The branch, v4-17-test has been updated via 8738efc4042 s3:smbd: fix multichannel connection passing race via f3d5e3add54 s3:smbd: always clear filter_subreq in smb2srv_client_mc_negprot_next() via 534f1363033 s4:torture/smb2: add smb2.multichannel.bugs.bug_15346 via 3c23c7f36c8 s4:torture/smb2: make it possible to pass existing_conn to smb2_connect_ext() via 8c727eef9e3 s4:torture/smb2: let us have a common torture_smb2_con_share() via 65b05090ee4 s4:torture/smb2: let torture_smb2_con_sopt() use smb2_connect() via d167b80dc72 smbXcli: Pass negotiate contexts through smbXcli_negprot_send/recv from fec913830f5 s3: smbd: Sanitize any "server" and "share" components of SMB1 DFS paths to remove UNIX separators.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-test - Log ----------------------------------------------------------------- commit 8738efc4042430cc123c04234bf6d9bfa4ae6f67 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Aug 3 15:45:45 2023 +0200 s3:smbd: fix multichannel connection passing race If a client opens multiple connection with the same client guid in parallel, our connection passing is likely to hit a race. Assume we have 3 processes: smbdA: This process already handles all connections for a given client guid smbdB: This just received a new connection with an SMB2 neprot for the same client guid smbdC: This also received a new connection with an SMB2 neprot for the same client guid Now both smbdB and smbdC send a MSG_SMBXSRV_CONNECTION_PASS message to smbdA. These messages contain the socket fd for each connection. While waiting for a MSG_SMBXSRV_CONNECTION_PASSED message from smbdA, both smbdB and smbdC watch the smbXcli_client.tdb record for changes (that also verifies smbdA stays alive). Once one of them say smbdB received the MSG_SMBXSRV_CONNECTION_PASSED message, the dbwrap_watch logic will wakeup smbdC in order to let it recheck the smbXcli_client.tdb record in order to handle the case where smbdA died or deleted its record. Now smbdC rechecks the smbXcli_client.tdb record, but it was not woken because of a problem with smbdA. It meant that smbdC sends a MSG_SMBXSRV_CONNECTION_PASS message including the socket fd again. As a result smbdA got the socket fd from smbdC twice (or even more), and creates two (or more) smbXsrv_connection structures for the same low level tcp connection. And it also sends more than one SMB2 negprot response. Depending on the tevent logic, it will use different smbXsrv_connection structures to process incoming requests. And this will almost immediately result in errors. The typicall error is: smb2_validate_sequence_number: smb2_validate_sequence_number: bad message_id 2 (sequence id 2) (granted = 1, low = 1, range = 1) But other errors would also be possible. The detail that leads to the long delays on the client side is that our smbd_server_connection_terminate_ex() code will close only the fd of a single smbXsrv_connection, but the refcount on the socket fd in the kernel is still not 0, so the tcp connection is still alive... Now we remember the server_id of the process that we send the MSG_SMBXSRV_CONNECTION_PASS message to. And just keep watching the smbXcli_client.tdb record if the server_id don't change. As we just need more patience to wait for the MSG_SMBXSRV_CONNECTION_PASSED message. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Tue Aug 8 13:59:58 UTC 2023 on atb-devel-224 (cherry picked from commit f348b84fbcf203ab1ba92840cf7aecd55dbf9aa0) Autobuild-User(v4-17-test): Jule Anger <jan...@samba.org> Autobuild-Date(v4-17-test): Tue Aug 15 09:00:14 UTC 2023 on sn-devel-184 commit f3d5e3add54184bc34d57866a7b566b64e54117c Author: Stefan Metzmacher <me...