2 Unix SMB/CIFS implementation.
4 test suite for SMB2 session setups
6 Copyright (C) Michael Adam 2012
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "libcli/smb2/smb2.h"
24 #include "libcli/smb2/smb2_calls.h"
25 #include "torture/torture.h"
26 #include "torture/util.h"
27 #include "torture/smb2/proto.h"
28 #include "../libcli/smb/smbXcli_base.h"
29 #include "lib/cmdline/cmdline.h"
30 #include "auth/credentials/credentials.h"
31 #include "auth/credentials/credentials_krb5.h"
32 #include "libcli/security/security.h"
33 #include "libcli/resolve/resolve.h"
34 #include "lib/param/param.h"
35 #include "lib/util/tevent_ntstatus.h"
37 /* Ticket lifetime we want to request in seconds */
38 #define KRB5_TICKET_LIFETIME 5
39 /* Allowed clock skew in seconds */
40 #define KRB5_CLOCKSKEW 5
41 /* Time till ticket fully expired in seconds */
42 #define KRB5_TICKET_EXPIRETIME KRB5_TICKET_LIFETIME + KRB5_CLOCKSKEW
45 #define GENSEC_GSSAPI_REQUESTED_LIFETIME(x) \
46 "gensec_gssapi:requested_life_time=" texpand(x)
48 #define CHECK_CREATED(tctx, __io, __created, __attribute) \
50 torture_assert_int_equal(tctx, (__io)->out.create_action, \
51 NTCREATEX_ACTION_ ## __created, \
52 "out.create_action incorrect"); \
53 torture_assert_int_equal(tctx, (__io)->out.size, 0, \
54 "out.size incorrect"); \
55 torture_assert_int_equal(tctx, (__io)->out.file_attr, \
57 "out.file_attr incorrect"); \
58 torture_assert_int_equal(tctx, (__io)->out.reserved2, 0, \
59 "out.reserverd2 incorrect"); \
62 #define WAIT_FOR_ASYNC_RESPONSE(req) \
63 while (!req->cancel.can_cancel && req->state <= SMB2_REQUEST_RECV) { \
64 if (tevent_loop_once(tctx->ev) != 0) { \
69 static void sleep_remaining(struct torture_context
*tctx
,
70 const struct timeval
*endtime
)
72 struct timeval current
= tevent_timeval_current();
73 double remaining_secs
= timeval_elapsed2(¤t
, endtime
);
75 remaining_secs
= remaining_secs
< 1.0 ? 1.0 : remaining_secs
;
78 "sleep for %2.f second(s) that the krb5 ticket expires",
80 smb_msleep((int)(remaining_secs
* 1000));
84 * basic test for doing a session reconnect
86 bool test_session_reconnect1(struct torture_context
*tctx
, struct smb2_tree
*tree
)
89 TALLOC_CTX
*mem_ctx
= talloc_new(tctx
);
91 struct smb2_handle _h1
;
92 struct smb2_handle
*h1
= NULL
;
93 struct smb2_handle _h2
;
94 struct smb2_handle
*h2
= NULL
;
95 struct smb2_create io1
, io2
;
96 uint64_t previous_session_id
;
98 struct smb2_tree
*tree2
= NULL
;
99 union smb_fileinfo qfinfo
;
101 /* Add some random component to the file name. */
102 snprintf(fname
, sizeof(fname
), "session_reconnect_%s.dat",
103 generate_random_str(tctx
, 8));
105 smb2_util_unlink(tree
, fname
);
107 smb2_oplock_create_share(&io1
, fname
,
108 smb2_util_share_access(""),
109 smb2_util_oplock_level("b"));
111 status
= smb2_create(tree
, mem_ctx
, &io1
);
112 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
113 "smb2_create failed");
114 _h1
= io1
.out
.file
.handle
;
116 CHECK_CREATED(tctx
, &io1
, CREATED
, FILE_ATTRIBUTE_ARCHIVE
);
117 torture_assert_int_equal(tctx
, io1
.out
.oplock_level
,
118 smb2_util_oplock_level("b"),
119 "oplock_level incorrect");
121 /* disconnect, reconnect and then do durable reopen */
122 previous_session_id
= smb2cli_session_current_id(tree
->session
->smbXcli
);
124 torture_assert_goto(tctx
, torture_smb2_connection_ext(tctx
, previous_session_id
,
125 &tree
->session
->transport
->options
, &tree2
),
127 "session reconnect failed\n");
129 /* try to access the file via the old handle */
132 qfinfo
.generic
.level
= RAW_FILEINFO_POSITION_INFORMATION
;
133 qfinfo
.generic
.in
.file
.handle
= _h1
;
134 status
= smb2_getinfo_file(tree
, mem_ctx
, &qfinfo
);
135 torture_assert_ntstatus_equal_goto(tctx
, status
,
136 NT_STATUS_USER_SESSION_DELETED
,
137 ret
, done
, "smb2_getinfo_file "
138 "returned unexpected status");
141 smb2_oplock_create_share(&io2
, fname
,
142 smb2_util_share_access(""),
143 smb2_util_oplock_level("b"));
145 status
= smb2_create(tree2
, mem_ctx
, &io2
);
146 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
147 "smb2_create failed");
149 CHECK_CREATED(tctx
, &io2
, EXISTED
, FILE_ATTRIBUTE_ARCHIVE
);
150 torture_assert_int_equal(tctx
, io1
.out
.oplock_level
,
151 smb2_util_oplock_level("b"),
152 "oplock_level incorrect");
153 _h2
= io2
.out
.file
.handle
;
158 smb2_util_close(tree
, *h1
);
161 smb2_util_close(tree2
, *h2
);
165 smb2_util_unlink(tree2
, fname
);
167 smb2_util_unlink(tree
, fname
);
172 talloc_free(mem_ctx
);
178 * basic test for doing a session reconnect on one connection
180 bool test_session_reconnect2(struct torture_context
*tctx
, struct smb2_tree
*tree
)
183 TALLOC_CTX
*mem_ctx
= talloc_new(tctx
);
185 struct smb2_handle _h1
;
186 struct smb2_handle
*h1
= NULL
;
187 struct smb2_create io1
;
188 uint64_t previous_session_id
;
190 struct smb2_session
*session2
= NULL
;
191 union smb_fileinfo qfinfo
;
193 /* Add some random component to the file name. */
194 snprintf(fname
, sizeof(fname
), "session_reconnect_%s.dat",
195 generate_random_str(tctx
, 8));
197 smb2_util_unlink(tree
, fname
);
199 smb2_oplock_create_share(&io1
, fname
,
200 smb2_util_share_access(""),
201 smb2_util_oplock_level("b"));
202 io1
.in
.create_options
|= NTCREATEX_OPTIONS_DELETE_ON_CLOSE
;
204 status
= smb2_create(tree
, mem_ctx
, &io1
);
205 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
206 "smb2_create failed");
207 _h1
= io1
.out
.file
.handle
;
209 CHECK_CREATED(tctx
, &io1
, CREATED
, FILE_ATTRIBUTE_ARCHIVE
);
210 torture_assert_int_equal(tctx
, io1
.out
.oplock_level
,
211 smb2_util_oplock_level("b"),
212 "oplock_level incorrect");
214 /* disconnect, reconnect and then do durable reopen */
215 previous_session_id
= smb2cli_session_current_id(tree
->session
->smbXcli
);
217 torture_assert(tctx
, torture_smb2_session_setup(tctx
, tree
->session
->transport
,
218 previous_session_id
, tctx
, &session2
),
219 "session reconnect (on the same connection) failed");
221 /* try to access the file via the old handle */
224 qfinfo
.generic
.level
= RAW_FILEINFO_POSITION_INFORMATION
;
225 qfinfo
.generic
.in
.file
.handle
= _h1
;
226 status
= smb2_getinfo_file(tree
, mem_ctx
, &qfinfo
);
227 torture_assert_ntstatus_equal_goto(tctx
, status
,
228 NT_STATUS_USER_SESSION_DELETED
,
229 ret
, done
, "smb2_getinfo_file "
230 "returned unexpected status");
235 smb2_util_close(tree
, *h1
);
239 talloc_free(session2
);
241 talloc_free(mem_ctx
);
246 bool test_session_reauth1(struct torture_context
*tctx
, struct smb2_tree
*tree
)
249 TALLOC_CTX
*mem_ctx
= talloc_new(tctx
);
251 struct smb2_handle _h1
;
252 struct smb2_handle
*h1
= NULL
;
253 struct smb2_create io1
;
255 union smb_fileinfo qfinfo
;
257 /* Add some random component to the file name. */
258 snprintf(fname
, sizeof(fname
), "session_reauth1_%s.dat",
259 generate_random_str(tctx
, 8));
261 smb2_util_unlink(tree
, fname
);
263 smb2_oplock_create_share(&io1
, fname
,
264 smb2_util_share_access(""),
265 smb2_util_oplock_level("b"));
267 status
= smb2_create(tree
, mem_ctx
, &io1
);
268 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
269 "smb2_create failed");
270 _h1
= io1
.out
.file
.handle
;
272 CHECK_CREATED(tctx
, &io1
, CREATED
, FILE_ATTRIBUTE_ARCHIVE
);
273 torture_assert_int_equal(tctx
, io1
.out
.oplock_level
,
274 smb2_util_oplock_level("b"),
275 "oplock_level incorrect");
277 status
= smb2_session_setup_spnego(tree
->session
,
278 samba_cmdline_get_creds(),
279 0 /* previous_session_id */);
280 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
281 "smb2_session_setup_spnego failed");
283 /* try to access the file via the old handle */
286 qfinfo
.generic
.level
= RAW_FILEINFO_POSITION_INFORMATION
;
287 qfinfo
.generic
.in
.file
.handle
= _h1
;
288 status
= smb2_getinfo_file(tree
, mem_ctx
, &qfinfo
);
289 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
290 "smb2_getinfo_file failed");
292 status
= smb2_session_setup_spnego(tree
->session
,
293 samba_cmdline_get_creds(),
294 0 /* previous_session_id */);
295 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
296 "smb2_session_setup_spnego failed");
298 /* try to access the file via the old handle */
301 qfinfo
.generic
.level
= RAW_FILEINFO_POSITION_INFORMATION
;
302 qfinfo
.generic
.in
.file
.handle
= _h1
;
303 status
= smb2_getinfo_file(tree
, mem_ctx
, &qfinfo
);
304 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
305 "smb2_getinfo_file failed");
309 smb2_util_close(tree
, *h1
);
312 smb2_util_unlink(tree
, fname
);
316 talloc_free(mem_ctx
);
321 bool test_session_reauth2(struct torture_context
*tctx
, struct smb2_tree
*tree
)
324 TALLOC_CTX
*mem_ctx
= talloc_new(tctx
);
326 struct smb2_handle _h1
;
327 struct smb2_handle
*h1
= NULL
;
328 struct smb2_create io1
;
330 union smb_fileinfo qfinfo
;
331 struct cli_credentials
*anon_creds
= NULL
;
333 /* Add some random component to the file name. */
334 snprintf(fname
, sizeof(fname
), "session_reauth2_%s.dat",
335 generate_random_str(tctx
, 8));
337 smb2_util_unlink(tree
, fname
);
339 smb2_oplock_create_share(&io1
, fname
,
340 smb2_util_share_access(""),
341 smb2_util_oplock_level("b"));
343 status
= smb2_create(tree
, mem_ctx
, &io1
);
344 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
345 "smb2_create failed");
346 _h1
= io1
.out
.file
.handle
;
348 CHECK_CREATED(tctx
, &io1
, CREATED
, FILE_ATTRIBUTE_ARCHIVE
);
349 torture_assert_int_equal(tctx
, io1
.out
.oplock_level
,
350 smb2_util_oplock_level("b"),
351 "oplock_level incorrect");
353 /* re-authenticate as anonymous */
355 anon_creds
= cli_credentials_init_anon(mem_ctx
);
356 torture_assert(tctx
, (anon_creds
!= NULL
), "talloc error");
358 status
= smb2_session_setup_spnego(tree
->session
,
360 0 /* previous_session_id */);
361 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
362 "smb2_session_setup_spnego failed");
364 /* try to access the file via the old handle */
367 qfinfo
.generic
.level
= RAW_FILEINFO_POSITION_INFORMATION
;
368 qfinfo
.generic
.in
.file
.handle
= _h1
;
369 status
= smb2_getinfo_file(tree
, mem_ctx
, &qfinfo
);
370 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
371 "smb2_getinfo_file failed");
373 /* re-authenticate as original user again */
375 status
= smb2_session_setup_spnego(tree
->session
,
376 samba_cmdline_get_creds(),
377 0 /* previous_session_id */);
378 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
379 "smb2_session_setup_spnego failed");
381 /* try to access the file via the old handle */
384 qfinfo
.generic
.level
= RAW_FILEINFO_POSITION_INFORMATION
;
385 qfinfo
.generic
.in
.file
.handle
= _h1
;
386 status
= smb2_getinfo_file(tree
, mem_ctx
, &qfinfo
);
387 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
388 "smb2_getinfo_file failed");
392 smb2_util_close(tree
, *h1
);
395 smb2_util_unlink(tree
, fname
);
399 talloc_free(mem_ctx
);
405 * test getting security descriptor after reauth
407 bool test_session_reauth3(struct torture_context
*tctx
, struct smb2_tree
*tree
)
410 TALLOC_CTX
*mem_ctx
= talloc_new(tctx
);
412 struct smb2_handle _h1
;
413 struct smb2_handle
*h1
= NULL
;
414 struct smb2_create io1
;
416 union smb_fileinfo qfinfo
;
417 struct cli_credentials
*anon_creds
= NULL
;
418 uint32_t secinfo_flags
= SECINFO_OWNER
421 | SECINFO_PROTECTED_DACL
422 | SECINFO_UNPROTECTED_DACL
;
424 /* Add some random component to the file name. */
425 snprintf(fname
, sizeof(fname
), "session_reauth3_%s.dat",
426 generate_random_str(tctx
, 8));
428 smb2_util_unlink(tree
, fname
);
430 smb2_oplock_create_share(&io1
, fname
,
431 smb2_util_share_access(""),
432 smb2_util_oplock_level("b"));
434 status
= smb2_create(tree
, mem_ctx
, &io1
);
435 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
436 "smb2_create failed");
437 _h1
= io1
.out
.file
.handle
;
439 CHECK_CREATED(tctx
, &io1
, CREATED
, FILE_ATTRIBUTE_ARCHIVE
);
440 torture_assert_int_equal(tctx
, io1
.out
.oplock_level
,
441 smb2_util_oplock_level("b"),
442 "oplock_level incorrect");
444 /* get the security descriptor */
448 qfinfo
.query_secdesc
.level
= RAW_FILEINFO_SEC_DESC
;
449 qfinfo
.query_secdesc
.in
.file
.handle
= _h1
;
450 qfinfo
.query_secdesc
.in
.secinfo_flags
= secinfo_flags
;
452 status
= smb2_getinfo_file(tree
, mem_ctx
, &qfinfo
);
453 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
454 "smb2_getinfo_file failed");
456 /* re-authenticate as anonymous */
458 anon_creds
= cli_credentials_init_anon(mem_ctx
);
459 torture_assert(tctx
, (anon_creds
!= NULL
), "talloc error");
461 status
= smb2_session_setup_spnego(tree
->session
,
463 0 /* previous_session_id */);
464 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
465 "smb2_session_setup_spnego failed");
467 /* try to access the file via the old handle */
471 qfinfo
.query_secdesc
.level
= RAW_FILEINFO_SEC_DESC
;
472 qfinfo
.query_secdesc
.in
.file
.handle
= _h1
;
473 qfinfo
.query_secdesc
.in
.secinfo_flags
= secinfo_flags
;
475 status
= smb2_getinfo_file(tree
, mem_ctx
, &qfinfo
);
476 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
477 "smb2_getinfo_file failed");
479 /* re-authenticate as original user again */
481 status
= smb2_session_setup_spnego(tree
->session
,
482 samba_cmdline_get_creds(),
483 0 /* previous_session_id */);
484 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
485 "smb2_session_setup_spnego failed");
487 /* try to access the file via the old handle */
491 qfinfo
.query_secdesc
.level
= RAW_FILEINFO_SEC_DESC
;
492 qfinfo
.query_secdesc
.in
.file
.handle
= _h1
;
493 qfinfo
.query_secdesc
.in
.secinfo_flags
= secinfo_flags
;
495 status
= smb2_getinfo_file(tree
, mem_ctx
, &qfinfo
);
496 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
497 "smb2_getinfo_file failed");
501 smb2_util_close(tree
, *h1
);
504 smb2_util_unlink(tree
, fname
);
508 talloc_free(mem_ctx
);
514 * test setting security descriptor after reauth.
516 bool test_session_reauth4(struct torture_context
*tctx
, struct smb2_tree
*tree
)
519 TALLOC_CTX
*mem_ctx
= talloc_new(tctx
);
521 struct smb2_handle _h1
;
522 struct smb2_handle
*h1
= NULL
;
523 struct smb2_create io1
;
525 union smb_fileinfo qfinfo
;
526 union smb_setfileinfo sfinfo
;
527 struct cli_credentials
*anon_creds
= NULL
;
528 uint32_t secinfo_flags
= SECINFO_OWNER
531 | SECINFO_PROTECTED_DACL
532 | SECINFO_UNPROTECTED_DACL
;
533 struct security_descriptor
*sd1
;
534 struct security_ace ace
;
535 struct dom_sid
*extra_sid
;
537 /* Add some random component to the file name. */
538 snprintf(fname
, sizeof(fname
), "session_reauth4_%s.dat",
539 generate_random_str(tctx
, 8));
541 smb2_util_unlink(tree
, fname
);
543 smb2_oplock_create_share(&io1
, fname
,
544 smb2_util_share_access(""),
545 smb2_util_oplock_level("b"));
547 status
= smb2_create(tree
, mem_ctx
, &io1
);
548 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
549 "smb2_create failed");
550 _h1
= io1
.out
.file
.handle
;
552 CHECK_CREATED(tctx
, &io1
, CREATED
, FILE_ATTRIBUTE_ARCHIVE
);
553 torture_assert_int_equal(tctx
, io1
.out
.oplock_level
,
554 smb2_util_oplock_level("b"),
555 "oplock_level incorrect");
557 /* get the security descriptor */
561 qfinfo
.query_secdesc
.level
= RAW_FILEINFO_SEC_DESC
;
562 qfinfo
.query_secdesc
.in
.file
.handle
= _h1
;
563 qfinfo
.query_secdesc
.in
.secinfo_flags
= secinfo_flags
;
565 status
= smb2_getinfo_file(tree
, mem_ctx
, &qfinfo
);
566 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
567 "smb2_getinfo_file failed");
569 sd1
= qfinfo
.query_secdesc
.out
.sd
;
571 /* re-authenticate as anonymous */
573 anon_creds
= cli_credentials_init_anon(mem_ctx
);
574 torture_assert(tctx
, (anon_creds
!= NULL
), "talloc error");
576 status
= smb2_session_setup_spnego(tree
->session
,
578 0 /* previous_session_id */);
579 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
580 "smb2_session_setup_spnego failed");
582 /* give full access on the file to anonymous */
584 extra_sid
= dom_sid_parse_talloc(tctx
, SID_NT_ANONYMOUS
);
587 ace
.type
= SEC_ACE_TYPE_ACCESS_ALLOWED
;
589 ace
.access_mask
= SEC_STD_ALL
| SEC_FILE_ALL
;
590 ace
.trustee
= *extra_sid
;
592 status
= security_descriptor_dacl_add(sd1
, &ace
);
593 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
594 "security_descriptor_dacl_add failed");
597 sfinfo
.set_secdesc
.level
= RAW_SFILEINFO_SEC_DESC
;
598 sfinfo
.set_secdesc
.in
.file
.handle
= _h1
;
599 sfinfo
.set_secdesc
.in
.secinfo_flags
= SECINFO_DACL
;
600 sfinfo
.set_secdesc
.in
.sd
= sd1
;
602 status
= smb2_setinfo_file(tree
, &sfinfo
);
603 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
604 "smb2_setinfo_file failed");
606 /* re-authenticate as original user again */
608 status
= smb2_session_setup_spnego(tree
->session
,
609 samba_cmdline_get_creds(),
610 0 /* previous_session_id */);
611 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
612 "smb2_session_setup_spnego failed");
614 /* re-get the security descriptor */
618 qfinfo
.query_secdesc
.level
= RAW_FILEINFO_SEC_DESC
;
619 qfinfo
.query_secdesc
.in
.file
.handle
= _h1
;
620 qfinfo
.query_secdesc
.in
.secinfo_flags
= secinfo_flags
;
622 status
= smb2_getinfo_file(tree
, mem_ctx
, &qfinfo
);
623 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
624 "smb2_getinfo_file failed");
630 smb2_util_close(tree
, *h1
);
633 smb2_util_unlink(tree
, fname
);
637 talloc_free(mem_ctx
);
643 * test renaming after reauth.
