2 Unix SMB/CIFS implementation.
4 Copyright (C) Volker Lendecke 2011
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "locking/proto.h"
22 #include "torture/proto.h"
23 #include "system/filesys.h"
24 #include "system/select.h"
25 #include "libsmb/libsmb.h"
26 #include "libcli/smb/smbXcli_base.h"
27 #include "libcli/security/security.h"
28 #include "librpc/gen_ndr/open_files.h"
30 bool run_cleanup1(int dummy
)
32 struct cli_state
*cli
;
33 const char *fname
= "\\cleanup1";
37 printf("CLEANUP1: Checking that a conflicting share mode is cleaned "
40 if (!torture_open_connection(&cli
, 0)) {
43 status
= cli_openx(cli
, fname
, O_RDWR
|O_CREAT
, DENY_ALL
, &fnum
);
44 if (!NT_STATUS_IS_OK(status
)) {
45 printf("open of %s failed (%s)\n", fname
, nt_errstr(status
));
48 status
= smbXcli_conn_samba_suicide(cli
->conn
, 1);
49 if (!NT_STATUS_IS_OK(status
)) {
50 printf("smbXcli_conn_samba_suicide failed: %s\n",
55 if (!torture_open_connection(&cli
, 1)) {
58 status
= cli_ntcreate(
60 FILE_GENERIC_READ
|FILE_GENERIC_WRITE
|DELETE_ACCESS
,
61 FILE_ATTRIBUTE_NORMAL
,
62 FILE_SHARE_READ
|FILE_SHARE_WRITE
|FILE_SHARE_DELETE
,
63 FILE_OPEN
, FILE_DELETE_ON_CLOSE
, 0, &fnum
, NULL
);
64 if (!NT_STATUS_IS_OK(status
)) {
65 printf("2nd open of %s failed (%s)\n", fname
,
71 torture_close_connection(cli
);
72 return NT_STATUS_IS_OK(status
);
75 bool run_cleanup2(int dummy
)
77 struct cli_state
*cli1
, *cli2
;
78 const char *fname
= "\\cleanup2";
79 uint16_t fnum1
, fnum2
;
83 printf("CLEANUP2: Checking that a conflicting brlock is cleaned up\n");
85 if (!torture_open_connection(&cli1
, 0)) {
88 status
= cli_ntcreate(
89 cli1
, fname
, 0, FILE_GENERIC_READ
|FILE_GENERIC_WRITE
,
90 FILE_ATTRIBUTE_NORMAL
,
91 FILE_SHARE_READ
|FILE_SHARE_WRITE
|FILE_SHARE_DELETE
,
92 FILE_OVERWRITE_IF
, 0, 0, &fnum1
, NULL
);
93 if (!NT_STATUS_IS_OK(status
)) {
94 printf("open of %s failed (%s)\n", fname
, nt_errstr(status
));
97 status
= cli_lock32(cli1
, fnum1
, 0, 1, 0, WRITE_LOCK
);
98 if (!NT_STATUS_IS_OK(status
)) {
99 printf("lock failed (%s)\n", nt_errstr(status
));
104 * Check the file is indeed locked
106 if (!torture_open_connection(&cli2
, 0)) {
109 status
= cli_ntcreate(
110 cli2
, fname
, 0, FILE_GENERIC_READ
|FILE_GENERIC_WRITE
,
111 FILE_ATTRIBUTE_NORMAL
,
112 FILE_SHARE_READ
|FILE_SHARE_WRITE
|FILE_SHARE_DELETE
,
113 FILE_OPEN
, 0, 0, &fnum2
, NULL
);
114 if (!NT_STATUS_IS_OK(status
)) {
115 printf("open of %s failed (%s)\n", fname
, nt_errstr(status
));
119 status
= cli_smbwrite(cli2
, fnum2
, &buf
, 0, 1, NULL
);
120 if (!NT_STATUS_EQUAL(status
, NT_STATUS_FILE_LOCK_CONFLICT
)) {
121 printf("write succeeded\n");
126 * Kill the lock holder
128 status
= smbXcli_conn_samba_suicide(cli1
->conn
, 1);
129 if (!NT_STATUS_IS_OK(status
)) {
130 printf("smbXcli_conn_samba_suicide failed: %s\n",
136 * Right now we don't clean up immediately. Re-open the 2nd connection.
