The branch, v4-17-test has been updated
via 8738efc4042 s3:smbd: fix multichannel connection passing race
via f3d5e3add54 s3:smbd: always clear filter_subreq in
smb2srv_client_mc_negprot_next()
via 534f1363033 s4:torture/smb2: add smb2.multichannel.bugs.bug_15346
via 3c23c7f36c8 s4:torture/smb2: make it possible to pass existing_conn
to smb2_connect_ext()
via 8c727eef9e3 s4:torture/smb2: let us have a common
torture_smb2_con_share()
via 65b05090ee4 s4:torture/smb2: let torture_smb2_con_sopt() use
smb2_connect()
via d167b80dc72 smbXcli: Pass negotiate contexts through
smbXcli_negprot_send/recv
from fec913830f5 s3: smbd: Sanitize any "server" and "share" components
of SMB1 DFS paths to remove UNIX separators.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-test
- Log -----------------------------------------------------------------
commit 8738efc4042430cc123c04234bf6d9bfa4ae6f67
Author: Stefan Metzmacher <me...@samba.org>
Date: Thu Aug 3 15:45:45 2023 +0200
s3:smbd: fix multichannel connection passing race
If a client opens multiple connection with the same
client guid in parallel, our connection passing is likely
to hit a race.
Assume we have 3 processes:
smbdA: This process already handles all connections for
a given client guid
smbdB: This just received a new connection with an
SMB2 neprot for the same client guid
smbdC: This also received a new connection with an
SMB2 neprot for the same client guid
Now both smbdB and smbdC send a MSG_SMBXSRV_CONNECTION_PASS
message to smbdA. These messages contain the socket fd
for each connection.
While waiting for a MSG_SMBXSRV_CONNECTION_PASSED message
from smbdA, both smbdB and smbdC watch the smbXcli_client.tdb
record for changes (that also verifies smbdA stays alive).
Once one of them say smbdB received the MSG_SMBXSRV_CONNECTION_PASSED
message, the dbwrap_watch logic will wakeup smbdC in order to
let it recheck the smbXcli_client.tdb record in order to
handle the case where smbdA died or deleted its record.
Now smbdC rechecks the smbXcli_client.tdb record, but it
was not woken because of a problem with smbdA. It meant
that smbdC sends a MSG_SMBXSRV_CONNECTION_PASS message
including the socket fd again.
As a result smbdA got the socket fd from smbdC twice (or even more),
and creates two (or more) smbXsrv_connection structures for the
same low level tcp connection. And it also sends more than one
SMB2 negprot response. Depending on the tevent logic, it will
use different smbXsrv_connection structures to process incoming
requests. And this will almost immediately result in errors.
The typicall error is:
smb2_validate_sequence_number: smb2_validate_sequence_number: bad
message_id 2 (sequence id 2) (granted = 1, low = 1, range = 1)
But other errors would also be possible.
The detail that leads to the long delays on the client side is
that our smbd_server_connection_terminate_ex() code will close
only the fd of a single smbXsrv_connection, but the refcount
on the socket fd in the kernel is still not 0, so the tcp
connection is still alive...
Now we remember the server_id of the process that we send
the MSG_SMBXSRV_CONNECTION_PASS message to. And just keep
watching the smbXcli_client.tdb record if the server_id
don't change. As we just need more patience to wait for
the MSG_SMBXSRV_CONNECTION_PASSED message.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
Autobuild-Date(master): Tue Aug 8 13:59:58 UTC 2023 on atb-devel-224
(cherry picked from commit f348b84fbcf203ab1ba92840cf7aecd55dbf9aa0)
Autobuild-User(v4-17-test): Jule Anger <jan...@samba.org>
Autobuild-Date(v4-17-test): Tue Aug 15 09:00:14 UTC 2023 on sn-devel-184
commit f3d5e3add54184bc34d57866a7b566b64e54117c
Author: Stefan Metzmacher <me...@samba.org>
Date: Thu Aug 3 15:34:29 2023 +0200
s3:smbd: always clear filter_subreq in smb2srv_client_mc_negprot_next()
Commit 5d66d5b84f87267243dcd5223210906ce589af91 introduced a
'verify_again:' target, if we ever hit that, we would leak
the existing filter_subreq.