644 * compare security descriptors before and after rename/reauth
646 bool test_session_reauth5(struct torture_context
*tctx
, struct smb2_tree
*tree
)
649 TALLOC_CTX
*mem_ctx
= talloc_new(tctx
);
653 struct smb2_handle _dh1
;
654 struct smb2_handle
*dh1
= NULL
;
655 struct smb2_handle _h1
;
656 struct smb2_handle
*h1
= NULL
;
657 struct smb2_create io1
;
660 union smb_fileinfo qfinfo
;
661 union smb_setfileinfo sfinfo
;
662 struct cli_credentials
*anon_creds
= NULL
;
663 uint32_t secinfo_flags
= SECINFO_OWNER
666 | SECINFO_PROTECTED_DACL
667 | SECINFO_UNPROTECTED_DACL
;
668 struct security_descriptor
*f_sd1
;
669 struct security_descriptor
*d_sd1
= NULL
;
670 struct security_ace ace
;
671 struct dom_sid
*extra_sid
;
673 /* Add some random component to the file name. */
674 snprintf(dname
, sizeof(dname
), "session_reauth5_%s.d",
675 generate_random_str(tctx
, 8));
676 snprintf(fname
, sizeof(fname
), "%s\\file.dat", dname
);
678 ok
= smb2_util_setup_dir(tctx
, tree
, dname
);
679 torture_assert(tctx
, ok
, "smb2_util_setup_dir not ok");
681 status
= torture_smb2_testdir(tree
, dname
, &_dh1
);
682 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
683 "torture_smb2_testdir failed");
686 smb2_oplock_create_share(&io1
, fname
,
687 smb2_util_share_access(""),
688 smb2_util_oplock_level("b"));
690 status
= smb2_create(tree
, mem_ctx
, &io1
);
691 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
692 "smb2_create failed");
693 _h1
= io1
.out
.file
.handle
;
695 CHECK_CREATED(tctx
, &io1
, CREATED
, FILE_ATTRIBUTE_ARCHIVE
);
696 torture_assert_int_equal(tctx
, io1
.out
.oplock_level
,
697 smb2_util_oplock_level("b"),
698 "oplock_level incorrect");
700 /* get the security descriptor */
704 qfinfo
.query_secdesc
.level
= RAW_FILEINFO_SEC_DESC
;
705 qfinfo
.query_secdesc
.in
.file
.handle
= _h1
;
706 qfinfo
.query_secdesc
.in
.secinfo_flags
= secinfo_flags
;
708 status
= smb2_getinfo_file(tree
, mem_ctx
, &qfinfo
);
709 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
710 "smb2_getinfo_file failed");
712 f_sd1
= qfinfo
.query_secdesc
.out
.sd
;
714 /* re-authenticate as anonymous */
716 anon_creds
= cli_credentials_init_anon(mem_ctx
);
717 torture_assert(tctx
, (anon_creds
!= NULL
), "talloc error");
719 status
= smb2_session_setup_spnego(tree
->session
,
721 0 /* previous_session_id */);
722 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
723 "smb2_session_setup_spnego failed");
725 /* try to rename the file: fails */
727 snprintf(fname2
, sizeof(fname2
), "%s\\file2.dat", dname
);
729 status
= smb2_util_unlink(tree
, fname2
);
730 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
731 "smb2_util_unlink failed");
735 sfinfo
.rename_information
.level
= RAW_SFILEINFO_RENAME_INFORMATION
;
736 sfinfo
.rename_information
.in
.file
.handle
= _h1
;
737 sfinfo
.rename_information
.in
.overwrite
= true;
738 sfinfo
.rename_information
.in
.new_name
= fname2
;
740 status
= smb2_setinfo_file(tree
, &sfinfo
);
741 torture_assert_ntstatus_equal_goto(tctx
, status
,
742 NT_STATUS_ACCESS_DENIED
,
743 ret
, done
, "smb2_setinfo_file "
744 "returned unexpected status");
746 /* re-authenticate as original user again */
748 status
= smb2_session_setup_spnego(tree
->session
,
749 samba_cmdline_get_creds(),
750 0 /* previous_session_id */);
751 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
752 "smb2_session_setup_spnego failed");
754 /* give full access on the file to anonymous */
756 extra_sid
= dom_sid_parse_talloc(tctx
, SID_NT_ANONYMOUS
);
759 ace
.type
= SEC_ACE_TYPE_ACCESS_ALLOWED
;
761 ace
.access_mask
= SEC_RIGHTS_FILE_ALL
;
762 ace
.trustee
= *extra_sid
;
764 status
= security_descriptor_dacl_add(f_sd1
, &ace
);
765 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
766 "security_descriptor_dacl_add failed");
769 sfinfo
.set_secdesc
.level
= RAW_SFILEINFO_SEC_DESC
;
770 sfinfo
.set_secdesc
.in
.file
.handle
= _h1
;
771 sfinfo
.set_secdesc
.in
.secinfo_flags
= secinfo_flags
;
772 sfinfo
.set_secdesc
.in
.sd
= f_sd1
;
774 status
= smb2_setinfo_file(tree
, &sfinfo
);
775 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
776 "smb2_setinfo_file failed");
778 /* re-get the security descriptor */
782 qfinfo
.query_secdesc
.level
= RAW_FILEINFO_SEC_DESC
;
783 qfinfo
.query_secdesc
.in
.file
.handle
= _h1
;
784 qfinfo
.query_secdesc
.in
.secinfo_flags
= secinfo_flags
;
786 status
= smb2_getinfo_file(tree
, mem_ctx
, &qfinfo
);
787 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
788 "smb2_getinfo_file failed");
790 /* re-authenticate as anonymous - again */
792 anon_creds
= cli_credentials_init_anon(mem_ctx
);
793 torture_assert(tctx
, (anon_creds
!= NULL
), "talloc error");
795 status
= smb2_session_setup_spnego(tree
->session
,
797 0 /* previous_session_id */);
798 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
799 "smb2_session_setup_spnego failed");
801 /* try to rename the file: fails */
804 sfinfo
.rename_information
.level
= RAW_SFILEINFO_RENAME_INFORMATION
;
805 sfinfo
.rename_information
.in
.file
.handle
= _h1
;
806 sfinfo
.rename_information
.in
.overwrite
= true;
807 sfinfo
.rename_information
.in
.new_name
= fname2
;
809 status
= smb2_setinfo_file(tree
, &sfinfo
);
810 torture_assert_ntstatus_equal_goto(tctx
, status
,
811 NT_STATUS_ACCESS_DENIED
,
812 ret
, done
, "smb2_setinfo_file "
813 "returned unexpected status");
815 /* give full access on the parent dir to anonymous */
819 qfinfo
.query_secdesc
.level
= RAW_FILEINFO_SEC_DESC
;
820 qfinfo
.query_secdesc
.in
.file
.handle
= _dh1
;
821 qfinfo
.query_secdesc
.in
.secinfo_flags
= secinfo_flags
;
823 status
= smb2_getinfo_file(tree
, mem_ctx
, &qfinfo
);
824 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
825 "smb2_getinfo_file failed");
827 d_sd1
= qfinfo
.query_secdesc
.out
.sd
;
830 ace
.type
= SEC_ACE_TYPE_ACCESS_ALLOWED
;
832 ace
.access_mask
= SEC_RIGHTS_FILE_ALL
;
833 ace
.trustee
= *extra_sid
;
835 status
= security_descriptor_dacl_add(d_sd1
, &ace
);
836 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
837 "security_descriptor_dacl_add failed");
840 sfinfo
.set_secdesc
.level
= RAW_SFILEINFO_SEC_DESC
;
841 sfinfo
.set_secdesc
.in
.file
.handle
= _dh1
;
842 sfinfo
.set_secdesc
.in
.secinfo_flags
= secinfo_flags
;
843 sfinfo
.set_secdesc
.in
.secinfo_flags
= SECINFO_DACL
;
844 sfinfo
.set_secdesc
.in
.sd
= d_sd1
;
846 status
= smb2_setinfo_file(tree
, &sfinfo
);
847 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
848 "smb2_setinfo_file failed");
852 qfinfo
.query_secdesc
.level
= RAW_FILEINFO_SEC_DESC
;
853 qfinfo
.query_secdesc
.in
.file
.handle
= _dh1
;
854 qfinfo
.query_secdesc
.in
.secinfo_flags
= secinfo_flags
;
856 status
= smb2_getinfo_file(tree
, mem_ctx
, &qfinfo
);
857 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
858 "smb2_getinfo_file failed");
860 status
= smb2_util_close(tree
, _dh1
);
861 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
862 "smb2_util_close failed");
865 /* try to rename the file: still fails */
868 sfinfo
.rename_information
.level
= RAW_SFILEINFO_RENAME_INFORMATION
;
869 sfinfo
.rename_information
.in
.file
.handle
= _h1
;
870 sfinfo
.rename_information
.in
.overwrite
= true;
871 sfinfo
.rename_information
.in
.new_name
= fname2
;
873 status
= smb2_setinfo_file(tree
, &sfinfo
);
874 torture_assert_ntstatus_equal_goto(tctx
, status
,
875 NT_STATUS_ACCESS_DENIED
,
876 ret
, done
, "smb2_setinfo_file "
877 "returned unexpected status");
879 /* re-authenticate as original user - again */
881 status
= smb2_session_setup_spnego(tree
->session
,
882 samba_cmdline_get_creds(),
883 0 /* previous_session_id */);
884 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
885 "smb2_session_setup_spnego failed");
887 /* rename the file - for verification that it works */
890 sfinfo
.rename_information
.level
= RAW_SFILEINFO_RENAME_INFORMATION
;
891 sfinfo
.rename_information
.in
.file
.handle
= _h1
;
892 sfinfo
.rename_information
.in
.overwrite
= true;
893 sfinfo
.rename_information
.in
.new_name
= fname2
;
895 status
= smb2_setinfo_file(tree
, &sfinfo
);
896 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
897 "smb2_setinfo_file failed");
899 /* closs the file, check it is gone and reopen under the new name */
901 status
= smb2_util_close(tree
, _h1
);
902 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
903 "smb2_util_close failed");
906 smb2_generic_create_share(&io1
,
907 NULL
/* lease */, false /* dir */,
910 smb2_util_share_access(""),
911 smb2_util_oplock_level("b"),
912 0 /* leasekey */, 0 /* leasestate */);
914 status
= smb2_create(tree
, mem_ctx
, &io1
);
915 torture_assert_ntstatus_equal_goto(tctx
, status
,
916 NT_STATUS_OBJECT_NAME_NOT_FOUND
,
917 ret
, done
, "smb2_create "
918 "returned unexpected status");
922 smb2_generic_create_share(&io1
,
923 NULL
/* lease */, false /* dir */,
926 smb2_util_share_access(""),
927 smb2_util_oplock_level("b"),
928 0 /* leasekey */, 0 /* leasestate */);
930 status
= smb2_create(tree
, mem_ctx
, &io1
);
931 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
932 "smb2_create failed");
933 _h1
= io1
.out
.file
.handle
;
935 CHECK_CREATED(tctx
, &io1
, EXISTED
, FILE_ATTRIBUTE_ARCHIVE
);
936 torture_assert_int_equal(tctx
, io1
.out
.oplock_level
,
937 smb2_util_oplock_level("b"),
938 "oplock_level incorrect");
940 /* try to access the file via the old handle */
944 qfinfo
.query_secdesc
.level
= RAW_FILEINFO_SEC_DESC
;
945 qfinfo
.query_secdesc
.in
.file
.handle
= _h1
;
946 qfinfo
.query_secdesc
.in
.secinfo_flags
= secinfo_flags
;
948 status
= smb2_getinfo_file(tree
, mem_ctx
, &qfinfo
);
949 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
950 "smb2_getinfo_file failed");
954 smb2_util_close(tree
, *dh1
);
957 smb2_util_close(tree
, *h1
);
960 smb2_deltree(tree
, dname
);
964 talloc_free(mem_ctx
);
970 * do reauth with wrong credentials,
971 * hence triggering the error path in reauth.
972 * The invalid reauth deletes the session.
974 bool test_session_reauth6(struct torture_context
*tctx
, struct smb2_tree
*tree
)
977 TALLOC_CTX
*mem_ctx
= talloc_new(tctx
);
979 struct smb2_handle _h1
;
980 struct smb2_handle
*h1
= NULL
;
981 struct smb2_create io1
;
983 char *corrupted_password
;
984 struct cli_credentials
*broken_creds
;
988 enum credentials_use_kerberos krb_state
;
990 krb_state
= cli_credentials_get_kerberos_state(
991 samba_cmdline_get_creds());
992 if (krb_state
== CRED_USE_KERBEROS_REQUIRED
) {
994 "Can't test failing session setup with kerberos.");
997 encrypted
= smb2cli_tcon_is_encryption_on(tree
->smbXcli
);
999 /* Add some random component to the file name. */
1000 snprintf(fname
, sizeof(fname
), "session_reauth1_%s.dat",
1001 generate_random_str(tctx
, 8));
1003 smb2_util_unlink(tree
, fname
);
1005 smb2_oplock_create_share(&io1
, fname
,
1006 smb2_util_share_access(""),
1007 smb2_util_oplock_level("b"));
1008 io1
.in
.create_options
|= NTCREATEX_OPTIONS_DELETE_ON_CLOSE
;
1010 status
= smb2_create(tree
, mem_ctx
, &io1
);
1011 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1012 "smb2_create failed");
1013 _h1
= io1
.out
.file
.handle
;
1015 CHECK_CREATED(tctx
, &io1
, CREATED
, FILE_ATTRIBUTE_ARCHIVE
);
1016 torture_assert_int_equal(tctx
, io1
.out
.oplock_level
,
1017 smb2_util_oplock_level("b"),
1018 "oplock_level incorrect");
1021 * reauthentication with invalid credentials:
1024 broken_creds
= cli_credentials_shallow_copy(mem_ctx
,
1025 samba_cmdline_get_creds());
1026 torture_assert(tctx
, (broken_creds
!= NULL
), "talloc error");
1028 corrupted_password
= talloc_asprintf(mem_ctx
, "%s%s",
1029 cli_credentials_get_password(broken_creds
),
1031 torture_assert(tctx
, (corrupted_password
!= NULL
), "talloc error");
1033 ok
= cli_credentials_set_password(broken_creds
, corrupted_password
,
1035 torture_assert(tctx
, ok
, "cli_credentials_set_password not ok");
1037 status
= smb2_session_setup_spnego(tree
->session
,
1039 0 /* previous_session_id */);
1040 torture_assert_ntstatus_equal_goto(tctx
, status
,
1041 NT_STATUS_LOGON_FAILURE
, ret
, done
,
1042 "smb2_session_setup_spnego "
1043 "returned unexpected status");
1045 torture_comment(tctx
, "did failed reauth\n");
1047 * now verify that the invalid session reauth has closed our session
1051 expected
= NT_STATUS_CONNECTION_DISCONNECTED
;
1053 expected
= NT_STATUS_USER_SESSION_DELETED
;
1056 smb2_oplock_create_share(&io1
, fname
,
1057 smb2_util_share_access(""),
1058 smb2_util_oplock_level("b"));
1060 status
= smb2_create(tree
, mem_ctx
, &io1
);
1061 torture_assert_ntstatus_equal_goto(tctx
, status
, expected
,
1062 ret
, done
, "smb2_create "
1063 "returned unexpected status");
1067 smb2_util_close(tree
, *h1
);
1070 smb2_util_unlink(tree
, fname
);
1074 talloc_free(mem_ctx
);
1080 static bool test_session_expire1i(struct torture_context
*tctx
,
1082 bool force_encryption
)
1086 struct smbcli_options options
;
1087 const char *host
= torture_setting_string(tctx
, "host", NULL
);
1088 const char *share
= torture_setting_string(tctx
, "share", NULL
);
1089 struct cli_credentials
*credentials
= samba_cmdline_get_creds();
1090 struct smb2_tree
*tree
= NULL
;
1091 enum credentials_use_kerberos use_kerberos
;
1093 struct smb2_handle _h1
;
1094 struct smb2_handle
*h1
= NULL
;
1095 struct smb2_create io1
;
1096 union smb_fileinfo qfinfo
;
1098 struct timeval endtime
;
1099 bool ticket_expired
= false;
1101 use_kerberos
= cli_credentials_get_kerberos_state(credentials
);
1102 if (use_kerberos
!= CRED_USE_KERBEROS_REQUIRED
) {
1103 torture_warning(tctx
,
1104 "smb2.session.expire1 requires "
1105 "--use-kerberos=required!");
1107 "smb2.session.expire1 requires "
1108 "--use-kerberos=required!");
1111 torture_assert_int_equal(tctx
,
1113 CRED_USE_KERBEROS_REQUIRED
,
1114 "please use --use-kerberos=required");
1116 cli_credentials_invalidate_ccache(credentials
, CRED_SPECIFIED
);
1120 GENSEC_GSSAPI_REQUESTED_LIFETIME(KRB5_TICKET_LIFETIME
));
1122 lpcfg_smbcli_options(tctx
->lp_ctx
, &options
);
1123 if (force_signing
) {
1124 options
.signing
= SMB_SIGNING_REQUIRED
;
1127 status
= smb2_connect(tctx
,
1129 lpcfg_smb_ports(tctx
->lp_ctx
),
1131 lpcfg_resolve_context(tctx
->lp_ctx
),
1136 lpcfg_socket_options(tctx
->lp_ctx
),
1137 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
)
1140 * We request a ticket lifetime of KRB5_TICKET_LIFETIME seconds.
1141 * Give the server at least KRB5_TICKET_LIFETIME + KRB5_CLOCKSKEW + a
1142 * few more milliseconds for this to kick in.
1144 endtime
= timeval_current_ofs(KRB5_TICKET_EXPIRETIME
, 500 * 1000);
1145 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1146 "smb2_connect failed");
1148 if (force_encryption
) {
1149 status
= smb2cli_session_encryption_on(tree
->session
->smbXcli
);
1150 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1151 "smb2cli_session_encryption_on failed");
1154 /* Add some random component to the file name. */
1155 snprintf(fname
, sizeof(fname
), "session_expire1_%s.dat",
1156 generate_random_str(tctx
, 8));
1158 smb2_util_unlink(tree
, fname
);
1160 smb2_oplock_create_share(&io1
, fname
,
1161 smb2_util_share_access(""),
1162 smb2_util_oplock_level("b"));
1163 io1
.in
.create_options
|= NTCREATEX_OPTIONS_DELETE_ON_CLOSE
;
1165 status
= smb2_create(tree
, tctx
, &io1
);
1166 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1167 "smb2_create failed");
1168 _h1
= io1
.out
.file
.handle
;
1170 CHECK_CREATED(tctx
, &io1
, CREATED
, FILE_ATTRIBUTE_ARCHIVE
);
1171 torture_assert_int_equal(tctx
, io1
.out
.oplock_level
,
1172 smb2_util_oplock_level("b"),
1173 "oplock_level incorrect");
1175 /* get the security descriptor */
1177 ZERO_STRUCT(qfinfo
);
1179 qfinfo
.access_information
.level
= RAW_FILEINFO_ACCESS_INFORMATION
;
1180 qfinfo
.access_information
.in
.file
.handle
= _h1
;
1182 for (i
=0; i
< 2; i
++) {
1183 torture_comment(tctx
, "%s: query info => OK\n",
1184 current_timestring(tctx
, true));
1186 ZERO_STRUCT(qfinfo
.access_information
.out
);
1187 status
= smb2_getinfo_file(tree
, tctx
, &qfinfo
);
1188 torture_comment(tctx
, "%s: %s:%s: after smb2_getinfo_file() => %s\n",
1189 current_timestring(tctx
, true),
1190 __location__
, __func__
,
1192 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1193 "smb2_getinfo_file failed");
1195 sleep_remaining(tctx
, &endtime
);
1197 torture_comment(tctx
, "%s: query info => EXPIRED\n",
1198 current_timestring(tctx
, true));
1199 ZERO_STRUCT(qfinfo
.access_information
.out
);
1200 status
= smb2_getinfo_file(tree
, tctx
, &qfinfo
);
1201 torture_comment(tctx
, "%s: %s:%s: after smb2_getinfo_file() => %s\n",
1202 current_timestring(tctx
, true),
1203 __location__
, __func__
,
1205 torture_assert_ntstatus_equal_goto(tctx
, status
,
1206 NT_STATUS_NETWORK_SESSION_EXPIRED
,
1207 ret
, done
, "smb2_getinfo_file "
1208 "returned unexpected status");
1211 * the krb5 library may not handle expired creds
1212 * well, lets start with an empty ccache.
1214 cli_credentials_invalidate_ccache(credentials
, CRED_SPECIFIED
);
1216 if (!force_encryption
) {
1217 smb2cli_session_require_signed_response(
1218 tree
->session
->smbXcli
, true);
1221 torture_comment(tctx
, "%s: reauth => OK\n",
1222 current_timestring(tctx
, true));
1223 status
= smb2_session_setup_spnego(tree
->session
,
1225 0 /* previous_session_id */);
1227 * We request a ticket lifetime of KRB5_TICKET_LIFETIME seconds.
1228 * Give the server at least KRB5_TICKET_LIFETIME +
1229 * KRB5_CLOCKSKEW + a few more milliseconds for this to kick in.
1231 endtime
= timeval_current_ofs(KRB5_TICKET_EXPIRETIME
,
1233 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1234 "smb2_session_setup_spnego failed");
1236 smb2cli_session_require_signed_response(
1237 tree
->session
->smbXcli
, false);
1240 ticket_expired
= timeval_expired(&endtime
);
1241 if (ticket_expired
) {
1242 struct timeval current
= timeval_current();
1243 double remaining_secs
= timeval_elapsed2(¤t
, &endtime
);
1244 remaining_secs
= remaining_secs
< 0.0 ? remaining_secs
* -1.0
1248 "The ticket already expired %.2f seconds ago. "
1249 "You might want to increase KRB5_TICKET_LIFETIME.",
1252 torture_assert(tctx
,
1253 ticket_expired
== false,
1254 "The kerberos ticket already expired");
1255 ZERO_STRUCT(qfinfo
.access_information
.out
);
1256 torture_comment(tctx
, "%s: %s:%s: before smb2_getinfo_file()\n",
1257 current_timestring(tctx
, true),
1258 __location__
, __func__
);
1259 status
= smb2_getinfo_file(tree
, tctx
, &qfinfo
);
1260 torture_comment(tctx
, "%s: %s:%s: after smb2_getinfo_file() => %s\n",
1261 current_timestring(tctx
, true),
1262 __location__
, __func__
,
1264 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1265 "smb2_getinfo_file failed");
1269 cli_credentials_invalidate_ccache(credentials
, CRED_SPECIFIED
);
1272 smb2_util_close(tree
, *h1
);
1276 lpcfg_set_option(tctx
->lp_ctx
, GENSEC_GSSAPI_REQUESTED_LIFETIME(0));
1280 static bool test_session_expire1n(struct torture_context
*tctx
)
1282 return test_session_expire1i(tctx
,
1283 false, /* force_signing */
1284 false); /* force_encryption */
1287 static bool test_session_expire1s(struct torture_context
*tctx
)
1289 return test_session_expire1i(tctx
,
1290 true, /* force_signing */
1291 false); /* force_encryption */
1294 static bool test_session_expire1e(struct torture_context
*tctx
)
1296 return test_session_expire1i(tctx
,
1297 true, /* force_signing */
1298 true); /* force_encryption */
1301 static bool test_session_expire2i(struct torture_context
*tctx
,
1302 bool force_encryption
)
1306 struct smbcli_options options
;
1307 const char *host
= torture_setting_string(tctx
, "host", NULL
);
1308 const char *share
= torture_setting_string(tctx
, "share", NULL
);
1309 struct cli_credentials
*credentials
= samba_cmdline_get_creds();
1310 struct smb2_tree
*tree
= NULL
;
1311 const char *unc
= NULL
;
1312 struct smb2_tree
*tree2
= NULL
;
1313 struct tevent_req
*subreq
= NULL
;
1314 uint32_t timeout_msec
;
1315 enum credentials_use_kerberos use_kerberos
;
1318 struct smb2_handle dh
;
1319 struct smb2_handle dh2
;
1320 struct smb2_handle _h1
;
1321 struct smb2_handle
*h1
= NULL
;
1322 struct smb2_create io1
;
1323 union smb_fileinfo qfinfo
;
1324 union smb_setfileinfo sfinfo
;
1325 struct smb2_flush flsh
;
1326 struct smb2_read rd
;
1327 const uint8_t wd
= 0;
1328 struct smb2_lock lck
;
1329 struct smb2_lock_element el
;
1330 struct smb2_ioctl ctl
;
1331 struct smb2_break oack
;
1332 struct smb2_lease_break_ack lack
;
1333 struct smb2_find fnd
;
1334 union smb_search_data
*d
= NULL
;
1336 struct smb2_request
*req
= NULL
;
1337 struct smb2_notify ntf1
;
1338 struct smb2_notify ntf2
;
1339 struct timeval endtime
;
1341 use_kerberos
= cli_credentials_get_kerberos_state(credentials
);
1342 if (use_kerberos
!= CRED_USE_KERBEROS_REQUIRED
) {
1343 torture_warning(tctx
,
1344 "smb2.session.expire1 requires "
1345 "--use-kerberos=required!");
1347 "smb2.session.expire1 requires "
1348 "--use-kerberos=required!");
1351 torture_assert_int_equal(tctx
,
1353 CRED_USE_KERBEROS_REQUIRED
,
1354 "please use --use-kerberos=required");
1356 cli_credentials_invalidate_ccache(credentials
, CRED_SPECIFIED
);
1360 GENSEC_GSSAPI_REQUESTED_LIFETIME(KRB5_TICKET_LIFETIME
));
1362 lpcfg_smbcli_options(tctx
->lp_ctx
, &options
);
1363 options
.signing
= SMB_SIGNING_REQUIRED
;
1365 unc
= talloc_asprintf(tctx
, "\\\\%s\\%s", host
, share
);
1366 torture_assert(tctx
, unc
!= NULL
, "talloc_asprintf");
1368 status
= smb2_connect(tctx
,
1370 lpcfg_smb_ports(tctx
->lp_ctx
),
1372 lpcfg_resolve_context(tctx
->lp_ctx
),
1377 lpcfg_socket_options(tctx
->lp_ctx
),
1378 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
)
1381 * We request a ticket lifetime of KRB5_TICKET_LIFETIME seconds.
1382 * Give the server at least KRB5_TICKET_LIFETIME + KRB5_CLOCKSKEW + a
1383 * few more milliseconds for this to kick in.
