The branch, v4-9-test has been updated via b2ef0e08a9b CVE-2018-16853: fix crash in expired passowrd case via a26e6160b33 CVE-2018-16853: Do not segfault if client is not set via a2f4d49c1c5 CVE-2018-16853: Add a test to verify s4u2self doesn't crash via 09f9bb28371 CVE-2018-16853: The ticket in check_policy_as can actually be a TGS via d2a6e3e1bb4 CVE-2018-16853: Fix kinit test on system lacking ldbsearch via 2332c99cba7 libcli/smb: don't overwrite status code via 739ce2c7335 s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works via f678c6f06f0 ldb_controls: Add some talloc error checking for controls via f4105adc285 sync_passwords: Remove dirsync cookie logging for continuous operation via 517df6d3da3 dirsync: Allow arbitrary length cookies via a816ca4004a PEP8: fix E231: missing whitespace after ',' from b3d376b7d4d VERSION: Bump version up to 4.9.4.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log ----------------------------------------------------------------- commit b2ef0e08a9beda7231629dce6875a8c37360acf8 Author: Isaac Boukris <ibouk...@gmail.com> Date: Wed Nov 7 22:53:35 2018 +0200 CVE-2018-16853: fix crash in expired passowrd case When calling encode_krb5_padata_sequence() make sure to pass a null terminated array as required. Fixes expired passowrd case in samba4.blackbox.kinit test. Signed-off-by: Isaac Boukris <ibouk...@gmail.com> Reviewed-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Autobuild-User(v4-9-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-9-test): Tue Dec 4 17:27:18 CET 2018 on sn-devel-144 commit a26e6160b3361f02d9d91f04114b8a03adf11780 Author: Andreas Schneider <a...@samba.org> Date: Wed Sep 28 07:22:32 2016 +0200 CVE-2018-16853: Do not segfault if client is not set This can be triggered with FAST but we don't support this yet. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit a2f4d49c1c545d9a64d34d0413f3e840d8f109f6 Author: Isaac Boukris <ibouk...@gmail.com> Date: Sat Aug 18 16:01:59 2018 +0300 CVE-2018-16853: Add a test to verify s4u2self doesn't crash BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571 Signed-off-by: Isaac Boukris <ibouk...@gmail.com> Reviewed-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 09f9bb2837180ca27085b27aa636bfbae975f294 Author: Isaac Boukris <ibouk...@gmail.com> Date: Sat Aug 18 00:40:30 2018 +0300 CVE-2018-16853: The ticket in check_policy_as can actually be a TGS This happens when we are called from S4U2Self flow, and in that case kdcreq->client is NULL. Use the name from client entry instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571 Signed-off-by: Isaac Boukris <ibouk...@gmail.com> Reviewed-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit d2a6e3e1bb4609224fc9316abaaa156b3f71cb34 Author: Isaac Boukris <ibouk...@gmail.com> Date: Sat Aug 18 15:32:43 2018 +0300 CVE-2018-16853: Fix kinit test on system lacking ldbsearch By fixing bindir variable name. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571 Signed-off-by: Isaac Boukris <ibouk...@gmail.com> Reviewed-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 2332c99cba77bea1113014011d840b2005a4a75f Author: Ralph Boehme <s...@samba.org> Date: Wed Nov 7 14:00:25 2018 +0100 libcli/smb: don't overwrite status code The original commit c5cd22b5bbce724dcd68fe94320382b3f772cabf from bug 9175 never worked, as the preceeding signing check overwrote the status variable. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Autobuild-User(master): Ralph Böhme <s...@samba.org> Autobuild-Date(master): Tue Nov 13 17:28:45 CET 2018 on sn-devel-144 (cherry picked from commit 5a8583ed701be97c33a20b2a20f6bbb8ac2f8e99) commit 739ce2c733521fe53a74927f9c801ba503cc1586 Author: Ralph Boehme <s...@samba.org> Date: Tue Nov 13 12:08:10 2018 +0100 s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works This adds a simple test that verifies that after having set smbXcli_session_set_disconnect_expired() a session gets disconnected when it expires. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit a5d1bb5c5b5a57a2d7710dc5ab962683fe5c8e68) commit f678c6f06f03b81cec1ea38ee1a4f4c67c38dcfe Author: Garming Sam <garm...