Moving it just above a possible messaging_filtered_read_send()
will allow us to only clear it if we actually create a new
request. That will help us in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
(cherry picked from commit 50d61e5300250922bf36bb699306f82dff6a00b9)
commit 534f13630333644db8e19dc23b6bd38fd6ec24f3
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Aug 4 17:16:14 2023 +0200
s4:torture/smb2: add smb2.multichannel.bugs.bug_15346
This demonstrates the race quite easily against
Samba and works fine against Windows Server 2022.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
(cherry picked from commit 4028d6582907cf582730ceec56872d8584ad02e6)
commit 3c23c7f36c8c14e2eba5489339bbeb3fb37f298f
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Aug 7 12:22:43 2023 +0200
s4:torture/smb2: make it possible to pass existing_conn to
smb2_connect_ext()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
(cherry picked from commit 2b93058be3f6e5eaee239ad3b0e707c62089d18e)
commit 8c727eef9e304b9cca6ed6baa718c2e5bc4c0490
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Aug 7 11:03:41 2023 +0200
s4:torture/smb2: let us have a common torture_smb2_con_share()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
(cherry picked from commit dc5a500f0a76720b2a5cb5b1142cf4c35cb6bdea)
commit 65b05090ee4153ffd407e53a076a60706911f0ef
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Aug 7 11:03:41 2023 +0200
s4:torture/smb2: let torture_smb2_con_sopt() use smb2_connect()
There's no need for smb2_connect_ext().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
(cherry picked from commit ade663ee6ca1a2813b203ea667d933f4dab9e7b7)
commit d167b80dc729f8c8caf7052a3494433f9764b72c
Author: Volker Lendecke <v...@samba.org>
Date: Thu Aug 25 09:54:52 2022 +0200
smbXcli: Pass negotiate contexts through smbXcli_negprot_send/recv
We already don't allow setting max_credits in the sync wrapper, so
omit the contexts there as well.
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Fri Aug 26 19:54:03 UTC 2022 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
(cherry picked from commit 4ddd277c0b77c502ed6b11e07c92c91f24ac9c15)
-----------------------------------------------------------------------
Summary of changes:
libcli/smb/smbXcli_base.c | 80 +++++--
libcli/smb/smbXcli_base.h | 9 +-
source3/libsmb/cliconnect.c | 16 +-
source3/smbd/smbXsrv_client.c | 33 ++-
source3/torture/torture.c | 11 +-
source4/libcli/raw/rawnegotiate.c | 5 +-
source4/libcli/smb2/connect.c | 9 +-
source4/libcli/smb_composite/connect_nego.c | 5 +-
source4/torture/smb2/acls.c | 34 ---
source4/torture/smb2/multichannel.c | 315 ++++++++++++++++++++++++++++
source4/torture/smb2/util.c | 55 +++--
source4/torture/vfs/acl_xattr.c | 34 ---
12 files changed, 484 insertions(+), 122 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 1500d484e83..444963e2fe1 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -4220,6 +4220,8 @@ static const struct {
struct smbXcli_negprot_state {
struct smbXcli_conn *conn;
struct tevent_context *ev;
+ struct smb2_negotiate_contexts *in_ctx;
+ struct smb2_negotiate_contexts *out_ctx;
uint32_t timeout_msec;
struct {
@@ -4242,7 +4244,8 @@ struct tevent_req *smbXcli_negprot_send(TALLOC_CTX
*mem_ctx,
uint32_t timeout_msec,
enum protocol_types min_protocol,
enum protocol_types max_protocol,
- uint16_t max_credits)
+ uint16_t max_credits,
+ struct smb2_negotiate_contexts *in_ctx)
{
struct tevent_req *req, *subreq;
struct smbXcli_negprot_state *state;
@@ -4254,6 +4257,7 @@ struct tevent_req *smbXcli_negprot_send(TALLOC_CTX
*mem_ctx,
}
state->conn = conn;
state->ev = ev;
+ state->in_ctx = in_ctx;
state->timeout_msec = timeout_msec;