1385 endtime
= timeval_current_ofs(KRB5_TICKET_EXPIRETIME
, 500 * 1000);
1386 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1387 "smb2_connect failed");
1389 if (force_encryption
) {
1390 status
= smb2cli_session_encryption_on(tree
->session
->smbXcli
);
1391 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1392 "smb2cli_session_encryption_on failed");
1395 caps
= smb2cli_conn_server_capabilities(tree
->session
->transport
->conn
);
1397 /* Add some random component to the file name. */
1398 snprintf(fname
, sizeof(fname
), "session_expire2_%s.dat",
1399 generate_random_str(tctx
, 8));
1401 smb2_util_unlink(tree
, fname
);
1403 status
= smb2_util_roothandle(tree
, &dh
);
1404 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1405 "smb2_util_roothandle failed");
1407 smb2_oplock_create_share(&io1
, fname
,
1408 smb2_util_share_access(""),
1409 smb2_util_oplock_level("b"));
1410 io1
.in
.create_options
|= NTCREATEX_OPTIONS_DELETE_ON_CLOSE
;
1412 status
= smb2_create(tree
, tctx
, &io1
);
1413 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1414 "smb2_create failed");
1415 _h1
= io1
.out
.file
.handle
;
1417 CHECK_CREATED(tctx
, &io1
, CREATED
, FILE_ATTRIBUTE_ARCHIVE
);
1418 torture_assert_int_equal(tctx
, io1
.out
.oplock_level
,
1419 smb2_util_oplock_level("b"),
1420 "oplock_level incorrect");
1422 /* get the security descriptor */
1424 ZERO_STRUCT(qfinfo
);
1426 qfinfo
.access_information
.level
= RAW_FILEINFO_ACCESS_INFORMATION
;
1427 qfinfo
.access_information
.in
.file
.handle
= _h1
;
1429 torture_comment(tctx
, "query info => OK\n");
1431 ZERO_STRUCT(qfinfo
.access_information
.out
);
1432 status
= smb2_getinfo_file(tree
, tctx
, &qfinfo
);
1433 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1434 "smb2_getinfo_file failed");
1436 torture_comment(tctx
, "lock => OK\n");
1439 lck
.in
.lock_count
= 0x0001;
1440 lck
.in
.lock_sequence
= 0x00000000;
1441 lck
.in
.file
.handle
= *h1
;
1443 el
.flags
= SMB2_LOCK_FLAG_EXCLUSIVE
|
1444 SMB2_LOCK_FLAG_FAIL_IMMEDIATELY
;
1445 el
.offset
= 0x0000000000000000;
1446 el
.length
= 0x0000000000000001;
1447 status
= smb2_lock(tree
, &lck
);
1448 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1449 "smb2_lock lock failed");
1451 torture_comment(tctx
, "1st notify => PENDING\n");
1453 ntf1
.in
.file
.handle
= dh
;
1454 ntf1
.in
.recursive
= 0x0000;
1455 ntf1
.in
.buffer_size
= 128;
1456 ntf1
.in
.completion_filter
= FILE_NOTIFY_CHANGE_ATTRIBUTES
;
1457 ntf1
.in
.unknown
= 0x00000000;
1458 req
= smb2_notify_send(tree
, &ntf1
);
1460 while (!req
->cancel
.can_cancel
&& req
->state
<= SMB2_REQUEST_RECV
) {
1461 if (tevent_loop_once(tctx
->ev
) != 0) {
1466 torture_assert_goto(tctx
, req
->state
<= SMB2_REQUEST_RECV
, ret
, done
,
1467 "smb2_notify finished");
1469 sleep_remaining(tctx
, &endtime
);
1471 torture_comment(tctx
, "query info => EXPIRED\n");
1472 ZERO_STRUCT(qfinfo
.access_information
.out
);
1473 status
= smb2_getinfo_file(tree
, tctx
, &qfinfo
);
1474 torture_assert_ntstatus_equal_goto(tctx
, status
,
1475 NT_STATUS_NETWORK_SESSION_EXPIRED
,
1476 ret
, done
, "smb2_getinfo_file "
1477 "returned unexpected status");
1480 torture_comment(tctx
, "set info => EXPIRED\n");
1481 ZERO_STRUCT(sfinfo
);
1482 sfinfo
.end_of_file_info
.level
= RAW_SFILEINFO_END_OF_FILE_INFORMATION
;
1483 sfinfo
.end_of_file_info
.in
.file
.handle
= *h1
;
1484 sfinfo
.end_of_file_info
.in
.size
= 1;
1485 status
= smb2_setinfo_file(tree
, &sfinfo
);
1486 torture_assert_ntstatus_equal_goto(tctx
, status
,
1487 NT_STATUS_NETWORK_SESSION_EXPIRED
,
1488 ret
, done
, "smb2_setinfo_file "
1489 "returned unexpected status");
1491 torture_comment(tctx
, "flush => EXPIRED\n");
1493 flsh
.in
.file
.handle
= *h1
;
1494 status
= smb2_flush(tree
, &flsh
);
1495 torture_assert_ntstatus_equal_goto(tctx
, status
,
1496 NT_STATUS_NETWORK_SESSION_EXPIRED
,
1497 ret
, done
, "smb2_flush "
1498 "returned unexpected status");
1500 torture_comment(tctx
, "read => EXPIRED\n");
1502 rd
.in
.file
.handle
= *h1
;
1505 status
= smb2_read(tree
, tctx
, &rd
);
1506 torture_assert_ntstatus_equal_goto(tctx
, status
,
1507 NT_STATUS_NETWORK_SESSION_EXPIRED
,
1508 ret
, done
, "smb2_read "
1509 "returned unexpected status");
1511 torture_comment(tctx
, "write => EXPIRED\n");
1512 status
= smb2_util_write(tree
, *h1
, &wd
, 0, 1);
1513 torture_assert_ntstatus_equal_goto(tctx
, status
,
1514 NT_STATUS_NETWORK_SESSION_EXPIRED
,
1515 ret
, done
, "smb2_util_write "
1516 "returned unexpected status");
1518 torture_comment(tctx
, "ioctl => EXPIRED\n");
1520 ctl
.in
.file
.handle
= *h1
;
1521 ctl
.in
.function
= FSCTL_SRV_ENUM_SNAPS
;
1522 ctl
.in
.max_output_response
= 16;
1523 ctl
.in
.flags
= SMB2_IOCTL_FLAG_IS_FSCTL
;
1524 status
= smb2_ioctl(tree
, tctx
, &ctl
);
1525 torture_assert_ntstatus_equal_goto(tctx
, status
,
1526 NT_STATUS_NETWORK_SESSION_EXPIRED
,
1527 ret
, done
, "smb2_ioctl "
1528 "returned unexpected status");
1530 torture_comment(tctx
, "oplock ack => EXPIRED\n");
1532 oack
.in
.file
.handle
= *h1
;
1533 status
= smb2_break(tree
, &oack
);
1534 torture_assert_ntstatus_equal_goto(tctx
, status
,
1535 NT_STATUS_NETWORK_SESSION_EXPIRED
,
1536 ret
, done
, "smb2_break "
1537 "returned unexpected status");
1539 if (caps
& SMB2_CAP_LEASING
) {
1540 torture_comment(tctx
, "lease ack => EXPIRED\n");
1542 lack
.in
.lease
.lease_version
= 1;
1543 lack
.in
.lease
.lease_key
.data
[0] = 1;
1544 lack
.in
.lease
.lease_key
.data
[1] = 2;
1545 status
= smb2_lease_break_ack(tree
, &lack
);
1546 torture_assert_ntstatus_equal_goto(tctx
, status
,
1547 NT_STATUS_NETWORK_SESSION_EXPIRED
,
1548 ret
, done
, "smb2_break "
1549 "returned unexpected status");
1552 torture_comment(tctx
, "query directory => EXPIRED\n");
1554 fnd
.in
.file
.handle
= dh
;
1555 fnd
.in
.pattern
= "*";
1556 fnd
.in
.continue_flags
= SMB2_CONTINUE_FLAG_SINGLE
;
1557 fnd
.in
.max_response_size
= 0x100;
1558 fnd
.in
.level
= SMB2_FIND_BOTH_DIRECTORY_INFO
;
1559 status
= smb2_find_level(tree
, tree
, &fnd
, &count
, &d
);
1560 torture_assert_ntstatus_equal_goto(tctx
, status
,
1561 NT_STATUS_NETWORK_SESSION_EXPIRED
,
1562 ret
, done
, "smb2_find_level "
1563 "returned unexpected status");
1565 torture_comment(tctx
, "1st notify => CANCEL\n");
1568 torture_comment(tctx
, "2nd notify => EXPIRED\n");
1570 ntf2
.in
.file
.handle
= dh
;
1571 ntf2
.in
.recursive
= 0x0000;
1572 ntf2
.in
.buffer_size
= 128;
1573 ntf2
.in
.completion_filter
= FILE_NOTIFY_CHANGE_ATTRIBUTES
;
1574 ntf2
.in
.unknown
= 0x00000000;
1575 status
= smb2_notify(tree
, tctx
, &ntf2
);
1576 torture_assert_ntstatus_equal_goto(tctx
, status
,
1577 NT_STATUS_NETWORK_SESSION_EXPIRED
,
1578 ret
, done
, "smb2_notify "
1579 "returned unexpected status");
1581 torture_assert_goto(tctx
, req
->state
> SMB2_REQUEST_RECV
, ret
, done
,
1582 "smb2_notify (1st) not finished");
1584 status
= smb2_notify_recv(req
, tctx
, &ntf1
);
1585 torture_assert_ntstatus_equal_goto(tctx
, status
,
1586 NT_STATUS_CANCELLED
,
1587 ret
, done
, "smb2_notify cancelled"
1588 "returned unexpected status");
1590 torture_comment(tctx
, "tcon => EXPIRED\n");
1591 tree2
= smb2_tree_init(tree
->session
, tctx
, false);
1592 torture_assert(tctx
, tree2
!= NULL
, "smb2_tree_init");
1593 timeout_msec
= tree
->session
->transport
->options
.request_timeout
* 1000;
1594 subreq
= smb2cli_tcon_send(tree2
, tctx
->ev
,
1595 tree2
->session
->transport
->conn
,
1597 tree2
->session
->smbXcli
,
1601 torture_assert(tctx
, subreq
!= NULL
, "smb2cli_tcon_send");
1602 torture_assert(tctx
,
1603 tevent_req_poll_ntstatus(subreq
, tctx
->ev
, &status
),
1604 "tevent_req_poll_ntstatus");
1605 status
= smb2cli_tcon_recv(subreq
);
1606 TALLOC_FREE(subreq
);
1607 torture_assert_ntstatus_equal_goto(tctx
, status
,
1608 NT_STATUS_NETWORK_SESSION_EXPIRED
,
1609 ret
, done
, "smb2cli_tcon"
1610 "returned unexpected status");
1612 torture_comment(tctx
, "create => EXPIRED\n");
1613 status
= smb2_util_roothandle(tree
, &dh2
);
1614 torture_assert_ntstatus_equal_goto(tctx
, status
,
1615 NT_STATUS_NETWORK_SESSION_EXPIRED
,
1616 ret
, done
, "smb2_util_roothandle"
1617 "returned unexpected status");
1619 torture_comment(tctx
, "tdis => EXPIRED\n");
1620 status
= smb2_tdis(tree
);
1621 torture_assert_ntstatus_equal_goto(tctx
, status
,
1622 NT_STATUS_NETWORK_SESSION_EXPIRED
,
1623 ret
, done
, "smb2cli_tdis"
1624 "returned unexpected status");
1627 * (Un)Lock, Close and Logoff are still possible
1630 torture_comment(tctx
, "1st unlock => OK\n");
1631 el
.flags
= SMB2_LOCK_FLAG_UNLOCK
;
1632 status
= smb2_lock(tree
, &lck
);
1633 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1634 "smb2_lock unlock failed");
1636 torture_comment(tctx
, "2nd unlock => RANGE_NOT_LOCKED\n");
1637 status
= smb2_lock(tree
, &lck
);
1638 torture_assert_ntstatus_equal_goto(tctx
, status
,
1639 NT_STATUS_RANGE_NOT_LOCKED
,
1640 ret
, done
, "smb2_lock 2nd unlock"
1641 "returned unexpected status");
1643 torture_comment(tctx
, "lock => EXPIRED\n");
1644 el
.flags
= SMB2_LOCK_FLAG_EXCLUSIVE
|
1645 SMB2_LOCK_FLAG_FAIL_IMMEDIATELY
;
1646 status
= smb2_lock(tree
, &lck
);
1647 torture_assert_ntstatus_equal_goto(tctx
, status
,
1648 NT_STATUS_NETWORK_SESSION_EXPIRED
,
1649 ret
, done
, "smb2_util_roothandle"
1650 "returned unexpected status");
1652 torture_comment(tctx
, "close => OK\n");
1653 status
= smb2_util_close(tree
, *h1
);
1655 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1656 "smb2_close failed");
1658 torture_comment(tctx
, "echo without session => OK\n");
1659 status
= smb2_keepalive(tree
->session
->transport
);
1660 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1661 "smb2_keepalive without session failed");
1663 torture_comment(tctx
, "echo with session => OK\n");
1664 req
= smb2_keepalive_send(tree
->session
->transport
, tree
->session
);
1665 status
= smb2_keepalive_recv(req
);
1666 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1667 "smb2_keepalive with session failed");
1669 torture_comment(tctx
, "logoff => OK\n");
1670 status
= smb2_logoff(tree
->session
);
1671 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1672 "smb2_logoff failed");
1676 cli_credentials_invalidate_ccache(credentials
, CRED_SPECIFIED
);
1679 smb2_util_close(tree
, *h1
);
1683 lpcfg_set_option(tctx
->lp_ctx
, GENSEC_GSSAPI_REQUESTED_LIFETIME(0));
1687 static bool test_session_expire2s(struct torture_context
*tctx
)
1689 return test_session_expire2i(tctx
,
1690 false); /* force_encryption */
1693 static bool test_session_expire2e(struct torture_context
*tctx
)
1695 return test_session_expire2i(tctx
,
1696 true); /* force_encryption */
1699 static bool test_session_expire_disconnect(struct torture_context
*tctx
)
1703 struct smbcli_options options
;
1704 const char *host
= torture_setting_string(tctx
, "host", NULL
);
1705 const char *share
= torture_setting_string(tctx
, "share", NULL
);
1706 struct cli_credentials
*credentials
= samba_cmdline_get_creds();
1707 struct smb2_tree
*tree
= NULL
;
1708 enum credentials_use_kerberos use_kerberos
;
1710 struct smb2_handle _h1
;
1711 struct smb2_handle
*h1
= NULL
;
1712 struct smb2_create io1
;
1713 union smb_fileinfo qfinfo
;
1715 struct timeval endtime
;
1717 use_kerberos
= cli_credentials_get_kerberos_state(credentials
);
1718 if (use_kerberos
!= CRED_USE_KERBEROS_REQUIRED
) {
1719 torture_warning(tctx
,
1720 "smb2.session.expire1 requires "
1721 "--use-kerberos=required!");
1723 "smb2.session.expire1 requires "
1724 "--use-kerberos=required!");
1727 cli_credentials_invalidate_ccache(credentials
, CRED_SPECIFIED
);
1731 GENSEC_GSSAPI_REQUESTED_LIFETIME(KRB5_TICKET_LIFETIME
));
1732 lpcfg_smbcli_options(tctx
->lp_ctx
, &options
);
1733 options
.signing
= SMB_SIGNING_REQUIRED
;
1735 status
= smb2_connect(tctx
,
1737 lpcfg_smb_ports(tctx
->lp_ctx
),
1739 lpcfg_resolve_context(tctx
->lp_ctx
),
1744 lpcfg_socket_options(tctx
->lp_ctx
),
1745 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
)
1748 * We request a ticket lifetime of KRB5_TICKET_LIFETIME seconds.
1749 * Give the server at least KRB5_TICKET_LIFETIME + KRB5_CLOCKSKEW + a
1750 * few more milliseconds for this to kick in.
1752 endtime
= timeval_current_ofs(KRB5_TICKET_EXPIRETIME
, 500 * 1000);
1753 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1754 "smb2_connect failed");
1756 smbXcli_session_set_disconnect_expired(tree
->session
->smbXcli
);
1758 /* Add some random component to the file name. */
1759 snprintf(fname
, sizeof(fname
), "session_expire1_%s.dat",
1760 generate_random_str(tctx
, 8));
1762 smb2_util_unlink(tree
, fname
);
1764 smb2_oplock_create_share(&io1
, fname
,
1765 smb2_util_share_access(""),
1766 smb2_util_oplock_level("b"));
1767 io1
.in
.create_options
|= NTCREATEX_OPTIONS_DELETE_ON_CLOSE
;
1769 status
= smb2_create(tree
, tctx
, &io1
);
1770 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1771 "smb2_create failed");
1772 _h1
= io1
.out
.file
.handle
;
1774 CHECK_CREATED(tctx
, &io1
, CREATED
, FILE_ATTRIBUTE_ARCHIVE
);
1775 torture_assert_int_equal(tctx
, io1
.out
.oplock_level
,
1776 smb2_util_oplock_level("b"),
1777 "oplock_level incorrect");
1779 /* get the security descriptor */
1781 ZERO_STRUCT(qfinfo
);
1783 qfinfo
.access_information
.level
= RAW_FILEINFO_ACCESS_INFORMATION
;
1784 qfinfo
.access_information
.in
.file
.handle
= _h1
;
1786 torture_comment(tctx
, "query info => OK\n");
1788 ZERO_STRUCT(qfinfo
.access_information
.out
);
1789 status
= smb2_getinfo_file(tree
, tctx
, &qfinfo
);
1790 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1791 "smb2_getinfo_file failed");
1793 sleep_remaining(tctx
, &endtime
);
1795 torture_comment(tctx
, "query info => EXPIRED\n");
1796 ZERO_STRUCT(qfinfo
.access_information
.out
);
1797 status
= smb2_getinfo_file(tree
, tctx
, &qfinfo
);
1798 torture_assert_ntstatus_equal_goto(tctx
, status
,
1799 NT_STATUS_NETWORK_SESSION_EXPIRED
,
1800 ret
, done
, "smb2_getinfo_file "
1801 "returned unexpected status");
1803 connected
= smbXcli_conn_is_connected(tree
->session
->transport
->conn
);
1804 torture_assert_goto(tctx
, !connected
, ret
, done
, "connected\n");
1808 cli_credentials_invalidate_ccache(credentials
, CRED_SPECIFIED
);
1811 smb2_util_close(tree
, *h1
);
1815 lpcfg_set_option(tctx
->lp_ctx
, GENSEC_GSSAPI_REQUESTED_LIFETIME(0));
1819 bool test_session_bind1(struct torture_context
*tctx
, struct smb2_tree
*tree1
)
1821 const char *host
= torture_setting_string(tctx
, "host", NULL
);
1822 const char *share
= torture_setting_string(tctx
, "share", NULL
);
1823 struct cli_credentials
*credentials
= samba_cmdline_get_creds();
1825 TALLOC_CTX
*mem_ctx
= talloc_new(tctx
);
1827 struct smb2_handle _h1
;
1828 struct smb2_handle
*h1
= NULL
;
1829 struct smb2_create io1
;
1830 union smb_fileinfo qfinfo
;
1832 struct smb2_tree
*tree2
= NULL
;
1833 struct smb2_transport
*transport1
= tree1
->session
->transport
;
1834 struct smbcli_options options2
;
1835 struct smb2_transport
*transport2
= NULL
;
1836 struct smb2_session
*session1_1
= tree1
->session
;
1837 struct smb2_session
*session1_2
= NULL
;
1838 struct smb2_session
*session2_1
= NULL
;
1839 struct smb2_session
*session2_2
= NULL
;
1842 caps
= smb2cli_conn_server_capabilities(transport1
->conn
);
1843 if (!(caps
& SMB2_CAP_MULTI_CHANNEL
)) {
1844 torture_skip(tctx
, "server doesn't support SMB2_CAP_MULTI_CHANNEL\n");
1848 * We always want signing for this test!
1850 smb2cli_tcon_should_sign(tree1
->smbXcli
, true);
1851 options2
= transport1
->options
;
1852 options2
.signing
= SMB_SIGNING_REQUIRED
;
1854 /* Add some random component to the file name. */
1855 snprintf(fname
, sizeof(fname
), "session_bind1_%s.dat",
1856 generate_random_str(tctx
, 8));
1858 smb2_util_unlink(tree1
, fname
);
1860 smb2_oplock_create_share(&io1
, fname
,
1861 smb2_util_share_access(""),
1862 smb2_util_oplock_level("b"));
1864 status
= smb2_create(tree1
, mem_ctx
, &io1
);
1865 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1866 "smb2_create failed");
1867 _h1
= io1
.out
.file
.handle
;
1869 CHECK_CREATED(tctx
, &io1
, CREATED
, FILE_ATTRIBUTE_ARCHIVE
);
1870 torture_assert_int_equal(tctx
, io1
.out
.oplock_level
,
1871 smb2_util_oplock_level("b"),
1872 "oplock_level incorrect");
1874 status
= smb2_connect(tctx
,
1876 lpcfg_smb_ports(tctx
->lp_ctx
),
1878 lpcfg_resolve_context(tctx
->lp_ctx
),
1883 lpcfg_socket_options(tctx
->lp_ctx
),
1884 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
)
1886 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1887 "smb2_connect failed");
1888 session2_2
= tree2
->session
;
1889 transport2
= tree2
->session
->transport
;
1892 * Now bind the 2nd transport connection to the 1st session
1894 session1_2
= smb2_session_channel(transport2
,
1895 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
),
1898 torture_assert(tctx
, session1_2
!= NULL
, "smb2_session_channel failed");
1900 status
= smb2_session_setup_spnego(session1_2
,
1901 samba_cmdline_get_creds(),
1902 0 /* previous_session_id */);
1903 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1904 "smb2_session_setup_spnego failed");
1906 /* use the 1st connection, 1st session */
1907 ZERO_STRUCT(qfinfo
);
1908 qfinfo
.generic
.level
= RAW_FILEINFO_POSITION_INFORMATION
;
1909 qfinfo
.generic
.in
.file
.handle
= _h1
;
1910 tree1
->session
= session1_1
;
1911 status
= smb2_getinfo_file(tree1
, mem_ctx
, &qfinfo
);
1912 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1913 "smb2_getinfo_file failed");
1915 /* use the 2nd connection, 1st session */
1916 ZERO_STRUCT(qfinfo
);
1917 qfinfo
.generic
.level
= RAW_FILEINFO_POSITION_INFORMATION
;
1918 qfinfo
.generic
.in
.file
.handle
= _h1
;
1919 tree1
->session
= session1_2
;
1920 status
= smb2_getinfo_file(tree1
, mem_ctx
, &qfinfo
);
1921 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1922 "smb2_getinfo_file failed");
1924 tree1
->session
= session1_1
;
1925 status
= smb2_util_close(tree1
, *h1
);
1926 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1927 "smb2_util_close failed");
1931 * Now bind the 1st transport connection to the 2nd session
1933 session2_1
= smb2_session_channel(transport1
,
1934 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
),
1937 torture_assert(tctx
, session2_1
!= NULL
, "smb2_session_channel failed");
1939 status
= smb2_session_setup_spnego(session2_1
,
1940 samba_cmdline_get_creds(),
1941 0 /* previous_session_id */);
1942 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1943 "smb2_session_setup_spnego failed");
1945 tree2
->session
= session2_1
;
1946 status
= smb2_util_unlink(tree2
, fname
);
1947 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1948 "smb2_util_unlink failed");
1952 tree1
->session
= session1_1
;
1955 smb2_util_close(tree1
, *h1
);
1958 smb2_util_unlink(tree1
, fname
);
1962 talloc_free(mem_ctx
);
1967 static bool test_session_bind2(struct torture_context
*tctx
, struct smb2_tree
*tree1
)
1969 const char *host
= torture_setting_string(tctx
, "host", NULL
);
1970 const char *share
= torture_setting_string(tctx
, "share", NULL
);
1971 struct cli_credentials
*credentials
= samba_cmdline_get_creds();
1973 TALLOC_CTX
*mem_ctx
= talloc_new(tctx
);
1976 struct smb2_handle _h1f1
;
1977 struct smb2_handle
*h1f1
= NULL
;
1978 struct smb2_handle _h1f2
;
1979 struct smb2_handle
*h1f2
= NULL
;
1980 struct smb2_handle _h2f2
;
1981 struct smb2_handle
*h2f2
= NULL
;
1982 struct smb2_create io1f1
;
1983 struct smb2_create io1f2
;
1984 struct smb2_create io2f1
;
1985 struct smb2_create io2f2
;
1986 union smb_fileinfo qfinfo
;
1988 struct smb2_transport
*transport1
= tree1
->session
->transport
;
1989 struct smbcli_options options2
;
1990 struct smb2_tree
*tree2
= NULL
;
1991 struct smb2_transport
*transport2
= NULL
;
1992 struct smbcli_options options3
;
1993 struct smb2_tree
*tree3
= NULL
;
1994 struct smb2_transport
*transport3
= NULL
;
1995 struct smb2_session
*session1_1
= tree1
->session
;
1996 struct smb2_session
*session1_2
= NULL
;
1997 struct smb2_session
*session1_3
= NULL
;
1998 struct smb2_session
*session2_1
= NULL
;
1999 struct smb2_session
*session2_2
= NULL
;
2000 struct smb2_session
*session2_3
= NULL
;
2003 caps
= smb2cli_conn_server_capabilities(transport1
->conn
);
2004 if (!(caps
& SMB2_CAP_MULTI_CHANNEL
)) {
2005 torture_skip(tctx
, "server doesn't support SMB2_CAP_MULTI_CHANNEL\n");
2009 * We always want signing for this test!