@samba.org> Date: Thu Aug 3 15:34:29 2023 +0200 s3:smbd: always clear filter_subreq in smb2srv_client_mc_negprot_next() Commit 5d66d5b84f87267243dcd5223210906ce589af91 introduced a 'verify_again:' target, if we ever hit that, we would leak the existing filter_subreq. Moving it just above a possible messaging_filtered_read_send() will allow us to only clear it if we actually create a new request. That will help us in the next commits. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> (cherry picked from commit 50d61e5300250922bf36bb699306f82dff6a00b9) commit 534f13630333644db8e19dc23b6bd38fd6ec24f3 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Aug 4 17:16:14 2023 +0200 s4:torture/smb2: add smb2.multichannel.bugs.bug_15346 This demonstrates the race quite easily against Samba and works fine against Windows Server 2022. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> (cherry picked from commit 4028d6582907cf582730ceec56872d8584ad02e6) commit 3c23c7f36c8c14e2eba5489339bbeb3fb37f298f Author: Stefan Metzmacher <me...@samba.org> Date: Mon Aug 7 12:22:43 2023 +0200 s4:torture/smb2: make it possible to pass existing_conn to smb2_connect_ext() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> (cherry picked from commit 2b93058be3f6e5eaee239ad3b0e707c62089d18e) commit 8c727eef9e304b9cca6ed6baa718c2e5bc4c0490 Author: Stefan Metzmacher <me...@samba.org> Date: Mon Aug 7 11:03:41 2023 +0200 s4:torture/smb2: let us have a common torture_smb2_con_share() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> (cherry picked from commit dc5a500f0a76720b2a5cb5b1142cf4c35cb6bdea) commit 65b05090ee4153ffd407e53a076a60706911f0ef Author: Stefan Metzmacher <me...@samba.org> Date: Mon Aug 7 11:03:41 2023 +0200 s4:torture/smb2: let torture_smb2_con_sopt() use smb2_connect() There's no need for smb2_connect_ext(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> (cherry picked from commit ade663ee6ca1a2813b203ea667d933f4dab9e7b7) commit d167b80dc729f8c8caf7052a3494433f9764b72c Author: Volker Lendecke <v...@samba.org> Date: Thu Aug 25 09:54:52 2022 +0200 smbXcli: Pass negotiate contexts through smbXcli_negprot_send/recv We already don't allow setting max_credits in the sync wrapper, so omit the contexts there as well. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Fri Aug 26 19:54:03 UTC 2022 on sn-devel-184 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346 (cherry picked from commit 4ddd277c0b77c502ed6b11e07c92c91f24ac9c15) ----------------------------------------------------------------------- Summary of changes: libcli/smb/smbXcli_base.c | 80 +++++-- libcli/smb/smbXcli_base.h | 9 +- source3/libsmb/cliconnect.c | 16 +- source3/smbd/smbXsrv_client.c | 33 ++- source3/torture/torture.c | 11 +- source4/libcli/raw/rawnegotiate.c | 5 +- source4/libcli/smb2/connect.c | 9 +- source4/libcli/smb_composite/connect_nego.c | 5 +- source4/torture/smb2/acls.c | 34 --- source4/torture/smb2/multichannel.c | 315 ++++++++++++++++++++++++++++ source4/torture/smb2/util.c | 55 +++-- source4/torture/vfs/acl_xattr.c | 34 --- 12 files changed, 484 insertions(+), 122 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index 1500d484e83..444963e2fe1 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -4220,6 +4220,8 @@ static const struct { struct smbXcli_negprot_state { struct smbXcli_conn *conn; struct tevent_context *ev; + struct smb2_negotiate_contexts *in_ctx; + struct smb2_negotiate_contexts *out_ctx; uint32_t timeout_msec; struct { @@ -4242,7 +4244,8 @@ struct tevent_req *smbXcli_negprot_send(TALLOC_CTX *mem_ctx, uint32_t timeout_msec, enum protocol_types min_protocol, enum protocol_types max_protocol, - uint16_t max_credits) + uint16_t max_credits, + struct smb2_negotiate_contexts *in_ctx) { struct tevent_req *req, *subreq; struct smbXcli_negprot_state *state; @@ -4254,6 +4257,7 @@ struct tevent_req *smbXcli_negprot_send(TALLOC_CTX *mem_ctx, } state->conn = conn; state->ev = ev; + state->in_ctx = in_ctx; state->timeout_msec = timeout_msec; if (min_protocol == PROTOCOL_NONE) { @@ -4934,6 +4938,25 @@ static struct tevent_req *smbXcli_negprot_smb2_subreq(struct smbXcli_negprot_sta return NULL; } + if (state->in_ctx != NULL) { + struct smb2_negotiate_contexts *ctxs = state->in_ctx; + + for (i=0; i<ctxs->num_contexts; i++) { + struct smb2_negotiate_context *ctx = + &ctxs->contexts[i]; + + status = smb2_negotiate_context_add( + state, + &c, + ctx->type, + ctx->data.data, + ctx->data.length); + if (!NT_STATUS_IS_OK(status)) { + return NULL; + } + } + } + status = smb2_negotiate_context_push(state, &b, c); if (!NT_STATUS_IS_OK(status)) { return NULL; @@ -4988,7 +5011,6 @@ static void smbXcli_negprot_smb2_done(struct tevent_req *subreq) uint8_t *body; size_t i; uint16_t dialect_revision; - struct smb2_negotiate_contexts c = { .num_contexts = 0, }; uint32_t negotiate_context_offset = 0; uint16_t negotiate_context_count = 0; DATA_BLOB negotiate_context_blob = data_blob_null; @@ -5195,10 +5217,15 @@ static void smbXcli_negprot_smb2_done(struct tevent_req *subreq) negotiate_context_blob.data += ctx_ofs; negotiate_context_blob.length -= ctx_ofs; - status = smb2_negotiate_context_parse(state, + state->out_ctx = talloc_zero(state, struct smb2_negotiate_contexts); + if (tevent_req_nomem(state->out_ctx, req)) { + return; + } + + status = smb2_negotiate_context_parse(state->out_ctx, negotiate_context_blob, negotiate_context_count, - &c); + state->out_ctx); if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) { status = NT_STATUS_INVALID_NETWORK_RESPONSE; } @@ -5206,8 +5233,8 @@ static void smbXcli_negprot_smb2_done(struct tevent_req *subreq) return; } - preauth = smb2_negotiate_context_find(&c, - SMB2_PREAUTH_INTEGRITY_CAPABILITIES); + preauth = smb2_negotiate_context_find( + state->out_ctx, SMB2_PREAUTH_INTEGRITY_CAPABILITIES); if (preauth == NULL) { tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); return; @@ -5237,7 +5264,8 @@ static void smbXcli_negprot_smb2_done(struct tevent_req *subreq) return; } - sign_algo = smb2_negotiate_context_find(&c, SMB2_SIGNING_CAPABILITIES); + sign_algo = smb2_negotiate_context_find( + state->out_ctx, SMB2_SIGNING_CAPABILITIES); if (sign_algo != NULL) { const struct smb3_signing_capabilities *client_sign_algos = &state->conn->smb2.client.smb3_capabilities.signing; @@ -5296,7 +5324,8 @@ static void smbXcli_negprot_smb2_done(struct tevent_req *subreq) conn->smb2.server.sign_algo = sign_algo_selected; } - cipher = smb2_negotiate_context_find(&c, SMB2_ENCRYPTION_CAPABILITIES); + cipher = smb2_negotiate_context_find( + state->out_ctx, SMB2_ENCRYPTION_CAPABILITIES); if (cipher != NULL) { const struct smb3_encryption_capabilities *client_ciphers = &state->conn->smb2.client.smb3_capabilities.encryption; @@ -5516,9 +5545,26 @@ static NTSTATUS smbXcli_negprot_dispatch_incoming(struct smbXcli_conn *conn, return NT_STATUS_INVALID_NETWORK_RESPONSE; } -NTSTATUS smbXcli_negprot_recv(struct tevent_req *req) +NTSTATUS smbXcli_negprot_recv( + struct tevent_req *req, + TALLOC_CTX *mem_ctx, + struct smb2_negotiate_contexts **out_ctx) { - return tevent_req_simple_recv_ntstatus(req); + struct smbXcli_negprot_state *state = tevent_req_data( + req, struct