diff options
| author | Andrew Tridgell <tridge@samba.org> | 2008-05-27 17:22:02 +1000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2008-05-27 17:22:02 +1000 |
| commit | beac55a88fd28b6003ba163f32539a7bdc2df1a6 (patch) | |
| tree | 30e7f30163af16e2f84d4242bf2299dc16208bc6 /source4 | |
| parent | cb36437db2d75e7facc91cf0089f2caa20bf0ca0 (diff) | |
| download | samba-beac55a88fd28b6003ba163f32539a7bdc2df1a6.tar.gz samba-beac55a88fd28b6003ba163f32539a7bdc2df1a6.tar.bz2 samba-beac55a88fd28b6003ba163f32539a7bdc2df1a6.zip | |
enforce lock ordering in SMB2
(This used to be commit 3bec932a89006521ba74bde7943b8cd5b4a660d8)
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/ntvfs/ntvfs_generic.c | 56 | ||||
| -rw-r--r-- | source4/torture/smb2/lock.c | 74 |
2 files changed, 99 insertions, 31 deletions
diff --git a/source4/ntvfs/ntvfs_generic.c b/source4/ntvfs/ntvfs_generic.c index a1c89e7df4..3d92c0be33 100644 --- a/source4/ntvfs/ntvfs_generic.c +++ b/source4/ntvfs/ntvfs_generic.c @@ -1027,7 +1027,7 @@ NTSTATUS ntvfs_map_lock(struct ntvfs_module_context *ntvfs, case RAW_LOCK_SMB2: { /* this is only approximate! We need to change the generic structure to fix this properly */ - int i; + int i, j; if (lck->smb2.in.lock_count < 1) { return NT_STATUS_INVALID_PARAMETER; } @@ -1044,34 +1044,36 @@ NTSTATUS ntvfs_map_lock(struct ntvfs_module_context *ntvfs, return NT_STATUS_NO_MEMORY; } for (i=0;i<lck->smb2.in.lock_count;i++) { - if (lck->smb2.in.locks[i].flags & SMB2_LOCK_FLAG_UNLOCK) { - int j = lck2->generic.in.ulock_cnt; - if (lck->smb2.in.locks[i].flags & - (SMB2_LOCK_FLAG_SHARED|SMB2_LOCK_FLAG_EXCLUSIVE)) { - return NT_STATUS_INVALID_PARAMETER; - } - lck2->generic.in.ulock_cnt++; - lck2->generic.in.locks[j].pid = 0; - lck2->generic.in.locks[j].offset = lck->smb2.in.locks[i].offset; - lck2->generic.in.locks[j].count = lck->smb2.in.locks[i].length; - lck2->generic.in.locks[j].pid = 0; + if (!(lck->smb2.in.locks[i].flags & SMB2_LOCK_FLAG_UNLOCK)) { + break; + } + j = lck2->generic.in.ulock_cnt; + if (lck->smb2.in.locks[i].flags & + (SMB2_LOCK_FLAG_SHARED|SMB2_LOCK_FLAG_EXCLUSIVE)) { + return NT_STATUS_INVALID_PARAMETER; } + lck2->generic.in.ulock_cnt++; + lck2->generic.in.locks[j].pid = 0; + lck2->generic.in.locks[j].offset = lck->smb2.in.locks[i].offset; + lck2->generic.in.locks[j].count = lck->smb2.in.locks[i].length; + lck2->generic.in.locks[j].pid = 0; } - for (i=0;i<lck->smb2.in.lock_count;i++) { - if (!(lck->smb2.in.locks[i].flags & SMB2_LOCK_FLAG_UNLOCK)) { - int j = lck2->generic.in.ulock_cnt + - lck2->generic.in.lock_cnt; - lck2->generic.in.lock_cnt++; - lck2->generic.in.locks[j].pid = 0; - lck2->generic.in.locks[j].offset = lck->smb2.in.locks[i].offset; - lck2->generic.in.locks[j].count = lck->smb2.in.locks[i].length; - lck2->generic.in.locks[j].pid = 0; - if (!(lck->smb2.in.locks[i].flags & SMB2_LOCK_FLAG_EXCLUSIVE)) { - lck2->generic.in.mode = LOCKING_ANDX_SHARED_LOCK; - } - if (lck->smb2.in.locks[i].flags & SMB2_LOCK_FLAG_FAIL_IMMEDIATELY) { - lck2->generic.in.timeout = 0; - } + for (;i<lck->smb2.in.lock_count;i++) { + if (lck->smb2.in.locks[i].flags & SMB2_LOCK_FLAG_UNLOCK) { + /* w2008 requires unlocks to come first */ + return NT_STATUS_INVALID_PARAMETER; + } + j = lck2->generic.in.ulock_cnt + lck2->generic.in.lock_cnt; + lck2->generic.in.lock_cnt++; + lck2->generic.in.locks[j].pid = 0; + lck2->generic.in.locks[j].offset = lck->smb2.in.locks[i].offset; + lck2->generic.in.locks[j].count = lck->smb2.in.locks[i].length; + lck2->generic.in.locks[j].pid = 0; + if (!