2011 smb2cli_tcon_should_sign(tree1
->smbXcli
, true);
2012 options2
= transport1
->options
;
2013 options2
.signing
= SMB_SIGNING_REQUIRED
;
2015 /* Add some random component to the file name. */
2016 snprintf(fname1
, sizeof(fname1
), "session_bind2_1_%s.dat",
2017 generate_random_str(tctx
, 8));
2018 snprintf(fname2
, sizeof(fname2
), "session_bind2_2_%s.dat",
2019 generate_random_str(tctx
, 8));
2021 smb2_util_unlink(tree1
, fname1
);
2022 smb2_util_unlink(tree1
, fname2
);
2024 smb2_oplock_create_share(&io1f1
, fname1
,
2025 smb2_util_share_access(""),
2026 smb2_util_oplock_level(""));
2027 smb2_oplock_create_share(&io1f2
, fname2
,
2028 smb2_util_share_access(""),
2029 smb2_util_oplock_level(""));
2031 status
= smb2_create(tree1
, mem_ctx
, &io1f1
);
2032 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2033 "smb2_create failed");
2034 _h1f1
= io1f1
.out
.file
.handle
;
2036 CHECK_CREATED(tctx
, &io1f1
, CREATED
, FILE_ATTRIBUTE_ARCHIVE
);
2037 torture_assert_int_equal(tctx
, io1f1
.out
.oplock_level
,
2038 smb2_util_oplock_level(""),
2039 "oplock_level incorrect");
2041 status
= smb2_connect(tctx
,
2043 lpcfg_smb_ports(tctx
->lp_ctx
),
2045 lpcfg_resolve_context(tctx
->lp_ctx
),
2050 lpcfg_socket_options(tctx
->lp_ctx
),
2051 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
)
2053 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2054 "smb2_connect failed");
2055 session2_2
= tree2
->session
;
2056 transport2
= tree2
->session
->transport
;
2057 smb2cli_tcon_should_sign(tree2
->smbXcli
, true);
2059 smb2_oplock_create_share(&io2f1
, fname1
,
2060 smb2_util_share_access(""),
2061 smb2_util_oplock_level(""));
2062 smb2_oplock_create_share(&io2f2
, fname2
,
2063 smb2_util_share_access(""),
2064 smb2_util_oplock_level(""));
2066 status
= smb2_create(tree2
, mem_ctx
, &io2f2
);
2067 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2068 "smb2_create failed");
2069 _h2f2
= io2f2
.out
.file
.handle
;
2071 CHECK_CREATED(tctx
, &io2f2
, CREATED
, FILE_ATTRIBUTE_ARCHIVE
);
2072 torture_assert_int_equal(tctx
, io2f2
.out
.oplock_level
,
2073 smb2_util_oplock_level(""),
2074 "oplock_level incorrect");
2076 options3
= transport1
->options
;
2077 options3
.signing
= SMB_SIGNING_REQUIRED
;
2078 options3
.only_negprot
= true;
2080 status
= smb2_connect(tctx
,
2082 lpcfg_smb_ports(tctx
->lp_ctx
),
2084 lpcfg_resolve_context(tctx
->lp_ctx
),
2089 lpcfg_socket_options(tctx
->lp_ctx
),
2090 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
)
2092 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2093 "smb2_connect failed");
2094 transport3
= tree3
->session
->transport
;
2097 * Create a fake session for the 2nd transport connection to the 1st session
2099 session1_2
= smb2_session_channel(transport2
,
2100 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
),
2103 torture_assert(tctx
, session1_2
!= NULL
, "smb2_session_channel failed");
2106 * Now bind the 3rd transport connection to the 1st session
2108 session1_3
= smb2_session_channel(transport3
,
2109 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
),
2112 torture_assert(tctx
, session1_3
!= NULL
, "smb2_session_channel failed");
2114 status
= smb2_session_setup_spnego(session1_3
,
2116 0 /* previous_session_id */);
2117 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2118 "smb2_session_setup_spnego failed");
2121 * Create a fake session for the 1st transport connection to the 2nd session
2123 session2_1
= smb2_session_channel(transport1
,
2124 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
),
2127 torture_assert(tctx
, session2_1
!= NULL
, "smb2_session_channel failed");
2130 * Now bind the 3rd transport connection to the 2nd session
2132 session2_3
= smb2_session_channel(transport3
,
2133 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
),
2136 torture_assert(tctx
, session2_3
!= NULL
, "smb2_session_channel failed");
2138 status
= smb2_session_setup_spnego(session2_3
,
2140 0 /* previous_session_id */);
2141 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2142 "smb2_session_setup_spnego failed");
2144 ZERO_STRUCT(qfinfo
);
2145 qfinfo
.generic
.level
= RAW_FILEINFO_POSITION_INFORMATION
;
2146 qfinfo
.generic
.in
.file
.handle
= _h1f1
;
2147 tree1
->session
= session1_1
;
2148 status
= smb2_getinfo_file(tree1
, mem_ctx
, &qfinfo
);
2149 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2150 "smb2_getinfo_file failed");
2151 tree1
->session
= session1_2
;
2152 status
= smb2_getinfo_file(tree1
, mem_ctx
, &qfinfo
);
2153 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_USER_SESSION_DELETED
, ret
, done
,
2154 "smb2_getinfo_file failed");
2155 tree1
->session
= session1_3
;
2156 status
= smb2_getinfo_file(tree1
, mem_ctx
, &qfinfo
);
2157 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2158 "smb2_getinfo_file failed");
2160 ZERO_STRUCT(qfinfo
);
2161 qfinfo
.generic
.level
= RAW_FILEINFO_POSITION_INFORMATION
;
2162 qfinfo
.generic
.in
.file
.handle
= _h2f2
;
2163 tree2
->session
= session2_1
;
2164 status
= smb2_getinfo_file(tree2
, mem_ctx
, &qfinfo
);
2165 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_USER_SESSION_DELETED
, ret
, done
,
2166 "smb2_getinfo_file failed");
2167 tree2
->session
= session2_2
;
2168 status
= smb2_getinfo_file(tree2
, mem_ctx
, &qfinfo
);
2169 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2170 "smb2_getinfo_file failed");
2171 tree2
->session
= session2_3
;
2172 status
= smb2_getinfo_file(tree2
, mem_ctx
, &qfinfo
);
2173 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2174 "smb2_getinfo_file failed");
2176 tree1
->session
= session1_1
;
2177 status
= smb2_create(tree1
, mem_ctx
, &io1f2
);
2178 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_SHARING_VIOLATION
, ret
, done
,
2179 "smb2_create failed");
2180 tree1
->session
= session1_2
;
2181 status
= smb2_create(tree1
, mem_ctx
, &io1f2
);
2182 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_USER_SESSION_DELETED
, ret
, done
,
2183 "smb2_create failed");
2184 tree1
->session
= session1_3
;
2185 status
= smb2_create(tree1
, mem_ctx
, &io1f2
);
2186 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_SHARING_VIOLATION
, ret
, done
,
2187 "smb2_create failed");
2189 tree2
->session
= session2_1
;
2190 status
= smb2_create(tree2
, mem_ctx
, &io2f1
);
2191 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_USER_SESSION_DELETED
, ret
, done
,
2192 "smb2_create failed");
2193 tree2
->session
= session2_2
;
2194 status
= smb2_create(tree2
, mem_ctx
, &io2f1
);
2195 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_SHARING_VIOLATION
, ret
, done
,
2196 "smb2_create failed");
2197 tree2
->session
= session2_3
;
2198 status
= smb2_create(tree2
, mem_ctx
, &io2f1
);
2199 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_SHARING_VIOLATION
, ret
, done
,
2200 "smb2_create failed");
2202 smbXcli_conn_disconnect(transport3
->conn
, NT_STATUS_LOCAL_DISCONNECT
);
2205 tree1
->session
= session1_1
;
2206 status
= smb2_create(tree1
, mem_ctx
, &io1f2
);
2207 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_SHARING_VIOLATION
, ret
, done
,
2208 "smb2_create failed");
2209 tree1
->session
= session1_2
;
2210 status
= smb2_create(tree1
, mem_ctx
, &io1f2
);
2211 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_USER_SESSION_DELETED
, ret
, done
,
2212 "smb2_create failed");
2214 tree2
->session
= session2_1
;
2215 status
= smb2_create(tree2
, mem_ctx
, &io2f1
);
2216 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_USER_SESSION_DELETED
, ret
, done
,
2217 "smb2_create failed");
2218 tree2
->session
= session2_2
;
2219 status
= smb2_create(tree2
, mem_ctx
, &io2f1
);
2220 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_SHARING_VIOLATION
, ret
, done
,
2221 "smb2_create failed");
2223 smbXcli_conn_disconnect(transport2
->conn
, NT_STATUS_LOCAL_DISCONNECT
);
2227 tree1
->session
= session1_1
;
2228 status
= smb2_create(tree1
, mem_ctx
, &io1f2
);
2229 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2230 "smb2_create failed");
2231 _h1f2
= io1f2
.out
.file
.handle
;
2233 CHECK_CREATED(tctx
, &io1f2
, EXISTED
, FILE_ATTRIBUTE_ARCHIVE
);
2234 torture_assert_int_equal(tctx
, io1f2
.out
.oplock_level
,
2235 smb2_util_oplock_level(""),
2236 "oplock_level incorrect");
2238 tree1
->session
= session1_1
;
2239 status
= smb2_util_close(tree1
, *h1f1
);
2240 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2241 "smb2_util_close failed");
2247 smbXcli_conn_disconnect(transport3
->conn
, NT_STATUS_LOCAL_DISCONNECT
);
2248 smbXcli_conn_disconnect(transport2
->conn
, NT_STATUS_LOCAL_DISCONNECT
);
2250 tree1
->session
= session1_1
;
2251 tree2
->session
= session2_2
;
2254 smb2_util_close(tree1
, *h1f1
);
2257 smb2_util_close(tree1
, *h1f2
);
2260 smb2_util_close(tree2
, *h2f2
);
2263 smb2_util_unlink(tree1
, fname1
);
2264 smb2_util_unlink(tree1
, fname2
);
2268 talloc_free(mem_ctx
);
2273 static bool test_session_bind_auth_mismatch(struct torture_context
*tctx
,
2274 struct smb2_tree
*tree1
,
2275 const char *testname
,
2276 struct cli_credentials
*creds1
,
2277 struct cli_credentials
*creds2
,
2278 bool creds2_require_ok
)
2280 const char *host
= torture_setting_string(tctx
, "host", NULL
);
2281 const char *share
= torture_setting_string(tctx
, "share", NULL
);
2283 TALLOC_CTX
*mem_ctx
= talloc_new(tctx
);
2285 struct smb2_handle _h1
;
2286 struct smb2_handle
*h1
= NULL
;
2287 struct smb2_create io1
;
2288 union smb_fileinfo qfinfo
;
2290 struct smb2_tree
*tree2
= NULL
;
2291 struct smb2_transport
*transport1
= tree1
->session
->transport
;
2292 struct smbcli_options options2
;
2293 struct smb2_transport
*transport2
= NULL
;
2294 struct smb2_session
*session1_1
= tree1
->session
;
2295 struct smb2_session
*session1_2
= NULL
;
2296 struct smb2_session
*session2_1
= NULL
;
2297 struct smb2_session
*session2_2
= NULL
;
2298 struct smb2_session
*session3_1
= NULL
;
2301 bool creds2_got_ok
= false;
2303 encrypted
= smb2cli_tcon_is_encryption_on(tree1
->smbXcli
);
2305 caps
= smb2cli_conn_server_capabilities(transport1
->conn
);
2306 if (!(caps
& SMB2_CAP_MULTI_CHANNEL
)) {
2307 torture_skip(tctx
, "server doesn't support SMB2_CAP_MULTI_CHANNEL\n");
2311 * We always want signing for this test!
2313 smb2cli_tcon_should_sign(tree1
->smbXcli
, true);
2314 options2
= transport1
->options
;
2315 options2
.signing
= SMB_SIGNING_REQUIRED
;
2317 /* Add some random component to the file name. */
2318 snprintf(fname
, sizeof(fname
), "%s_%s.dat", testname
,
2319 generate_random_str(tctx
, 8));
2321 smb2_util_unlink(tree1
, fname
);
2323 smb2_oplock_create_share(&io1
, fname
,
2324 smb2_util_share_access(""),
2325 smb2_util_oplock_level("b"));
2327 status
= smb2_create(tree1
, mem_ctx
, &io1
);
2328 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2329 "smb2_create failed");
2330 _h1
= io1
.out
.file
.handle
;
2332 CHECK_CREATED(tctx
, &io1
, CREATED
, FILE_ATTRIBUTE_ARCHIVE
);
2333 torture_assert_int_equal(tctx
, io1
.out
.oplock_level
,
2334 smb2_util_oplock_level("b"),
2335 "oplock_level incorrect");
2337 status
= smb2_connect(tctx
,
2339 lpcfg_smb_ports(tctx
->lp_ctx
),
2341 lpcfg_resolve_context(tctx
->lp_ctx
),
2346 lpcfg_socket_options(tctx
->lp_ctx
),
2347 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
)
2349 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2350 "smb2_connect failed");
2351 session2_2
= tree2
->session
;
2352 transport2
= tree2
->session
->transport
;
2355 * Now bind the 2nd transport connection to the 1st session
2357 session1_2
= smb2_session_channel(transport2
,
2358 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
),
2361 torture_assert(tctx
, session1_2
!= NULL
, "smb2_session_channel failed");
2363 status
= smb2_session_setup_spnego(session1_2
,
2365 0 /* previous_session_id */);
2366 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2367 "smb2_session_setup_spnego failed");
2369 /* use the 1st connection, 1st session */
2370 ZERO_STRUCT(qfinfo
);
2371 qfinfo
.generic
.level
= RAW_FILEINFO_POSITION_INFORMATION
;
2372 qfinfo
.generic
.in
.file
.handle
= _h1
;
2373 tree1
->session
= session1_1
;
2374 status
= smb2_getinfo_file(tree1
, mem_ctx
, &qfinfo
);
2375 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2376 "smb2_getinfo_file failed");
2378 /* use the 2nd connection, 1st session */
2379 ZERO_STRUCT(qfinfo
);
2380 qfinfo
.generic
.level
= RAW_FILEINFO_POSITION_INFORMATION
;
2381 qfinfo
.generic
.in
.file
.handle
= _h1
;
2382 tree1
->session
= session1_2
;
2383 status
= smb2_getinfo_file(tree1
, mem_ctx
, &qfinfo
);
2384 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2385 "smb2_getinfo_file failed");
2387 tree1
->session
= session1_1
;
2388 status
= smb2_util_close(tree1
, *h1
);
2389 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2390 "smb2_util_close failed");
2394 * Create a 3rd session in order to check if the invalid (creds2)
2395 * are mapped to guest.
2397 session3_1
= smb2_session_init(transport1
,
2398 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
),
2400 torture_assert(tctx
, session3_1
!= NULL
, "smb2_session_channel failed");
2402 status
= smb2_session_setup_spnego(session3_1
,
2404 0 /* previous_session_id */);
2405 if (creds2_require_ok
) {
2406 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2407 "smb2_session_setup_spnego worked");
2408 creds2_got_ok
= true;
2409 } else if (NT_STATUS_IS_OK(status
)) {
2410 bool authentiated
= smbXcli_session_is_authenticated(session3_1
->smbXcli
);
2411 torture_assert(tctx
, !authentiated
, "Invalid credentials allowed!");
2412 creds2_got_ok
= true;
2414 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_LOGON_FAILURE
, ret
, done
,
2415 "smb2_session_setup_spnego worked");
2419 * Now bind the 1st transport connection to the 2nd session
2421 session2_1
= smb2_session_channel(transport1
,
2422 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
),
2425 torture_assert(tctx
, session2_1
!= NULL
, "smb2_session_channel failed");
2427 tree2
->session
= session2_1
;
2428 status
= smb2_util_unlink(tree2
, fname
);
2429 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_USER_SESSION_DELETED
, ret
, done
,
2430 "smb2_util_unlink worked on invalid channel");
2432 status
= smb2_session_setup_spnego(session2_1
,
2434 0 /* previous_session_id */);
2435 if (creds2_got_ok
) {
2437 * attaching with a different user (guest or anonymous) results
2440 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_ACCESS_DENIED
, ret
, done
,
2441 "smb2_session_setup_spnego worked");
2443 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_LOGON_FAILURE
, ret
, done
,
2444 "smb2_session_setup_spnego worked");
2447 tree2
->session
= session2_1
;
2448 status
= smb2_util_unlink(tree2
, fname
);
2449 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_USER_SESSION_DELETED
, ret
, done
,
2450 "smb2_util_unlink worked on invalid channel");
2452 tree2
->session
= session2_2
;
2453 status
= smb2_util_unlink(tree2
, fname
);
2454 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2455 "smb2_util_unlink failed");
2456 status
= smb2_util_unlink(tree2
, fname
);
2457 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
, ret
, done
,
2458 "smb2_util_unlink worked");
2459 if (creds2_got_ok
) {
2461 * We got ACCESS_DENIED on the session bind
2462 * with a different user, now check that
2463 * the correct user can actually bind on
2464 * the same connection.
2466 TALLOC_FREE(session2_1
);
2467 session2_1
= smb2_session_channel(transport1
,
2468 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
),
2471 torture_assert(tctx
, session2_1
!= NULL
, "smb2_session_channel failed");
2473 status
= smb2_session_setup_spnego(session2_1
,
2475 0 /* previous_session_id */);
2476 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2477 "smb2_session_setup_spnego failed");
2478 tree2
->session
= session2_1
;
2479 status
= smb2_util_unlink(tree2
, fname
);
2480 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
, ret
, done
,
2481 "smb2_util_unlink worked");
2482 tree2
->session
= session2_2
;
2485 tree1
->session
= session1_1
;
2486 status
= smb2_util_unlink(tree1
, fname
);
2487 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
, ret
, done
,
2488 "smb2_util_unlink worked");
2490 tree1
->session
= session1_2
;
2491 status
= smb2_util_unlink(tree1
, fname
);
2492 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
, ret
, done
,
2493 "smb2_util_unlink worked");
2495 if (creds2_got_ok
) {
2497 * With valid credentials, there's no point to test a failing
2505 * Do a failing reauth the 2nd channel
2507 status
= smb2_session_setup_spnego(session1_2
,
2509 0 /* previous_session_id */);
2510 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_LOGON_FAILURE
, ret
, done
,
2511 "smb2_session_setup_spnego worked");
2513 tree1
->session
= session1_1
;
2514 status
= smb2_util_unlink(tree1
, fname
);
2516 torture_assert_goto(tctx
, !smbXcli_conn_is_connected(transport1
->conn
), ret
, done
,
2517 "smb2_util_unlink worked");
2519 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_USER_SESSION_DELETED
, ret
, done
,
2520 "smb2_util_unlink worked");
2523 tree1
->session
= session1_2
;
2524 status
= smb2_util_unlink(tree1
, fname
);
2526 torture_assert_goto(tctx
, !smbXcli_conn_is_connected(transport2
->conn
), ret
, done
,
2527 "smb2_util_unlink worked");
2529 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_USER_SESSION_DELETED
, ret
, done
,
2530 "smb2_util_unlink worked");
2533 status
= smb2_util_unlink(tree2
, fname
);
2535 torture_assert_goto(tctx
, !smbXcli_conn_is_connected(transport1
->conn
), ret
, done
,
2536 "smb2_util_unlink worked");
2537 torture_assert_goto(tctx
, !smbXcli_conn_is_connected(transport2
->conn
), ret
, done
,
2538 "smb2_util_unlink worked");
2540 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
, ret
, done
,
2541 "smb2_util_unlink worked");
2547 tree1
->session
= session1_1
;
2550 smb2_util_close(tree1
, *h1
);
2553 smb2_util_unlink(tree1
, fname
);
2557 talloc_free(mem_ctx
);
2562 static bool test_session_bind_invalid_auth(struct torture_context
*tctx
, struct smb2_tree
*tree1
)
2564 struct cli_credentials
*credentials
= samba_cmdline_get_creds();
2565 struct cli_credentials
*invalid_credentials
= NULL
;
2568 invalid_credentials
= cli_credentials_init(tctx
);
2569 torture_assert(tctx
, (invalid_credentials
!= NULL
), "talloc error");
2570 cli_credentials_set_username(invalid_credentials
, "__none__invalid__none__", CRED_SPECIFIED
);
2571 cli_credentials_set_domain(invalid_credentials
, "__none__invalid__none__", CRED_SPECIFIED
);
2572 cli_credentials_set_password(invalid_credentials
, "__none__invalid__none__", CRED_SPECIFIED
);
2573 cli_credentials_set_realm(invalid_credentials
, NULL
, CRED_SPECIFIED
);
2574 cli_credentials_set_workstation(invalid_credentials
, "", CRED_UNINITIALISED
);
2576 ret
= test_session_bind_auth_mismatch(tctx
, tree1
, __func__
,
2578 invalid_credentials
,
2583 static bool test_session_bind_different_user(struct torture_context
*tctx
, struct smb2_tree
*tree1
)
2585 struct cli_credentials
*credentials1
= samba_cmdline_get_creds();
2586 struct cli_credentials
*credentials2
= torture_user2_credentials(tctx
, tctx
);
2587 char *u1
= cli_credentials_get_unparsed_name(credentials1
, tctx
);
2588 char *u2
= cli_credentials_get_unparsed_name(credentials2
, tctx
);
2592 torture_assert(tctx
, (credentials2
!= NULL
), "talloc error");
2593 bval
= cli_credentials_is_anonymous(credentials2
);
2595 torture_skip(tctx
, "valid user2 credentials are required");
2597 bval
= strequal(u1
, u2
);
2599 torture_skip(tctx
, "different user2 credentials are required");
2602 ret
= test_session_bind_auth_mismatch(tctx
, tree1
, __func__
,
2609 static bool test_session_bind_negative_smbXtoX(struct torture_context
*tctx
,
2610 const char *testname
,
2611 struct cli_credentials
*credentials
,
2612 const struct smbcli_options
*options1
,
2613 const struct smbcli_options
*options2
,
2614 NTSTATUS bind_reject_status
)
2616 const char *host
= torture_setting_string(tctx
, "host", NULL
);
2617 const char *share
= torture_setting_string(tctx
, "share", NULL
);
2620 struct smb2_tree
*tree1
= NULL
;
2621 struct smb2_session
*session1_1
= NULL
;
2623 struct smb2_handle _h1
;
2624 struct smb2_handle
*h1
= NULL
;
2625 struct smb2_create io1
;
2626 union smb_fileinfo qfinfo1
;
2627 struct smb2_tree
*tree2_0
= NULL
;
2628 struct smb2_transport
*transport2
= NULL
;
2629 struct smb2_session
*session1_2
= NULL
;
2630 uint64_t session1_id
= 0;
2631 uint16_t session1_flags
= 0;
2632 NTSTATUS deleted_status
= NT_STATUS_USER_SESSION_DELETED
;
2634 status
= smb2_connect(tctx
,
2636 lpcfg_smb_ports(tctx
->lp_ctx
),
2638 lpcfg_resolve_context(tctx
->lp_ctx
),
2643 lpcfg_socket_options(tctx
->lp_ctx
),
2644 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
)
2646 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2647 "smb2_connect options1 failed");
2648 session1_1
= tree1
->session
;
2649 session1_id
= smb2cli_session_current_id(session1_1
->smbXcli
);
2650 session1_flags
= smb2cli_session_get_flags(session1_1
->smbXcli
);
2652 /* Add some random component to the file name. */
2653 snprintf(fname
, sizeof(fname
), "%s_%s.dat",
2654 testname
, generate_random_str(tctx
, 8));
2656 smb2_util_unlink(tree1
, fname
);
2658 smb2_oplock_create_share(&io1
, fname
,
2659 smb2_util_share_access(""),
2660 smb2_util_oplock_level("b"));
2662 io1
.in
.create_options
|= NTCREATEX_OPTIONS_DELETE_ON_CLOSE
;
2663 status
= smb2_create(tree1
, tctx
, &io1
);
2664 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2665 "smb2_create failed");
2666 _h1
= io1
.out
.file
.handle
;
2668 CHECK_CREATED(tctx
, &io1
, CREATED
, FILE_ATTRIBUTE_ARCHIVE
);
2669 torture_assert_int_equal(tctx
, io1
.out
.oplock_level
,
2670 smb2_util_oplock_level("b"),
2671 "oplock_level incorrect");
2673 status
= smb2_connect(tctx
,
2675 lpcfg_smb_ports(tctx
->lp_ctx
),
2677 lpcfg_resolve_context(tctx
->lp_ctx
),
2682 lpcfg_socket_options(tctx
->lp_ctx
),
2683 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
)
2685 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2686 "smb2_connect options2 failed");
2687 transport2
= tree2_0
->session
->transport
;
2690 * Now bind the 2nd transport connection to the 1st session
2692 session1_2
= smb2_session_channel(transport2
,
2693 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
),
2696 torture_assert(tctx
, session1_2
!= NULL
, "smb2_session_channel failed");
2698 status
= smb2_session_setup_spnego(session1_2
,
2700 0 /* previous_session_id */);
2701 torture_assert_ntstatus_equal_goto(tctx
, status
, bind_reject_status
, ret
, done
,
2702 "smb2_session_setup_spnego failed");
2703 if (NT_STATUS_IS_OK(bind_reject_status
)) {
2704 ZERO_STRUCT(qfinfo1
);
2705 qfinfo1
.generic
.level
= RAW_FILEINFO_POSITION_INFORMATION
;
2706 qfinfo1
.generic
.in
.file
.handle
= _h1
;
2707 tree1
->session
= session1_2
;
2708 status
= smb2_getinfo_file(tree1
, tctx
, &qfinfo1
);
2709 tree1
->session
= session1_1
;
2710 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2711 "smb2_getinfo_file failed");
2713 TALLOC_FREE(session1_2
);
2715 /* Check the initial session is still alive */
2716 ZERO_STRUCT(qfinfo1
);
2717 qfinfo1
.generic
.level
= RAW_FILEINFO_POSITION_INFORMATION
;
2718 qfinfo1
.generic
.in
.file
.handle
= _h1
;
2719 status
= smb2_getinfo_file(tree1
, tctx
, &qfinfo1
);
2720 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2721 "smb2_getinfo_file failed");
2723 if (NT_STATUS_IS_OK(bind_reject_status
)) {
2724 deleted_status
= NT_STATUS_ACCESS_DENIED
;
2725 bind_reject_status
= NT_STATUS_ACCESS_DENIED
;
2729 * I guess this is not part of MultipleChannel_Negative_SMB2002,
2730 * but we should also check the status without
2731 * SMB2_SESSION_FLAG_BINDING.
2733 session1_2
= smb2_session_channel(transport2
,
2734 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
),
2737 torture_assert(tctx
, session1_2
!= NULL
, "smb2_session_channel failed");
2738 session1_2
->needs_bind
= false;
2740 status
= smb2_session_setup_spnego(session1_2
,
2742 0 /* previous_session_id */);
2743 torture_assert_ntstatus_equal_goto(tctx
, status
, deleted_status
, ret
, done
,
2744 "smb2_session_setup_spnego failed");
2745 TALLOC_FREE(session1_2
);
2748 * ... and we should also check the status without any existing
2751 session1_2
= smb2_session_init(transport2
,
2752 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
),
2754 torture_assert(tctx
, session1_2
!= NULL
, "smb2_session_channel failed");
2755 talloc_steal(tree2_0
->session
, transport2
);
2756 smb2cli_session_set_id_and_flags(session1_2
->smbXcli
,
2757 session1_id
, session1_flags
);
2759 status
= smb2_session_setup_spnego(session1_2
,
2761 0 /* previous_session_id */);
2762 torture_assert_ntstatus_equal_goto(tctx
, status
, deleted_status
, ret
, done
,
2763 "smb2_session_setup_spnego failed");
2764 TALLOC_FREE(session1_2
);
2766 /* Check the initial session is still alive */
2767 ZERO_STRUCT(qfinfo1
);
2768 qfinfo1
.generic
.level
= RAW_FILEINFO_POSITION_INFORMATION
;
2769 qfinfo1
.generic
.in
.file
.handle
= _h1
;
2770 status
= smb2_getinfo_file(tree1
, tctx
, &qfinfo1
);
2771 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2772 "smb2_getinfo_file failed");
2775 * Now bind the 2nd transport connection to the 1st session (again)
2777 session1_2
= smb2_session_channel(transport2
,
2778 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
),
2781 torture_assert(tctx
, session1_2
!= NULL
, "smb2_session_channel failed");
2783 status
= smb2_session_setup_spnego(session1_2
,
2785 0 /* previous_session_id */);
2786 torture_assert_ntstatus_equal_goto(tctx
, status
, bind_reject_status
, ret
, done
,
2787 "smb2_session_setup_spnego failed");
2788 TALLOC_FREE(session1_2
);
2790 /* Check the initial session is still alive */
2791 ZERO_STRUCT(qfinfo1
);
2792 qfinfo1
.generic
.level
= RAW_FILEINFO_POSITION_INFORMATION
;
2793 qfinfo1
.generic
.in
.file
.handle
= _h1
;
2794 status
= smb2_getinfo_file(tree1
, tctx
, &qfinfo1
);
2795 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
2796 "smb2_getinfo_file failed");
2800 talloc_free(tree2_0
);
2802 smb2_util_close(tree1
, *h1
);
2810 * This is similar to the MultipleChannel_Negative_SMB2002 test
2811 * from the Windows Protocol Test Suite.
2813 * It demonstrates that the server needs to do lookup
2814 * in the global session table in order to get the signing
2815 * and error code of invalid session setups correct.
2817 * See: https://bugzilla.samba.org/show_bug.cgi?id=14512
2819 * Note you can ignore tree0...
