The branch, master has been updated
via 75dff77 s4: smbtorture: leases - show stat opens grant leases and
can be broken.
via cec2a38 s3: smbd: leases - losen paranoia check. Stat opens can
grant leases.
via 2d3db5e s3: smbd: leases - new torture test shows stat opens can
get leases.
via 1cea6e5 s3: smbd: signing. Ensure we respond correctly to an SMB2
negprot with SMB2_NEGOTIATE_SIGNING_REQUIRED.
from 7a46156 regedit: Rename variable to fix compile warning
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 75dff778c5f13c008419cf292d2ea73cf3a33d7b
Author: Jeremy Allison <j...@samba.org>
Date: Wed Feb 18 11:51:53 2015 -0800
s4: smbtorture: leases - show stat opens grant leases and can be broken.
https://bugzilla.samba.org/show_bug.cgi?id=11102
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ralph Böhme <s...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Thu Feb 19 23:10:43 CET 2015 on sn-devel-104
commit cec2a38e971ac83260f3a9a5c4ac7095f8d23d65
Author: Jeremy Allison <j...@samba.org>
Date: Wed Feb 18 11:49:27 2015 -0800
s3: smbd: leases - losen paranoia check. Stat opens can grant leases.
https://bugzilla.samba.org/show_bug.cgi?id=11102
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ralph Böhme <s...@samba.org>
commit 2d3db5e7930af9dd2a70727b2f2828bd73a1ec3b
Author: Jeremy Allison <j...@samba.org>
Date: Wed Feb 18 11:48:31 2015 -0800
s3: smbd: leases - new torture test shows stat opens can get leases.
Can also issue breaks on these leases.
https://bugzilla.samba.org/show_bug.cgi?id=11102
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ralph Böhme <s...@samba.org>
commit 1cea6e5b6f8c0e28d5ba2d296c831c4878fca304
Author: Jeremy Allison <j...@samba.org>
Date: Wed Feb 18 21:27:37 2015 -0800
s3: smbd: signing. Ensure we respond correctly to an SMB2 negprot with
SMB2_NEGOTIATE_SIGNING_REQUIRED.
Bug 11103: - Samba does not set the required flags in the SMB2/SMB3
Negotiate Protocol Response when signing required by client
https://bugzilla.samba.org/show_bug.cgi?id=11103
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Steve French <smfre...@gmail.com>
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/files.c | 3 +-
source3/smbd/open.c | 11 +++---
source3/smbd/smb2_negprot.c | 3 +-
source3/smbd/smb2_sesssetup.c | 4 ++-
source4/torture/smb2/lease.c | 79 +++++++++++++++++++++++++++++++++++++++++++
5 files changed, 90 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/files.c b/source3/smbd/files.c
index 19896a7..5b3741b 100644
--- a/source3/smbd/files.c
+++ b/source3/smbd/files.c
@@ -322,7 +322,8 @@ files_struct *file_find_dif(struct smbd_server_connection
*sconn,
}
/* Paranoia check. */
if ((fsp->fh->fd == -1) &&
- (fsp->oplock_type != NO_OPLOCK)) {
+ (fsp->oplock_type != NO_OPLOCK &&
+ fsp->oplock_type != LEASE_OPLOCK)) {
DEBUG(0,("file_find_dif: file %s file_id = "
"%s, gen = %u oplock_type = %u is a "
"stat open with oplock type !\n",
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 06770e0..773b146 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -3099,7 +3099,8 @@ static NTSTATUS open_file_ntcreate(connection_struct
*conn,
if (file_existed) {
/*
- * stat opens on existing files don't get oplocks or leases.
+ * stat opens on existing files don't get oplocks.
+ * They can get leases.
*
* Note that we check for stat open on the *open_access_mask*,
* i.e. the access mask we actually used to do the open,
@@ -3108,12 +3109,8 @@ static NTSTATUS open_file_ntcreate(connection_struct
*conn,
* FILE_OVERWRITE and FILE_OVERWRITE_IF add in O_TRUNC,
* which adds FILE_WRITE_DATA to open_access_mask.