(lck->smb2.in.locks[i].flags & SMB2_LOCK_FLAG_EXCLUSIVE)) { + lck2->generic.in.mode = LOCKING_ANDX_SHARED_LOCK; + } + if (lck->smb2.in.locks[i].flags & SMB2_LOCK_FLAG_FAIL_IMMEDIATELY) { + lck2->generic.in.timeout = 0; } } /* initialize output value */ diff --git a/source4/torture/smb2/lock.c b/source4/torture/smb2/lock.c index 5f43c86b67..c708c9f770 100644 --- a/source4/torture/smb2/lock.c +++ b/source4/torture/smb2/lock.c @@ -51,7 +51,7 @@ static bool test_valid_request(struct torture_context *torture, struct smb2_tree struct smb2_handle h; uint8_t buf[200]; struct smb2_lock lck; - struct smb2_lock_element el[1]; + struct smb2_lock_element el[2]; ZERO_STRUCT(buf); @@ -216,6 +216,72 @@ static bool test_valid_request(struct torture_context *torture, struct smb2_tree el[0].flags = SMB2_LOCK_FLAG_UNLOCK | SMB2_LOCK_FLAG_SHARED; status = smb2_lock(tree, &lck); CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER); + + el[0].flags = SMB2_LOCK_FLAG_UNLOCK | SMB2_LOCK_FLAG_FAIL_IMMEDIATELY; + status = smb2_lock(tree, &lck); + CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED); + + lck.in.lock_count = 2; + lck.in.reserved = 0; + lck.in.file.handle = h; + el[0].offset = 9999; + el[0].length = 1; + el[0].reserved = 0x00000000; + el[1].offset = 9999; + el[1].length = 1; + el[1].reserved = 0x00000000; + + lck.in.lock_count = 2; + el[0].flags = 0; + el[1].flags = SMB2_LOCK_FLAG_UNLOCK; + status = smb2_lock(tree, &lck); + CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER); + + lck.in.lock_count = 2; + el[0].flags = 0; + el[1].flags = 0; + status = smb2_lock(tree, &lck); + CHECK_STATUS(status, NT_STATUS_OK); + + lck.in.lock_count = 2; + el[0].flags = SMB2_LOCK_FLAG_UNLOCK; + el[1].flags = 0; + status = smb2_lock(tree, &lck); + CHECK_STATUS(status, NT_STATUS_OK); + + lck.in.lock_count = 1; + el[0].flags = SMB2_LOCK_FLAG_UNLOCK; + status = smb2_lock(tree, &lck); + CHECK_STATUS(status, NT_STATUS_OK); + + lck.in.lock_count = 1; + el[0].flags = SMB2_LOCK_FLAG_UNLOCK; + status = smb2_lock(tree, &lck); + CHECK_STATUS(status, NT_STATUS_OK); + + lck.in.lock_count = 1; + el[0].flags = SMB2_LOCK_FLAG_UNLOCK; + status = smb2_lock(tree, &lck); + CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED); + + lck.in.lock_count = 1; + el[0].flags = 0; + status = smb2_lock(tree, &lck); + CHECK_STATUS(status, NT_STATUS_OK); + + status = smb2_lock(tree, &lck); + CHECK_STATUS(status, NT_STATUS_OK); + + lck.in.lock_count = 2; + el[0].flags = SMB2_LOCK_FLAG_UNLOCK; + el[1].flags = SMB2_LOCK_FLAG_UNLOCK; + status = smb2_lock(tree, &lck); + CHECK_STATUS(status, NT_STATUS_OK); + + lck.in.lock_count = 1; + el[0].flags = SMB2_LOCK_FLAG_UNLOCK; + status = smb2_lock(tree, &lck); + CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED); done: @@ -406,9 +472,9 @@ struct torture_suite *torture_smb2_lock_init(void) struct torture_suite *suite = torture_suite_create(talloc_autofree_context(), "LOCK"); torture_suite_add_1smb2_test(suite, "VALID-REQUEST", test_valid_request); - torture_suite_add_1smb2_test(suite, "RW-NONE", test_lock_rw_none); - torture_suite_add_1smb2_test(suite, "RW-SHARED", test_lock_rw_shared); - torture_suite_add_1smb2_test(suite, "RW-EXCLUSIV", test_lock_rw_exclusiv); +// torture_suite_add_1smb2_test(suite, "RW-NONE", test_lock_rw_none); +// torture_suite_add_1smb2_test(suite, "RW-SHARED", test_lock_rw_shared); +// torture_suite_add_1smb2_test(suite, "RW-EXCLUSIV", test_lock_rw_exclusiv); suite->description = talloc_strdup(suite, "SMB2-LOCK tests"); |