2821 static bool test_session_bind_negative_smb202(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
2823 struct cli_credentials
*credentials
= samba_cmdline_get_creds();
2825 struct smb2_transport
*transport0
= tree0
->session
->transport
;
2826 struct smbcli_options options1
;
2827 struct smbcli_options options2
;
2830 encrypted
= smb2cli_tcon_is_encryption_on(tree0
->smbXcli
);
2833 "Can't test SMB 2.02 if encryption is required");
2836 options1
= transport0
->options
;
2837 options1
.client_guid
= GUID_zero();
2838 options1
.max_protocol
= PROTOCOL_SMB2_02
;
2840 options2
= options1
;
2841 options2
.only_negprot
= true;
2843 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
2845 &options1
, &options2
,
2846 NT_STATUS_REQUEST_NOT_ACCEPTED
);
2851 static bool test_session_bind_negative_smb210s(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
2853 struct cli_credentials
*credentials
= samba_cmdline_get_creds();
2855 struct smb2_transport
*transport0
= tree0
->session
->transport
;
2856 struct smbcli_options options1
;
2857 struct smbcli_options options2
;
2860 encrypted
= smb2cli_tcon_is_encryption_on(tree0
->smbXcli
);
2863 "Can't test SMB 2.10 if encryption is required");
2866 options1
= transport0
->options
;
2867 options1
.client_guid
= GUID_random();
2868 options1
.max_protocol
= PROTOCOL_SMB2_10
;
2870 /* same client guid */
2871 options2
= options1
;
2872 options2
.only_negprot
= true;
2874 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
2876 &options1
, &options2
,
2877 NT_STATUS_REQUEST_NOT_ACCEPTED
);
2882 static bool test_session_bind_negative_smb210d(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
2884 struct cli_credentials
*credentials
= samba_cmdline_get_creds();
2886 struct smb2_transport
*transport0
= tree0
->session
->transport
;
2887 struct smbcli_options options1
;
2888 struct smbcli_options options2
;
2891 encrypted
= smb2cli_tcon_is_encryption_on(tree0
->smbXcli
);
2894 "Can't test SMB 2.10 if encryption is required");
2897 options1
= transport0
->options
;
2898 options1
.client_guid
= GUID_random();
2899 options1
.max_protocol
= PROTOCOL_SMB2_10
;
2901 /* different client guid */
2902 options2
= options1
;
2903 options2
.client_guid
= GUID_random();
2904 options2
.only_negprot
= true;
2906 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
2908 &options1
, &options2
,
2909 NT_STATUS_REQUEST_NOT_ACCEPTED
);
2914 static bool test_session_bind_negative_smb2to3s(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
2916 struct cli_credentials
*credentials
= samba_cmdline_get_creds();
2918 struct smb2_transport
*transport0
= tree0
->session
->transport
;
2919 struct smbcli_options options1
;
2920 struct smbcli_options options2
;
2923 encrypted
= smb2cli_tcon_is_encryption_on(tree0
->smbXcli
);
2926 "Can't test SMB 2.10 if encryption is required");
2929 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_00
) {
2931 "Can't test without SMB3 support");
2934 options1
= transport0
->options
;
2935 options1
.client_guid
= GUID_random();
2936 options1
.min_protocol
= PROTOCOL_SMB2_02
;
2937 options1
.max_protocol
= PROTOCOL_SMB2_10
;
2939 /* same client guid */
2940 options2
= options1
;
2941 options2
.only_negprot
= true;
2942 options2
.min_protocol
= PROTOCOL_SMB3_00
;
2943 options2
.max_protocol
= PROTOCOL_SMB3_11
;
2944 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
2947 SMB2_SIGNING_AES128_CMAC
,
2951 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
2953 &options1
, &options2
,
2954 NT_STATUS_INVALID_PARAMETER
);
2959 static bool test_session_bind_negative_smb2to3d(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
2961 struct cli_credentials
*credentials
= samba_cmdline_get_creds();
2963 struct smb2_transport
*transport0
= tree0
->session
->transport
;
2964 struct smbcli_options options1
;
2965 struct smbcli_options options2
;
2968 encrypted
= smb2cli_tcon_is_encryption_on(tree0
->smbXcli
);
2971 "Can't test SMB 2.10 if encryption is required");
2974 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_00
) {
2976 "Can't test without SMB3 support");
2979 options1
= transport0
->options
;
2980 options1
.client_guid
= GUID_random();
2981 options1
.min_protocol
= PROTOCOL_SMB2_02
;
2982 options1
.max_protocol
= PROTOCOL_SMB2_10
;
2984 /* different client guid */
2985 options2
= options1
;
2986 options2
.client_guid
= GUID_random();
2987 options2
.only_negprot
= true;
2988 options2
.min_protocol
= PROTOCOL_SMB3_00
;
2989 options2
.max_protocol
= PROTOCOL_SMB3_11
;
2990 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
2993 SMB2_SIGNING_AES128_CMAC
,
2997 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
2999 &options1
, &options2
,
3000 NT_STATUS_INVALID_PARAMETER
);
3005 static bool test_session_bind_negative_smb3to2s(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
3007 struct cli_credentials
*credentials
= samba_cmdline_get_creds();
3009 struct smb2_transport
*transport0
= tree0
->session
->transport
;
3010 struct smbcli_options options1
;
3011 struct smbcli_options options2
;
3014 encrypted
= smb2cli_tcon_is_encryption_on(tree0
->smbXcli
);
3017 "Can't test SMB 2.10 if encryption is required");
3020 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_00
) {
3022 "Can't test without SMB3 support");
3025 options1
= transport0
->options
;
3026 options1
.client_guid
= GUID_random();
3027 options1
.min_protocol
= PROTOCOL_SMB3_00
;
3028 options1
.max_protocol
= PROTOCOL_SMB3_11
;
3029 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3032 SMB2_SIGNING_AES128_CMAC
,
3036 /* same client guid */
3037 options2
= options1
;
3038 options2
.only_negprot
= true;
3039 options2
.min_protocol
= PROTOCOL_SMB2_02
;
3040 options2
.max_protocol
= PROTOCOL_SMB2_10
;
3041 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3044 SMB2_SIGNING_HMAC_SHA256
,
3048 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
3050 &options1
, &options2
,
3051 NT_STATUS_REQUEST_NOT_ACCEPTED
);
3056 static bool test_session_bind_negative_smb3to2d(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
3058 struct cli_credentials
*credentials
= samba_cmdline_get_creds();
3060 struct smb2_transport
*transport0
= tree0
->session
->transport
;
3061 struct smbcli_options options1
;
3062 struct smbcli_options options2
;
3065 encrypted
= smb2cli_tcon_is_encryption_on(tree0
->smbXcli
);
3068 "Can't test SMB 2.10 if encryption is required");
3071 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_00
) {
3073 "Can't test without SMB3 support");
3076 options1
= transport0
->options
;
3077 options1
.client_guid
= GUID_random();
3078 options1
.min_protocol
= PROTOCOL_SMB3_00
;
3079 options1
.max_protocol
= PROTOCOL_SMB3_11
;
3080 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3083 SMB2_SIGNING_AES128_CMAC
,
3087 /* different client guid */
3088 options2
= options1
;
3089 options2
.client_guid
= GUID_random();
3090 options2
.only_negprot
= true;
3091 options2
.min_protocol
= PROTOCOL_SMB2_02
;
3092 options2
.max_protocol
= PROTOCOL_SMB2_10
;
3093 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3096 SMB2_SIGNING_HMAC_SHA256
,
3100 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
3102 &options1
, &options2
,
3103 NT_STATUS_REQUEST_NOT_ACCEPTED
);
3108 static bool test_session_bind_negative_smb3to3s(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
3110 struct cli_credentials
*credentials
= samba_cmdline_get_creds();
3112 struct smb2_transport
*transport0
= tree0
->session
->transport
;
3113 struct smbcli_options options1
;
3114 struct smbcli_options options2
;
3116 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
3118 "Can't test without SMB 3.1.1 support");
3121 options1
= transport0
->options
;
3122 options1
.client_guid
= GUID_random();
3123 options1
.min_protocol
= PROTOCOL_SMB3_02
;
3124 options1
.max_protocol
= PROTOCOL_SMB3_02
;
3126 /* same client guid */
3127 options2
= options1
;
3128 options2
.only_negprot
= true;
3129 options2
.min_protocol
= PROTOCOL_SMB3_11
;
3130 options2
.max_protocol
= PROTOCOL_SMB3_11
;
3131 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3134 SMB2_SIGNING_AES128_CMAC
,
3138 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
3140 &options1
, &options2
,
3141 NT_STATUS_INVALID_PARAMETER
);
3146 static bool test_session_bind_negative_smb3to3d(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
3148 struct cli_credentials
*credentials
= samba_cmdline_get_creds();
3150 struct smb2_transport
*transport0
= tree0
->session
->transport
;
3151 struct smbcli_options options1
;
3152 struct smbcli_options options2
;
3154 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
3156 "Can't test without SMB 3.1.1 support");
3159 options1
= transport0
->options
;
3160 options1
.client_guid
= GUID_random();
3161 options1
.min_protocol
= PROTOCOL_SMB3_02
;
3162 options1
.max_protocol
= PROTOCOL_SMB3_02
;
3164 /* different client guid */
3165 options2
= options1
;
3166 options2
.client_guid
= GUID_random();
3167 options2
.only_negprot
= true;
3168 options2
.min_protocol
= PROTOCOL_SMB3_11
;
3169 options2
.max_protocol
= PROTOCOL_SMB3_11
;
3170 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3173 SMB2_SIGNING_AES128_CMAC
,
3177 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
3179 &options1
, &options2
,
3180 NT_STATUS_INVALID_PARAMETER
);
3185 static bool test_session_bind_negative_smb3encGtoCs(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
3187 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
3188 struct cli_credentials
*credentials
= NULL
;
3190 struct smb2_transport
*transport0
= tree0
->session
->transport
;
3191 struct smbcli_options options1
;
3192 struct smbcli_options options2
;
3195 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
3197 "Can't test without SMB 3.1.1 support");
3200 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
3201 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
3202 ok
= cli_credentials_set_smb_encryption(credentials
,
3203 SMB_ENCRYPTION_REQUIRED
,
3205 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
3207 options1
= transport0
->options
;
3208 options1
.client_guid
= GUID_random();
3209 options1
.min_protocol
= PROTOCOL_SMB3_11
;
3210 options1
.max_protocol
= PROTOCOL_SMB3_11
;
3211 options1
.signing
= SMB_SIGNING_REQUIRED
;
3212 options1
.smb3_capabilities
.encryption
= (struct smb3_encryption_capabilities
) {
3215 SMB2_ENCRYPTION_AES128_GCM
,
3219 /* same client guid */
3220 options2
= options1
;
3221 options2
.only_negprot
= true;
3222 options2
.smb3_capabilities
.encryption
= (struct smb3_encryption_capabilities
) {
3225 SMB2_ENCRYPTION_AES128_CCM
,
3229 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
3231 &options1
, &options2
,
3232 NT_STATUS_INVALID_PARAMETER
);
3237 static bool test_session_bind_negative_smb3encGtoCd(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
3239 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
3240 struct cli_credentials
*credentials
= NULL
;
3242 struct smb2_transport
*transport0
= tree0
->session
->transport
;
3243 struct smbcli_options options1
;
3244 struct smbcli_options options2
;
3247 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
3249 "Can't test without SMB 3.1.1 support");
3252 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
3253 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
3254 ok
= cli_credentials_set_smb_encryption(credentials
,
3255 SMB_ENCRYPTION_REQUIRED
,
3257 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
3259 options1
= transport0
->options
;
3260 options1
.client_guid
= GUID_random();
3261 options1
.min_protocol
= PROTOCOL_SMB3_11
;
3262 options1
.max_protocol
= PROTOCOL_SMB3_11
;
3263 options1
.signing
= SMB_SIGNING_REQUIRED
;
3264 options1
.smb3_capabilities
.encryption
= (struct smb3_encryption_capabilities
) {
3267 SMB2_ENCRYPTION_AES128_GCM
,
3271 /* different client guid */
3272 options2
= options1
;
3273 options2
.client_guid
= GUID_random();
3274 options2
.only_negprot
= true;
3275 options2
.smb3_capabilities
.encryption
= (struct smb3_encryption_capabilities
) {
3278 SMB2_ENCRYPTION_AES128_CCM
,
3282 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
3284 &options1
, &options2
,
3285 NT_STATUS_INVALID_PARAMETER
);
3290 static bool test_session_bind_negative_smb3signCtoHs(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
3292 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
3293 struct cli_credentials
*credentials
= NULL
;
3295 struct smb2_transport
*transport0
= tree0
->session
->transport
;
3296 struct smbcli_options options1
;
3297 struct smbcli_options options2
;
3300 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
3302 "Can't test without SMB 3.1.1 support");
3305 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
3307 "Can't test without SMB 3.1.1 signing negotiation support");
3310 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
3311 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
3312 ok
= cli_credentials_set_smb_encryption(credentials
,
3313 SMB_ENCRYPTION_REQUIRED
,
3315 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
3317 options1
= transport0
->options
;
3318 options1
.client_guid
= GUID_random();
3319 options1
.min_protocol
= PROTOCOL_SMB3_11
;
3320 options1
.max_protocol
= PROTOCOL_SMB3_11
;
3321 options1
.signing
= SMB_SIGNING_REQUIRED
;
3322 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3325 SMB2_SIGNING_AES128_CMAC
,
3329 /* same client guid */
3330 options2
= options1
;
3331 options2
.only_negprot
= true;
3332 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3335 SMB2_SIGNING_HMAC_SHA256
,
3339 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
3341 &options1
, &options2
,
3347 static bool test_session_bind_negative_smb3signCtoHd(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
3349 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
3350 struct cli_credentials
*credentials
= NULL
;
3352 struct smb2_transport
*transport0
= tree0
->session
->transport
;
3353 struct smbcli_options options1
;
3354 struct smbcli_options options2
;
3357 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
3359 "Can't test without SMB 3.1.1 support");
3362 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
3364 "Can't test without SMB 3.1.1 signing negotiation support");
3367 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
3368 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
3369 ok
= cli_credentials_set_smb_encryption(credentials
,
3370 SMB_ENCRYPTION_REQUIRED
,
3372 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
3374 options1
= transport0
->options
;
3375 options1
.client_guid
= GUID_random();
3376 options1
.min_protocol
= PROTOCOL_SMB3_11
;
3377 options1
.max_protocol
= PROTOCOL_SMB3_11
;
3378 options1
.signing
= SMB_SIGNING_REQUIRED
;
3379 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3382 SMB2_SIGNING_AES128_CMAC
,
3386 /* different client guid */
3387 options2
= options1
;
3388 options2
.client_guid
= GUID_random();
3389 options2
.only_negprot
= true;
3390 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3393 SMB2_SIGNING_HMAC_SHA256
,
3397 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
3399 &options1
, &options2
,
3405 static bool test_session_bind_negative_smb3signHtoCs(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
3407 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
3408 struct cli_credentials
*credentials
= NULL
;
3410 struct smb2_transport
*transport0
= tree0
->session
->transport
;
3411 struct smbcli_options options1
;
3412 struct smbcli_options options2
;
3415 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
3417 "Can't test without SMB 3.1.1 support");
3420 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
3422 "Can't test without SMB 3.1.1 signing negotiation support");
3425 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
3426 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
3427 ok
= cli_credentials_set_smb_encryption(credentials
,
3428 SMB_ENCRYPTION_REQUIRED
,
3430 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
3432 options1
= transport0
->options
;
3433 options1
.client_guid
= GUID_random();
3434 options1
.min_protocol
= PROTOCOL_SMB3_11
;
3435 options1
.max_protocol
= PROTOCOL_SMB3_11
;
3436 options1
.signing
= SMB_SIGNING_REQUIRED
;
3437 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3440 SMB2_SIGNING_HMAC_SHA256
,
3444 /* same client guid */
3445 options2
= options1
;
3446 options2
.only_negprot
= true;
3447 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3450 SMB2_SIGNING_AES128_CMAC
,
3454 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
3456 &options1
, &options2
,
3462 static bool test_session_bind_negative_smb3signHtoCd(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
3464 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
3465 struct cli_credentials
*credentials
= NULL
;
3467 struct smb2_transport
*transport0
= tree0
->session
->transport
;
3468 struct smbcli_options options1
;
3469 struct smbcli_options options2
;
3472 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
3474 "Can't test without SMB 3.1.1 support");
3477 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
3479 "Can't test without SMB 3.1.1 signing negotiation support");
3482 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
3483 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
3484 ok
= cli_credentials_set_smb_encryption(credentials
,
3485 SMB_ENCRYPTION_REQUIRED
,
3487 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
3489 options1
= transport0
->options
;
3490 options1
.client_guid
= GUID_random();
3491 options1
.min_protocol
= PROTOCOL_SMB3_11
;
3492 options1
.max_protocol
= PROTOCOL_SMB3_11
;
3493 options1
.signing
= SMB_SIGNING_REQUIRED
;
3494 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3497 SMB2_SIGNING_HMAC_SHA256
,
3501 /* different client guid */
3502 options2
= options1
;
3503 options2
.client_guid
= GUID_random();
3504 options2
.only_negprot
= true;
3505 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3508 SMB2_SIGNING_AES128_CMAC
,
3512 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
3514 &options1
, &options2
,
3520 static bool test_session_bind_negative_smb3signHtoGs(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
3522 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
3523 struct cli_credentials
*credentials
= NULL
;
3525 struct smb2_transport
*transport0
= tree0
->session
->transport
;
3526 struct smbcli_options options1
;
3527 struct smbcli_options options2
;
3530 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
3532 "Can't test without SMB 3.1.1 support");
3535 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
3537 "Can't test without SMB 3.1.1 signing negotiation support");
3540 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
3541 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
3542 ok
= cli_credentials_set_smb_encryption(credentials
,
3543 SMB_ENCRYPTION_REQUIRED
,
3545 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
3547 options1
= transport0
->options
;
3548 options1
.client_guid
= GUID_random();
3549 options1
.min_protocol
= PROTOCOL_SMB3_11
;
3550 options1
.max_protocol
= PROTOCOL_SMB3_11
;
3551 options1
.signing
= SMB_SIGNING_REQUIRED
;
3552 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3555 SMB2_SIGNING_HMAC_SHA256
,
3559 /* same client guid */
3560 options2
= options1
;
3561 options2
.only_negprot
= true;
3562 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3565 SMB2_SIGNING_AES128_GMAC
,
3569 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
3571 &options1
, &options2
,
3572 NT_STATUS_NOT_SUPPORTED
);
3577 static bool test_session_bind_negative_smb3signHtoGd(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
3579 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
3580 struct cli_credentials
*credentials
= NULL
;
3582 struct smb2_transport
*transport0
= tree0
->session
->transport
;
3583 struct smbcli_options options1
;
3584 struct smbcli_options options2
;
3587 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
3589 "Can't test without SMB 3.1.1 support");
3592 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
3594 "Can't test without SMB 3.1.1 signing negotiation support");
3597 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
3598 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
3599 ok
= cli_credentials_set_smb_encryption(credentials
,
3600 SMB_ENCRYPTION_REQUIRED
,
3602 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
3604 options1
= transport0
->options
;
3605 options1
.client_guid
= GUID_random();
3606 options1
.min_protocol
= PROTOCOL_SMB3_11
;
3607 options1
.max_protocol
= PROTOCOL_SMB3_11
;
3608 options1
.signing
= SMB_SIGNING_REQUIRED
;
3609 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3612 SMB2_SIGNING_HMAC_SHA256
,
3616 /* different client guid */
3617 options2
= options1
;
3618 options2
.client_guid
= GUID_random();
3619 options2
.only_negprot
= true;
3620 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3623 SMB2_SIGNING_AES128_GMAC
,
3627 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
3629 &options1
, &options2
,
3630 NT_STATUS_NOT_SUPPORTED
);
3635 static bool test_session_bind_negative_smb3signCtoGs(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
3637 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
3638 struct cli_credentials
*credentials
= NULL
;
3640 struct smb2_transport
*transport0
= tree0
->session
->transport
;
3641 struct smbcli_options options1
;
3642 struct smbcli_options options2
;
3645 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
3647 "Can't test without SMB 3.1.1 support");
3650 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
3652 "Can't test without SMB 3.1.1 signing negotiation support");
3655 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
3656 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
3657 ok
= cli_credentials_set_smb_encryption(credentials
,
3658 SMB_ENCRYPTION_REQUIRED
,
3660 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
3662 options1
= transport0
->options
;
3663 options1
.client_guid
= GUID_random();
3664 options1
.min_protocol
= PROTOCOL_SMB3_11
;
3665 options1
.max_protocol
= PROTOCOL_SMB3_11
;
3666 options1
.signing
= SMB_SIGNING_REQUIRED
;
3667 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3670 SMB2_SIGNING_AES128_CMAC
,
3674 /* same client guid */
3675 options2
= options1
;
3676 options2
.only_negprot
= true;
3677 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3680 SMB2_SIGNING_AES128_GMAC
,
3684 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
3686 &options1
, &options2
,
3687 NT_STATUS_NOT_SUPPORTED
);
3692 static bool test_session_bind_negative_smb3signCtoGd(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
3694 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
3695 struct cli_credentials
*credentials
= NULL
;
3697 struct smb2_transport
*transport0
= tree0
->session
->transport
;
3698 struct smbcli_options options1
;
3699 struct smbcli_options options2
;
3702 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
3704 "Can't test without SMB 3.1.1 support");
3707 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
3709 "Can't test without SMB 3.1.1 signing negotiation support");
3712 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
3713 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
3714 ok
= cli_credentials_set_smb_encryption(credentials
,
3715 SMB_ENCRYPTION_REQUIRED
,
3717 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
3719 options1
= transport0
->options
;
3720 options1
.client_guid
= GUID_random();
3721 options1
.min_protocol
= PROTOCOL_SMB3_11
;
3722 options1
.max_protocol
= PROTOCOL_SMB3_11
;
3723 options1
.signing
= SMB_SIGNING_REQUIRED
;
3724 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3727 SMB2_SIGNING_AES128_CMAC
,
3731 /* different client guid */
3732 options2
= options1
;
3733 options2
.client_guid
= GUID_random();
3734 options2
.only_negprot
= true;
3735 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3738 SMB2_SIGNING_AES128_GMAC
,
3742 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
3744 &options1
, &options2
,
3745 NT_STATUS_NOT_SUPPORTED
);
3750 static bool test_session_bind_negative_smb3signGtoCs(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
3752 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
3753 struct cli_credentials
*credentials
= NULL
;
3755 struct smb2_transport
*transport0
= tree0
->session
->transport
;
3756 struct smbcli_options options1
;
3757 struct smbcli_options options2
;
3760 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