*/
- if (is_stat_open(open_access_mask)) {
- if (lease) {
- lease->lease_state = SMB2_LEASE_NONE;
- } else {
- oplock_request = NO_OPLOCK;
- }
+ if (is_stat_open(open_access_mask) && lease == NULL) {
+ oplock_request = NO_OPLOCK;
}
}
diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index 9a1ca9c..02f6882 100644
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -221,7 +221,8 @@ NTSTATUS smbd_smb2_request_process_negprot(struct
smbd_smb2_request *req)
}
security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
- if (lp_server_signing() == SMB_SIGNING_REQUIRED) {
+ if (lp_server_signing() == SMB_SIGNING_REQUIRED ||
+ (in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) {
security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
}
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 2f58e44..f918328 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -186,7 +186,9 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct
smbXsrv_session *session,
struct smbXsrv_connection *xconn = smb2req->xconn;
if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
- lp_server_signing() == SMB_SIGNING_REQUIRED) {
+ lp_server_signing() == SMB_SIGNING_REQUIRED ||
+ (xconn->smb2.server.security_mode &
+ SMB2_NEGOTIATE_SIGNING_REQUIRED)) {
x->global->signing_required = true;
}
diff --git a/source4/torture/smb2/lease.c b/source4/torture/smb2/lease.c
index c1b6420..4b435a1 100644
--- a/source4/torture/smb2/lease.c
+++ b/source4/torture/smb2/lease.c
@@ -27,6 +27,7 @@
#include "torture/smb2/proto.h"
#include "torture/util.h"
#include "libcli/smb/smbXcli_base.h"
+#include "libcli/security/security.h"
#include "lib/param/param.h"
#define CHECK_VAL(v, correct) do { \
@@ -912,6 +913,83 @@ done:
return ret;
}
+static bool test_lease_statopen(struct torture_context *tctx,
+ struct smb2_tree *tree)
+{
+ TALLOC_CTX *mem_ctx = talloc_new(tctx);
+ struct smb2_create io;
+ struct smb2_lease ls;
+ struct smb2_handle h1, h2;
+ NTSTATUS status;
+ const char *fname = "lease_statopen.dat";
+ bool ret = true;
+ uint32_t caps;
+
+ caps = smb2cli_conn_server_capabilities(
+ tree->session->transport->conn);
+ if (!(caps & SMB2_CAP_LEASING)) {
+ torture_skip(tctx, "leases are not supported");
+ }
+
+ smb2_util_unlink(tree, fname);
+
+ /* Create file. */
+ smb2_lease_create(&io, &ls, false, fname, LEASE1,
+ smb2_util_lease_state("RWH"));
+ status = smb2_create(tree, mem_ctx, &io);
+ CHECK_STATUS(status, NT_STATUS_OK);
+ h1 = io.out.file.handle;
+ CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+ CHECK_LEASE(&io, "RWH", true, LEASE1, 0);
+ smb2_util_close(tree, h1);
+
+ /* Stat open file with RWH lease. */
+ smb2_lease_create_share(&io, &ls, false, fname, 0, LEASE1,
+ smb2_util_lease_state("RWH"));
+ io.in.desired_access = FILE_READ_ATTRIBUTES;
+ status = smb2_create(tree, mem_ctx, &io);
+ CHECK_STATUS(status, NT_STATUS_OK);
+ h2 = io.out.file.handle;
+ CHECK_LEASE(&io, "RWH", true, LEASE1, 0);
+
+ ZERO_STRUCT(break_info);
+
+ tree->session->transport->lease.handler = torture_lease_handler;
+ tree->session->transport->lease.private_data = tree;
+
+ /* Ensure non-stat open doesn't break and gets same lease
+ state as existing stat open. */
+ smb2_lease_create(&io, &ls, false, fname, LEASE1,
+ smb2_util_lease_state(""));
+ status = smb2_create(tree, mem_ctx, &io);
+ CHECK_STATUS(status, NT_STATUS_OK);
+ h1 = io.out.file.handle;
+ CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+ CHECK_LEASE(&io, "RWH", true, LEASE1, 0);
+
+ CHECK_NO_BREAK(tctx);
+ smb2_util_close(tree, h1);
+
+ /* Open with conflicting lease. stat open should break down to RH */
+ smb2_lease_create(&io, &ls, false, fname, LEASE2,
+ smb2_util_lease_state("RWH"));
+ status = smb2_create(tree, mem_ctx, &io);
+ CHECK_STATUS(status, NT_STATUS_OK);
+ h1 = io.out.file.handle;
+ CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+ CHECK_LEASE(&io, "RH", true, LEASE2, 0);
+
+ CHECK_BREAK_INFO("RWH", "RH", LEASE1);
+
+done:
+ smb2_util_close(tree, h2);
+ smb2_util_close(tree, h1);
+ smb2_util_unlink(tree, fname);
+ talloc_free(mem_ctx);
+ return ret;
+}
+
+
static void torture_oplock_break_callback(struct smb2_request *req)
{
NTSTATUS status;
@@ -3814,6 +3892,7 @@ struct torture_suite *torture_smb2_lease_init(void)
test_lease_break_twice);
torture_suite_add_1smb2_test(suite, "nobreakself",
test_lease_nobreakself);
+ torture_suite_add_1smb2_test(suite, "statopen", test_lease_statopen);
torture_suite_add_1smb2_test(suite, "upgrade", test_lease_upgrade);
torture_suite_add_1smb2_test(suite, "upgrade2", test_lease_upgrade2);
torture_suite_add_1smb2_test(suite, "upgrade3", test_lease_upgrade3);
--
Samba Shared Repository