if (min_protocol == PROTOCOL_NONE) {
@@ -4934,6 +4938,25 @@ static struct tevent_req
*smbXcli_negprot_smb2_subreq(struct smbXcli_negprot_sta
return NULL;
}
+ if (state->in_ctx != NULL) {
+ struct smb2_negotiate_contexts *ctxs = state->in_ctx;
+
+ for (i=0; i<ctxs->num_contexts; i++) {
+ struct smb2_negotiate_context *ctx =
+ &ctxs->contexts[i];
+
+ status = smb2_negotiate_context_add(
+ state,
+ &c,
+ ctx->type,
+ ctx->data.data,
+ ctx->data.length);
+ if (!NT_STATUS_IS_OK(status)) {
+ return NULL;
+ }
+ }
+ }
+
status = smb2_negotiate_context_push(state, &b, c);
if (!NT_STATUS_IS_OK(status)) {
return NULL;
@@ -4988,7 +5011,6 @@ static void smbXcli_negprot_smb2_done(struct tevent_req
*subreq)
uint8_t *body;
size_t i;
uint16_t dialect_revision;
- struct smb2_negotiate_contexts c = { .num_contexts = 0, };
uint32_t negotiate_context_offset = 0;
uint16_t negotiate_context_count = 0;
DATA_BLOB negotiate_context_blob = data_blob_null;
@@ -5195,10 +5217,15 @@ static void smbXcli_negprot_smb2_done(struct tevent_req
*subreq)
negotiate_context_blob.data += ctx_ofs;
negotiate_context_blob.length -= ctx_ofs;
- status = smb2_negotiate_context_parse(state,
+ state->out_ctx = talloc_zero(state, struct smb2_negotiate_contexts);
+ if (tevent_req_nomem(state->out_ctx, req)) {
+ return;
+ }
+
+ status = smb2_negotiate_context_parse(state->out_ctx,
negotiate_context_blob,
negotiate_context_count,
- &c);
+ state->out_ctx);
if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
status = NT_STATUS_INVALID_NETWORK_RESPONSE;
}
@@ -5206,8 +5233,8 @@ static void smbXcli_negprot_smb2_done(struct tevent_req
*subreq)
return;
}
- preauth = smb2_negotiate_context_find(&c,
- SMB2_PREAUTH_INTEGRITY_CAPABILITIES);
+ preauth = smb2_negotiate_context_find(
+ state->out_ctx, SMB2_PREAUTH_INTEGRITY_CAPABILITIES);
if (preauth == NULL) {
tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
return;
@@ -5237,7 +5264,8 @@ static void smbXcli_negprot_smb2_done(struct tevent_req
*subreq)
return;
}
- sign_algo = smb2_negotiate_context_find(&c, SMB2_SIGNING_CAPABILITIES);
+ sign_algo = smb2_negotiate_context_find(
+ state->out_ctx, SMB2_SIGNING_CAPABILITIES);
if (sign_algo != NULL) {
const struct smb3_signing_capabilities *client_sign_algos =
&state->conn->smb2.client.smb3_capabilities.signing;
@@ -5296,7 +5324,8 @@ static void smbXcli_negprot_smb2_done(struct tevent_req
*subreq)
conn->smb2.server.sign_algo = sign_algo_selected;
}
- cipher = smb2_negotiate_context_find(&c, SMB2_ENCRYPTION_CAPABILITIES);
+ cipher = smb2_negotiate_context_find(
+ state->out_ctx, SMB2_ENCRYPTION_CAPABILITIES);
if (cipher != NULL) {
const struct smb3_encryption_capabilities *client_ciphers =
&state->conn->smb2.client.smb3_capabilities.encryption;
@@ -5516,9 +5545,26 @@ static NTSTATUS smbXcli_negprot_dispatch_incoming(struct
smbXcli_conn *conn,
return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
-NTSTATUS smbXcli_negprot_recv(struct tevent_req *req)
+NTSTATUS smbXcli_negprot_recv(
+ struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ struct smb2_negotiate_contexts **out_ctx)
{
- return tevent_req_simple_recv_ntstatus(req);
+ struct smbXcli_negprot_state *state = tevent_req_data(
+ req, struct smbXcli_negprot_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ tevent_req_received(req);
+ return status;
+ }
+
+ if (out_ctx != NULL) {
+ *out_ctx = talloc_move(mem_ctx, &state->out_ctx);
+ }
+
+ tevent_req_received(req);
+ return NT_STATUS_OK;
}
NTSTATUS smbXcli_negprot(struct smbXcli_conn *conn,
@@ -5543,9 +5589,15 @@ NTSTATUS smbXcli_negprot(struct smbXcli_conn *conn,
if (ev == NULL) {
goto fail;
}
- req = smbXcli_negprot_send(frame, ev, conn, timeout_msec,
- min_protocol, max_protocol,
