From 1bd59a4b673cbaab37534cd062c6bbd47f0d017f Mon Sep 17 00:00:00 2001 From: Ira Cooper Date: Wed, 19 Sep 2012 18:39:07 +0000 Subject: [PATCH 01/21] s3: Compound requests should continue processing. This patch addresses #9173. Signed-off-by: Michael Adam (cherry picked from commit 75951946193c874b6db30c1b9c8722264c3ce656) Signed-off-by: Stefan Metzmacher --- source3/smbd/smb2_server.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index be7997f..32e25ba 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -2683,10 +2683,9 @@ NTSTATUS smbd_smb2_request_error_ex(struct smbd_smb2_request *req, } /* - * if a request fails, all other remaining - * compounded requests should fail too + * Note: Even if there is an error, continue to process the request. + * per MS-SMB2. */ - req->next_status = NT_STATUS_INVALID_PARAMETER; return smbd_smb2_request_done_ex(req, status, body, info, __location__); } -- 1.7.9.5 From b13a1706446c5fc862f0cb52a10c76eb989c6251 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 20 Sep 2012 00:35:52 +0200 Subject: [PATCH 02/21] s4:torture:smb2: fix compound.related3 test to work against windows (cherry picked from commit 8e525a29a7c6512f61e4647ecb2e0771e2019a49) Signed-off-by: Stefan Metzmacher --- source4/torture/smb2/compound.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source4/torture/smb2/compound.c b/source4/torture/smb2/compound.c index 0eef369..fa63f3f 100644 --- a/source4/torture/smb2/compound.c +++ b/source4/torture/smb2/compound.c @@ -190,9 +190,9 @@ static bool test_compound_related2(struct torture_context *tctx, status = smb2_close_recv(req[2], &cl); CHECK_STATUS(status, NT_STATUS_FILE_CLOSED); status = smb2_close_recv(req[3], &cl); - CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER); + CHECK_STATUS(status, NT_STATUS_FILE_CLOSED); status = smb2_close_recv(req[4], &cl); - CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER); + CHECK_STATUS(status, NT_STATUS_FILE_CLOSED); TALLOC_FREE(tree->smbXcli); tree->smbXcli = saved_tcon; -- 1.7.9.5 From 528d81cb4d0791755ff40acd552a1870f00a8693 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 20 Sep 2012 00:36:29 +0200 Subject: [PATCH 03/21] s4:torture:smb2: fix the compound.invalid3 test to work against windows (cherry picked from commit bd8d50b451ea7f94efa7777fbe5dc0c2c19f6bf9) Signed-off-by: Stefan Metzmacher --- source4/torture/smb2/compound.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source4/torture/smb2/compound.c b/source4/torture/smb2/compound.c index fa63f3f..1c2b7cc 100644 --- a/source4/torture/smb2/compound.c +++ b/source4/torture/smb2/compound.c @@ -548,9 +548,9 @@ static bool test_compound_invalid3(struct torture_context *tctx, status = smb2_close_recv(req[2], &cl); CHECK_STATUS(status, NT_STATUS_FILE_CLOSED); status = smb2_close_recv(req[3], &cl); - CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER); + CHECK_STATUS(status, NT_STATUS_FILE_CLOSED); status = smb2_close_recv(req[4], &cl); - CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER); + CHECK_STATUS(status, NT_STATUS_FILE_CLOSED); smb2_util_unlink(tree, fname); done: -- 1.7.9.5 From abbe723b074a3b6610d3119bd70a204b90f57972 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 20 Sep 2012 05:10:28 +0200 Subject: [PATCH 04/21] s3:smb2_server: reset req->last_session_id and req->last_tid after using it If we can find a valid session or tcon we'll set it after the lookup, but it need to make sure to reset it if we don't find the session. This fixes a problem where a compound unrelated request between related requests doesn't reset the session. If we have 3 requests in a compound chain, request 3 should never use the id's cached from request 1. It should only every inherit handles from request 2. metze (cherry picked from commit 2552b6632372b35cbd7b788c4e00091dfe520a41) Signed-off-by: Stefan Metzmacher --- source3/smbd/smb2_server.