shows stat opens can get leases. Can also issue breaks on these leases. https://bugzilla.samba.org/show_bug.cgi?id=11102 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Böhme <s...@samba.org> commit 1cea6e5b6f8c0e28d5ba2d296c831c4878fca304 Author: Jeremy Allison <j...@samba.org> Date: Wed Feb 18 21:27:37 2015 -0800 s3: smbd: signing. Ensure we respond correctly to an SMB2 negprot with SMB2_NEGOTIATE_SIGNING_REQUIRED. Bug 11103: - Samba does not set the required flags in the SMB2/SMB3 Negotiate Protocol Response when signing required by client https://bugzilla.samba.org/show_bug.cgi?id=11103 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Steve French <smfre...@gmail.com> ----------------------------------------------------------------------- Summary of changes: source3/smbd/files.c | 3 +- source3/smbd/open.c | 11 +++--- source3/smbd/smb2_negprot.c | 3 +- source3/smbd/smb2_sesssetup.c | 4 ++- source4/torture/smb2/lease.c | 79 +++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 90 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/files.c b/source3/smbd/files.c index 19896a7..5b3741b 100644 --- a/source3/smbd/files.c +++ b/source3/smbd/files.c @@ -322,7 +322,8 @@ files_struct *file_find_dif(struct smbd_server_connection *sconn, } /* Paranoia check. */ if ((fsp->fh->fd == -1) && - (fsp->oplock_type != NO_OPLOCK)) { + (fsp->oplock_type != NO_OPLOCK && + fsp->oplock_type != LEASE_OPLOCK)) { DEBUG(0,("file_find_dif: file %s file_id = " "%s, gen = %u oplock_type = %u is a " "stat open with oplock type !\n", diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 06770e0..773b146 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -3099,7 +3099,8 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn, if (file_existed) { /* - * stat opens on existing files don't get oplocks or leases. + * stat opens on existing files don't get oplocks. + * They can get leases. * * Note that we check for stat open on the *open_access_mask*, * i.e. the access mask we actually used to do the open, @@ -3108,12 +3109,8 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn, * FILE_OVERWRITE and FILE_OVERWRITE_IF add in O_TRUNC, * which adds FILE_WRITE_DATA to open_access_mask. */ - if (is_stat_open(open_access_mask)) { - if (lease) { - lease->lease_state = SMB2_LEASE_NONE; - } else { - oplock_request = NO_OPLOCK; - } + if (is_stat_open(open_access_mask) && lease == NULL) { + oplock_request = NO_OPLOCK; } } diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c index 9a1ca9c..02f6882 100644 --- a/source3/smbd/smb2_negprot.c +++ b/source3/smbd/smb2_negprot.c @@ -221,7 +221,8 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req) } security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED; - if (lp_server_signing() == SMB_SIGNING_REQUIRED) { + if (lp_server_signing() == SMB_SIGNING_REQUIRED || + (in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) { security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED; } diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 2f58e44..f918328 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -186,7 +186,9 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session, struct smbXsrv_connection *xconn = smb2req->xconn; if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) || - lp_server_signing() == SMB_SIGNING_REQUIRED) { + lp_server_signing() == SMB_SIGNING_REQUIRED || + (xconn->smb2.server.security_mode & + SMB2_NEGOTIATE_SIGNING_REQUIRED)) { x->global->signing_required = true; } diff --git a/source4/torture/smb2/lease.c b/source4/torture/smb2/lease.c index c1b6420..4b435a1 100644 --- a/source4/torture/smb2/lease.c +++ b/source4/torture/smb2/lease.c @@ -27,6 +27,7 @@ #include "torture/smb2/proto.h" #include "torture/util.h" #include "libcli/smb/smbXcli_base.h" +#include "libcli/security/security.h" #include "lib/param/param.h" #define CHECK_VAL(v, correct) do { \ @@ -912,6 +913,83 @@ done: return ret; } +static bool test_lease_statopen(struct torture_context *tctx, + struct smb2_tree *tree) +{ + TALLOC_CTX *mem_ctx = talloc_new(tctx); + struct smb2_create io; + struct smb2_lease ls; + struct smb2_handle h1, h2; + NTSTATUS status; + const char *fname = "lease_statopen.dat"; + bool ret = true; + uint32_t caps; + + caps = smb2cli_conn_server_capabilities( + tree->session->transport->conn); + if (!(caps & SMB2_CAP_LEASING)) { + torture_skip(tctx, "leases are not supported"); + } + + smb2_util_unlink(tree, fname); + + /* Create file. */ + smb2_lease_create(&io, &ls, false, fname, LEASE1, + smb2_util_lease_state("RWH")); + status = smb2_create(tree, mem_ctx, &io); + CHECK_STATUS(status, NT_STATUS_OK); + h1 = io.out.file.handle; + CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE); + CHECK_LEASE(&io, "RWH", true, LEASE1, 0); + smb2_util_close(tree, h1); + + /* Stat open file with RWH lease. */ + smb2_lease_create_share(&io, &ls, false, fname, 0, LEASE1, + smb2_util_lease_state("RWH")); + io.in.desired_access = FILE_READ_ATTRIBUTES; + status = smb2_create(tree, mem_ctx, &io); + CHECK_STATUS(status, NT_STATUS_OK); + h2 = io.out.file.handle; + CHECK_LEASE(&io, "RWH", true, LEASE1, 0); + + ZERO_STRUCT(break_info); + + tree->session->transport->lease.handler = torture_lease_handler; + tree->session->transport->lease.private_data = tree; + + /* Ensure non-stat open doesn't break and gets same lease + state as existing stat open. */ + smb2_lease_create(&io, &ls, false, fname, LEASE1, + smb2_util_lease_state("")); + status = smb2_create(tree, mem_ctx, &io); + CHECK_STATUS(status, NT_STATUS_OK); + h1 = io.out.file.handle; + CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE); + CHECK_LEASE(&io, "RWH", true, LEASE1, 0); + + CHECK_NO_BREAK(tctx); + smb2_util_close(tree, h1); + + /* Open with conflicting lease. stat open should break down to RH */ + smb2_lease_create(&io, &ls, false, fname, LEASE2, + smb2_util_lease_state("RWH")); + status = smb2_create(tree, mem_ctx, &io); + CHECK_STATUS(status, NT_STATUS_OK); + h1 = io.out.file.handle; + CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE); + CHECK_LEASE(&io, "RH", true, LEASE2, 0); + + CHECK_BREAK_INFO("RWH", "RH", LEASE1); + +done: + smb2_util_close(tree, h2); + smb2_util_close(tree, h1); + smb2_util_unlink(tree, fname); + talloc_free(mem_ctx); + return ret; +} + + static void torture_oplock_break_callback(struct smb2_request *req) { NTSTATUS status; @@ -3814,6 +3892,7 @@ struct torture_suite *torture_smb2_lease_init(void) test_lease_break_twice); torture_suite_add_1smb2_test(suite, "nobreakself", test_lease_nobreakself); + torture_suite_add_1smb2_test(suite, "statopen", test_lease_statopen); torture_suite_add_1smb2_test(suite, "upgrade", test_lease_upgrade); torture_suite_add_1smb2_test(suite, "upgrade2", test_lease_upgrade2); torture_suite_add_1smb2_test(suite, "upgrade3", test_lease_upgrade3); -- Samba Shared Repository