-
WINDOWS_CLIENT_PURE_SMB2_NEGPROT_INITIAL_CREDIT_ASK);
+ req = smbXcli_negprot_send(
+ frame,
+ ev,
+ conn,
+ timeout_msec,
+ min_protocol,
+ max_protocol,
+ WINDOWS_CLIENT_PURE_SMB2_NEGPROT_INITIAL_CREDIT_ASK,
+ NULL);
if (req == NULL) {
goto fail;
}
@@ -5553,7 +5605,7 @@ NTSTATUS smbXcli_negprot(struct smbXcli_conn *conn,
if (!ok) {
goto fail;
}
- status = smbXcli_negprot_recv(req);
+ status = smbXcli_negprot_recv(req, NULL, NULL);
fail:
TALLOC_FREE(frame);
return status;
diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h
index 805a62ce342..8e4fb81818f 100644
--- a/libcli/smb/smbXcli_base.h
+++ b/libcli/smb/smbXcli_base.h
@@ -457,14 +457,19 @@ NTSTATUS smb2cli_req_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx,
NTSTATUS smb2cli_req_get_sent_iov(struct tevent_req *req,
struct iovec *sent_iov);
+struct smb2_negotiate_contexts;
struct tevent_req *smbXcli_negprot_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct smbXcli_conn *conn,
uint32_t timeout_msec,
enum protocol_types min_protocol,
enum protocol_types max_protocol,
- uint16_t max_credits);
-NTSTATUS smbXcli_negprot_recv(struct tevent_req *req);
+ uint16_t max_credits,
+ struct smb2_negotiate_contexts *in_ctx);
+NTSTATUS smbXcli_negprot_recv(
+ struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ struct smb2_negotiate_contexts **out_ctx);
NTSTATUS smbXcli_negprot(struct smbXcli_conn *conn,
uint32_t timeout_msec,
enum protocol_types min_protocol,
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index d894ef76a36..3e602952e65 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -2850,11 +2850,15 @@ static void cli_start_connection_connected(struct
tevent_req *subreq)
return;
}
- subreq = smbXcli_negprot_send(state, state->ev, state->cli->conn,
- state->cli->timeout,
- state->min_protocol,
- state->max_protocol,
-
WINDOWS_CLIENT_PURE_SMB2_NEGPROT_INITIAL_CREDIT_ASK);
+ subreq = smbXcli_negprot_send(
+ state,
+ state->ev,
+ state->cli->conn,
+ state->cli->timeout,
+ state->min_protocol,
+ state->max_protocol,
+ WINDOWS_CLIENT_PURE_SMB2_NEGPROT_INITIAL_CREDIT_ASK,
+ NULL);
if (tevent_req_nomem(subreq, req)) {
return;
}
@@ -2869,7 +2873,7 @@ static void cli_start_connection_done(struct tevent_req
*subreq)
req, struct cli_start_connection_state);
NTSTATUS status;
- status = smbXcli_negprot_recv(subreq);
+ status = smbXcli_negprot_recv(subreq, NULL, NULL);
TALLOC_FREE(subreq);
if (tevent_req_nterror(req, status)) {
return;
diff --git a/source3/smbd/smbXsrv_client.c b/source3/smbd/smbXsrv_client.c
index f57bc724910..90322c5e60a 100644
--- a/source3/smbd/smbXsrv_client.c
+++ b/source3/smbd/smbXsrv_client.c
@@ -487,6 +487,7 @@ struct smb2srv_client_mc_negprot_state {
struct tevent_context *ev;
struct smbd_smb2_request *smb2req;
struct db_record *db_rec;
+ struct server_id sent_server_id;
uint64_t watch_instance;
uint32_t last_seqnum;
struct tevent_req *filter_subreq;
@@ -529,6 +530,8 @@ struct tevent_req
*smb2srv_client_mc_negprot_send(TALLOC_CTX *mem_ctx,
tevent_req_set_cleanup_fn(req, smb2srv_client_mc_negprot_cleanup);
+ server_id_set_disconnected(&state->sent_server_id);
+
smb2srv_client_mc_negprot_next(req);
if (!tevent_req_is_in_progress(req)) {
@@ -554,7 +557,6 @@ static void smb2srv_client_mc_negprot_next(struct
tevent_req *req)
uint32_t seqnum = 0;
struct server_id last_server_id = { .pid = 0, };
- TALLOC_FREE(state->filter_subreq);
SMB_ASSERT(state->db_rec == NULL);
state->db_rec = smbXsrv_client_global_fetch_locked(table->global.db_ctx,
&client_guid,
@@ -625,6 +627,30 @@ verify_again:
return;
}
+ if (server_id_equal(&state->sent_server_id, &global->server_id)) {
+ /*
+ * We hit a race with other concurrent connections,
+ * which have woken us.