140 if (!torture_open_connection(&cli2
, 0)) {
143 status
= cli_ntcreate(
144 cli2
, fname
, 0, FILE_GENERIC_READ
|FILE_GENERIC_WRITE
,
145 FILE_ATTRIBUTE_NORMAL
,
146 FILE_SHARE_READ
|FILE_SHARE_WRITE
|FILE_SHARE_DELETE
,
147 FILE_OPEN
, 0, 0, &fnum2
, NULL
);
148 if (!NT_STATUS_IS_OK(status
)) {
149 printf("open of %s failed (%s)\n", fname
, nt_errstr(status
));
153 status
= cli_smbwrite(cli2
, fnum2
, &buf
, 0, 1, NULL
);
154 if (!NT_STATUS_IS_OK(status
)) {
155 printf("write failed: %s\n", nt_errstr(status
));
161 static bool create_stale_share_mode_entry(const char *fname
,
162 struct file_id
*p_id
)
164 struct cli_state
*cli
;
167 SMB_STRUCT_STAT sbuf
;
170 if (!torture_open_connection(&cli
, 0)) {
174 status
= torture_setup_unix_extensions(cli
);
175 if (!NT_STATUS_IS_OK(status
)) {
176 printf("torture_setup_unix_extensions failed: %s\n",
180 status
= cli_openx(cli
, fname
, O_RDWR
|O_CREAT
, DENY_ALL
, &fnum
);
181 if (!NT_STATUS_IS_OK(status
)) {
182 printf("open of %s failed (%s)\n", fname
, nt_errstr(status
));
185 status
= cli_posix_stat(cli
, fname
, &sbuf
);
186 if (!NT_STATUS_IS_OK(status
)) {
187 printf("cli_posix_stat failed: %s\n", nt_errstr(status
));
190 status
= smbXcli_conn_samba_suicide(cli
->conn
, 1);
191 if (!NT_STATUS_IS_OK(status
)) {
192 printf("smbXcli_conn_samba_suicide failed: %s\n",
197 id
.devid
= sbuf
.st_ex_rdev
;
198 id
.inode
= sbuf
.st_ex_ino
;
207 static bool corrupt_dummy(struct share_mode_data
*d
)
212 static bool invalidate_sharemode(struct share_mode_data
*d
)
214 d
->share_modes
[0].op_type
=
215 OPLOCK_EXCLUSIVE
|OPLOCK_BATCH
|OPLOCK_LEVEL_II
;
220 static bool duplicate_entry(struct share_mode_data
*d
, int i
)
222 struct share_mode_entry
*tmp
;
224 if (i
>= d
->num_share_modes
) {
228 tmp
= talloc_realloc(d
, d
->share_modes
, struct share_mode_entry
,
229 d
->num_share_modes
+ 1);
233 d
->share_modes
= tmp
;
234 d
->num_share_modes
+= 1;
235 d
->share_modes
[d
->num_share_modes
-1] = d
->share_modes
[i
];
240 static bool create_duplicate_batch(struct share_mode_data
*d
)
242 if (d
->num_share_modes
!= 1) {
245 d
->share_modes
[0].op_type
= OPLOCK_BATCH
;
246 if (!duplicate_entry(d
, 0)) {
252 struct corruption_fns
{
253 bool (*fn
)(struct share_mode_data
*d
);
257 bool run_cleanup3(int dummy
)
259 struct cli_state
*cli
;
260 const char *fname
= "cleanup3";
263 struct share_mode_lock
*lck
;
267 struct corruption_fns fns
[] = {
268 { corrupt_dummy
, "no corruption" },
269 { invalidate_sharemode
, "invalidate_sharemode" },
270 { create_duplicate_batch
, "create_duplicate_batch" },