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 32e25ba..a9de8b7 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -1691,6 +1691,8 @@ static NTSTATUS smbd_smb2_request_check_tcon(struct smbd_smb2_request *req) in_tid = req->last_tid; } + req->last_tid = 0; + status = smb2srv_tcon_lookup(req->session, in_tid, now, &tcon); if (!NT_STATUS_IS_OK(status)) { @@ -1740,6 +1742,8 @@ static NTSTATUS smbd_smb2_request_check_session(struct smbd_smb2_request *req) in_session_id = req->last_session_id; } + req->last_session_id = 0; + /* lookup an existing session */ status = smb2srv_session_lookup(req->sconn->conn, in_session_id, now, -- 1.7.9.5 From ffd8cbc8cd6cabdc24f8bd8495486918a1f706e6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 20 Sep 2012 00:52:19 +0200 Subject: [PATCH 05/21] s3:smb2_server: do the req->next_status check before the signing checks Windows 2012 returns NT_STATUS_INVALID_PARAMETER to the smb2.compound.invalid1 test if that uses signing (instead of NT_STATUS_ACCESS_DENIED). metze (cherry picked from commit 4384485f82aac109bf4c4c31075e313e54b4c076) Signed-off-by: Stefan Metzmacher --- source3/smbd/smb2_server.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index a9de8b7..c6dd5f2 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -1998,6 +1998,21 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } + if (flags & SMB2_HDR_FLAG_CHAINED) { + /* + * This check is mostly for giving the correct error code + * for compounded requests. + * + * TODO: we may need to move this after the session + * and tcon checks. + */ + if (!NT_STATUS_IS_OK(req->next_status)) { + return smbd_smb2_request_error(req, req->next_status); + } + } else { + req->compat_chain_fsp = NULL; + } + if (req->do_encryption) { signing_required = false; } else if (flags & SMB2_HDR_FLAG_SIGNED) { @@ -2046,21 +2061,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return smbd_smb2_request_error(req, NT_STATUS_ACCESS_DENIED); } - if (flags & SMB2_HDR_FLAG_CHAINED) { - /* - * This check is mostly for giving the correct error code - * for compounded requests. - * - * TODO: we may need to move this after the session - * and tcon checks. - */ - if (!NT_STATUS_IS_OK(req->next_status)) { - return smbd_smb2_request_error(req, req->next_status); - } - } else { - req->compat_chain_fsp = NULL; - } - if (req->compound_related) { req->sconn->smb2.compound_related_in_progress = true; } -- 1.7.9.5 From 1e841ce4b0b750a415af077204b55a76fd889c04 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 22 Sep 2012 04:06:27 +0200 Subject: [PATCH 06/21] s3:smbd:smb2: add check for session_status for compound requests (cherry picked from commit 27d38b5c27bd96d5124c175d946718bf0836b8f4) Signed-off-by: Stefan Metzmacher --- source3/smbd/smb2_server.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index c6dd5f2..f8adf80 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -2002,13 +2002,13 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) /* * This check is mostly for giving the correct error code * for compounded requests. - * - * TODO: we may need to move this after the session - * and tcon checks. */ if (!NT_STATUS_IS_OK(req->next_status)) { return smbd_smb2_request_error(req, req->next_status); } + if (!NT_STATUS_IS_OK(session_status)) { + return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); + } } else { req->compat_chain_fsp = NULL; } -- 1.7.9.5 From f2a8257f439fdbb2234ae38edfe366adf5b56d3d Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 21 Sep 2012 21:43:36 +0200 Subject: [PATCH 07/21] s3:smbd:smb2: simplify smbd_smb2_request_validate() and smbd_smb2_request_dispatch() removes unnneccary checks/assignments for compound_related and next_status and duplicate setting of error status. And remove (now) unused next_status from struct smbd_smb2_request. Pair-Programmed-With: Stefan Metzmacher (cherry picked from commit 1ae6f9c62629f8513bbe93a56775b3c64ff06832) Signed-off-by: Stefan Metzmacher --- source3/smbd/globals.h | 2 -- source3/smbd/smb2_server.c | 52 +++----------------------------------------- 2 files changed, 3 insertions(+), 51 deletions(-) diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 1cefe51..0743924 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -484,8 +484,6 @@ struct smbd_smb2_request { struct smb_request *smb1req; struct files_struct *compat_chain_fsp; - NTSTATUS next_status; - /* * The sub request for async backend calls. * This is used for SMB2 Cancel. diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index f8adf80..8123b6b 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -713,7 +713,6 @@ static NTSTATUS smbd_smb2_request_validate(struct smbd_smb2_request *req) struct iovec *hdr = SMBD_SMB2_IDX_HDR_IOV(req,in,idx); struct iovec *body = SMBD_SMB2_IDX_BODY_IOV(req,in,idx); const uint8_t *inhdr = NULL; - uint32_t flags; if (hdr->iov_len != SMB2_HDR_BODY) { return NT_STATUS_INVALID_PARAMETER; @@ -733,50 +732,6 @@ static NTSTATUS smbd_smb2_request_validate(struct smbd_smb2_request *req) if (!smb2_validate_message_id(req->sconn, inhdr)) { return NT_STATUS_INVALID_PARAMETER; } - - flags = IVAL(inhdr, SMB2_HDR_FLAGS); - if (idx < SMBD_SMB2_NUM_IOV_PER_REQ) { - /* - * the 1st request should never have the - * SMB2_HDR_FLAG_CHAINED flag set - */ - if (flags & SMB2_HDR_FLAG_CHAINED) { - req->next_status = NT_STATUS_INVALID_PARAMETER; - return NT_STATUS_OK; - } - } else if (idx < 2*SMBD_SMB2_NUM_IOV_PER_REQ) { - /* - * the 2nd request triggers related vs. unrelated - * compounded requests - */ - if (flags & SMB2_HDR_FLAG_CHAINED) { - req->compound_related = true; - } - } else { -#if 0 - /* - * It seems the this tests are wrong - * see the SMB2-COMPOUND test - */ - - /* - * all other requests should match the 2nd one - */ - if (flags & SMB2_HDR_FLAG_CHAINED) { - if (!req->compound_related) { - req->next_status = - NT_STATUS_INVALID_PARAMETER; - return NT_STATUS_OK; - } - } else { - if (req->compound_related) { - req->next_status = - NT_STATUS_INVALID_PARAMETER; - return NT_STATUS_OK; - } - } -#endif - } } return NT_STATUS_OK; @@ -2003,9 +1958,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) * This check is mostly for giving the correct error code * for compounded requests. */ - if (!NT_STATUS_IS_OK(req->next_status)) { - return smbd_smb2_request_error(req, req->next_status); - } if (!NT_STATUS_IS_OK(session_status)) { return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } @@ -2061,7 +2013,8 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return smbd_smb2_request_error(req, NT_STATUS_ACCESS_DENIED); } - if (req->compound_related) { + if (flags & SMB2_HDR_FLAG_CHAINED) { + req->compound_related = true; req->sconn->smb2.compound_related_in_progress = true; } @@ -2425,6 +2378,7 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req) } if (req->compound_related) { + req->compound_related = false; req->sconn->smb2.compound_related_in_progress = false; } -- 1.7.9.5 From 129a445f433ebb776c7bc8876e9a2fd8a78c7091 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 21 Sep 2012 22:20:20 +0200 Subject: [PATCH 08/21] s4:torture:smb2: extend the compound.invalid1 test Test that when turning the related flag back off for the last compound request, the return code changes from invalid parameter to file closed. Pair-Programmed-With: Michael Adam (cherry picked from commit 25437df8a65e56616499dda18c696f58be08f67a) Signed-off-by: Stefan Metzmacher --- source4/torture/smb2/compound.