+ *
+ * We already sent the pass or drop message to
+ * the process, so we need to wait for a
+ * response and not pass the connection
+ * again! Otherwise the process would
+ * receive the same tcp connection via
+ * more than one file descriptor and
+ * create more than one smbXsrv_connection
+ * structure for the same tcp connection,
+ * which means the client would see more
+ * than one SMB2 negprot response to its
+ * single SMB2 netprot request and we
+ * as server get the session keys and
+ * message id validation wrong
+ */
+ goto watch_again;
+ }
+
+ server_id_set_disconnected(&state->sent_server_id);
+
/*
* If last_server_id is set, we expect
* smbXsrv_client_global_verify_record()
@@ -635,6 +661,7 @@ verify_again:
SMB_ASSERT(last_server_id.pid == 0);
last_server_id = global->server_id;
+ TALLOC_FREE(state->filter_subreq);
if (procid_is_local(&global->server_id)) {
subreq = messaging_filtered_read_send(state,
state->ev,
@@ -659,6 +686,7 @@ verify_again:
*/
goto verify_again;
}
+ state->sent_server_id = global->server_id;
if (tevent_req_nterror(req, status)) {
return;
}
@@ -673,11 +701,14 @@ verify_again:
*/
goto verify_again;
}
+ state->sent_server_id = global->server_id;
if (tevent_req_nterror(req, status)) {
return;
}
}
+watch_again:
+
/*
* If the record changed, but we are not happy with the change yet,
* we better remove ourself from the waiter list
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index cd32156ae42..fc139a4b808 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -3953,8 +3953,15 @@ static bool run_negprot_nowait(int dummy)
for (i=0;i<50000;i++) {
struct tevent_req *req;
- req = smbXcli_negprot_send(ev, ev, cli->conn, cli->timeout,
- PROTOCOL_CORE, PROTOCOL_NT1, 0);
+ req = smbXcli_negprot_send(
+ ev,
+ ev,
+ cli->conn,
+ cli->timeout,
+ PROTOCOL_CORE,
+ PROTOCOL_NT1,
+ 0,
+ NULL);
if (req == NULL) {
TALLOC_FREE(ev);
return false;
diff --git a/source4/libcli/raw/rawnegotiate.c
b/source4/libcli/raw/rawnegotiate.c
index 51c6f0f9ecb..6d1b7361932 100644
--- a/source4/libcli/raw/rawnegotiate.c
+++ b/source4/libcli/raw/rawnegotiate.c
@@ -106,7 +106,8 @@ struct tevent_req *smb_raw_negotiate_send(TALLOC_CTX
*mem_ctx,
timeout_msec,
minprotocol,
maxprotocol,
- transport->options.max_credits);
+ transport->options.max_credits,
+ NULL);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
@@ -125,7 +126,7 @@ static void smb_raw_negotiate_done(struct tevent_req
*subreq)
struct smb_raw_negotiate_state);
NTSTATUS status;
- status = smbXcli_negprot_recv(subreq);
+ status = smbXcli_negprot_recv(subreq, NULL, NULL);
TALLOC_FREE(subreq);
if (tevent_req_nterror(req, status)) {
return;
diff --git a/source4/libcli/smb2/connect.c b/source4/libcli/smb2/connect.c
index 9540704491e..64b67865446 100644
--- a/source4/libcli/smb2/connect.c
+++ b/source4/libcli/smb2/connect.c
@@ -187,7 +187,8 @@ static void smb2_connect_socket_done(struct
composite_context *creq)
state->transport->conn, timeout_msec,
min_protocol,
state->transport->options.max_protocol,
- state->transport->options.max_credits);
+ state->transport->options.max_credits,
+ NULL);
if (tevent_req_nomem(subreq, req)) {
return;
}
@@ -203,7 +204,7 @@ static void smb2_connect_negprot_done(struct tevent_req
*subreq)
struct tevent_req);
NTSTATUS status;
- status = smbXcli_negprot_recv(subreq);