smbXcli_negprot_state); + NTSTATUS status; + + if (tevent_req_is_nterror(req, &status)) { + tevent_req_received(req); + return status; + } + + if (out_ctx != NULL) { + *out_ctx = talloc_move(mem_ctx, &state->out_ctx); + } + + tevent_req_received(req); + return NT_STATUS_OK; } NTSTATUS smbXcli_negprot(struct smbXcli_conn *conn, @@ -5543,9 +5589,15 @@ NTSTATUS smbXcli_negprot(struct smbXcli_conn *conn, if (ev == NULL) { goto fail; } - req = smbXcli_negprot_send(frame, ev, conn, timeout_msec, - min_protocol, max_protocol, - WINDOWS_CLIENT_PURE_SMB2_NEGPROT_INITIAL_CREDIT_ASK); + req = smbXcli_negprot_send( + frame, + ev, + conn, + timeout_msec, + min_protocol, + max_protocol, + WINDOWS_CLIENT_PURE_SMB2_NEGPROT_INITIAL_CREDIT_ASK, + NULL); if (req == NULL) { goto fail; } @@ -5553,7 +5605,7 @@ NTSTATUS smbXcli_negprot(struct smbXcli_conn *conn, if (!ok) { goto fail; } - status = smbXcli_negprot_recv(req); + status = smbXcli_negprot_recv(req, NULL, NULL); fail: TALLOC_FREE(frame); return status; diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h index 805a62ce342..8e4fb81818f 100644 --- a/libcli/smb/smbXcli_base.h +++ b/libcli/smb/smbXcli_base.h @@ -457,14 +457,19 @@ NTSTATUS smb2cli_req_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, NTSTATUS smb2cli_req_get_sent_iov(struct tevent_req *req, struct iovec *sent_iov); +struct smb2_negotiate_contexts; struct tevent_req *smbXcli_negprot_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct smbXcli_conn *conn, uint32_t timeout_msec, enum protocol_types min_protocol, enum protocol_types max_protocol, - uint16_t max_credits); -NTSTATUS smbXcli_negprot_recv(struct tevent_req *req); + uint16_t max_credits, + struct smb2_negotiate_contexts *in_ctx); +NTSTATUS smbXcli_negprot_recv( + struct tevent_req *req, + TALLOC_CTX *mem_ctx, + struct smb2_negotiate_contexts **out_ctx); NTSTATUS smbXcli_negprot(struct smbXcli_conn *conn, uint32_t timeout_msec, enum protocol_types min_protocol, diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index d894ef76a36..3e602952e65 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -2850,11 +2850,15 @@ static void cli_start_connection_connected(struct tevent_req *subreq) return; } - subreq = smbXcli_negprot_send(state, state->ev, state->cli->conn, - state->cli->timeout, - state->min_protocol, - state->max_protocol, - WINDOWS_CLIENT_PURE_SMB2_NEGPROT_INITIAL_CREDIT_ASK); + subreq = smbXcli_negprot_send( + state, + state->ev, + state->cli->conn, + state->cli->timeout, + state->min_protocol, + state->max_protocol, + WINDOWS_CLIENT_PURE_SMB2_NEGPROT_INITIAL_CREDIT_ASK, + NULL); if (tevent_req_nomem(subreq, req)) { return; } @@ -2869,7 +2873,7 @@ static void cli_start_connection_done(struct tevent_req *subreq) req, struct cli_start_connection_state); NTSTATUS status; - status = smbXcli_negprot_recv(subreq); + status = smbXcli_negprot_recv(subreq, NULL, NULL); TALLOC_FREE(subreq); if (tevent_req_nterror(req, status)) { return; diff --git a/source3/smbd/smbXsrv_client.c b/source3/smbd/smbXsrv_client.c index f57bc724910..90322c5e60a 100644 --- a/source3/smbd/smbXsrv_client.c +++ b/source3/smbd/smbXsrv_client.c @@ -487,6 +487,7 @@ struct smb2srv_client_mc_negprot_state { struct tevent_context *ev; struct smbd_smb2_request *smb2req; struct db_record *db_rec; + struct server_id sent_server_id; uint64_t watch_instance; uint32_t last_seqnum; struct tevent_req *filter_subreq; @@ -529,6 +530,8 @@ struct tevent_req *smb2srv_client_mc_negprot_send(TALLOC_CTX *mem_ctx, tevent_req_set_cleanup_fn(req, smb2srv_client_mc_negprot_cleanup); + server_id_set_disconnected(&state->sent_server_id); + smb2srv_client_mc_negprot_next(req); if (!tevent_req_is_in_progress(req)) { @@ -554,7 +557,6 @@ static void smb2srv_client_mc_negprot_next(struct tevent_req *req) uint32_t seqnum = 0; struct server_id last_server_id = { .pid = 0, }; - TALLOC_FREE(state->filter_subreq); SMB_ASSERT(state->db_rec == NULL); state->db_rec = smbXsrv_client_global_fetch_locked(table->global.db_ctx, &client_guid, @@ -625,6 +627,30 @@ verify_again: return; } + if (server_id_equal(&state->sent_server_id, &global->server_id)) { + /* + * We hit a race with other concurrent connections, + * which have woken us. + * + * We already sent the pass or drop message to + * the process, so we need to wait for a + * response and not pass the connection + * again! Otherwise the process would + * receive the same tcp connection via + * more than one file descriptor and + * create more than one smbXsrv_connection + * structure for the same tcp connection, + * which means the client would see more + * than one SMB2 negprot response to its + * single SMB2 netprot request and we + * as server get the session keys and + * message id validation wrong + */ + goto watch_again; + } + + server_id_set_disconnected(&state->sent_server_id); + /* * If last_server_id is set, we expect * smbXsrv_client_global_verify_record() @@ -635,6 +661,7 @@ verify_again: SMB_ASSERT(last_server_id.pid == 0); last_server_id = global->server_id; + TALLOC_FREE(state->filter_subreq); if (procid_is_local(&global->server_id)) { subreq = messaging_filtered_read_send(state, state->ev, @@ -659,6 +686,7 @@ verify_again: */ goto verify_again; } + state->sent_server_id = global->server_id; if (tevent_req_nterror(req, status)) { return; } @@ -673,11 +701,14 @@ verify_again: */ goto verify_again; } + state->sent_server_id = global->server_id; if (tevent_req_nterror(req, status)) { return; } } +watch_again: + /* * If the record changed, but we are not happy with the change yet, * we better remove ourself from the waiter list diff --git a/source3/torture/torture.c b/source3/torture/torture.c index cd32156ae42..fc139a4b808 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -3953,8 +3953,15 @@ static bool run_negprot_nowait(int dummy) for (i=0;i<50000;i++) { struct tevent_req *req; - req = smbXcli_negprot_send(ev, ev, cli->conn, cli->timeout, - PROTOCOL_CORE, PROTOCOL_NT1, 0); + req = smbXcli_negprot_send( + ev, + ev, + cli->conn, + cli->timeout, + PROTOCOL_CORE, + PROTOCOL_NT1, + 0, + NULL); if (req == NULL) { TALLOC_FREE(ev); return false; diff --git a/source4/libcli/raw/rawnegotiate.c b/source4/libcli/raw/rawnegotiate.c index 51c6f0f9ecb..6d1b7361932 100644 --- a/source4/libcli/raw/rawnegotiate.c +++ b/source4/libcli/raw/rawnegotiate.c @@ -106,7 +106,8 @@ struct tevent_req *smb_raw_negotiate_send(TALLOC_CTX *mem_ctx, timeout_msec, minprotocol, maxprotocol, - transport->options.max_credits); + transport->options.max_credits, + NULL); if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); } @@ -125,7 +126,7 @@ static void smb_raw_negotiate_done(struct tevent_req *subreq) struct smb_raw_negotiate_state); NTSTATUS status; - status = smbXcli_negprot_recv(subreq); + status = smbXcli_negprot_recv(subreq, NULL, NULL); TALLOC_FREE(subreq); if (tevent_req_nterror(req, status)) { return; diff --git a/source4/libcli/smb2/connect.c b/source4/libcli/smb2/connect.c index 9540704491e..64b67865446 100644 --- a/source4/libcli/smb2/connect.c +++ b/source4/libcli/smb2/connect.c @@ -187,7 +187,8 @@ static void smb2_connect_socket_done(struct composite_context *creq) state->transport->conn, timeout_msec, min_protocol, state->transport->options.max_protocol, - state->transport->options.max_credits); + state->transport->options.max_credits, + NULL); if (tevent_req_nomem(subreq, req)) { return; } @@ -203,7 +204,7 @@ static void smb2_connect_negprot_done(struct tevent_req *subreq) struct tevent_req); NTSTATUS status; - status = smbXcli_negprot_recv(subreq); + status = smbXcli_negprot_recv(subreq, NULL, NULL); TALLOC_FREE(subreq); if (tevent_req_nterror(req, status)) { return; @@ -404,6 +405,7 @@ NTSTATUS smb2_connect_ext(TALLOC_CTX *mem_ctx, const char *share, struct resolve_context *resolve_ctx, struct cli_credentials *credentials, + struct smbXcli_conn **existing_conn, uint64_t previous_session_id, struct smb2_tree **tree, struct tevent_context *ev, @@ -428,7 +430,7 @@ NTSTATUS smb2_connect_ext(TALLOC_CTX *mem_ctx, resolve_ctx, credentials, false, /* fallback_to_anonymous */ - NULL, /* existing_conn */ + existing_conn, previous_session_id, options, socket_options, @@ -472,6 +474,7 @@ NTSTATUS smb2_connect(TALLOC_CTX *mem_ctx, status = smb2_connect_ext(mem_ctx, host, ports, share, resolve_ctx, credentials, + NULL, /* existing_conn */ 0, /* previous_session_id */ tree, ev, options, socket_options, gensec_settings); diff --git a/source4/libcli/smb_composite/connect_nego.c b/source4/libcli/smb_composite/connect_nego.c index 3bd5dbc59e8..7224dfa8794 100644 --- a/source4/libcli/smb_composite/connect_nego.c +++ b/source4/libcli/smb_composite/connect_nego.c @@ -167,7 +167,8 @@ static void smb_connect_nego_connect_done(struct composite_context *creq) timeout_msec, state->options.min_protocol, state->options.max_protocol, - state->options.max_credits); + state->options.max_credits, + NULL); if (tevent_req_nomem(subreq, req)) { return; } @@ -181,7 +182,7 @@ static void smb_connect_nego_nego_done(struct tevent_req *subreq) struct tevent_req); NTSTATUS status; - status = smbXcli_negprot_recv(subreq); + status = smbXcli_negprot_recv(subreq, NULL, NULL); TALLOC_FREE(subreq); if (tevent_req_nterror(req, status)) { return; diff --git a/source4/torture/smb2/acls.c b/source4/torture/smb2/acls.c index a5df9da3b45..a27d4e079e6 100644 --- a/source4/torture/smb2/acls.c +++ b/source4/torture/smb2/acls.c @@ -2139,40 +2139,6 @@ done: } #endif -/** - * SMB2 connect with explicit share - **/ -static bool torture_smb2_con_share(struct torture_context *tctx, - const char *share, - struct smb2_tree **tree) -{ - struct smbcli_options options; - NTSTATUS status; - const char *host = torture_setting_string(tctx, "host", NULL); - - lpcfg_smbcli_options(tctx->lp_ctx, &options); - - status = smb2_connect_ext(tctx, - host, - lpcfg_smb_ports(tctx->lp_ctx), - share, - lpcfg_resolve_context(tctx->lp_ctx), - samba_cmdline_get_creds(), - 0, - tree, - tctx->ev, - &options, - lpcfg_socket_options(tctx->lp_ctx), - lpcfg_gensec_settings(tctx, tctx->lp_ctx) - ); - if (!NT_STATUS_IS_OK(status)) { - torture_comment(tctx, "Failed to connect to SMB2 share \\\\%s\\%s - %s\n", - host, share, nt_errstr(status)); - return false; - } - return true; -} - static bool test_access_based(struct torture_context *tctx, struct smb2_tree *tree) { diff --git a/source4/torture/smb2/multichannel.c b/source4/torture/smb2/multichannel.c index 24c736d6701..7c3a60c0016 100644 --- a/source4/torture/smb2/multichannel.c +++ b/source4/torture/smb2/multichannel.c @@ -31,6 +31,7 @@ #include "lib/cmdline/cmdline.h" #include "libcli/security/security.h" #include "libcli/resolve/resolve.h" +#include "lib/socket/socket.h" #include "lib/param/param.h" #include "lib/events/events.h" #include "oplock_break_handler.h" @@ -2345,6 +2346,315 @@ done: return ret; } +/* -- Samba Shared Repository