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/source4/torture/smb2/compound.c b/source4/torture/smb2/compound.c index 1c2b7cc..596702b 100644 --- a/source4/torture/smb2/compound.c +++ b/source4/torture/smb2/compound.c @@ -348,9 +348,9 @@ static bool test_compound_invalid1(struct torture_context *tctx, const char *fname = "compound_invalid1.dat"; struct smb2_close cl; bool ret = true; - struct smb2_request *req[2]; + struct smb2_request *req[3]; - smb2_transport_credits_ask_num(tree->session->transport, 2); + smb2_transport_credits_ask_num(tree->session->transport, 3); smb2_util_unlink(tree, fname); @@ -374,7 +374,7 @@ static bool test_compound_invalid1(struct torture_context *tctx, 0x00200000; cr.in.fname = fname; - smb2_transport_compound_start(tree->session->transport, 2); + smb2_transport_compound_start(tree->session->transport, 3); /* passing the first request with the related flag is invalid */ smb2_transport_compound_set_related(tree->session->transport, true); @@ -388,11 +388,16 @@ static bool test_compound_invalid1(struct torture_context *tctx, cl.in.file.handle = hd; req[1] = smb2_close_send(tree, &cl); + smb2_transport_compound_set_related(tree->session->transport, false); + req[2] = smb2_close_send(tree, &cl); + status = smb2_create_recv(req[0], tree, &cr); /* TODO: check why this fails with --signing=required */ CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER); status = smb2_close_recv(req[1], &cl); CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER); + status = smb2_close_recv(req[2], &cl); + CHECK_STATUS(status, NT_STATUS_FILE_CLOSED); smb2_util_unlink(tree, fname); done: -- 1.7.9.5 From 7254b7975c77409a2c0d3154f4ecdc9378fc92ba Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 20 Sep 2012 16:04:01 +0200 Subject: [PATCH 09/21] s3:smb2_server: avoid segfault in smbd_smb2_request_pending_queue() Because we should not call smbd_smb2_request_error() on an request that is still running. If the subreq implementes a cancel function, this should take care of triggering smbd_smb2_request_error. metze Signed-off-by: Michael Adam (cherry picked from commit 9249871f40aab021d62d3154f8ca286b52f5ef76) Signed-off-by: Stefan Metzmacher --- source3/smbd/smb2_server.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 8123b6b..1882e9a 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -1297,9 +1297,13 @@ NTSTATUS smbd_smb2_request_pending_queue(struct smbd_smb2_request *req, * request chain. This is not allowed. * Cancel the outstanding request. */ - tevent_req_cancel(req->subreq); + bool ok = tevent_req_cancel(req->subreq); + if (ok) { + return NT_STATUS_OK; + } + TALLOC_FREE(req->subreq); return smbd_smb2_request_error(req, - NT_STATUS_INSUFFICIENT_RESOURCES); + NT_STATUS_INTERNAL_ERROR); } if (DEBUGLEVEL >= 10) { -- 1.7.9.5 From 09a4e44cfe241989831f26eca2759eca7deb1ec6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 20 Sep 2012 16:16:03 +0200 Subject: [PATCH 10/21] s3:smb2_lock: let smbd_smb2_lock_cancel() trigger NT_STATUS_CANCELED Instead of violating the tevent_req layers. metze (cherry picked from commit 1f8e4732c5870043fbbc22c772404b5380f808f0) Signed-off-by: Stefan Metzmacher --- source3/smbd/smb2_lock.c | 29 +++-------------------------- 1 file changed, 3 insertions(+), 26 deletions(-) diff --git a/source3/smbd/smb2_lock.c b/source3/smbd/smb2_lock.c index 19e1ef0..d29ecec 100644 --- a/source3/smbd/smb2_lock.c +++ b/source3/smbd/smb2_lock.c @@ -134,31 +134,6 @@ static void smbd_smb2_request_lock_done(struct tevent_req *subreq) NTSTATUS status; NTSTATUS error; /* transport error */ - if (smb2req->cancelled) { - const uint8_t *inhdr = SMBD_SMB2_IN_HDR_PTR(smb2req); - uint64_t mid = BVAL(inhdr, SMB2_HDR_MESSAGE_ID); - struct smbd_smb2_lock_state *state; - - DEBUG(10,("smbd_smb2_request_lock_done: cancelled mid %llu\n", - (unsigned long long)mid )); - - state = tevent_req_data(smb2req->subreq, - struct smbd_smb2_lock_state); - - SMB_ASSERT(state); - SMB_ASSERT(state->blr); - - remove_pending_lock(state, state->blr); - - error = smbd_smb2_request_error(smb2req, NT_STATUS_CANCELLED); - if (!NT_STATUS_IS_OK(error)) { - smbd_server_connection_terminate(smb2req->sconn, - nt_errstr(error)); - return; - } - return; - } - status = smbd_smb2_lock_recv(subreq); TALLOC_FREE(subreq); if (!NT_STATUS_IS_OK(status)) { @@ -407,7 +382,9 @@ static bool smbd_smb2_lock_cancel(struct