3762 "Can't test without SMB 3.1.1 support");
3765 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
3767 "Can't test without SMB 3.1.1 signing negotiation support");
3770 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
3771 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
3772 ok
= cli_credentials_set_smb_encryption(credentials
,
3773 SMB_ENCRYPTION_REQUIRED
,
3775 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
3777 options1
= transport0
->options
;
3778 options1
.client_guid
= GUID_random();
3779 options1
.min_protocol
= PROTOCOL_SMB3_11
;
3780 options1
.max_protocol
= PROTOCOL_SMB3_11
;
3781 options1
.signing
= SMB_SIGNING_REQUIRED
;
3782 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3785 SMB2_SIGNING_AES128_GMAC
,
3789 /* same client guid */
3790 options2
= options1
;
3791 options2
.only_negprot
= true;
3792 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3795 SMB2_SIGNING_AES128_CMAC
,
3799 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
3801 &options1
, &options2
,
3802 NT_STATUS_REQUEST_OUT_OF_SEQUENCE
);
3807 static bool test_session_bind_negative_smb3signGtoCd(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
3809 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
3810 struct cli_credentials
*credentials
= NULL
;
3812 struct smb2_transport
*transport0
= tree0
->session
->transport
;
3813 struct smbcli_options options1
;
3814 struct smbcli_options options2
;
3817 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
3819 "Can't test without SMB 3.1.1 support");
3822 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
3824 "Can't test without SMB 3.1.1 signing negotiation support");
3827 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
3828 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
3829 ok
= cli_credentials_set_smb_encryption(credentials
,
3830 SMB_ENCRYPTION_REQUIRED
,
3832 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
3834 options1
= transport0
->options
;
3835 options1
.client_guid
= GUID_random();
3836 options1
.min_protocol
= PROTOCOL_SMB3_11
;
3837 options1
.max_protocol
= PROTOCOL_SMB3_11
;
3838 options1
.signing
= SMB_SIGNING_REQUIRED
;
3839 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3842 SMB2_SIGNING_AES128_GMAC
,
3846 /* different client guid */
3847 options2
= options1
;
3848 options2
.client_guid
= GUID_random();
3849 options2
.only_negprot
= true;
3850 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3853 SMB2_SIGNING_AES128_CMAC
,
3857 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
3859 &options1
, &options2
,
3860 NT_STATUS_REQUEST_OUT_OF_SEQUENCE
);
3865 static bool test_session_bind_negative_smb3signGtoHs(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
3867 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
3868 struct cli_credentials
*credentials
= NULL
;
3870 struct smb2_transport
*transport0
= tree0
->session
->transport
;
3871 struct smbcli_options options1
;
3872 struct smbcli_options options2
;
3875 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
3877 "Can't test without SMB 3.1.1 support");
3880 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
3882 "Can't test without SMB 3.1.1 signing negotiation support");
3885 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
3886 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
3887 ok
= cli_credentials_set_smb_encryption(credentials
,
3888 SMB_ENCRYPTION_REQUIRED
,
3890 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
3892 options1
= transport0
->options
;
3893 options1
.client_guid
= GUID_random();
3894 options1
.min_protocol
= PROTOCOL_SMB3_11
;
3895 options1
.max_protocol
= PROTOCOL_SMB3_11
;
3896 options1
.signing
= SMB_SIGNING_REQUIRED
;
3897 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3900 SMB2_SIGNING_AES128_GMAC
,
3904 /* same client guid */
3905 options2
= options1
;
3906 options2
.only_negprot
= true;
3907 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3910 SMB2_SIGNING_HMAC_SHA256
,
3914 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
3916 &options1
, &options2
,
3917 NT_STATUS_REQUEST_OUT_OF_SEQUENCE
);
3922 static bool test_session_bind_negative_smb3signGtoHd(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
3924 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
3925 struct cli_credentials
*credentials
= NULL
;
3927 struct smb2_transport
*transport0
= tree0
->session
->transport
;
3928 struct smbcli_options options1
;
3929 struct smbcli_options options2
;
3932 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
3934 "Can't test without SMB 3.1.1 support");
3937 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
3939 "Can't test without SMB 3.1.1 signing negotiation support");
3942 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
3943 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
3944 ok
= cli_credentials_set_smb_encryption(credentials
,
3945 SMB_ENCRYPTION_REQUIRED
,
3947 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
3949 options1
= transport0
->options
;
3950 options1
.client_guid
= GUID_random();
3951 options1
.min_protocol
= PROTOCOL_SMB3_11
;
3952 options1
.max_protocol
= PROTOCOL_SMB3_11
;
3953 options1
.signing
= SMB_SIGNING_REQUIRED
;
3954 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3957 SMB2_SIGNING_AES128_GMAC
,
3961 /* different client guid */
3962 options2
= options1
;
3963 options2
.client_guid
= GUID_random();
3964 options2
.only_negprot
= true;
3965 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
3968 SMB2_SIGNING_HMAC_SHA256
,
3972 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
3974 &options1
, &options2
,
3975 NT_STATUS_REQUEST_OUT_OF_SEQUENCE
);
3980 static bool test_session_bind_negative_smb3sneGtoCs(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
3982 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
3983 struct cli_credentials
*credentials
= NULL
;
3985 struct smb2_transport
*transport0
= tree0
->session
->transport
;
3986 struct smbcli_options options1
;
3987 struct smbcli_options options2
;
3990 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
3992 "Can't test without SMB 3.1.1 support");
3995 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
3997 "Can't test without SMB 3.1.1 signing negotiation support");
4000 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
4001 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
4002 ok
= cli_credentials_set_smb_encryption(credentials
,
4003 SMB_ENCRYPTION_REQUIRED
,
4005 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
4007 options1
= transport0
->options
;
4008 options1
.client_guid
= GUID_random();
4009 options1
.min_protocol
= PROTOCOL_SMB3_11
;
4010 options1
.max_protocol
= PROTOCOL_SMB3_11
;
4011 options1
.signing
= SMB_SIGNING_REQUIRED
;
4012 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4015 SMB2_SIGNING_AES128_GMAC
,
4018 options1
.smb3_capabilities
.encryption
= (struct smb3_encryption_capabilities
) {
4021 SMB2_ENCRYPTION_AES128_GCM
,
4025 /* same client guid */
4026 options2
= options1
;
4027 options2
.only_negprot
= true;
4028 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4031 SMB2_SIGNING_AES128_CMAC
,
4034 options2
.smb3_capabilities
.encryption
= (struct smb3_encryption_capabilities
) {
4037 SMB2_ENCRYPTION_AES128_CCM
,
4041 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
4043 &options1
, &options2
,
4044 NT_STATUS_REQUEST_OUT_OF_SEQUENCE
);
4049 static bool test_session_bind_negative_smb3sneGtoCd(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
4051 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
4052 struct cli_credentials
*credentials
= NULL
;
4054 struct smb2_transport
*transport0
= tree0
->session
->transport
;
4055 struct smbcli_options options1
;
4056 struct smbcli_options options2
;
4059 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
4061 "Can't test without SMB 3.1.1 support");
4064 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
4066 "Can't test without SMB 3.1.1 signing negotiation support");
4069 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
4070 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
4071 ok
= cli_credentials_set_smb_encryption(credentials
,
4072 SMB_ENCRYPTION_REQUIRED
,
4074 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
4076 options1
= transport0
->options
;
4077 options1
.client_guid
= GUID_random();
4078 options1
.min_protocol
= PROTOCOL_SMB3_11
;
4079 options1
.max_protocol
= PROTOCOL_SMB3_11
;
4080 options1
.signing
= SMB_SIGNING_REQUIRED
;
4081 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4084 SMB2_SIGNING_AES128_GMAC
,
4087 options1
.smb3_capabilities
.encryption
= (struct smb3_encryption_capabilities
) {
4090 SMB2_ENCRYPTION_AES128_GCM
,
4094 /* different client guid */
4095 options2
= options1
;
4096 options2
.client_guid
= GUID_random();
4097 options2
.only_negprot
= true;
4098 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4101 SMB2_SIGNING_AES128_CMAC
,
4104 options2
.smb3_capabilities
.encryption
= (struct smb3_encryption_capabilities
) {
4107 SMB2_ENCRYPTION_AES128_CCM
,
4111 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
4113 &options1
, &options2
,
4114 NT_STATUS_REQUEST_OUT_OF_SEQUENCE
);
4119 static bool test_session_bind_negative_smb3sneGtoHs(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
4121 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
4122 struct cli_credentials
*credentials
= NULL
;
4124 struct smb2_transport
*transport0
= tree0
->session
->transport
;
4125 struct smbcli_options options1
;
4126 struct smbcli_options options2
;
4129 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
4131 "Can't test without SMB 3.1.1 support");
4134 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
4136 "Can't test without SMB 3.1.1 signing negotiation support");
4139 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
4140 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
4141 ok
= cli_credentials_set_smb_encryption(credentials
,
4142 SMB_ENCRYPTION_REQUIRED
,
4144 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
4146 options1
= transport0
->options
;
4147 options1
.client_guid
= GUID_random();
4148 options1
.min_protocol
= PROTOCOL_SMB3_11
;
4149 options1
.max_protocol
= PROTOCOL_SMB3_11
;
4150 options1
.signing
= SMB_SIGNING_REQUIRED
;
4151 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4154 SMB2_SIGNING_AES128_GMAC
,
4157 options1
.smb3_capabilities
.encryption
= (struct smb3_encryption_capabilities
) {
4160 SMB2_ENCRYPTION_AES128_GCM
,
4164 /* same client guid */
4165 options2
= options1
;
4166 options2
.only_negprot
= true;
4167 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4170 SMB2_SIGNING_HMAC_SHA256
,
4173 options2
.smb3_capabilities
.encryption
= (struct smb3_encryption_capabilities
) {
4176 SMB2_ENCRYPTION_AES128_CCM
,
4180 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
4182 &options1
, &options2
,
4183 NT_STATUS_REQUEST_OUT_OF_SEQUENCE
);
4188 static bool test_session_bind_negative_smb3sneGtoHd(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
4190 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
4191 struct cli_credentials
*credentials
= NULL
;
4193 struct smb2_transport
*transport0
= tree0
->session
->transport
;
4194 struct smbcli_options options1
;
4195 struct smbcli_options options2
;
4198 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
4200 "Can't test without SMB 3.1.1 support");
4203 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
4205 "Can't test without SMB 3.1.1 signing negotiation support");
4208 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
4209 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
4210 ok
= cli_credentials_set_smb_encryption(credentials
,
4211 SMB_ENCRYPTION_REQUIRED
,
4213 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
4215 options1
= transport0
->options
;
4216 options1
.client_guid
= GUID_random();
4217 options1
.min_protocol
= PROTOCOL_SMB3_11
;
4218 options1
.max_protocol
= PROTOCOL_SMB3_11
;
4219 options1
.signing
= SMB_SIGNING_REQUIRED
;
4220 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4223 SMB2_SIGNING_AES128_GMAC
,
4226 options1
.smb3_capabilities
.encryption
= (struct smb3_encryption_capabilities
) {
4229 SMB2_ENCRYPTION_AES128_GCM
,
4233 /* different client guid */
4234 options2
= options1
;
4235 options2
.client_guid
= GUID_random();
4236 options2
.only_negprot
= true;
4237 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4240 SMB2_SIGNING_HMAC_SHA256
,
4243 options2
.smb3_capabilities
.encryption
= (struct smb3_encryption_capabilities
) {
4246 SMB2_ENCRYPTION_AES128_CCM
,
4250 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
4252 &options1
, &options2
,
4253 NT_STATUS_REQUEST_OUT_OF_SEQUENCE
);
4258 static bool test_session_bind_negative_smb3sneCtoGs(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
4260 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
4261 struct cli_credentials
*credentials
= NULL
;
4263 struct smb2_transport
*transport0
= tree0
->session
->transport
;
4264 struct smbcli_options options1
;
4265 struct smbcli_options options2
;
4268 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
4270 "Can't test without SMB 3.1.1 support");
4273 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
4275 "Can't test without SMB 3.1.1 signing negotiation support");
4278 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
4279 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
4280 ok
= cli_credentials_set_smb_encryption(credentials
,
4281 SMB_ENCRYPTION_REQUIRED
,
4283 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
4285 options1
= transport0
->options
;
4286 options1
.client_guid
= GUID_random();
4287 options1
.min_protocol
= PROTOCOL_SMB3_11
;
4288 options1
.max_protocol
= PROTOCOL_SMB3_11
;
4289 options1
.signing
= SMB_SIGNING_REQUIRED
;
4290 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4293 SMB2_SIGNING_AES128_CMAC
,
4296 options1
.smb3_capabilities
.encryption
= (struct smb3_encryption_capabilities
) {
4299 SMB2_ENCRYPTION_AES128_CCM
,
4303 /* same client guid */
4304 options2
= options1
;
4305 options2
.only_negprot
= true;
4306 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4309 SMB2_SIGNING_AES128_GMAC
,
4312 options2
.smb3_capabilities
.encryption
= (struct smb3_encryption_capabilities
) {
4315 SMB2_ENCRYPTION_AES128_GCM
,
4319 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
4321 &options1
, &options2
,
4322 NT_STATUS_NOT_SUPPORTED
);
4327 static bool test_session_bind_negative_smb3sneCtoGd(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
4329 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
4330 struct cli_credentials
*credentials
= NULL
;
4332 struct smb2_transport
*transport0
= tree0
->session
->transport
;
4333 struct smbcli_options options1
;
4334 struct smbcli_options options2
;
4337 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
4339 "Can't test without SMB 3.1.1 support");
4342 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
4344 "Can't test without SMB 3.1.1 signing negotiation support");
4347 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
4348 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
4349 ok
= cli_credentials_set_smb_encryption(credentials
,
4350 SMB_ENCRYPTION_REQUIRED
,
4352 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
4354 options1
= transport0
->options
;
4355 options1
.client_guid
= GUID_random();
4356 options1
.min_protocol
= PROTOCOL_SMB3_11
;
4357 options1
.max_protocol
= PROTOCOL_SMB3_11
;
4358 options1
.signing
= SMB_SIGNING_REQUIRED
;
4359 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4362 SMB2_SIGNING_AES128_CMAC
,
4365 options1
.smb3_capabilities
.encryption
= (struct smb3_encryption_capabilities
) {
4368 SMB2_ENCRYPTION_AES128_CCM
,
4372 /* different client guid */
4373 options2
= options1
;
4374 options2
.client_guid
= GUID_random();
4375 options2
.only_negprot
= true;
4376 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4379 SMB2_SIGNING_AES128_GMAC
,
4382 options2
.smb3_capabilities
.encryption
= (struct smb3_encryption_capabilities
) {
4385 SMB2_ENCRYPTION_AES128_GCM
,
4389 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
4391 &options1
, &options2
,
4392 NT_STATUS_NOT_SUPPORTED
);
4397 static bool test_session_bind_negative_smb3sneHtoGs(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
4399 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
4400 struct cli_credentials
*credentials
= NULL
;
4402 struct smb2_transport
*transport0
= tree0
->session
->transport
;
4403 struct smbcli_options options1
;
4404 struct smbcli_options options2
;
4407 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
4409 "Can't test without SMB 3.1.1 support");
4412 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
4414 "Can't test without SMB 3.1.1 signing negotiation support");
4417 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
4418 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
4419 ok
= cli_credentials_set_smb_encryption(credentials
,
4420 SMB_ENCRYPTION_REQUIRED
,
4422 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
4424 options1
= transport0
->options
;
4425 options1
.client_guid
= GUID_random();
4426 options1
.min_protocol
= PROTOCOL_SMB3_11
;
4427 options1
.max_protocol
= PROTOCOL_SMB3_11
;
4428 options1
.signing
= SMB_SIGNING_REQUIRED
;
4429 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4432 SMB2_SIGNING_HMAC_SHA256
,
4435 options1
.smb3_capabilities
.encryption
= (struct smb3_encryption_capabilities
) {
4438 SMB2_ENCRYPTION_AES128_CCM
,
4442 /* same client guid */
4443 options2
= options1
;
4444 options2
.only_negprot
= true;
4445 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4448 SMB2_SIGNING_AES128_GMAC
,
4451 options2
.smb3_capabilities
.encryption
= (struct smb3_encryption_capabilities
) {
4454 SMB2_ENCRYPTION_AES128_GCM
,
4458 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
4460 &options1
, &options2
,
4461 NT_STATUS_NOT_SUPPORTED
);
4466 static bool test_session_bind_negative_smb3sneHtoGd(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
4468 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
4469 struct cli_credentials
*credentials
= NULL
;
4471 struct smb2_transport
*transport0
= tree0
->session
->transport
;
4472 struct smbcli_options options1
;
4473 struct smbcli_options options2
;
4476 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
4478 "Can't test without SMB 3.1.1 support");
4481 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
4483 "Can't test without SMB 3.1.1 signing negotiation support");
4486 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
4487 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
4488 ok
= cli_credentials_set_smb_encryption(credentials
,
4489 SMB_ENCRYPTION_REQUIRED
,
4491 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
4493 options1
= transport0
->options
;
4494 options1
.client_guid
= GUID_random();
4495 options1
.min_protocol
= PROTOCOL_SMB3_11
;
4496 options1
.max_protocol
= PROTOCOL_SMB3_11
;
4497 options1
.signing
= SMB_SIGNING_REQUIRED
;
4498 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4501 SMB2_SIGNING_HMAC_SHA256
,
4504 options1
.smb3_capabilities
.encryption
= (struct smb3_encryption_capabilities
) {
4507 SMB2_ENCRYPTION_AES128_CCM
,
4511 /* different client guid */
4512 options2
= options1
;
4513 options2
.client_guid
= GUID_random();
4514 options2
.only_negprot
= true;
4515 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4518 SMB2_SIGNING_AES128_GMAC
,
4521 options2
.smb3_capabilities
.encryption
= (struct smb3_encryption_capabilities
) {
4524 SMB2_ENCRYPTION_AES128_GCM
,
4528 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
4530 &options1
, &options2
,
4531 NT_STATUS_NOT_SUPPORTED
);
4536 static bool test_session_bind_negative_smb3signC30toGs(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
4538 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
4539 struct cli_credentials
*credentials
= NULL
;
4541 struct smb2_transport
*transport0
= tree0
->session
->transport
;
4542 struct smbcli_options options1
;
4543 struct smbcli_options options2
;
4546 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
4548 "Can't test without SMB 3.1.1 support");
4551 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
4553 "Can't test without SMB 3.1.1 signing negotiation support");
4556 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
4557 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
4558 ok
= cli_credentials_set_smb_encryption(credentials
,
4559 SMB_ENCRYPTION_REQUIRED
,
4561 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
4563 options1
= transport0
->options
;
4564 options1
.client_guid
= GUID_random();
4565 options1
.min_protocol
= PROTOCOL_SMB3_00
;
4566 options1
.max_protocol
= PROTOCOL_SMB3_02
;
4567 options1
.signing
= SMB_SIGNING_REQUIRED
;
4569 /* same client guid */
4570 options2
= options1
;
4571 options2
.only_negprot
= true;
4572 options2
.min_protocol
= PROTOCOL_SMB3_11
;
4573 options2
.max_protocol
= PROTOCOL_SMB3_11
;
4574 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4577 SMB2_SIGNING_AES128_GMAC
,
4581 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
4583 &options1
, &options2
,
4584 NT_STATUS_NOT_SUPPORTED
);
4589 static bool test_session_bind_negative_smb3signC30toGd(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
4591 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
4592 struct cli_credentials
*credentials
= NULL
;
4594 struct smb2_transport
*transport0
= tree0
->session
->transport
;
4595 struct smbcli_options options1
;
4596 struct smbcli_options options2
;
4599 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
4601 "Can't test without SMB 3.1.1 support");
4604 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
4606 "Can't test without SMB 3.1.1 signing negotiation support");
4609 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
4610 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
4611 ok
= cli_credentials_set_smb_encryption(credentials
,
4612 SMB_ENCRYPTION_REQUIRED
,
4614 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
4616 options1
= transport0
->options
;
4617 options1
.client_guid
= GUID_random();
4618 options1
.min_protocol
= PROTOCOL_SMB3_00
;
4619 options1
.max_protocol
= PROTOCOL_SMB3_02
;
4620 options1
.signing
= SMB_SIGNING_REQUIRED
;
4622 /* different client guid */
4623 options2
= options1
;
4624 options2
.client_guid
= GUID_random();
4625 options2
.only_negprot
= true;
4626 options2
.min_protocol
= PROTOCOL_SMB3_11
;
4627 options2
.max_protocol
= PROTOCOL_SMB3_11
;
4628 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4631 SMB2_SIGNING_AES128_GMAC
,
4635 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
4637 &options1
, &options2
,
4638 NT_STATUS_NOT_SUPPORTED
);
4643 static bool test_session_bind_negative_smb3signH2XtoGs(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
4645 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
4646 struct cli_credentials
*credentials
= NULL
;
4648 struct smb2_transport
*transport0
= tree0
->session
->transport
;
4649 struct smbcli_options options1
;
4650 struct smbcli_options options2
;
4654 encrypted
= smb2cli_tcon_is_encryption_on(tree0
->smbXcli
);
4657 "Can't test SMB 2.10 if encryption is required");
4660 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
4662 "Can't test without SMB 3.1.1 support");
4665 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
4667 "Can't test without SMB 3.1.1 signing negotiation support");
4670 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
4671 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
4672 ok
= cli_credentials_set_smb_encryption(credentials
,
4675 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
4677 options1
= transport0
->options
;
4678 options1
.client_guid
= GUID_random();
4679 options1
.min_protocol
= PROTOCOL_SMB2_02
;
4680 options1
.max_protocol
= PROTOCOL_SMB2_10
;
4681 options1
.signing
= SMB_SIGNING_REQUIRED
;
4683 /* same client guid */
4684 options2
= options1
;
4685 options2
.only_negprot
= true;
4686 options2
.min_protocol
= PROTOCOL_SMB3_11
;
4687 options2
.max_protocol
= PROTOCOL_SMB3_11
;
4688 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4691 SMB2_SIGNING_AES128_GMAC
,
4695 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
4697 &options1
, &options2
,
4698 NT_STATUS_NOT_SUPPORTED
);
4703 static bool test_session_bind_negative_smb3signH2XtoGd(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
4705 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
4706 struct cli_credentials
*credentials
= NULL
;
