The branch, master has been updated
       via  75dff77 s4: smbtorture: leases - show stat opens grant leases and 
can be broken.
       via  cec2a38 s3: smbd: leases - losen paranoia check. Stat opens can 
grant leases.
       via  2d3db5e s3: smbd: leases - new torture test shows stat opens can 
get leases.
       via  1cea6e5 s3: smbd: signing. Ensure we respond correctly to an SMB2 
negprot with SMB2_NEGOTIATE_SIGNING_REQUIRED.
      from  7a46156 regedit: Rename variable to fix compile warning

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 75dff778c5f13c008419cf292d2ea73cf3a33d7b
Author: Jeremy Allison <j...@samba.org>
Date:   Wed Feb 18 11:51:53 2015 -0800

    s4: smbtorture: leases - show stat opens grant leases and can be broken.
    
    https://bugzilla.samba.org/show_bug.cgi?id=11102
    
    Signed-off-by: Jeremy Allison <j...@samba.org>
    Reviewed-by: Ralph Böhme <s...@samba.org>
    
    Autobuild-User(master): Jeremy Allison <j...@samba.org>
    Autobuild-Date(master): Thu Feb 19 23:10:43 CET 2015 on sn-devel-104

commit cec2a38e971ac83260f3a9a5c4ac7095f8d23d65
Author: Jeremy Allison <j...@samba.org>
Date:   Wed Feb 18 11:49:27 2015 -0800

    s3: smbd: leases - losen paranoia check. Stat opens can grant leases.
    
    https://bugzilla.samba.org/show_bug.cgi?id=11102
    
    Signed-off-by: Jeremy Allison <j...@samba.org>
    Reviewed-by: Ralph Böhme <s...@samba.org>

commit 2d3db5e7930af9dd2a70727b2f2828bd73a1ec3b
Author: Jeremy Allison <j...@samba.org>
Date:   Wed Feb 18 11:48:31 2015 -0800

    s3: smbd: leases - new torture test shows stat opens can get leases.
    
    Can also issue breaks on these leases.
    
    https://bugzilla.samba.org/show_bug.cgi?id=11102
    
    Signed-off-by: Jeremy Allison <j...@samba.org>
    Reviewed-by: Ralph Böhme <s...@samba.org>

commit 1cea6e5b6f8c0e28d5ba2d296c831c4878fca304
Author: Jeremy Allison <j...@samba.org>
Date:   Wed Feb 18 21:27:37 2015 -0800

    s3: smbd: signing. Ensure we respond correctly to an SMB2 negprot with 
SMB2_NEGOTIATE_SIGNING_REQUIRED.
    
    Bug 11103:  - Samba does not set the required flags in the SMB2/SMB3 
Negotiate Protocol Response when signing required by client
    
    https://bugzilla.samba.org/show_bug.cgi?id=11103
    
    Signed-off-by: Jeremy Allison <j...@samba.org>
    Reviewed-by: Steve French <smfre...@gmail.com>

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/files.c          |  3 +-
 source3/smbd/open.c           | 11 +++---
 source3/smbd/smb2_negprot.c   |  3 +-
 source3/smbd/smb2_sesssetup.c |  4 ++-
 source4/torture/smb2/lease.c  | 79 +++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 90 insertions(+), 10 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/files.c b/source3/smbd/files.c
index 19896a7..5b3741b 100644
--- a/source3/smbd/files.c
+++ b/source3/smbd/files.c
@@ -322,7 +322,8 @@ files_struct *file_find_dif(struct smbd_server_connection 
*sconn,
                        }
                        /* Paranoia check. */
                        if ((fsp->fh->fd == -1) &&
-                           (fsp->oplock_type != NO_OPLOCK)) {
+                           (fsp->oplock_type != NO_OPLOCK &&
+                            fsp->oplock_type != LEASE_OPLOCK)) {
                                DEBUG(0,("file_find_dif: file %s file_id = "
                                         "%s, gen = %u oplock_type = %u is a "
                                         "stat open with oplock type !\n",
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 06770e0..773b146 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -3099,7 +3099,8 @@ static NTSTATUS open_file_ntcreate(connection_struct 
*conn,
 
        if (file_existed) {
                /*
-                * stat opens on existing files don't get oplocks or leases.
+                * stat opens on existing files don't get oplocks.
+                * They can get leases.
                 *
                 * Note that we check for stat open on the *open_access_mask*,
                 * i.e. the access mask we actually used to do the open,
@@ -3108,12 +3109,8 @@ static NTSTATUS open_file_ntcreate(connection_struct 
*conn,
                 * FILE_OVERWRITE and FILE_OVERWRITE_IF add in O_TRUNC,
                 * which adds FILE_WRITE_DATA to open_access_mask.
                 */
-               if (is_stat_open(open_access_mask)) {
-                       if (lease) {
-                               lease->lease_state = SMB2_LEASE_NONE;
-                       } else {
-                               oplock_request = NO_OPLOCK;
-                       }
+               if (is_stat_open(open_access_mask) && lease == NULL) {
+                       oplock_request = NO_OPLOCK;
                }
        }
 
diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index 9a1ca9c..02f6882 100644
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -221,7 +221,8 @@ NTSTATUS smbd_smb2_request_process_negprot(struct 
smbd_smb2_request *req)
        }
 
        security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
-       if (lp_server_signing() == SMB_SIGNING_REQUIRED) {
+       if (lp_server_signing() == SMB_SIGNING_REQUIRED ||
+                       (in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) {
                security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
        }
 