tevent_req *req) smb2req = state->smb2req; smb2req->cancelled = true; - tevent_req_done(req); + remove_pending_lock(state, state->blr); + tevent_req_defer_callback(req, smb2req->sconn->ev_ctx); + tevent_req_nterror(req, NT_STATUS_CANCELLED); return true; } -- 1.7.9.5 From 637d3c42ab0632718f55f6368ab30304589c5690 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 20 Sep 2012 16:23:26 +0200 Subject: [PATCH 11/21] s3:smb2_notify: don't call tevent_req_done() from smbd_smb2_notify_cancel() smbd_notify_cancel_by_smbreq() will already trigger this via smbd_smb2_notify_reply() and smbd_smb2_notify_reply_trigger(). metze (cherry picked from commit 1f0dfd42f16c388abc7054a7b615d2e81031472b) Signed-off-by: Stefan Metzmacher --- source3/smbd/smb2_notify.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/source3/smbd/smb2_notify.c b/source3/smbd/smb2_notify.c index 886bc89..0980c51 100644 --- a/source3/smbd/smb2_notify.c +++ b/source3/smbd/smb2_notify.c @@ -359,10 +359,9 @@ static bool smbd_smb2_notify_cancel(struct tevent_req *req) struct smbd_smb2_notify_state *state = tevent_req_data(req, struct smbd_smb2_notify_state); + state->smb2req->cancelled = true; smbd_notify_cancel_by_smbreq(state->smbreq); - state->smb2req->cancelled = true; - tevent_req_done(req); return true; } -- 1.7.9.5 From ea2d527b8d157c320b9e4d3ee60d455303a38c00 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 20 Sep 2012 16:25:58 +0200 Subject: [PATCH 12/21] s3:smb2_notify: make use of tevent_req_defer_callback() instead of custom tevent_immediate metze (cherry picked from commit 882cee0acb9c1e2105a005f0ea90691197a696c7) Signed-off-by: Stefan Metzmacher --- source3/smbd/smb2_notify.c | 35 +---------------------------------- 1 file changed, 1 insertion(+), 34 deletions(-) diff --git a/source3/smbd/smb2_notify.c b/source3/smbd/smb2_notify.c index 0980c51..2c598e8 100644 --- a/source3/smbd/smb2_notify.c +++ b/source3/smbd/smb2_notify.c @@ -28,7 +28,6 @@ struct smbd_smb2_notify_state { struct smbd_smb2_request *smb2req; struct smb_request *smbreq; - struct tevent_immediate *im; NTSTATUS status; DATA_BLOB out_output_buffer; }; @@ -177,9 +176,6 @@ static void smbd_smb2_request_notify_done(struct tevent_req *subreq) static void smbd_smb2_notify_reply(struct smb_request *smbreq, NTSTATUS error_code, uint8_t *buf, size_t len); -static void smbd_smb2_notify_reply_trigger(struct tevent_context *ctx, - struct tevent_immediate *im, - void *private_data); static bool smbd_smb2_notify_cancel(struct tevent_req *req); static struct tevent_req *smbd_smb2_notify_send(TALLOC_CTX *mem_ctx, @@ -205,7 +201,6 @@ static struct tevent_req *smbd_smb2_notify_send(TALLOC_CTX *mem_ctx, state->smb2req = smb2req; state->status = NT_STATUS_INTERNAL_ERROR; state->out_output_buffer = data_blob_null; - state->im = NULL; DEBUG(10,("smbd_smb2_notify_send: %s - %s\n", fsp_str_dbg(fsp), fsp_fnum_dbg(fsp))); @@ -275,11 +270,6 @@ static struct tevent_req *smbd_smb2_notify_send(TALLOC_CTX *mem_ctx, return tevent_req_post(req, ev); } - state->im = tevent_create_immediate(state); - if (tevent_req_nomem(state->im, req)) { - return tevent_req_post(req, ev); - } - /* * No changes pending, queue the request */ @@ -321,30 +311,7 @@ static void smbd_smb2_notify_reply(struct smb_request *smbreq, } } - if (state->im == NULL) { - smbd_smb2_notify_reply_trigger(NULL, NULL, req); - return; - } - - /* - * if this is called async, we need to go via an immediate event - * because the caller replies on the smb_request (a child of req - * being arround after calling this function - */ - tevent_schedule_immediate(state->im, - state->smb2req->sconn->ev_ctx, - smbd_smb2_notify_reply_trigger, - req); -} - -static void smbd_smb2_notify_reply_trigger(struct tevent_context *ctx, - struct tevent_immediate *im, - void *private_data) -{ - struct tevent_req *req = talloc_get_type_abort(private_data, - struct tevent_req); - struct