The branch, v4-19-test has been updated
via 2d944eb04ad s3:smb2_server: return
NT_STATUS_NETWORK_SESSION_EXPIRED for compound requests
via 3db88bd0527 s4:torture/smb2: let smb2.session.expire2* also check
compound requests
from 9d57d32bba0 VERSION: Bump version up to Samba 4.19.9...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test
- Log -----------------------------------------------------------------
commit 2d944eb04adedf31549c9ae9ad5d46e59c449f10
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Aug 13 14:07:06 2024 +0200
s3:smb2_server: return NT_STATUS_NETWORK_SESSION_EXPIRED for compound
requests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15696
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Tue Aug 13 22:29:28 UTC 2024 on atb-devel-224
(cherry picked from commit 4df1bfd07012dd3d2d2921281e6d6e309303b88d)
Autobuild-User(v4-19-test): Jule Anger <jan...@samba.org>
Autobuild-Date(v4-19-test): Tue Aug 20 13:02:43 UTC 2024 on atb-devel-224
commit 3db88bd0527b37ca297627cf223ed44ae9256900
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Aug 13 12:47:59 2024 +0200
s4:torture/smb2: let smb2.session.expire2* also check compound requests
This shows that all compound related requests should get
NT_STATUS_NETWORK_SESSION_EXPIRED.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15696
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(cherry picked from commit f6009aa73b9234df1e6ab689de322487ad1394ed)
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/smb2_server.c | 16 +++++++++++-
source4/torture/smb2/session.c | 56 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 71 insertions(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 886e6abced8..c431008cf5e 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -3051,6 +3051,7 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
bool signing_required = false;
bool encryption_desired = false;
bool encryption_required = false;
+ bool session_expired = false;
inhdr = SMBD_SMB2_IN_HDR_PTR(req);
@@ -3099,6 +3100,9 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
signing_required = x->global->signing_flags &
SMBXSRV_SIGNING_REQUIRED;
encryption_desired = x->global->encryption_flags &
SMBXSRV_ENCRYPTION_DESIRED;
encryption_required = x->global->encryption_flags &
SMBXSRV_ENCRYPTION_REQUIRED;
+ session_expired =
+ NT_STATUS_EQUAL(session_status,
+ NT_STATUS_NETWORK_SESSION_EXPIRED);
}
req->async_internal = false;
@@ -3171,7 +3175,7 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
* This check is mostly for giving the correct error code
* for compounded requests.
*/
- if (!NT_STATUS_IS_OK(session_status)) {
+ if (!session_expired && !NT_STATUS_IS_OK(session_status)) {
return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
}
} else {
@@ -3257,6 +3261,9 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
}
if (!NT_STATUS_IS_OK(session_status)) {
+ if (session_expired && opcode == SMB2_OP_CREATE) {
+ req->compound_create_err = session_status;
+ }
return smbd_smb2_request_error(req, session_status);
}
}
@@ -3308,11 +3315,18 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
skipped_signing:
if (flags & SMB2_HDR_FLAG_CHAINED) {
+ if (!NT_STATUS_IS_OK(req->compound_create_err)) {
+ return smbd_smb2_request_error(req,
+ req->compound_create_err);
+ }
req->compound_related = true;
}
if (call->need_session) {
if (!NT_STATUS_IS_OK(session_status)) {
+ if (session_expired && opcode == SMB2_OP_CREATE) {
+ req->compound_create_err = session_status;
+ }
return smbd_smb2_request_error(req, session_status);
}
}
diff --git a/source4/torture/smb2/session.c b/source4/torture/smb2/session.c
index 2a3d0e6e853..ecaac76e6c3 100644
--- a/source4/torture/smb2/session.c
+++ b/source4/torture/smb2/session.c
@@ -1317,6 +1317,7 @@ static bool test_session_expire2i(struct torture_context
*tctx,
char fname[256];
struct smb2_handle dh;
struct smb2_handle dh2;
+ struct smb2_handle relhandle = { .data = { UINT64_MAX, UINT64_MAX } };
struct smb2_handle _h1;
struct smb2_handle *h1 = NULL;
struct smb2_create io1;
@@ -1330,7 +1331,10 @@ static bool test_session_expire2i(struct torture_context
*tctx,
struct smb2_ioctl ctl;
struct smb2_break oack;
struct smb2_lease_break_ack lack;
+ struct smb2_create cio;
struct smb2_find fnd;
+ struct smb2_close cl;
+ struct smb2_request *reqs[3] = { NULL, };
union smb_search_data *d = NULL;
unsigned int count;
struct smb2_request *req = NULL;
@@ -1562,6 +1566,58 @@ static bool test_session_expire2i(struct torture_context
*tctx,
ret, done, "smb2_find_level "
"returned unexpected status");
+ /* Now do a compound open + query directory + close handle. */
+ smb2_transport_compound_start(tree->session->transport, 3);
+ torture_comment(tctx, "Compound: Open+QueryDirectory+Close =>
EXPIRED\n");
+
+ ZERO_STRUCT(cio);
+ cio.in.oplock_level = 0;
+ cio.in.desired_access = SEC_STD_SYNCHRONIZE | SEC_DIR_READ_ATTRIBUTE |
SEC_DIR_LIST;
+ cio.in.file_attributes = 0;
+ cio.in.create_disposition = NTCREATEX_DISP_OPEN;
+ cio.in.share_access =
NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE;
+ cio.in.create_options = NTCREATEX_OPTIONS_ASYNC_ALERT;
+ cio.in.fname = "";
+
+ reqs[0] = smb2_create_send(tree, &cio);
+ torture_assert_not_null_goto(tctx, reqs[0], ret, done,
+ "smb2_create_send failed\n");
+
+ smb2_transport_compound_set_related(tree->session->transport, true);
+
+ ZERO_STRUCT(fnd);
+ fnd.in.file.handle = relhandle;
+ fnd.in.pattern = "*";
+ fnd.in.continue_flags = SMB2_CONTINUE_FLAG_SINGLE;
+ fnd.in.max_response_size= 0x100;
+ fnd.in.level = SMB2_FIND_BOTH_DIRECTORY_INFO;
+
+ reqs[1] = smb2_find_send(tree, &fnd);
+ torture_assert_not_null_goto(tctx, reqs[1], ret, done,
+ "smb2_find_send failed\n");
+
+ ZERO_STRUCT(cl);
+ cl.in.file.handle = relhandle;
+ reqs[2] = smb2_close_send(tree, &cl);
+ torture_assert_not_null_goto(tctx, reqs[2], ret, done,
+ "smb2_close_send failed\n");
+
+ status = smb2_create_recv(reqs[0], tree, &cio);
+ torture_assert_ntstatus_equal_goto(tctx, status,
+ NT_STATUS_NETWORK_SESSION_EXPIRED,
+ ret, done, "smb2_create "
+ "returned unexpected status");
+ status = smb2_find_recv(reqs[1], tree, &fnd);
+ torture_assert_ntstatus_equal_goto(tctx, status,
+ NT_STATUS_NETWORK_SESSION_EXPIRED,
+ ret, done, "smb2_find "
+ "returned unexpected status");
+ status = smb2_close_recv(reqs[2], &cl);
+ torture_assert_ntstatus_equal_goto(tctx, status,
+ NT_STATUS_NETWORK_SESSION_EXPIRED,
+ ret, done, "smb2_close "
+ "returned unexpected status");
+
torture_comment(tctx, "1st notify => CANCEL\n");
smb2_cancel(req);
--
Samba Shared Repository
