summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2008-11-03 15:25:02 +0100
committerVolker Lendecke <vl@samba.org>2008-11-04 09:41:15 +0100
commit0953688012dcacca5b28a19c7a2d8393428ca151 (patch)
tree43d0266ce1c2a3a29bac2ba0adde5251b53b8444 /source4
parentd98e48c7cb5a5f2765afa874f09ec3e6cf4dd7a5 (diff)
downloadsamba-0953688012dcacca5b28a19c7a2d8393428ca151.tar.gz
samba-0953688012dcacca5b28a19c7a2d8393428ca151.tar.bz2
samba-0953688012dcacca5b28a19c7a2d8393428ca151.zip
Trigger (and fix) a bug in Samba3 making smbd an infinite data source
A deferred open directly followed by a ulogoffX makes smbd3 send an infinite stream of ERRinvuid replies :-(
Diffstat (limited to 'source4')
-rw-r--r--source4/torture/raw/raw.c1
-rw-r--r--source4/torture/raw/samba3misc.c80
2 files changed, 81 insertions, 0 deletions
diff --git a/source4/torture/raw/raw.c b/source4/torture/raw/raw.c
index 0a7fc3ebfd..138f263106 100644
--- a/source4/torture/raw/raw.c
+++ b/source4/torture/raw/raw.c
@@ -71,6 +71,7 @@ NTSTATUS torture_raw_init(void)
torture_suite_add_simple_test(suite, "SAMBA3ROOTDIRFID",
torture_samba3_rootdirfid);
torture_suite_add_simple_test(suite, "SAMBA3CHECKFSP", torture_samba3_checkfsp);
+ torture_suite_add_simple_test(suite, "SAMBA3OPLOCKLOGOFF", torture_samba3_oplock_logoff);
torture_suite_add_simple_test(suite, "SAMBA3BADPATH", torture_samba3_badpath);
torture_suite_add_simple_test(suite, "SAMBA3CASEINSENSITIVE",
torture_samba3_caseinsensitive);
diff --git a/source4/torture/raw/samba3misc.c b/source4/torture/raw/samba3misc.c
index 27b4d42dd8..8cdccb3906 100644
--- a/source4/torture/raw/samba3misc.c
+++ b/source4/torture/raw/samba3misc.c
@@ -889,3 +889,83 @@ bool torture_samba3_rootdirfid(struct torture_context *tctx)
return ret;
}
+bool torture_samba3_oplock_logoff(struct torture_context *tctx)
+{
+ struct smbcli_state *cli;
+ NTSTATUS status;
+ uint16_t fnum1;
+ union smb_open io;
+ const char *fname = "testfile";
+ bool ret = false;
+ struct smbcli_request *req;
+ struct smb_echo echo_req;
+
+ if (!torture_open_connection(&cli, tctx, 0)) {
+ ret = false;
+ goto done;
+ }
+
+ smbcli_unlink(cli->tree, fname);
+
+ ZERO_STRUCT(io);
+ io.generic.level = RAW_OPEN_NTCREATEX;
+ io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+ io.ntcreatex.in.root_fid = 0;
+ io.ntcreatex.in.security_flags = 0;
+ io.ntcreatex.in.access_mask =
+ SEC_STD_SYNCHRONIZE | SEC_FILE_EXECUTE;
+ io.ntcreatex.in.alloc_size = 0;
+ io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+ io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+ io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+ io.ntcreatex.in.create_options = 0;
+ io.ntcreatex.in.fname = "testfile";
+ status = smb_raw_open(cli->tree, tctx, &io);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("first smb_open failed: %s\n", nt_errstr(status));
+ ret = false;
+ goto done;
+ }
+ fnum1 = io.ntcreatex.out.file.fnum;
+
+ /*
+ * Create a conflicting open, causing the one-second delay
+ */
+
+ req = smb_raw_open_send(cli->tree, &io);
+ if (req == NULL) {
+ d_printf("smb_raw_open_send failed\n");
+ ret = false;
+ goto done;
+ }
+
+ /*
+ * Pull the VUID from under that request. As of Nov 3, 2008 all Samba3
+ * versions (3.0, 3.2 and master) would spin sending ERRinvuid errors
+ * as long as the client is still connected.
+ */
+
+ status = smb_raw_ulogoff(cli->session);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("ulogoff failed: %s\n", nt_errstr(status));
+ ret = false;
+ goto done;
+ }
+
+ echo_req.in.repeat_count = 1;
+ echo_req.in.size = 1;
+ echo_req.in.data = (uint8_t *)"";
+
+ status = smb_raw_echo(cli->session->transport, &echo_req);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("smb_raw_echo returned %s\n",
+ nt_errstr(status));
+ ret = false;
+ goto done;
+ }
+
+ ret = true;
+ done:
+ return ret;
+}