@catalyst.net.nz> Date: Wed Nov 14 10:29:01 2018 +1300 ldb_controls: Add some talloc error checking for controls BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686 Signed-off-by: Garming Sam <garm...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> (cherry picked from commit ad8bb6fcd08be28c40f2522d640333e9e69b7852) commit f4105adc285f8414aaaacd3bfd80973737327608 Author: Garming Sam <garm...@catalyst.net.nz> Date: Mon Nov 19 11:05:59 2018 +1300 sync_passwords: Remove dirsync cookie logging for continuous operation Under normal operation, users shouldn't see giant cookies in their logs. We still log the initial cookie retrieved from the cache database, which should still be helpful for identifying corrupt cookies. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686 Signed-off-by: Garming Sam <garm...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> (cherry picked from commit ac90c9faa783fc133229e7c163471d96440ff30e) commit 517df6d3da3ee988d1da96cbba20cbf401ead04e Author: Garming Sam <garm...@catalyst.net.nz> Date: Fri Oct 26 13:38:02 2018 +1300 dirsync: Allow arbitrary length cookies The length of the cookie is proportional to the number of DCs ever in the domain (as it stores the uptodateness vector which has stale invocationID). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686 Signed-off-by: Garming Sam <garm...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> (cherry picked from commit b7a0d3b110697923a31e353905d3b1bd9385ea9b) commit a816ca4004a784a423ef5e4cf195361554f24412 Author: Joe Guo <j...@catalyst.net.nz> Date: Mon Jul 30 18:19:05 2018 +1200 PEP8: fix E231: missing whitespace after ',' Signed-off-by: Joe Guo <j...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> (part of commit 12d3fbe15cb58b57c60499103101e3a845378859 from master cherry-picked to v4-9-test) ----------------------------------------------------------------------- Summary of changes: lib/ldb/common/ldb_controls.c | 108 ++++++++++++++++++++++++++++-- libcli/smb/smbXcli_base.c | 12 ++-- python/samba/netcmd/user.py | 9 +-- source4/kdc/mit-kdb/kdb_samba_policies.c | 24 ++++++- source4/kdc/mit_samba.c | 7 +- source4/torture/smb2/session.c | 110 +++++++++++++++++++++++++++++++ testprogs/blackbox/test_kinit_mit.sh | 20 ++++-- 7 files changed, 265 insertions(+), 25 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ldb/common/ldb_controls.c b/lib/ldb/common/ldb_controls.c index a83768a352c..e0f0eb48f3a 100644 --- a/lib/ldb/common/ldb_controls.c +++ b/lib/ldb/common/ldb_controls.c @@ -520,6 +520,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO control->ctxid_len); if (control->contextId == NULL) { ldb_oom(ldb); + talloc_free(ctrl); return NULL; } } else { @@ -534,13 +535,20 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO if (LDB_CONTROL_CMP(control_strings, LDB_CONTROL_DIRSYNC_NAME) == 0) { struct ldb_dirsync_control *control; const char *p; - char cookie[1024]; + char *cookie = NULL; int crit, max_attrs, ret; uint32_t flags; - cookie[0] = '\0'; + cookie = talloc_zero_array(ctrl, char, + strlen(control_strings) + 1); + if (cookie == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } + p = &(control_strings[sizeof(LDB_CONTROL_DIRSYNC_NAME)]); - ret = sscanf(p, "%d:%u:%d:%1023[^$]", &crit, &flags, &max_attrs, cookie); + ret = sscanf(p, "%d:%u:%d:%[^$]", &crit, &flags, &max_attrs, cookie); if ((ret < 3) || (crit < 0) || (crit > 1) || (max_attrs < 0)) { ldb_set_errstring(ldb, @@ -561,6 +569,11 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO ctrl->oid = LDB_CONTROL_DIRSYNC_OID; ctrl->critical = crit; control = talloc(ctrl, struct ldb_dirsync_control); + if (control == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } control->flags = flags; control->max_attributes = max_attrs; if (*cookie) { @@ -575,6 +588,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO control->cookie = (char *)talloc_memdup(control, cookie, control->cookie_len); if (control->cookie == NULL) { ldb_oom(ldb); + talloc_free(ctrl); return NULL; } } else { @@ -582,17 +596,25 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO control->cookie_len = 0; } ctrl->data = control; + TALLOC_FREE(cookie); return ctrl; } if (LDB_CONTROL_CMP(control_strings, LDB_CONTROL_DIRSYNC_EX_NAME) == 0) { struct ldb_dirsync_control *control; const char *p; - char cookie[1024]; + char *cookie = NULL; int crit, max_attrs, ret; uint32_t flags; - cookie[0] = '\0'; + cookie = talloc_zero_array(ctrl, char, + strlen(control_strings) + 1); + if (cookie == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } + p = &(control_strings[sizeof(LDB_CONTROL_DIRSYNC_EX_NAME)]); ret = sscanf(p, "%d:%u:%d:%1023[^$]", &crit, &flags, &max_attrs, cookie); @@ -615,6 +637,11 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO ctrl->oid = LDB_CONTROL_DIRSYNC_EX_OID; ctrl->critical = crit; control = talloc(ctrl, struct ldb_dirsync_control); + if (control == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } control->flags = flags; control->max_attributes = max_attrs; if (*cookie) { @@ -630,6 +657,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO control->cookie = (char *)talloc_memdup(control, cookie, control->cookie_len); if (control->cookie == NULL) { ldb_oom(ldb); + talloc_free(ctrl); return NULL; } } else { @@ -637,6 +665,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO control->cookie_len = 0; } ctrl->data = control; + TALLOC_FREE(cookie); return ctrl; } @@ -662,6 +691,11 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO ctrl->oid = LDB_CONTROL_ASQ_OID; ctrl->critical = crit; control = talloc(ctrl, struct ldb_asq_control); + if (control == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } control->request = 1; control->source_attribute = talloc_strdup(control, attr); control->src_attr_len = strlen(attr); @@ -693,6 +727,11 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO control = NULL; } else { control = talloc(ctrl, struct ldb_extended_dn_control); + if (control == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } control->type = type; } @@ -723,6 +762,12 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO ctrl->oid = LDB_CONTROL_SD_FLAGS_OID; ctrl->critical = crit; control = talloc(ctrl, struct ldb_sd_flags_control); + if (control == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } + control->secinfo_flags = secinfo_flags; ctrl->data = control; @@ -749,6 +794,12 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO ctrl->oid = LDB_CONTROL_SEARCH_OPTIONS_OID; ctrl->critical = crit; control = talloc(ctrl, struct ldb_search_options_control); + if (control == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } + control->search_options = search_options; ctrl->data = control; @@ -865,6 +916,12 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO ctrl->oid = LDB_CONTROL_PAGED_RESULTS_OID; ctrl->critical = crit; control = talloc(ctrl, struct ldb_paged_control); + if (control == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } + control->size = size; if (cookie[0] != '\0') { int len = ldb_base64_decode(cookie); @@ -879,6 +936,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO control->cookie = talloc_memdup(control, cookie, control->cookie_len); if (control->cookie == NULL) { ldb_oom(ldb); + talloc_free(ctrl); return NULL; } } else { @@ -912,12 +970,36 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO ctrl->oid = LDB_CONTROL_SERVER_SORT_OID; ctrl->critical = crit; control = talloc_array(ctrl, struct ldb_server_sort_control *, 2); + if (control == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } + control[0] = talloc(control, struct ldb_server_sort_control); + if (control[0] == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } + control[0]->attributeName = talloc_strdup(control, attr); - if (rule[0]) + if (control[0]->attributeName == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } + + if (rule[0]) { control[0]->orderingRule = talloc_strdup(control, rule); - else + if (control[0]->orderingRule == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } + } else { control[0]->orderingRule = NULL; + } control[0]->reverse = rev; control[1] = NULL; ctrl->data = control; @@ -1179,7 +1261,19 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO ctrl->oid = LDB_CONTROL_VERIFY_NAME_OID; ctrl->critical = crit; control = talloc(ctrl, struct ldb_verify_name_control); + if (control == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } + control->gc = talloc_strdup(control, gc); + if (control->gc == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } + control->gc_len = strlen(gc); control->flags = flags; ctrl->data = control; diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index d0cc33b8b05..40480c83aa0 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -3908,15 +3908,17 @@ static NTSTATUS smb2cli_conn_dispatch_incoming(struct smbXcli_conn *conn, } if (signing_key) { - status = smb2_signing_check_pdu(*signing_key, - state->conn->protocol, - &cur[1], 3); - if (!NT_STATUS_IS_OK(status)) { + NTSTATUS signing_status; + + signing_status = smb2_signing_check_pdu(*signing_key, + state->conn->protocol, + &cur[1], 3); + if (!NT_STATUS_IS_OK(signing_status)) { /* * If the signing check fails, we disconnect * the connection. */ - return status; + return signing_status; } } diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py index cc43c08a824..5af76c9be7d 100644 --- a/python/samba/netcmd/user.py +++ b/python/samba/netcmd/user.py @@ -1881,7 +1881,7 @@ samba-tool user syncpasswords --terminate \\ self.samdb_url = H self.dirsync_filter = dirsync_filter self.dirsync_attrs = dirsync_attrs - self.dirsync_controls = ["dirsync:1:0:0","extended_dn:1:0"]; + self.dirsync_controls = ["dirsync:1:0:0", "extended_dn:1:0"]; self.password_attrs = password_attrs self.decrypt_samba_gpg = decrypt_samba_gpg self.sync_command = sync_command @@ -1905,7 +1905,7 @@ samba-tool user syncpasswords --terminate \\ self.current_pid = None self.outf.write("Initialized cache_ldb[%s]\n" % (cache_ldb)) msgs = self.cache.parse_ldif(add_ldif) - changetype,msg = next(msgs) + changetype, msg = next(msgs) ldif = self.cache.write_ldif(msg, ldb.CHANGETYPE_NONE) self.outf.write("%s" % ldif) else: @@ -2103,8 +2103,9 @@ samba-tool user syncpasswords --terminate \\ assert len(res_controls) > 0 assert res_controls[0].oid == "1.2.840.113556.1.4.841" res_controls[0].critical = True - self.dirsync_controls = [str(res_controls[0]),"extended_dn:1:0"] - log_msg("dirsyncControls: %r\n" % self.dirsync_controls) + self.dirsync_controls = [str(res_controls[0]), "extended_dn:1:0"] + # This cookie can be extremely long + # log_msg("dirsyncControls: %r\n" % self.dirsync_controls) modify_ldif = "dn: %s\n" % (self.cache_dn) modify_ldif += "changetype: modify\n" diff --git a/source4/kdc/mit-kdb/kdb_samba_policies.c b/source4/kdc/mit-kdb/kdb_samba_policies.c index de5813bde2f..fc80329f221 100644 --- a/source4/kdc/mit-kdb/kdb_samba_policies.c +++ b/source4/kdc/mit-kdb/kdb_samba_policies.c @@ -81,6 +81,7 @@ krb5_error_code kdb_samba_db_check_policy_as(krb5_context context, char *netbios_name = NULL; char *realm = NULL; bool password_change = false; + krb5_const_principal client_princ; DATA_BLOB int_data = { NULL, 0 }; krb5_data d; krb5_pa_data **e_data; @@ -90,7 +91,10 @@ krb5_error_code kdb_samba_db_check_policy_as(krb5_context context, return KRB5_KDB_DBNOTINITED; } - if (ks_is_kadmin(context, kdcreq->client)) { + /* Prefer canonicalised name from client entry */ + client_princ = client ? client->princ : kdcreq->client; + + if (client_princ == NULL || ks_is_kadmin(context, client_princ)) { return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; } @@ -111,7 +115,7 @@ krb5_error_code kdb_samba_db_check_policy_as(krb5_context context, goto done; } - code = krb5_unparse_name(context, kdcreq->client, &client_name); + code = krb5_unparse_name(context, client_princ, &client_name); if (code) { goto done; } @@ -457,6 +461,14 @@ void kdb_samba_db_audit_as_req(krb5_context context, krb5_timestamp authtime, krb5_error_code error_code) { + /* + * FIXME: This segfaulted with a FAST test + * FIND_FAST: <unknown client> for <unknown server>, Unknown FAST armor type 0 + */ + if (client == NULL) { + return; + } + samba_bad_password_count(client, error_code); /* TODO: perform proper audit logging for addresses */ @@ -469,6 +481,14 @@ void kdb_samba_db_audit_as_req(krb5_context context, krb5_timestamp authtime, krb5_error_code error_code) { + /* + * FIXME: This segfaulted with a FAST test + * FIND_FAST: <unknown client> for <unknown server>, Unknown FAST armor type 0 + */ + if (client == NULL) { + return; + } + samba_bad_password_count(client, error_code); } #endif diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c index 