4708 struct smb2_transport
*transport0
= tree0
->session
->transport
;
4709 struct smbcli_options options1
;
4710 struct smbcli_options options2
;
4714 encrypted
= smb2cli_tcon_is_encryption_on(tree0
->smbXcli
);
4717 "Can't test SMB 2.10 if encryption is required");
4720 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
4722 "Can't test without SMB 3.1.1 support");
4725 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
4727 "Can't test without SMB 3.1.1 signing negotiation support");
4730 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
4731 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
4732 ok
= cli_credentials_set_smb_encryption(credentials
,
4735 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
4737 options1
= transport0
->options
;
4738 options1
.client_guid
= GUID_random();
4739 options1
.min_protocol
= PROTOCOL_SMB2_02
;
4740 options1
.max_protocol
= PROTOCOL_SMB2_10
;
4741 options1
.signing
= SMB_SIGNING_REQUIRED
;
4743 /* different client guid */
4744 options2
= options1
;
4745 options2
.client_guid
= GUID_random();
4746 options2
.only_negprot
= true;
4747 options2
.min_protocol
= PROTOCOL_SMB3_11
;
4748 options2
.max_protocol
= PROTOCOL_SMB3_11
;
4749 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4752 SMB2_SIGNING_AES128_GMAC
,
4756 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
4758 &options1
, &options2
,
4759 NT_STATUS_NOT_SUPPORTED
);
4764 static bool test_session_bind_negative_smb3signGtoC30s(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
4766 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
4767 struct cli_credentials
*credentials
= NULL
;
4769 struct smb2_transport
*transport0
= tree0
->session
->transport
;
4770 struct smbcli_options options1
;
4771 struct smbcli_options options2
;
4774 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
4776 "Can't test without SMB 3.1.1 support");
4779 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
4781 "Can't test without SMB 3.1.1 signing negotiation support");
4784 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
4785 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
4786 ok
= cli_credentials_set_smb_encryption(credentials
,
4787 SMB_ENCRYPTION_REQUIRED
,
4789 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
4791 options1
= transport0
->options
;
4792 options1
.client_guid
= GUID_random();
4793 options1
.min_protocol
= PROTOCOL_SMB3_11
;
4794 options1
.max_protocol
= PROTOCOL_SMB3_11
;
4795 options1
.signing
= SMB_SIGNING_REQUIRED
;
4796 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4799 SMB2_SIGNING_AES128_GMAC
,
4803 /* same client guid */
4804 options2
= options1
;
4805 options2
.only_negprot
= true;
4806 options2
.min_protocol
= PROTOCOL_SMB3_00
;
4807 options2
.max_protocol
= PROTOCOL_SMB3_02
;
4808 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4811 SMB2_SIGNING_AES128_CMAC
,
4815 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
4817 &options1
, &options2
,
4818 NT_STATUS_REQUEST_OUT_OF_SEQUENCE
);
4823 static bool test_session_bind_negative_smb3signGtoC30d(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
4825 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
4826 struct cli_credentials
*credentials
= NULL
;
4828 struct smb2_transport
*transport0
= tree0
->session
->transport
;
4829 struct smbcli_options options1
;
4830 struct smbcli_options options2
;
4833 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
4835 "Can't test without SMB 3.1.1 support");
4838 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
4840 "Can't test without SMB 3.1.1 signing negotiation support");
4843 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
4844 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
4845 ok
= cli_credentials_set_smb_encryption(credentials
,
4846 SMB_ENCRYPTION_REQUIRED
,
4848 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
4850 options1
= transport0
->options
;
4851 options1
.client_guid
= GUID_random();
4852 options1
.min_protocol
= PROTOCOL_SMB3_11
;
4853 options1
.max_protocol
= PROTOCOL_SMB3_11
;
4854 options1
.signing
= SMB_SIGNING_REQUIRED
;
4855 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4858 SMB2_SIGNING_AES128_GMAC
,
4862 /* different client guid */
4863 options2
= options1
;
4864 options2
.client_guid
= GUID_random();
4865 options2
.only_negprot
= true;
4866 options2
.min_protocol
= PROTOCOL_SMB3_00
;
4867 options2
.max_protocol
= PROTOCOL_SMB3_02
;
4868 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4871 SMB2_SIGNING_AES128_CMAC
,
4875 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
4877 &options1
, &options2
,
4878 NT_STATUS_REQUEST_OUT_OF_SEQUENCE
);
4883 static bool test_session_bind_negative_smb3signGtoH2Xs(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
4885 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
4886 struct cli_credentials
*credentials
= NULL
;
4888 struct smb2_transport
*transport0
= tree0
->session
->transport
;
4889 struct smbcli_options options1
;
4890 struct smbcli_options options2
;
4894 encrypted
= smb2cli_tcon_is_encryption_on(tree0
->smbXcli
);
4897 "Can't test SMB 2.10 if encryption is required");
4900 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
4902 "Can't test without SMB 3.1.1 support");
4905 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
4907 "Can't test without SMB 3.1.1 signing negotiation support");
4910 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
4911 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
4912 ok
= cli_credentials_set_smb_encryption(credentials
,
4913 SMB_ENCRYPTION_REQUIRED
,
4915 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
4917 options1
= transport0
->options
;
4918 options1
.client_guid
= GUID_random();
4919 options1
.min_protocol
= PROTOCOL_SMB3_11
;
4920 options1
.max_protocol
= PROTOCOL_SMB3_11
;
4921 options1
.signing
= SMB_SIGNING_REQUIRED
;
4922 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4925 SMB2_SIGNING_AES128_GMAC
,
4929 /* same client guid */
4930 options2
= options1
;
4931 options2
.only_negprot
= true;
4932 options2
.min_protocol
= PROTOCOL_SMB2_02
;
4933 options2
.max_protocol
= PROTOCOL_SMB2_10
;
4934 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4937 SMB2_SIGNING_HMAC_SHA256
,
4941 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
4943 &options1
, &options2
,
4944 NT_STATUS_REQUEST_OUT_OF_SEQUENCE
);
4949 static bool test_session_bind_negative_smb3signGtoH2Xd(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
4951 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
4952 struct cli_credentials
*credentials
= NULL
;
4954 struct smb2_transport
*transport0
= tree0
->session
->transport
;
4955 struct smbcli_options options1
;
4956 struct smbcli_options options2
;
4960 encrypted
= smb2cli_tcon_is_encryption_on(tree0
->smbXcli
);
4963 "Can't test SMB 2.10 if encryption is required");
4966 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
4968 "Can't test without SMB 3.1.1 support");
4971 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
4973 "Can't test without SMB 3.1.1 signing negotiation support");
4976 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
4977 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
4978 ok
= cli_credentials_set_smb_encryption(credentials
,
4979 SMB_ENCRYPTION_REQUIRED
,
4981 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
4983 options1
= transport0
->options
;
4984 options1
.client_guid
= GUID_random();
4985 options1
.min_protocol
= PROTOCOL_SMB3_11
;
4986 options1
.max_protocol
= PROTOCOL_SMB3_11
;
4987 options1
.signing
= SMB_SIGNING_REQUIRED
;
4988 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
4991 SMB2_SIGNING_AES128_GMAC
,
4995 /* different client guid */
4996 options2
= options1
;
4997 options2
.client_guid
= GUID_random();
4998 options2
.only_negprot
= true;
4999 options2
.min_protocol
= PROTOCOL_SMB2_02
;
5000 options2
.max_protocol
= PROTOCOL_SMB2_10
;
5001 options2
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
5004 SMB2_SIGNING_HMAC_SHA256
,
5008 ret
= test_session_bind_negative_smbXtoX(tctx
, __func__
,
5010 &options1
, &options2
,
5011 NT_STATUS_REQUEST_OUT_OF_SEQUENCE
);
5016 static bool test_session_two_logoff(struct torture_context
*tctx
,
5017 struct smb2_tree
*tree1
)
5021 struct smbcli_options transport2_options
;
5022 struct smb2_tree
*tree2
= NULL
;
5023 struct smb2_session
*session2
= NULL
;
5024 struct smb2_session
*session1
= tree1
->session
;
5025 struct smb2_transport
*transport1
= tree1
->session
->transport
;
5026 struct smb2_transport
*transport2
;
5029 /* Connect 2nd connection */
5030 torture_comment(tctx
, "connect tree2 with the same client_guid\n");
5031 transport2_options
= transport1
->options
;
5032 ok
= torture_smb2_connection_ext(tctx
, 0, &transport2_options
, &tree2
);
5033 torture_assert(tctx
, ok
, "couldn't connect tree2\n");
5034 transport2
= tree2
->session
->transport
;
5035 session2
= tree2
->session
;
5037 torture_comment(tctx
, "session2: logoff\n");
5038 status
= smb2_logoff(session2
);
5039 torture_assert_ntstatus_ok(tctx
, status
, "session2: logoff");
5040 torture_comment(tctx
, "transport2: keepalive\n");
5041 status
= smb2_keepalive(transport2
);
5042 torture_assert_ntstatus_ok(tctx
, status
, "transport2: keepalive");
5043 torture_comment(tctx
, "transport2: disconnect\n");
5046 torture_comment(tctx
, "session1: logoff\n");
5047 status
= smb2_logoff(session1
);
5048 torture_assert_ntstatus_ok(tctx
, status
, "session1: logoff");
5049 torture_comment(tctx
, "transport1: keepalive\n");
5050 status
= smb2_keepalive(transport1
);
5051 torture_assert_ntstatus_ok(tctx
, status
, "transport1: keepalive");
5052 torture_comment(tctx
, "transport1: disconnect\n");
5058 static bool test_session_sign_enc(struct torture_context
*tctx
,
5059 const char *testname
,
5060 struct cli_credentials
*credentials1
,
5061 const struct smbcli_options
*options1
)
5063 const char *host
= torture_setting_string(tctx
, "host", NULL
);
5064 const char *share
= torture_setting_string(tctx
, "share", NULL
);
5067 struct smb2_tree
*tree1
= NULL
;
5069 struct smb2_handle rh
= {{0}};
5070 struct smb2_handle _h1
;
5071 struct smb2_handle
*h1
= NULL
;
5072 struct smb2_create io1
;
5073 union smb_fileinfo qfinfo1
;
5074 union smb_notify notify
;
5075 struct smb2_request
*req
= NULL
;
5077 status
= smb2_connect(tctx
,
5079 lpcfg_smb_ports(tctx
->lp_ctx
),
5081 lpcfg_resolve_context(tctx
->lp_ctx
),
5086 lpcfg_socket_options(tctx
->lp_ctx
),
5087 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
)
5089 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
5090 "smb2_connect options1 failed");
5092 status
= smb2_util_roothandle(tree1
, &rh
);
5093 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
5094 "smb2_util_roothandle failed");
5096 /* Add some random component to the file name. */
5097 snprintf(fname
, sizeof(fname
), "%s_%s.dat",
5098 testname
, generate_random_str(tctx
, 8));
5100 smb2_util_unlink(tree1
, fname
);
5102 smb2_oplock_create_share(&io1
, fname
,
5103 smb2_util_share_access(""),
5104 smb2_util_oplock_level("b"));
5106 io1
.in
.create_options
|= NTCREATEX_OPTIONS_DELETE_ON_CLOSE
;
5107 status
= smb2_create(tree1
, tctx
, &io1
);
5108 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
5109 "smb2_create failed");
5110 _h1
= io1
.out
.file
.handle
;
5112 CHECK_CREATED(tctx
, &io1
, CREATED
, FILE_ATTRIBUTE_ARCHIVE
);
5113 torture_assert_int_equal(tctx
, io1
.out
.oplock_level
,
5114 smb2_util_oplock_level("b"),
5115 "oplock_level incorrect");
5117 /* Check the initial session is still alive */
5118 ZERO_STRUCT(qfinfo1
);
5119 qfinfo1
.generic
.level
= RAW_FILEINFO_POSITION_INFORMATION
;
5120 qfinfo1
.generic
.in
.file
.handle
= _h1
;
5121 status
= smb2_getinfo_file(tree1
, tctx
, &qfinfo1
);
5122 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
5123 "smb2_getinfo_file failed");
5125 /* ask for a change notify,
5126 on file or directory name changes */
5127 ZERO_STRUCT(notify
);
5128 notify
.smb2
.level
= RAW_NOTIFY_SMB2
;
5129 notify
.smb2
.in
.buffer_size
= 1000;
5130 notify
.smb2
.in
.completion_filter
= FILE_NOTIFY_CHANGE_NAME
;
5131 notify
.smb2
.in
.file
.handle
= rh
;
5132 notify
.smb2
.in
.recursive
= true;
5134 req
= smb2_notify_send(tree1
, &(notify
.smb2
));
5135 WAIT_FOR_ASYNC_RESPONSE(req
);
5137 status
= smb2_cancel(req
);
5138 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
5139 "smb2_cancel failed");
5141 status
= smb2_notify_recv(req
, tctx
, &(notify
.smb2
));
5142 torture_assert_ntstatus_equal_goto(tctx
, status
, NT_STATUS_CANCELLED
,
5144 "smb2_notify_recv failed");
5146 /* Check the initial session is still alive */
5147 ZERO_STRUCT(qfinfo1
);
5148 qfinfo1
.generic
.level
= RAW_FILEINFO_POSITION_INFORMATION
;
5149 qfinfo1
.generic
.in
.file
.handle
= _h1
;
5150 status
= smb2_getinfo_file(tree1
, tctx
, &qfinfo1
);
5151 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
5152 "smb2_getinfo_file failed");
5157 smb2_util_close(tree1
, *h1
);
5164 static bool test_session_signing_hmac_sha_256(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
5166 struct cli_credentials
*credentials
= samba_cmdline_get_creds();
5168 struct smb2_transport
*transport0
= tree0
->session
->transport
;
5169 struct smbcli_options options1
;
5172 encrypted
= smb2cli_tcon_is_encryption_on(tree0
->smbXcli
);
5175 "Can't test signing only if encryption is required");
5178 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
5180 "Can't test without SMB 3.1.1 support");
5183 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
5185 "Can't test without SMB 3.1.1 signing negotiation support");
5188 options1
= transport0
->options
;
5189 options1
.client_guid
= GUID_random();
5190 options1
.min_protocol
= PROTOCOL_SMB3_11
;
5191 options1
.max_protocol
= PROTOCOL_SMB3_11
;
5192 options1
.signing
= SMB_SIGNING_REQUIRED
;
5193 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
5196 SMB2_SIGNING_HMAC_SHA256
,
5200 ret
= test_session_sign_enc(tctx
,
5208 static bool test_session_signing_aes_128_cmac(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
5210 struct cli_credentials
*credentials
= samba_cmdline_get_creds();
5212 struct smb2_transport
*transport0
= tree0
->session
->transport
;
5213 struct smbcli_options options1
;
5216 encrypted
= smb2cli_tcon_is_encryption_on(tree0
->smbXcli
);
5219 "Can't test signing only if encryption is required");
5222 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
5224 "Can't test without SMB 3.1.1 support");
5227 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
5229 "Can't test without SMB 3.1.1 signing negotiation support");
5232 options1
= transport0
->options
;
5233 options1
.client_guid
= GUID_random();
5234 options1
.min_protocol
= PROTOCOL_SMB3_11
;
5235 options1
.max_protocol
= PROTOCOL_SMB3_11
;
5236 options1
.signing
= SMB_SIGNING_REQUIRED
;
5237 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
5240 SMB2_SIGNING_AES128_CMAC
,
5244 ret
= test_session_sign_enc(tctx
,
5252 static bool test_session_signing_aes_128_gmac(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
5254 struct cli_credentials
*credentials
= samba_cmdline_get_creds();
5256 struct smb2_transport
*transport0
= tree0
->session
->transport
;
5257 struct smbcli_options options1
;
5260 encrypted
= smb2cli_tcon_is_encryption_on(tree0
->smbXcli
);
5263 "Can't test signing only if encryption is required");
5266 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
5268 "Can't test without SMB 3.1.1 support");
5271 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
5273 "Can't test without SMB 3.1.1 signing negotiation support");
5276 options1
= transport0
->options
;
5277 options1
.client_guid
= GUID_random();
5278 options1
.min_protocol
= PROTOCOL_SMB3_11
;
5279 options1
.max_protocol
= PROTOCOL_SMB3_11
;
5280 options1
.signing
= SMB_SIGNING_REQUIRED
;
5281 options1
.smb3_capabilities
.signing
= (struct smb3_signing_capabilities
) {
5284 SMB2_SIGNING_AES128_GMAC
,
5288 ret
= test_session_sign_enc(tctx
,
5296 static bool test_session_encryption_aes_128_ccm(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
5298 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
5299 struct cli_credentials
*credentials
= NULL
;
5301 struct smb2_transport
*transport0
= tree0
->session
->transport
;
5302 struct smbcli_options options1
;
5305 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
5307 "Can't test without SMB 3.1.1 support");
5310 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
5312 "Can't test without SMB 3.1.1 signing negotiation support");
5315 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
5316 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
5317 ok
= cli_credentials_set_smb_encryption(credentials
,
5318 SMB_ENCRYPTION_REQUIRED
,
5320 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
5322 options1
= transport0
->options
;
5323 options1
.client_guid
= GUID_random();
5324 options1
.min_protocol
= PROTOCOL_SMB3_11
;
5325 options1
.max_protocol
= PROTOCOL_SMB3_11
;
5326 options1
.signing
= SMB_SIGNING_REQUIRED
;
5327 options1
.smb3_capabilities
.encryption
= (struct smb3_encryption_capabilities
) {
5330 SMB2_ENCRYPTION_AES128_CCM
,
5334 ret
= test_session_sign_enc(tctx
,
5342 static bool test_session_encryption_aes_128_gcm(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
5344 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
5345 struct cli_credentials
*credentials
= NULL
;
5347 struct smb2_transport
*transport0
= tree0
->session
->transport
;
5348 struct smbcli_options options1
;
5351 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
5353 "Can't test without SMB 3.1.1 support");
5356 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
5358 "Can't test without SMB 3.1.1 signing negotiation support");
5361 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
5362 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
5363 ok
= cli_credentials_set_smb_encryption(credentials
,
5364 SMB_ENCRYPTION_REQUIRED
,
5366 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
5368 options1
= transport0
->options
;
5369 options1
.client_guid
= GUID_random();
5370 options1
.min_protocol
= PROTOCOL_SMB3_11
;
5371 options1
.max_protocol
= PROTOCOL_SMB3_11
;
5372 options1
.signing
= SMB_SIGNING_REQUIRED
;
5373 options1
.smb3_capabilities
.encryption
= (struct smb3_encryption_capabilities
) {
5376 SMB2_ENCRYPTION_AES128_GCM
,
5380 ret
= test_session_sign_enc(tctx
,
5388 static bool test_session_encryption_aes_256_ccm(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
5390 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
5391 struct cli_credentials
*credentials
= NULL
;
5393 struct smb2_transport
*transport0
= tree0
->session
->transport
;
5394 struct smbcli_options options1
;
5397 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
5399 "Can't test without SMB 3.1.1 support");
5402 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
5404 "Can't test without SMB 3.1.1 signing negotiation support");
5407 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
5408 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
5409 ok
= cli_credentials_set_smb_encryption(credentials
,
5410 SMB_ENCRYPTION_REQUIRED
,
5412 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
5414 options1
= transport0
->options
;
5415 options1
.client_guid
= GUID_random();
5416 options1
.min_protocol
= PROTOCOL_SMB3_11
;
5417 options1
.max_protocol
= PROTOCOL_SMB3_11
;
5418 options1
.signing
= SMB_SIGNING_REQUIRED
;
5419 options1
.smb3_capabilities
.encryption
= (struct smb3_encryption_capabilities
) {
5422 SMB2_ENCRYPTION_AES256_CCM
,
5426 ret
= test_session_sign_enc(tctx
,
5434 static bool test_session_encryption_aes_256_gcm(struct torture_context
*tctx
, struct smb2_tree
*tree0
)
5436 struct cli_credentials
*credentials0
= samba_cmdline_get_creds();
5437 struct cli_credentials
*credentials
= NULL
;
5439 struct smb2_transport
*transport0
= tree0
->session
->transport
;
5440 struct smbcli_options options1
;
5443 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_11
) {
5445 "Can't test without SMB 3.1.1 support");
5448 if (smb2cli_conn_server_signing_algo(transport0
->conn
) < SMB2_SIGNING_AES128_GMAC
) {
5450 "Can't test without SMB 3.1.1 signing negotiation support");
5453 credentials
= cli_credentials_shallow_copy(tctx
, credentials0
);
5454 torture_assert(tctx
, credentials
!= NULL
, "cli_credentials_shallow_copy");
5455 ok
= cli_credentials_set_smb_encryption(credentials
,
5456 SMB_ENCRYPTION_REQUIRED
,
5458 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
5460 options1
= transport0
->options
;
5461 options1
.client_guid
= GUID_random();
5462 options1
.min_protocol
= PROTOCOL_SMB3_11
;
5463 options1
.max_protocol
= PROTOCOL_SMB3_11
;
5464 options1
.signing
= SMB_SIGNING_REQUIRED
;
5465 options1
.smb3_capabilities
.encryption
= (struct smb3_encryption_capabilities
) {
5468 SMB2_ENCRYPTION_AES256_GCM
,
5472 ret
= test_session_sign_enc(tctx
,
5480 static bool test_session_ntlmssp_bug14932(struct torture_context
*tctx
, struct smb2_tree
*tree
)
5482 struct cli_credentials
*ntlm_creds
=
5483 cli_credentials_shallow_copy(tctx
, samba_cmdline_get_creds());
5487 * This is a NTLMv2_RESPONSE with the strange
5488 * NTLMv2_CLIENT_CHALLENGE used by the net diag
5491 * As we expect an error anyway we fill the
5492 * Response part with 0xab...
5494 static const char *netapp_magic
=
5495 "\xab\xab\xab\xab\xab\xab\xab\xab"
5496 "\xab\xab\xab\xab\xab\xab\xab\xab"
5497 "\x01\x01\x00\x00\x00\x00\x00\x00"
5498 "\x3f\x3f\x3f\x3f\x3f\x3f\x3f\x3f"
5499 "\xb8\x82\x3a\xf1\xb3\xdd\x08\x15"
5500 "\x00\x00\x00\x00\x11\xa2\x08\x81"
5501 "\x50\x38\x22\x78\x2b\x94\x47\xfe"
5502 "\x54\x94\x7b\xff\x17\x27\x5a\xb4"
5503 "\xf4\x18\xba\xdc\x2c\x38\xfd\x5b"
5504 "\xfb\x0e\xc1\x85\x1e\xcc\x92\xbb"
5505 "\x9b\xb1\xc4\xd5\x53\x14\xff\x8c"
5506 "\x76\x49\xf5\x45\x90\x19\xa2";
5507 DATA_BLOB lm_response
= data_blob_talloc_zero(tctx
, 24);
5508 DATA_BLOB lm_session_key
= data_blob_talloc_zero(tctx
, 16);
5509 DATA_BLOB nt_response
= data_blob_const(netapp_magic
, 95);
5510 DATA_BLOB nt_session_key
= data_blob_talloc_zero(tctx
, 16);
5512 cli_credentials_set_kerberos_state(ntlm_creds
,
5513 CRED_USE_KERBEROS_DISABLED
,
5515 cli_credentials_set_ntlm_response(ntlm_creds
,
5521 status
= smb2_session_setup_spnego(tree
->session
,
5523 0 /* previous_session_id */);
5524 torture_assert_ntstatus_equal(tctx
, status
, NT_STATUS_INVALID_PARAMETER
,
5525 "smb2_session_setup_spnego failed");
5530 static bool test_session_anon_encryption1(struct torture_context
*tctx
,
5531 struct smb2_tree
*tree0
)
5533 const char *host
= torture_setting_string(tctx
, "host", NULL
);
5534 const char *share
= "IPC$";
5536 struct smb2_transport
*transport0
= tree0
->session
->transport
;
5537 struct cli_credentials
*anon_creds
= NULL
;
5538 struct smbcli_options options
;
5539 struct smb2_transport
*transport
= NULL
;
5540 struct smb2_session
*anon_session
= NULL
;
5541 struct smb2_tree
*anon_tree
= NULL
;
5544 struct tevent_req
*subreq
= NULL
;
5545 uint32_t timeout_msec
;
5547 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_00
) {
5549 "Can't test without SMB3 support");
5552 unc
= talloc_asprintf(tctx
, "\\\\%s\\%s", host
, share
);
5553 torture_assert(tctx
, unc
!= NULL
, "talloc_asprintf");
5555 anon_creds
= cli_credentials_init_anon(tctx
);
5556 torture_assert(tctx
, anon_creds
!= NULL
, "cli_credentials_init_anon");
5557 ok
= cli_credentials_set_smb_encryption(anon_creds
,
5558 SMB_ENCRYPTION_REQUIRED
,
5560 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
5562 options
= transport0
->options
;
5563 options
.client_guid
= GUID_random();
5564 options
.only_negprot
= true;
5566 status
= smb2_connect(tctx
,
5568 lpcfg_smb_ports(tctx
->lp_ctx
),
5570 lpcfg_resolve_context(tctx
->lp_ctx
),
5575 lpcfg_socket_options(tctx
->lp_ctx
),
5576 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
));
5577 torture_assert_ntstatus_ok(tctx
, status
, "smb2_connect failed");
5578 anon_session
= anon_tree
->session
;
5579 transport
= anon_session
->transport
;
5581 anon_session
->anonymous_session_key
= true;
5582 smb2cli_session_torture_anonymous_encryption(anon_session
->smbXcli
, true);
5584 status
= smb2_session_setup_spnego(anon_session
,
5586 0 /* previous_session_id */);
5587 torture_assert_ntstatus_ok(tctx
, status
,
5588 "smb2_session_setup_spnego failed");
5590 ok
= smbXcli_session_is_authenticated(anon_session
->smbXcli
);
5591 torture_assert(tctx
, !ok
, "smbXcli_session_is_authenticated(anon) wrong");
5594 * The connection is still in ConstrainedConnection state...