smbd_smb2_notify_state *state = tevent_req_data(req, - struct smbd_smb2_notify_state); + tevent_req_defer_callback(req, state->smb2req->sconn->ev_ctx); if (!NT_STATUS_IS_OK(state->status)) { tevent_req_nterror(req, state->status); -- 1.7.9.5 From 9b2e5538bc9fe9c36ff53c31605c9587449bd787 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 20 Sep 2012 16:16:03 +0200 Subject: [PATCH 13/21] s3:smb2_lock: smbd_smb2_notify_recv() can already return NT_STATUS_CANCELED That's why we can remove the code that violates the tevent_req layers. metze (cherry picked from commit 65a81060093cf9d7c0ebf8d6e160625bdc87baab) Signed-off-by: Stefan Metzmacher --- source3/smbd/smb2_notify.c | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/source3/smbd/smb2_notify.c b/source3/smbd/smb2_notify.c index 2c598e8..638e01a 100644 --- a/source3/smbd/smb2_notify.c +++ b/source3/smbd/smb2_notify.c @@ -112,24 +112,6 @@ static void smbd_smb2_request_notify_done(struct tevent_req *subreq) NTSTATUS status; NTSTATUS error; /* transport error */ - if (req->cancelled) { - struct smbd_smb2_notify_state *state = tevent_req_data(subreq, - struct smbd_smb2_notify_state); - const uint8_t *inhdr = SMBD_SMB2_IN_HDR_PTR(req); - uint64_t mid = BVAL(inhdr, SMB2_HDR_MESSAGE_ID); - - DEBUG(10,("smbd_smb2_request_notify_done: cancelled mid %llu\n", - (unsigned long long)mid )); - error = smbd_smb2_request_error(req, NT_STATUS_CANCELLED); - if (!NT_STATUS_IS_OK(error)) { - smbd_server_connection_terminate(req->sconn, - nt_errstr(error)); - return; - } - TALLOC_FREE(state->im); - return; - } - status = smbd_smb2_notify_recv(subreq, req, &out_output_buffer); -- 1.7.9.5 From abd05d7376170d29027db986b18ccd9a501f6f70 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 20 Sep 2012 16:16:03 +0200 Subject: [PATCH 14/21] s3:smb2_lock: let smbd_smb2_create_cancel() trigger NT_STATUS_CANCELED Instead of violating the tevent_req layers. metze (cherry picked from commit 603f9bfa4cf7910e1c1cae1a8d0741a6d0874baa) Signed-off-by: Stefan Metzmacher --- source3/smbd/smb2_create.c | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c index 331ca49..70ef324 100644 --- a/source3/smbd/smb2_create.c +++ b/source3/smbd/smb2_create.c @@ -284,19 +284,6 @@ static void smbd_smb2_request_create_done(struct tevent_req *tsubreq) NTSTATUS status; NTSTATUS error; /* transport error */ - if (smb2req->cancelled) { - uint64_t mid = get_mid_from_smb2req(smb2req); - DEBUG(10,("smbd_smb2_request_create_done: cancelled mid %llu\n", - (unsigned long long)mid )); - error = smbd_smb2_request_error(smb2req, NT_STATUS_CANCELLED); - if (!NT_STATUS_IS_OK(error)) { - smbd_server_connection_terminate(smb2req->sconn, - nt_errstr(error)); - return; - } - return; - } - status = smbd_smb2_create_recv(tsubreq, smb2req, &out_oplock_level, @@ -1426,7 +1413,8 @@ static bool smbd_smb2_create_cancel(struct tevent_req *req) remove_deferred_open_message_smb2_internal(smb2req, mid); smb2req->cancelled = true; - tevent_req_done(req); + tevent_req_defer_callback(req, smb2req->sconn->ev_ctx); + tevent_req_nterror(req, NT_STATUS_CANCELLED); return true; } -- 1.7.9.5 From 0704c179516c30b8bc929c323cf629bddbf22da1 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 22 Sep 2012 02:05:18 +0200 Subject: [PATCH 15/21] s3:smbd: remove struct member smbd_smb2_request.cancelled - it was only written (cherry picked from commit 88d051f7f18ff88ec5385fdc798f051659134bd3) Signed-off-by: Stefan Metzmacher --- source3/smbd/globals.h | 1 - source3/smbd/smb2_create.c | 1 - source3/smbd/smb2_lock.c | 1 - source3/smbd/smb2_notify.c | 1 - source3/smbd/smb2_read.c | 2 -- source3/smbd/smb2_write.c | 2 -- 6 files changed, 8 deletions(-) diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 0743924..b2d05a7 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -464,7 +464,6 @@ struct smbd_smb2_request { bool do_signing; bool do_encryption; struct tevent_timer *async_te; - bool cancelled; bool