414e67c6a98..eacca0903ec 100644 --- a/source4/kdc/mit_samba.c +++ b/source4/kdc/mit_samba.c @@ -865,7 +865,7 @@ krb5_error_code encode_krb5_padata_sequence(krb5_pa_data *const *rep, krb5_data static void samba_kdc_build_edata_reply(NTSTATUS nt_status, DATA_BLOB *e_data) { krb5_error_code ret = 0; - krb5_pa_data pa, *ppa = NULL; + krb5_pa_data pa, *ppa[2]; krb5_data *d = NULL; if (!e_data) @@ -886,9 +886,10 @@ static void samba_kdc_build_edata_reply(NTSTATUS nt_status, DATA_BLOB *e_data) SIVAL(pa.contents, 4, 0); SIVAL(pa.contents, 8, 1); - ppa = &pa; + ppa[0] = &pa; + ppa[1] = NULL; - ret = encode_krb5_padata_sequence(&ppa, &d); + ret = encode_krb5_padata_sequence(ppa, &d); free(pa.contents); if (ret) { return; diff --git a/source4/torture/smb2/session.c b/source4/torture/smb2/session.c index 57a5addcfcc..3917e0c09c4 100644 --- a/source4/torture/smb2/session.c +++ b/source4/torture/smb2/session.c @@ -1596,6 +1596,114 @@ static bool test_session_expire2e(struct torture_context *tctx) true); /* force_encryption */ } +static bool test_session_expire_disconnect(struct torture_context *tctx) +{ + NTSTATUS status; + bool ret = false; + struct smbcli_options options; + const char *host = torture_setting_string(tctx, "host", NULL); + const char *share = torture_setting_string(tctx, "share", NULL); + struct cli_credentials *credentials = popt_get_cmdline_credentials(); + struct smb2_tree *tree = NULL; + enum credentials_use_kerberos use_kerberos; + char fname[256]; + struct smb2_handle _h1; + struct smb2_handle *h1 = NULL; + struct smb2_create io1; + union smb_fileinfo qfinfo; + bool connected; + + use_kerberos = cli_credentials_get_kerberos_state(credentials); + if (use_kerberos != CRED_MUST_USE_KERBEROS) { + torture_warning(tctx, "smb2.session.expire1 requires -k yes!"); + torture_skip(tctx, "smb2.session.expire1 requires -k yes!"); + } + + cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED); + + lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=4"); + lpcfg_smbcli_options(tctx->lp_ctx, &options); + options.signing = SMB_SIGNING_REQUIRED; + + status = smb2_connect(tctx, + host, + lpcfg_smb_ports(tctx->lp_ctx), + share, + lpcfg_resolve_context(tctx->lp_ctx), + credentials, + &tree, + tctx->ev, + &options, + lpcfg_socket_options(tctx->lp_ctx), + lpcfg_gensec_settings(tctx, tctx->lp_ctx) + ); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_connect failed"); + + smbXcli_session_set_disconnect_expired(tree->session->smbXcli); + + /* Add some random component to the file name. */ + snprintf(fname, sizeof(fname), "session_expire1_%s.dat", + generate_random_str(tctx, 8)); + + smb2_util_unlink(tree, fname); + + smb2_oplock_create_share(&io1, fname, + smb2_util_share_access(""), + smb2_util_oplock_level("b")); + io1.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE; + + status = smb2_create(tree, tctx, &io1); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_create failed"); + _h1 = io1.out.file.handle; + h1 = &_h1; + CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE); + torture_assert_int_equal(tctx, io1.out.oplock_level, + smb2_util_oplock_level("b"), + "oplock_level incorrect"); + + /* get the security descriptor */ + + ZERO_STRUCT(qfinfo); + + qfinfo.access_information.level = RAW_FILEINFO_ACCESS_INFORMATION; + qfinfo.access_information.in.file.handle = _h1; + + torture_comment(tctx, "query info => OK\n"); + + ZERO_STRUCT(qfinfo.access_information.out); + status = smb2_getinfo_file(tree, tctx, &qfinfo); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_getinfo_file failed"); + + torture_comment(tctx, "sleep 10 seconds\n"); + smb_msleep(10*1000); + + torture_comment(tctx, "query info => EXPIRED\n"); + ZERO_STRUCT(qfinfo.access_information.out); + status = smb2_getinfo_file(tree, tctx, &qfinfo); + torture_assert_ntstatus_equal_goto(tctx, status, + NT_STATUS_NETWORK_SESSION_EXPIRED, + ret, done, "smb2_getinfo_file " + "returned unexpected status"); + + connected = smbXcli_conn_is_connected(tree->session->transport->conn); + torture_assert_goto(tctx, !connected, ret, done, "connected\n"); + + ret = true; +done: + cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED); + + if (h1 != NULL) { -- Samba Shared Repository