5596 * This will use encryption and causes a connection reset
5598 timeout_msec
= transport
->options
.request_timeout
* 1000;
5599 subreq
= smb2cli_tcon_send(tctx
,
5603 anon_session
->smbXcli
,
5607 torture_assert(tctx
, subreq
!= NULL
, "smb2cli_tcon_send");
5609 torture_assert(tctx
,
5610 tevent_req_poll_ntstatus(subreq
, tctx
->ev
, &status
),
5611 "tevent_req_poll_ntstatus");
5613 status
= smb2cli_tcon_recv(subreq
);
5614 TALLOC_FREE(subreq
);
5615 if (NT_STATUS_EQUAL(status
, NT_STATUS_CONNECTION_DISCONNECTED
)) {
5616 status
= NT_STATUS_CONNECTION_RESET
;
5618 torture_assert_ntstatus_equal(tctx
, status
,
5619 NT_STATUS_CONNECTION_RESET
,
5620 "smb2cli_tcon_recv");
5622 ok
= smbXcli_conn_is_connected(transport
->conn
);
5623 torture_assert(tctx
, !ok
, "smbXcli_conn_is_connected still connected");
5628 static bool test_session_anon_encryption2(struct torture_context
*tctx
,
5629 struct smb2_tree
*tree0
)
5631 const char *host
= torture_setting_string(tctx
, "host", NULL
);
5632 const char *share
= "IPC$";
5634 struct smb2_transport
*transport0
= tree0
->session
->transport
;
5635 struct cli_credentials
*_creds
= samba_cmdline_get_creds();
5636 struct cli_credentials
*user_creds
= NULL
;
5637 struct cli_credentials
*anon_creds
= NULL
;
5638 struct smbcli_options options
;
5639 struct smb2_transport
*transport
= NULL
;
5640 struct smb2_session
*user_session
= NULL
;
5641 struct smb2_tree
*user_tree
= NULL
;
5642 struct smb2_session
*anon_session
= NULL
;
5643 struct smb2_tree
*anon_tree
= NULL
;
5644 struct smb2_ioctl ioctl
= {
5645 .level
= RAW_IOCTL_SMB2
,
5655 .function
= FSCTL_QUERY_NETWORK_INTERFACE_INFO
,
5656 /* Windows client sets this to 64KiB */
5657 .max_output_response
= 0x10000,
5658 .flags
= SMB2_IOCTL_FLAG_IS_FSCTL
,
5663 struct tevent_req
*subreq
= NULL
;
5664 uint32_t timeout_msec
;
5665 uint32_t caps
= smb2cli_conn_server_capabilities(transport0
->conn
);
5666 NTSTATUS expected_mc_status
;
5668 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_00
) {
5670 "Can't test without SMB3 support");
5673 if (caps
& SMB2_CAP_MULTI_CHANNEL
) {
5674 expected_mc_status
= NT_STATUS_OK
;
5676 expected_mc_status
= NT_STATUS_FS_DRIVER_REQUIRED
;
5679 unc
= talloc_asprintf(tctx
, "\\\\%s\\%s", host
, share
);
5680 torture_assert(tctx
, unc
!= NULL
, "talloc_asprintf");
5682 user_creds
= cli_credentials_shallow_copy(tctx
, _creds
);
5683 torture_assert(tctx
, user_creds
!= NULL
, "cli_credentials_shallow_copy");
5684 ok
= cli_credentials_set_smb_encryption(user_creds
,
5685 SMB_ENCRYPTION_REQUIRED
,
5687 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
5689 anon_creds
= cli_credentials_init_anon(tctx
);
5690 torture_assert(tctx
, anon_creds
!= NULL
, "cli_credentials_init_anon");
5691 ok
= cli_credentials_set_smb_encryption(anon_creds
,
5692 SMB_ENCRYPTION_REQUIRED
,
5694 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
5696 options
= transport0
->options
;
5697 options
.client_guid
= GUID_random();
5699 status
= smb2_connect(tctx
,
5701 lpcfg_smb_ports(tctx
->lp_ctx
),
5703 lpcfg_resolve_context(tctx
->lp_ctx
),
5708 lpcfg_socket_options(tctx
->lp_ctx
),
5709 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
));
5710 torture_assert_ntstatus_ok(tctx
, status
, "smb2_connect failed");
5711 user_session
= user_tree
->session
;
5712 transport
= user_session
->transport
;
5713 ok
= smb2cli_tcon_is_encryption_on(user_tree
->smbXcli
);
5714 torture_assert(tctx
, ok
, "smb2cli_tcon_is_encryption_on(user)");
5715 ok
= smbXcli_session_is_authenticated(user_session
->smbXcli
);
5716 torture_assert(tctx
, ok
, "smbXcli_session_is_authenticated(user)");
5718 anon_session
= smb2_session_init(transport
,
5719 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
),
5721 torture_assert(tctx
, anon_session
!= NULL
, "smb2_session_init(anon)");
5723 anon_session
->anonymous_session_key
= true;
5724 smb2cli_session_torture_anonymous_encryption(anon_session
->smbXcli
, true);
5726 status
= smb2_session_setup_spnego(anon_session
,
5728 0 /* previous_session_id */);
5729 torture_assert_ntstatus_ok(tctx
, status
,
5730 "smb2_session_setup_spnego failed");
5732 ok
= smb2cli_tcon_is_encryption_on(user_tree
->smbXcli
);
5733 torture_assert(tctx
, ok
, "smb2cli_tcon_is_encryption_on(anon)");
5734 ok
= smbXcli_session_is_authenticated(anon_session
->smbXcli
);
5735 torture_assert(tctx
, !ok
, "smbXcli_session_is_authenticated(anon) wrong");
5737 anon_tree
= smb2_tree_init(anon_session
, tctx
, false);
5738 torture_assert(tctx
, anon_tree
!= NULL
, "smb2_tree_init");
5740 timeout_msec
= transport
->options
.request_timeout
* 1000;
5741 subreq
= smb2cli_tcon_send(tctx
,
5745 anon_session
->smbXcli
,
5749 torture_assert(tctx
, subreq
!= NULL
, "smb2cli_tcon_send");
5751 torture_assert(tctx
,
5752 tevent_req_poll_ntstatus(subreq
, tctx
->ev
, &status
),
5753 "tevent_req_poll_ntstatus");
5755 status
= smb2cli_tcon_recv(subreq
);
5756 TALLOC_FREE(subreq
);
5757 torture_assert_ntstatus_ok(tctx
, status
,
5758 "smb2cli_tcon_recv(anon)");
5760 ok
= smbXcli_conn_is_connected(transport
->conn
);
5761 torture_assert(tctx
, ok
, "smbXcli_conn_is_connected");
5763 ok
= smb2cli_tcon_is_encryption_on(anon_tree
->smbXcli
);
5764 torture_assert(tctx
, ok
, "smb2cli_tcon_is_encryption_on(anon)");
5765 ok
= smbXcli_session_is_authenticated(anon_session
->smbXcli
);
5766 torture_assert(tctx
, !ok
, "smbXcli_session_is_authenticated(anon) wrong");
5768 status
= smb2_ioctl(user_tree
, tctx
, &ioctl
);
5769 torture_assert_ntstatus_equal(tctx
, status
, expected_mc_status
,
5770 "FSCTL_QUERY_NETWORK_INTERFACE_INFO user");
5772 ok
= smbXcli_conn_is_connected(transport
->conn
);
5773 torture_assert(tctx
, ok
, "smbXcli_conn_is_connected");
5775 status
= smb2_ioctl(anon_tree
, tctx
, &ioctl
);
5776 torture_assert_ntstatus_equal(tctx
, status
, expected_mc_status
,
5777 "FSCTL_QUERY_NETWORK_INTERFACE_INFO anonymous");
5779 ok
= smbXcli_conn_is_connected(transport
->conn
);
5780 torture_assert(tctx
, ok
, "smbXcli_conn_is_connected");
5782 status
= smb2_ioctl(user_tree
, tctx
, &ioctl
);
5783 torture_assert_ntstatus_equal(tctx
, status
, expected_mc_status
,
5784 "FSCTL_QUERY_NETWORK_INTERFACE_INFO user");
5786 ok
= smbXcli_conn_is_connected(transport
->conn
);
5787 torture_assert(tctx
, ok
, "smbXcli_conn_is_connected");
5789 status
= smb2_ioctl(anon_tree
, tctx
, &ioctl
);
5790 torture_assert_ntstatus_equal(tctx
, status
, expected_mc_status
,
5791 "FSCTL_QUERY_NETWORK_INTERFACE_INFO anonymous");
5793 ok
= smbXcli_conn_is_connected(transport
->conn
);
5794 torture_assert(tctx
, ok
, "smbXcli_conn_is_connected");
5799 static bool test_session_anon_encryption3(struct torture_context
*tctx
,
5800 struct smb2_tree
*tree0
)
5802 const char *host
= torture_setting_string(tctx
, "host", NULL
);
5803 const char *share
= "IPC$";
5805 struct smb2_transport
*transport0
= tree0
->session
->transport
;
5806 struct cli_credentials
*_creds
= samba_cmdline_get_creds();
5807 struct cli_credentials
*user_creds
= NULL
;
5808 struct cli_credentials
*anon_creds
= NULL
;
5809 struct smbcli_options options
;
5810 struct smb2_transport
*transport
= NULL
;
5811 struct smb2_session
*user_session
= NULL
;
5812 struct smb2_tree
*user_tree
= NULL
;
5813 struct smb2_session
*anon_session
= NULL
;
5814 struct smb2_tree
*anon_tree
= NULL
;
5817 struct tevent_req
*subreq
= NULL
;
5818 uint32_t timeout_msec
;
5819 uint8_t wrong_session_key
[16] = { 0x1f, 0x2f, 0x3f, };
5821 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_00
) {
5823 "Can't test without SMB3 support");
5826 unc
= talloc_asprintf(tctx
, "\\\\%s\\%s", host
, share
);
5827 torture_assert(tctx
, unc
!= NULL
, "talloc_asprintf");
5829 user_creds
= cli_credentials_shallow_copy(tctx
, _creds
);
5830 torture_assert(tctx
, user_creds
!= NULL
, "cli_credentials_shallow_copy");
5831 ok
= cli_credentials_set_smb_encryption(user_creds
,
5832 SMB_ENCRYPTION_REQUIRED
,
5834 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
5836 anon_creds
= cli_credentials_init_anon(tctx
);
5837 torture_assert(tctx
, anon_creds
!= NULL
, "cli_credentials_init_anon");
5838 ok
= cli_credentials_set_smb_encryption(anon_creds
,
5839 SMB_ENCRYPTION_REQUIRED
,
5841 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
5843 options
= transport0
->options
;
5844 options
.client_guid
= GUID_random();
5846 status
= smb2_connect(tctx
,
5848 lpcfg_smb_ports(tctx
->lp_ctx
),
5850 lpcfg_resolve_context(tctx
->lp_ctx
),
5855 lpcfg_socket_options(tctx
->lp_ctx
),
5856 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
));
5857 torture_assert_ntstatus_ok(tctx
, status
, "smb2_connect failed");
5858 user_session
= user_tree
->session
;
5859 transport
= user_session
->transport
;
5860 ok
= smb2cli_tcon_is_encryption_on(user_tree
->smbXcli
);
5861 torture_assert(tctx
, ok
, "smb2cli_tcon_is_encryption_on(user)");
5862 ok
= smbXcli_session_is_authenticated(user_session
->smbXcli
);
5863 torture_assert(tctx
, ok
, "smbXcli_session_is_authenticated(user)");
5865 anon_session
= smb2_session_init(transport
,
5866 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
),
5868 torture_assert(tctx
, anon_session
!= NULL
, "smb2_session_init(anon)");
5870 anon_session
->anonymous_session_key
= true;
5871 anon_session
->forced_session_key
= data_blob_const(wrong_session_key
,
5872 ARRAY_SIZE(wrong_session_key
));
5873 smb2cli_session_torture_anonymous_encryption(anon_session
->smbXcli
, true);
5875 status
= smb2_session_setup_spnego(anon_session
,
5877 0 /* previous_session_id */);
5878 torture_assert_ntstatus_ok(tctx
, status
,
5879 "smb2_session_setup_spnego failed");
5881 ok
= smb2cli_tcon_is_encryption_on(user_tree
->smbXcli
);
5882 torture_assert(tctx
, ok
, "smb2cli_tcon_is_encryption_on(anon)");
5883 ok
= smbXcli_session_is_authenticated(anon_session
->smbXcli
);
5884 torture_assert(tctx
, !ok
, "smbXcli_session_is_authenticated(anon) wrong");
5886 anon_tree
= smb2_tree_init(anon_session
, tctx
, false);
5887 torture_assert(tctx
, anon_tree
!= NULL
, "smb2_tree_init");
5889 timeout_msec
= transport
->options
.request_timeout
* 1000;
5890 subreq
= smb2cli_tcon_send(tctx
,
5894 anon_session
->smbXcli
,
5898 torture_assert(tctx
, subreq
!= NULL
, "smb2cli_tcon_send");
5900 torture_assert(tctx
,
5901 tevent_req_poll_ntstatus(subreq
, tctx
->ev
, &status
),
5902 "tevent_req_poll_ntstatus");
5904 status
= smb2cli_tcon_recv(subreq
);
5905 TALLOC_FREE(subreq
);
5906 if (NT_STATUS_EQUAL(status
, NT_STATUS_CONNECTION_DISCONNECTED
)) {
5907 status
= NT_STATUS_CONNECTION_RESET
;
5909 torture_assert_ntstatus_equal(tctx
, status
,
5910 NT_STATUS_CONNECTION_RESET
,
5911 "smb2cli_tcon_recv");
5913 ok
= smbXcli_conn_is_connected(transport
->conn
);
5914 torture_assert(tctx
, !ok
, "smbXcli_conn_is_connected still connected");
5919 static bool test_session_anon_signing1(struct torture_context
*tctx
,
5920 struct smb2_tree
*tree0
)
5922 const char *host
= torture_setting_string(tctx
, "host", NULL
);
5923 const char *share
= "IPC$";
5925 struct smb2_transport
*transport0
= tree0
->session
->transport
;
5926 struct cli_credentials
*anon_creds
= NULL
;
5927 struct smbcli_options options
;
5928 struct smb2_transport
*transport
= NULL
;
5929 struct smb2_session
*anon_session
= NULL
;
5930 struct smb2_tree
*anon_tree
= NULL
;
5933 struct tevent_req
*subreq
= NULL
;
5934 uint32_t timeout_msec
;
5936 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_00
) {
5938 "Can't test without SMB3 support");
5941 unc
= talloc_asprintf(tctx
, "\\\\%s\\%s", host
, share
);
5942 torture_assert(tctx
, unc
!= NULL
, "talloc_asprintf");
5944 anon_creds
= cli_credentials_init_anon(tctx
);
5945 torture_assert(tctx
, anon_creds
!= NULL
, "cli_credentials_init_anon");
5946 ok
= cli_credentials_set_smb_signing(anon_creds
,
5947 SMB_SIGNING_REQUIRED
,
5949 torture_assert(tctx
, ok
, "cli_credentials_set_smb_signing");
5950 ok
= cli_credentials_set_smb_ipc_signing(anon_creds
,
5951 SMB_SIGNING_REQUIRED
,
5953 torture_assert(tctx
, ok
, "cli_credentials_set_smb_ipc_signing");
5954 ok
= cli_credentials_set_smb_encryption(anon_creds
,
5957 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
5959 options
= transport0
->options
;
5960 options
.client_guid
= GUID_random();
5961 options
.only_negprot
= true;
5962 options
.signing
= SMB_SIGNING_REQUIRED
;
5964 status
= smb2_connect(tctx
,
5966 lpcfg_smb_ports(tctx
->lp_ctx
),
5968 lpcfg_resolve_context(tctx
->lp_ctx
),
5973 lpcfg_socket_options(tctx
->lp_ctx
),
5974 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
));
5975 torture_assert_ntstatus_ok(tctx
, status
, "smb2_connect failed");
5976 anon_session
= anon_tree
->session
;
5977 transport
= anon_session
->transport
;
5979 anon_session
->anonymous_session_key
= true;
5980 smb2cli_session_torture_anonymous_signing(anon_session
->smbXcli
, true);
5982 status
= smb2_session_setup_spnego(anon_session
,
5984 0 /* previous_session_id */);
5985 torture_assert_ntstatus_ok(tctx
, status
,
5986 "smb2_session_setup_spnego failed");
5988 ok
= smbXcli_session_is_authenticated(anon_session
->smbXcli
);
5989 torture_assert(tctx
, !ok
, "smbXcli_session_is_authenticated(anon) wrong");
5991 timeout_msec
= transport
->options
.request_timeout
* 1000;
5992 subreq
= smb2cli_tcon_send(tctx
,
5996 anon_session
->smbXcli
,
6000 torture_assert(tctx
, subreq
!= NULL
, "smb2cli_tcon_send");
6002 torture_assert(tctx
,
6003 tevent_req_poll_ntstatus(subreq
, tctx
->ev
, &status
),
6004 "tevent_req_poll_ntstatus");
6006 status
= smb2cli_tcon_recv(subreq
);
6007 TALLOC_FREE(subreq
);
6008 torture_assert_ntstatus_ok(tctx
, status
, "smb2cli_tcon_recv");
6010 ok
= smbXcli_conn_is_connected(transport
->conn
);
6011 torture_assert(tctx
, ok
, "smbXcli_conn_is_connected");
6016 static bool test_session_anon_signing2(struct torture_context
*tctx
,
6017 struct smb2_tree
*tree0
)
6019 const char *host
= torture_setting_string(tctx
, "host", NULL
);
6020 const char *share
= "IPC$";
6022 struct smb2_transport
*transport0
= tree0
->session
->transport
;
6023 struct cli_credentials
*anon_creds
= NULL
;
6024 struct smbcli_options options
;
6025 struct smb2_transport
*transport
= NULL
;
6026 struct smb2_session
*anon_session
= NULL
;
6027 struct smb2_session
*anon_session_nosign
= NULL
;
6028 struct smb2_tree
*anon_tree
= NULL
;
6031 struct tevent_req
*subreq
= NULL
;
6032 uint32_t timeout_msec
;
6033 uint8_t wrong_session_key
[16] = { 0x1f, 0x2f, 0x3f, };
6034 uint64_t session_id
;
6036 if (smbXcli_conn_protocol(transport0
->conn
) < PROTOCOL_SMB3_00
) {
6038 "Can't test without SMB3 support");
6041 unc
= talloc_asprintf(tctx
, "\\\\%s\\%s", host
, share
);
6042 torture_assert(tctx
, unc
!= NULL
, "talloc_asprintf");
6044 anon_creds
= cli_credentials_init_anon(tctx
);
6045 torture_assert(tctx
, anon_creds
!= NULL
, "cli_credentials_init_anon");
6046 ok
= cli_credentials_set_smb_signing(anon_creds
,
6047 SMB_SIGNING_REQUIRED
,
6049 torture_assert(tctx
, ok
, "cli_credentials_set_smb_signing");
6050 ok
= cli_credentials_set_smb_ipc_signing(anon_creds
,
6051 SMB_SIGNING_REQUIRED
,
6053 torture_assert(tctx
, ok
, "cli_credentials_set_smb_ipc_signing");
6054 ok
= cli_credentials_set_smb_encryption(anon_creds
,
6057 torture_assert(tctx
, ok
, "cli_credentials_set_smb_encryption");
6059 options
= transport0
->options
;
6060 options
.client_guid
= GUID_random();
6061 options
.only_negprot
= true;
6062 options
.signing
= SMB_SIGNING_REQUIRED
;
6064 status
= smb2_connect(tctx
,
6066 lpcfg_smb_ports(tctx
->lp_ctx
),
6068 lpcfg_resolve_context(tctx
->lp_ctx
),
6073 lpcfg_socket_options(tctx
->lp_ctx
),
6074 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
));
6075 torture_assert_ntstatus_ok(tctx
, status
, "smb2_connect failed");
6076 anon_session
= anon_tree
->session
;
6077 transport
= anon_session
->transport
;
6079 anon_session
->anonymous_session_key
= true;
6080 anon_session
->forced_session_key
= data_blob_const(wrong_session_key
,
6081 ARRAY_SIZE(wrong_session_key
));
6082 smb2cli_session_torture_anonymous_signing(anon_session
->smbXcli
, true);
6083 smb2cli_session_torture_no_signing_disconnect(anon_session
->smbXcli
);
6085 status
= smb2_session_setup_spnego(anon_session
,
6087 0 /* previous_session_id */);
6088 torture_assert_ntstatus_ok(tctx
, status
,
6089 "smb2_session_setup_spnego failed");
6091 ok
= smbXcli_session_is_authenticated(anon_session
->smbXcli
);
6092 torture_assert(tctx
, !ok
, "smbXcli_session_is_authenticated(anon) wrong");
6095 * create a new structure for the same session id,
6096 * but without smb2.should_sign set.
6098 session_id
= smb2cli_session_current_id(anon_session
->smbXcli
);
6099 anon_session_nosign
= smb2_session_init(transport
,
6100 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
),
6102 torture_assert(tctx
, anon_session_nosign
!= NULL
, "smb2_session_init(anon_nosign)");
6103 smb2cli_session_set_id_and_flags(anon_session_nosign
->smbXcli
, session_id
, 0);
6104 smb2cli_session_torture_no_signing_disconnect(anon_session_nosign
->smbXcli
);
6106 timeout_msec
= transport
->options
.request_timeout
* 1000;
6107 subreq
= smb2cli_tcon_send(tctx
,
6111 anon_session
->smbXcli
,
6115 torture_assert(tctx
, subreq
!= NULL
, "smb2cli_tcon_send");
6117 torture_assert(tctx
,
6118 tevent_req_poll_ntstatus(subreq
, tctx
->ev
, &status
),
6119 "tevent_req_poll_ntstatus");
6121 status
= smb2cli_tcon_recv(subreq
);
6122 TALLOC_FREE(subreq
);
6123 torture_assert_ntstatus_equal(tctx
, status
,
6124 NT_STATUS_ACCESS_DENIED
,
6125 "smb2cli_tcon_recv");
6127 ok
= smbXcli_conn_is_connected(transport
->conn
);
6128 torture_assert(tctx
, ok
, "smbXcli_conn_is_connected");
6130 subreq
= smb2cli_tcon_send(tctx
,
6134 anon_session_nosign
->smbXcli
,
6138 torture_assert(tctx
, subreq
!= NULL
, "smb2cli_tcon_send");
6140 torture_assert(tctx
,
6141 tevent_req_poll_ntstatus(subreq
, tctx
->ev
, &status
),
6142 "tevent_req_poll_ntstatus");
6144 status
= smb2cli_tcon_recv(subreq
);
6145 TALLOC_FREE(subreq
);
6146 torture_assert_ntstatus_ok(tctx
, status
, "smb2cli_tcon_recv");
6148 ok
= smbXcli_conn_is_connected(transport
->conn
);
6149 torture_assert(tctx
, ok
, "smbXcli_conn_is_connected");
6154 struct torture_suite
*torture_smb2_session_init(TALLOC_CTX
*ctx
)
6156 struct torture_suite
*suite
=
6157 torture_suite_create(ctx
, "session");
6159 torture_suite_add_1smb2_test(suite
, "reconnect1", test_session_reconnect1
);
6160 torture_suite_add_1smb2_test(suite
, "reconnect2", test_session_reconnect2
);
6161 torture_suite_add_1smb2_test(suite
, "reauth1", test_session_reauth1
);
6162 torture_suite_add_1smb2_test(suite
, "reauth2", test_session_reauth2
);
6163 torture_suite_add_1smb2_test(suite
, "reauth3", test_session_reauth3
);
6164 torture_suite_add_1smb2_test(suite
, "reauth4", test_session_reauth4
);
6165 torture_suite_add_1smb2_test(suite
, "reauth5", test_session_reauth5
);
6166 torture_suite_add_1smb2_test(suite
, "reauth6", test_session_reauth6
);
6167 torture_suite_add_simple_test(suite
, "expire1n", test_session_expire1n
);
6168 torture_suite_add_simple_test(suite
, "expire1s", test_session_expire1s
);
6169 torture_suite_add_simple_test(suite
, "expire1e", test_session_expire1e
);
6170 torture_suite_add_simple_test(suite
, "expire2s", test_session_expire2s
);
6171 torture_suite_add_simple_test(suite
, "expire2e", test_session_expire2e
);
6172 torture_suite_add_simple_test(suite
, "expire_disconnect",
6173 test_session_expire_disconnect
);
6174 torture_suite_add_1smb2_test(suite
, "bind1", test_session_bind1
);
6175 torture_suite_add_1smb2_test(suite
, "bind2", test_session_bind2
);
6176 torture_suite_add_1smb2_test(suite
, "bind_invalid_auth", test_session_bind_invalid_auth
);
6177 torture_suite_add_1smb2_test(suite
, "bind_different_user", test_session_bind_different_user
);
6178 torture_suite_add_1smb2_test(suite
, "bind_negative_smb202", test_session_bind_negative_smb202
);
6179 torture_suite_add_1smb2_test(suite
, "bind_negative_smb210s", test_session_bind_negative_smb210s
);
6180 torture_suite_add_1smb2_test(suite
, "bind_negative_smb210d", test_session_bind_negative_smb210d
);
6181 torture_suite_add_1smb2_test(suite
, "bind_negative_smb2to3s", test_session_bind_negative_smb2to3s
);
6182 torture_suite_add_1smb2_test(suite
, "bind_negative_smb2to3d", test_session_bind_negative_smb2to3d
);
6183 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3to2s", test_session_bind_negative_smb3to2s
);
6184 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3to2d", test_session_bind_negative_smb3to2d
);
6185 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3to3s", test_session_bind_negative_smb3to3s
);
6186 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3to3d", test_session_bind_negative_smb3to3d
);
6187 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3encGtoCs", test_session_bind_negative_smb3encGtoCs
);
6188 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3encGtoCd", test_session_bind_negative_smb3encGtoCd
);
6189 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3signCtoHs", test_session_bind_negative_smb3signCtoHs
);
6190 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3signCtoHd", test_session_bind_negative_smb3signCtoHd
);
6191 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3signCtoGs", test_session_bind_negative_smb3signCtoGs
);
6192 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3signCtoGd", test_session_bind_negative_smb3signCtoGd
);
6193 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3signHtoCs", test_session_bind_negative_smb3signHtoCs
);
6194 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3signHtoCd", test_session_bind_negative_smb3signHtoCd
);
6195 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3signHtoGs", test_session_bind_negative_smb3signHtoGs
);
6196 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3signHtoGd", test_session_bind_negative_smb3signHtoGd
);
6197 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3signGtoCs", test_session_bind_negative_smb3signGtoCs
);
6198 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3signGtoCd", test_session_bind_negative_smb3signGtoCd
);
6199 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3signGtoHs", test_session_bind_negative_smb3signGtoHs
);
6200 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3signGtoHd", test_session_bind_negative_smb3signGtoHd
);
6201 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3sneGtoCs", test_session_bind_negative_smb3sneGtoCs
);
6202 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3sneGtoCd", test_session_bind_negative_smb3sneGtoCd
);
6203 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3sneGtoHs", test_session_bind_negative_smb3sneGtoHs
);
6204 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3sneGtoHd", test_session_bind_negative_smb3sneGtoHd
);
6205 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3sneCtoGs", test_session_bind_negative_smb3sneCtoGs
);
6206 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3sneCtoGd", test_session_bind_negative_smb3sneCtoGd
);
6207 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3sneHtoGs", test_session_bind_negative_smb3sneHtoGs
);
6208 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3sneHtoGd", test_session_bind_negative_smb3sneHtoGd
);
6209 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3signC30toGs", test_session_bind_negative_smb3signC30toGs
);
6210 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3signC30toGd", test_session_bind_negative_smb3signC30toGd
);
6211 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3signH2XtoGs", test_session_bind_negative_smb3signH2XtoGs
);
6212 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3signH2XtoGd", test_session_bind_negative_smb3signH2XtoGd
);
6213 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3signGtoC30s", test_session_bind_negative_smb3signGtoC30s
);
6214 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3signGtoC30d", test_session_bind_negative_smb3signGtoC30d
);
6215 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3signGtoH2Xs", test_session_bind_negative_smb3signGtoH2Xs
);
6216 torture_suite_add_1smb2_test(suite
, "bind_negative_smb3signGtoH2Xd", test_session_bind_negative_smb3signGtoH2Xd
);
6217 torture_suite_add_1smb2_test(suite
, "two_logoff", test_session_two_logoff
);
6218 torture_suite_add_1smb2_test(suite
, "signing-hmac-sha-256", test_session_signing_hmac_sha_256
);
6219 torture_suite_add_1smb2_test(suite
, "signing-aes-128-cmac", test_session_signing_aes_128_cmac
);
6220 torture_suite_add_1smb2_test(suite
, "signing-aes-128-gmac", test_session_signing_aes_128_gmac
);
6221 torture_suite_add_1smb2_test(suite
, "encryption-aes-128-ccm", test_session_encryption_aes_128_ccm
);
6222 torture_suite_add_1smb2_test(suite
, "encryption-aes-128-gcm", test_session_encryption_aes_128_gcm
);
6223 torture_suite_add_1smb2_test(suite
, "encryption-aes-256-ccm", test_session_encryption_aes_256_ccm
);
6224 torture_suite_add_1smb2_test(suite
, "encryption-aes-256-gcm", test_session_encryption_aes_256_gcm
);
6225 torture_suite_add_1smb2_test(suite
, "ntlmssp_bug14932", test_session_ntlmssp_bug14932
);
6226 torture_suite_add_1smb2_test(suite
, "anon-encryption1", test_session_anon_encryption1
);
6227 torture_suite_add_1smb2_test(suite
, "anon-encryption2", test_session_anon_encryption2
);
6228 torture_suite_add_1smb2_test(suite
, "anon-encryption3", test_session_anon_encryption3
);
6229 torture_suite_add_1smb2_test(suite
, "anon-signing1", test_session_anon_signing1
);
6230 torture_suite_add_1smb2_test(suite
, "anon-signing2", test_session_anon_signing2
);
6232 suite
->description
= talloc_strdup(suite
, "SMB2-SESSION tests");
6237 static bool test_session_require_sign_bug15397(struct torture_context
*tctx
,
6238 struct smb2_tree
*_tree
)
6240 const char *host
= torture_setting_string(tctx
, "host", NULL
);
6241 const char *share
= torture_setting_string(tctx
, "share", NULL
);
6242 struct cli_credentials
*_creds
= samba_cmdline_get_creds();
6243 struct cli_credentials
*creds
= NULL
;
6244 struct smbcli_options options
;
6245 struct smb2_tree
*tree
= NULL
;
6246 uint8_t security_mode
;
6251 * Setup our own connection so we can control the signing flags
6254 creds
= cli_credentials_shallow_copy(tctx
, _creds
);
6255 torture_assert(tctx
, creds
!= NULL
, "cli_credentials_shallow_copy");
6257 options
= _tree
->session
->transport
->options
;
6258 options
.client_guid
= GUID_random();
6259 options
.signing
= SMB_SIGNING_IF_REQUIRED
;
6261 status
= smb2_connect(tctx
,
6263 lpcfg_smb_ports(tctx
->lp_ctx
),
6265 lpcfg_resolve_context(tctx
->lp_ctx
),
6270 lpcfg_socket_options(tctx
->lp_ctx
),
6271 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
));
6272 torture_assert_ntstatus_ok_goto(tctx
, status
, ok
, done
,
6273 "smb2_connect failed");
6275 security_mode
= smb2cli_session_security_mode(tree
->session
->smbXcli
);
6277 torture_assert_int_equal_goto(
6280 SMB2_NEGOTIATE_SIGNING_REQUIRED
| SMB2_NEGOTIATE_SIGNING_ENABLED
,
6283 "Signing not required");
6289 struct torture_suite
*torture_smb2_session_req_sign_init(TALLOC_CTX
*ctx
)
6291 struct torture_suite
*suite
=
6292 torture_suite_create(ctx
, "session-require-signing");
6294 torture_suite_add_1smb2_test(suite
, "bug15397",
6295 test_session_require_sign_bug15397
);
6297 suite
->description
= talloc_strdup(suite
, "SMB2-SESSION require signing tests");