273 printf("CLEANUP3: Checking that a share mode is cleaned up on "
276 for (i
=0; i
<ARRAY_SIZE(fns
); i
++) {
278 printf("testing %s\n", fns
[i
].descr
);
280 if (!create_stale_share_mode_entry(fname
, &id
)) {
281 printf("create_stale_entry failed\n");
285 printf("%d %d %d\n", (int)id
.devid
, (int)id
.inode
,
288 if (!locking_init()) {
289 printf("locking_init failed\n");
292 lck
= get_existing_share_mode_lock(talloc_tos(), id
);
294 printf("get_existing_share_mode_lock failed\n");
297 if (lck
->data
->num_share_modes
!= 1) {
298 printf("get_existing_share_mode_lock did clean up\n");
302 fns
[i
].fn(lck
->data
);
306 if (!torture_open_connection(&cli
, 0)) {
309 status
= cli_openx(cli
, fname
, O_RDWR
|O_CREAT
, DENY_ALL
,
311 if (!NT_STATUS_IS_OK(status
)) {
312 printf("open of %s failed (%s)\n", fname
,
316 lck
= get_existing_share_mode_lock(talloc_tos(), id
);
318 printf("get_existing_share_mode_lock failed\n");
321 if (lck
->data
->num_share_modes
!= 1) {
322 printf("conflicting open did not clean up\n");
327 torture_close_connection(cli
);
333 bool run_cleanup4(int dummy
)
335 struct cli_state
*cli1
, *cli2
;
336 const char *fname
= "\\cleanup4";
337 uint16_t fnum1
, fnum2
;
340 printf("CLEANUP4: Checking that a conflicting share mode is cleaned "
343 if (!torture_open_connection(&cli1
, 0)) {
346 if (!torture_open_connection(&cli2
, 0)) {
350 status
= cli_ntcreate(
352 FILE_GENERIC_READ
|DELETE_ACCESS
,
353 FILE_ATTRIBUTE_NORMAL
,
354 FILE_SHARE_READ
|FILE_SHARE_DELETE
,
355 FILE_OVERWRITE_IF
, 0, 0, &fnum1
, NULL
);
356 if (!NT_STATUS_IS_OK(status
)) {
357 printf("creating file failed: %s\n",
362 status
= cli_ntcreate(
364 FILE_GENERIC_READ
|DELETE_ACCESS
,
365 FILE_ATTRIBUTE_NORMAL
,
366 FILE_SHARE_READ
|FILE_SHARE_DELETE
,
367 FILE_OPEN
, 0, 0, &fnum2
, NULL
);
368 if (!NT_STATUS_IS_OK(status
)) {
369 printf("opening file 1st time failed: %s\n",
374 status
= smbXcli_conn_samba_suicide(cli1
->conn
, 1);
375 if (!NT_STATUS_IS_OK(status
)) {
376 printf("smbXcli_conn_samba_suicide failed: %s\n",
382 * The next open will conflict with both opens above. The first open
383 * above will be correctly cleaned up. A bug in smbd iterating over
384 * the share mode array made it skip the share conflict check for the
385 * second open. Trigger this bug.
388 status
= cli_ntcreate(
390 FILE_GENERIC_WRITE
|DELETE_ACCESS
,
391 FILE_ATTRIBUTE_NORMAL
,
392 FILE_SHARE_READ
|FILE_SHARE_WRITE
|FILE_SHARE_DELETE
,
393 FILE_OPEN
, 0, 0, &fnum2
, NULL
);
394 if (!NT_STATUS_EQUAL(status
, NT_STATUS_SHARING_VIOLATION
)) {
395 printf("opening file 2nd time returned: %s\n",