compound_related; /* diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c index 70ef324..aff934f 100644 --- a/source3/smbd/smb2_create.c +++ b/source3/smbd/smb2_create.c @@ -1411,7 +1411,6 @@ static bool smbd_smb2_create_cancel(struct tevent_req *req) remove_deferred_open_entry(state->id, mid, messaging_server_id(smb2req->sconn->msg_ctx)); remove_deferred_open_message_smb2_internal(smb2req, mid); - smb2req->cancelled = true; tevent_req_defer_callback(req, smb2req->sconn->ev_ctx); tevent_req_nterror(req, NT_STATUS_CANCELLED); diff --git a/source3/smbd/smb2_lock.c b/source3/smbd/smb2_lock.c index d29ecec..e2ea251 100644 --- a/source3/smbd/smb2_lock.c +++ b/source3/smbd/smb2_lock.c @@ -380,7 +380,6 @@ static bool smbd_smb2_lock_cancel(struct tevent_req *req) } smb2req = state->smb2req; - smb2req->cancelled = true; remove_pending_lock(state, state->blr); tevent_req_defer_callback(req, smb2req->sconn->ev_ctx); diff --git a/source3/smbd/smb2_notify.c b/source3/smbd/smb2_notify.c index 638e01a..81aa615 100644 --- a/source3/smbd/smb2_notify.c +++ b/source3/smbd/smb2_notify.c @@ -308,7 +308,6 @@ static bool smbd_smb2_notify_cancel(struct tevent_req *req) struct smbd_smb2_notify_state *state = tevent_req_data(req, struct smbd_smb2_notify_state); - state->smb2req->cancelled = true; smbd_notify_cancel_by_smbreq(state->smbreq); return true; diff --git a/source3/smbd/smb2_read.c b/source3/smbd/smb2_read.c index e0c615a..2890f86 100644 --- a/source3/smbd/smb2_read.c +++ b/source3/smbd/smb2_read.c @@ -363,8 +363,6 @@ static bool smbd_smb2_read_cancel(struct tevent_req *req) tevent_req_data(req, struct smbd_smb2_read_state); - state->smb2req->cancelled = true; - return cancel_smb2_aio(state->smbreq); } diff --git a/source3/smbd/smb2_write.c b/source3/smbd/smb2_write.c index 03998ca..f9cfbfc 100644 --- a/source3/smbd/smb2_write.c +++ b/source3/smbd/smb2_write.c @@ -236,8 +236,6 @@ static bool smbd_smb2_write_cancel(struct tevent_req *req) tevent_req_data(req, struct smbd_smb2_write_state); - state->smb2req->cancelled = true; - return cancel_smb2_aio(state->smbreq); } -- 1.7.9.5 From 9fe4b0c10fa7beb15881252e2b1c3a2b7feb8e6a Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 20 Sep 2012 00:41:04 +0200 Subject: [PATCH 16/21] s4:torture:smb2: don't skip the compound.interim1 test for non win7/win2k8 (cherry picked from commit 917e714831178b2a3d07c7f9d09711231a7ccf31) Signed-off-by: Stefan Metzmacher --- source4/torture/smb2/compound.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/source4/torture/smb2/compound.c b/source4/torture/smb2/compound.c index 596702b..56ccf7a 100644 --- a/source4/torture/smb2/compound.c +++ b/source4/torture/smb2/compound.c @@ -579,10 +579,6 @@ static bool test_compound_interim1(struct torture_context *tctx, /* Win7 compound request implementation deviates substantially from the * SMB2 spec as noted in MS-SMB2 <159>, <162>. This, test currently * verifies the Windows behavior, not the general spec behavior. */ - if (!TARGET_IS_WIN7(tctx) && !TARGET_IS_W2K8(tctx)) { - torture_skip(tctx, "Interim test is specific to Windows server " - "behavior.\n"); - } smb2_transport_credits_ask_num(tree->session->transport, 5); -- 1.7.9.5 From 6c18922beeb2b9c753adc2f4fffa5bf4653ccd90 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 20 Sep 2012 00:41:48 +0200 Subject: [PATCH 17/21] s4:torture:smb2: don't skip the compound.interim2 test for non win7/win2k8 (cherry picked from commit 8df0b023c51ed198d3054760447e1b273eada991) Signed-off-by: Stefan Metzmacher --- source4/torture/smb2/compound.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/source4/torture/smb2/compound.c b/source4/torture/smb2/compound.c index 56ccf7a..b946623 100644 --- a/source4/torture/smb2/compound.c +++ b/source4/torture/smb2/compound.c @@ -646,10 +646,6 @@ static bool test_compound_interim2(struct torture_context *tctx, /* Win7 compound request implementation deviates substantially from the * SMB2 spec as noted in MS-SMB2 <159>, <162>. This, test currently * verifies the Windows behavior, not the general spec behavior. */ - if (!TARGET_IS_WIN7(tctx) && !TARGET_IS_W2K8(tctx)) { - torture_skip(tctx, "Interim test is specific to Windows server " - "behavior.