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 2f58e44..f918328 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -186,7 +186,9 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct 
smbXsrv_session *session,
        struct smbXsrv_connection *xconn = smb2req->xconn;
 
        if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
-           lp_server_signing() == SMB_SIGNING_REQUIRED) {
+           lp_server_signing() == SMB_SIGNING_REQUIRED ||
+           (xconn->smb2.server.security_mode &
+                       SMB2_NEGOTIATE_SIGNING_REQUIRED)) {
                x->global->signing_required = true;
        }
 
diff --git a/source4/torture/smb2/lease.c b/source4/torture/smb2/lease.c
index c1b6420..4b435a1 100644
--- a/source4/torture/smb2/lease.c
+++ b/source4/torture/smb2/lease.c
@@ -27,6 +27,7 @@
 #include "torture/smb2/proto.h"
 #include "torture/util.h"
 #include "libcli/smb/smbXcli_base.h"
+#include "libcli/security/security.h"
 #include "lib/param/param.h"
 
 #define CHECK_VAL(v, correct) do { \
@@ -912,6 +913,83 @@ done:
        return ret;
 }
 
+static bool test_lease_statopen(struct torture_context *tctx,
+                                  struct smb2_tree *tree)
+{
+       TALLOC_CTX *mem_ctx = talloc_new(tctx);
+       struct smb2_create io;
+       struct smb2_lease ls;
+       struct smb2_handle h1, h2;
+       NTSTATUS status;
+       const char *fname = "lease_statopen.dat";
+       bool ret = true;
+       uint32_t caps;
+
+       caps = smb2cli_conn_server_capabilities(
+               tree->session->transport->conn);
+       if (!(caps & SMB2_CAP_LEASING)) {
+               torture_skip(tctx, "leases are not supported");
+       }
+
+       smb2_util_unlink(tree, fname);
+
+       /* Create file. */
+       smb2_lease_create(&io, &ls, false, fname, LEASE1,
+                         smb2_util_lease_state("RWH"));
+       status = smb2_create(tree, mem_ctx, &io);
+       CHECK_STATUS(status, NT_STATUS_OK);
+       h1 = io.out.file.handle;
+       CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+       CHECK_LEASE(&io, "RWH", true, LEASE1, 0);
+       smb2_util_close(tree, h1);
+
+       /* Stat open file with RWH lease. */
+       smb2_lease_create_share(&io, &ls, false, fname, 0, LEASE1,
+                         smb2_util_lease_state("RWH"));
+       io.in.desired_access = FILE_READ_ATTRIBUTES;
+       status = smb2_create(tree, mem_ctx, &io);
+       CHECK_STATUS(status, NT_STATUS_OK);
+       h2 = io.out.file.handle;
+       CHECK_LEASE(&io, "RWH", true, LEASE1, 0);
+
+       ZERO_STRUCT(break_info);
+
+       tree->session->transport->lease.handler = torture_lease_handler;
+       tree->session->transport->lease.private_data = tree;
+
+       /* Ensure non-stat open doesn't break and gets same lease
+          state as existing stat open. */
+       smb2_lease_create(&io, &ls, false, fname, LEASE1,
+                         smb2_util_lease_state(""));
+       status = smb2_create(tree, mem_ctx, &io);
+       CHECK_STATUS(status, NT_STATUS_OK);
+       h1 = io.out.file.handle;
+       CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+       CHECK_LEASE(&io, "RWH", true, LEASE1, 0);
+
+       CHECK_NO_BREAK(tctx);
+       smb2_util_close(tree, h1);
+
+       /* Open with conflicting lease. stat open should break down to RH */
+       smb2_lease_create(&io, &ls, false, fname, LEASE2,
+                         smb2_util_lease_state("RWH"));
+       status = smb2_create(tree, mem_ctx, &io);
+       CHECK_STATUS(status, NT_STATUS_OK);
+       h1 = io.out.file.handle;
+       CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+       CHECK_LEASE(&io, "RH", true, LEASE2, 0);
+
+       CHECK_BREAK_INFO("RWH", "RH", LEASE1);
+
+done:
+       smb2_util_close(tree, h2);
+       smb2_util_close(tree, h1);
+       smb2_util_unlink(tree, fname);
+       talloc_free(mem_ctx);
+       return ret;
+}
+
+
 static void torture_oplock_break_callback(struct smb2_request *req)
 {
        NTSTATUS status;
@@ -3814,6 +3892,7 @@ struct torture_suite *torture_smb2_lease_init(void)
                                     test_lease_break_twice);
        torture_suite_add_1smb2_test(suite, "nobreakself",
                                     test_lease_nobreakself);
+       torture_suite_add_1smb2_test(suite, "statopen", test_lease_statopen);
        torture_suite_add_1smb2_test(suite, "upgrade", test_lease_upgrade);
        torture_suite_add_1smb2_test(suite, "upgrade2", test_lease_upgrade2);
        torture_suite_add_1smb2_test(suite, "upgrade3", test_lease_upgrade3);


-- 
Samba Shared Repository

Reply via email to