+ status = smbXcli_negprot_recv(subreq, NULL, NULL);
TALLOC_FREE(subreq);
if (tevent_req_nterror(req, status)) {
return;
@@ -404,6 +405,7 @@ NTSTATUS smb2_connect_ext(TALLOC_CTX *mem_ctx,
const char *share,
struct resolve_context *resolve_ctx,
struct cli_credentials *credentials,
+ struct smbXcli_conn **existing_conn,
uint64_t previous_session_id,
struct smb2_tree **tree,
struct tevent_context *ev,
@@ -428,7 +430,7 @@ NTSTATUS smb2_connect_ext(TALLOC_CTX *mem_ctx,
resolve_ctx,
credentials,
false, /* fallback_to_anonymous */
- NULL, /* existing_conn */
+ existing_conn,
previous_session_id,
options,
socket_options,
@@ -472,6 +474,7 @@ NTSTATUS smb2_connect(TALLOC_CTX *mem_ctx,
status = smb2_connect_ext(mem_ctx, host, ports, share, resolve_ctx,
credentials,
+ NULL, /* existing_conn */
0, /* previous_session_id */
tree, ev, options, socket_options,
gensec_settings);
diff --git a/source4/libcli/smb_composite/connect_nego.c
b/source4/libcli/smb_composite/connect_nego.c
index 3bd5dbc59e8..7224dfa8794 100644
--- a/source4/libcli/smb_composite/connect_nego.c
+++ b/source4/libcli/smb_composite/connect_nego.c
@@ -167,7 +167,8 @@ static void smb_connect_nego_connect_done(struct
composite_context *creq)
timeout_msec,
state->options.min_protocol,
state->options.max_protocol,
- state->options.max_credits);
+ state->options.max_credits,
+ NULL);
if (tevent_req_nomem(subreq, req)) {
return;
}
@@ -181,7 +182,7 @@ static void smb_connect_nego_nego_done(struct tevent_req
*subreq)
struct tevent_req);
NTSTATUS status;
- status = smbXcli_negprot_recv(subreq);
+ status = smbXcli_negprot_recv(subreq, NULL, NULL);
TALLOC_FREE(subreq);
if (tevent_req_nterror(req, status)) {
return;
diff --git a/source4/torture/smb2/acls.c b/source4/torture/smb2/acls.c
index a5df9da3b45..a27d4e079e6 100644
--- a/source4/torture/smb2/acls.c
+++ b/source4/torture/smb2/acls.c
@@ -2139,40 +2139,6 @@ done:
}
#endif
-/**
- * SMB2 connect with explicit share
- **/
-static bool torture_smb2_con_share(struct torture_context *tctx,
- const char *share,
- struct smb2_tree **tree)
-{
- struct smbcli_options options;
- NTSTATUS status;
- const char *host = torture_setting_string(tctx, "host", NULL);
-
- lpcfg_smbcli_options(tctx->lp_ctx, &options);
-
- status = smb2_connect_ext(tctx,
- host,
- lpcfg_smb_ports(tctx->lp_ctx),
- share,
- lpcfg_resolve_context(tctx->lp_ctx),
- samba_cmdline_get_creds(),
- 0,
- tree,
- tctx->ev,
- &options,
- lpcfg_socket_options(tctx->lp_ctx),
- lpcfg_gensec_settings(tctx, tctx->lp_ctx)
- );
- if (!NT_STATUS_IS_OK(status)) {
- torture_comment(tctx, "Failed to connect to SMB2 share
\\\\%s\\%s - %s\n",
- host, share, nt_errstr(status));
- return false;
- }
- return true;
-}
-
static bool test_access_based(struct torture_context *tctx,
struct smb2_tree *tree)
{
diff --git a/source4/torture/smb2/multichannel.c
b/source4/torture/smb2/multichannel.c
index 24c736d6701..7c3a60c0016 100644
--- a/source4/torture/smb2/multichannel.c
+++ b/source4/torture/smb2/multichannel.c
@@ -31,6 +31,7 @@
#include "lib/cmdline/cmdline.h"
#include "libcli/security/security.h"
#include "libcli/resolve/resolve.h"
+#include "lib/socket/socket.h"
#include "lib/param/param.h"
#include "lib/events/events.h"
#include "oplock_break_handler.h"
@@ -2345,6 +2346,315 @@ done:
return ret;
}
+/*
--
Samba Shared Repository