\n"); - } smb2_transport_credits_ask_num(tree->session->transport, 5); -- 1.7.9.5 From 0899aec388434afa28cd3bbe83cabb3eb9346f44 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 20 Sep 2012 00:43:54 +0200 Subject: [PATCH 18/21] s4:torture:smb2:compound: remove two unused macros (cherry picked from commit 6f6b1c6ac15f225978e8c2d67c1a817d9e098317) Signed-off-by: Stefan Metzmacher --- source4/torture/smb2/compound.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/source4/torture/smb2/compound.c b/source4/torture/smb2/compound.c index b946623..e75f682 100644 --- a/source4/torture/smb2/compound.c +++ b/source4/torture/smb2/compound.c @@ -34,9 +34,6 @@ goto done; \ }} while (0) -#define TARGET_IS_W2K8(_tctx) (torture_setting_bool(_tctx, "w2k8", false)) -#define TARGET_IS_WIN7(_tctx) (torture_setting_bool(_tctx, "win7", false)) - static bool test_compound_related1(struct torture_context *tctx, struct smb2_tree *tree) { -- 1.7.9.5 From 114063fa38526c9ff3d9585060150f8701c9c1a8 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 20 Sep 2012 20:46:53 +0200 Subject: [PATCH 19/21] selftest: we fail samba3.smb2.compound.interim2 We currently return NT_STATUS_CANCELLED where we should return NT_STATUS_INTERNAL_ERROR. (cherry picked from commit 841934647b06d6400148932cc8ce02a20c209610) Signed-off-by: Stefan Metzmacher --- selftest/knownfail | 1 + 1 file changed, 1 insertion(+) diff --git a/selftest/knownfail b/selftest/knownfail index 0180eb3..2ba1b91 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -203,6 +203,7 @@ ^samba3.smb2.getinfo.getinfo ^samba3.smb2.setinfo.setinfo ^samba3.smb2.session.*reauth5 # some special anonymous checks? +^samba3.smb2.compound.interim2 # wrong return code (STATUS_CANCELLED) ^samba3.raw.session.*reauth2 # maybe fix this? ^samba3.rpc.spoolss.printer.addprinter.driver_info_winreg # knownfail or flapping? ^samba3.rpc.spoolss.printer.addprinterex.driver_info_winreg # knownfail or flapping? -- 1.7.9.5 From 178268bda3b932a8a146df3a7358683d9492ec7d Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 21 Sep 2012 22:56:20 +0200 Subject: [PATCH 20/21] s3:smbd:smb2: initialize variable in vfs_default_durable_reconnect() Found by Ambi's state-of-the-art compiler! (cherry picked from commit 93bee9b3e31b398b9becc7be7804025d4066359b) Signed-off-by: Stefan Metzmacher --- source3/smbd/durable.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/smbd/durable.c b/source3/smbd/durable.c index 5953e1b..42ad18e 100644 --- a/source3/smbd/durable.c +++ b/source3/smbd/durable.c @@ -234,7 +234,7 @@ NTSTATUS vfs_default_durable_reconnect(struct connection_struct *conn, NTSTATUS status; bool ok; int ret; - int flags; + int flags = 0; struct file_id file_id; struct smb_filename *smb_fname = NULL; enum ndr_err_code ndr_err; -- 1.7.9.5 From dadd614be3241ed95b78aa5ed5b75514af0e3a92 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 22 Sep 2012 19:07:51 +0200 Subject: [PATCH 21/21] selftest: skip the samba4.smb2.compound testsuite Too many tests are starting but never finish. Autobuild-User(master): Michael Adam Autobuild-Date(master): Sat Sep 22 20:50:06 CEST 2012 on sn-devel-104 (cherry picked from commit 162fbf4adbd78af0ca62e01da30e9c8bf86d3b4d) Signed-off-by: Stefan Metzmacher --- selftest/skip | 1 + 1 file changed, 1 insertion(+) diff --git a/selftest/skip b/selftest/skip index 174f257..171eee0 100644 --- a/selftest/skip +++ b/selftest/skip @@ -57,6 +57,7 @@ ^samba4.smb2.durable-v2-open ^samba4.smb2.dir ^samba4.smb2.session +^samba4.smb2.compound ^samba4.ntvfs.cifs.*.base.charset ^samba4.ntvfs.cifs.*.base.iometer ^samba4.ntvfs.cifs.*.base.casetable -- 1.7.9.5