search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:torture: rename smb2.session.reconnect to smb2.session.reconnect1
[Samba/gebeck_regimport.git] / source4 / torture / smb2 / session.c
blob296c7251d63586c242d509d2e5cd3f835dc7e026
1 /*
2 Unix SMB/CIFS implementation.
3
4 test suite for SMB2 session setups
5
6 Copyright (C) Michael Adam 2012
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "libcli/smb2/smb2.h"
24 #include "libcli/smb2/smb2_calls.h"
25 #include "torture/torture.h"
26 #include "torture/smb2/proto.h"
27 #include "../libcli/smb/smbXcli_base.h"
28 #include "lib/cmdline/popt_common.h"
29 #include "auth/credentials/credentials.h"
30 #include "libcli/security/security.h"
31
32
33 #define CHECK_VAL(v, correct) do { \
34 if ((v) != (correct)) { \
35 torture_result(tctx, TORTURE_FAIL, "(%s): wrong value for %s got 0x%x - should be 0x%x\n", \
36 __location__, #v, (int)v, (int)correct); \
37 ret = false; \
38 }} while (0)
39
40 #define CHECK_STATUS(status, correct) do { \
41 if (!NT_STATUS_EQUAL(status, correct)) { \
42 torture_result(tctx, TORTURE_FAIL, __location__": Incorrect status %s - should be %s", \
43 nt_errstr(status), nt_errstr(correct)); \
44 ret = false; \
45 goto done; \
46 }} while (0)
47
48 #define CHECK_CREATED(__io, __created, __attribute) \
49 do { \
50 CHECK_VAL((__io)->out.create_action, NTCREATEX_ACTION_ ## __created); \
51 CHECK_VAL((__io)->out.alloc_size, 0); \
52 CHECK_VAL((__io)->out.size, 0); \
53 CHECK_VAL((__io)->out.file_attr, (__attribute)); \
54 CHECK_VAL((__io)->out.reserved2, 0); \
55 } while(0)
56
57
58 /**
59 * basic test for doing a session reconnect
60 */
61 bool test_session_reconnect1(struct torture_context *tctx, struct smb2_tree *tree)
62 {
63 NTSTATUS status;
64 TALLOC_CTX *mem_ctx = talloc_new(tctx);
65 char fname[256];
66 struct smb2_handle _h1;
67 struct smb2_handle *h1 = NULL;
68 struct smb2_handle _h2;
69 struct smb2_handle *h2 = NULL;
70 struct smb2_create io1, io2;
71 uint64_t previous_session_id;
72 bool ret = true;
73 struct smb2_tree *tree2;
74 union smb_fileinfo qfinfo;
75
76 /* Add some random component to the file name. */
77 snprintf(fname, 256, "session_reconnect_%s.dat",
78 generate_random_str(tctx, 8));
79
80 smb2_util_unlink(tree, fname);
81
82 smb2_oplock_create_share(&io1, fname,
83 smb2_util_share_access(""),
84 smb2_util_oplock_level("b"));
85
86 status = smb2_create(tree, mem_ctx, &io1);
87 CHECK_STATUS(status, NT_STATUS_OK);
88 _h1 = io1.out.file.handle;
89 h1 = &_h1;
90 CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
91 CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
92
93 /* disconnect, reconnect and then do durable reopen */
94 previous_session_id = smb2cli_session_current_id(tree->session->smbXcli);
95
96 if (!torture_smb2_connection_ext(tctx, previous_session_id, &tree2)) {
97 torture_warning(tctx, "session reconnect failed\n");
98 ret = false;
99 goto done;
100 }
101
102 /* try to access the file via the old handle */
103
104 ZERO_STRUCT(qfinfo);
105 qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
106 qfinfo.generic.in.file.handle = _h1;
107 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
108 CHECK_STATUS(status, NT_STATUS_USER_SESSION_DELETED);
109 h1 = NULL;
110
111 smb2_oplock_create_share(&io2, fname,
112 smb2_util_share_access(""),
113 smb2_util_oplock_level("b"));
114
115 status = smb2_create(tree2, mem_ctx, &io2);
116 CHECK_STATUS(status, NT_STATUS_OK);
117 CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
118 CHECK_VAL(io2.out.oplock_level, smb2_util_oplock_level("b"));
119 _h2 = io2.out.file.handle;
120 h2 = &_h2;
121
122 done:
123 if (h1 != NULL) {
124 smb2_util_close(tree, *h1);
125 }
126 if (h2 != NULL) {
127 smb2_util_close(tree2, *h2);
128 }
129
130 smb2_util_unlink(tree2, fname);
131
132 talloc_free(tree);
133 talloc_free(tree2);
134
135 talloc_free(mem_ctx);
136
137 return ret;
138 }
139
140 bool test_session_reauth1(struct torture_context *tctx, struct smb2_tree *tree)
141 {
142 NTSTATUS status;
143 TALLOC_CTX *mem_ctx = talloc_new(tctx);
144 char fname[256];
145 struct smb2_handle _h1;
146 struct smb2_handle *h1 = NULL;
147 struct smb2_create io1;
148 bool ret = true;
149 union smb_fileinfo qfinfo;
150
151 /* Add some random component to the file name. */
152 snprintf(fname, 256, "session_reauth1_%s.dat",
153 generate_random_str(tctx, 8));
154
155 smb2_util_unlink(tree, fname);
156
157 smb2_oplock_create_share(&io1, fname,
158 smb2_util_share_access(""),
159 smb2_util_oplock_level("b"));
160
161 status = smb2_create(tree, mem_ctx, &io1);
162 CHECK_STATUS(status, NT_STATUS_OK);
163 _h1 = io1.out.file.handle;
164 h1 = &_h1;
165 CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
166 CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
167
168 status = smb2_session_setup_spnego(tree->session,
169 cmdline_credentials,
170 0 /* previous_session_id */);
171 CHECK_STATUS(status, NT_STATUS_OK);
172
173 /* try to access the file via the old handle */
174
175 ZERO_STRUCT(qfinfo);
176 qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
177 qfinfo.generic.in.file.handle = _h1;
178 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
179 CHECK_STATUS(status, NT_STATUS_OK);
180
181 status = smb2_session_setup_spnego(tree->session,
182 cmdline_credentials,
183 0 /* previous_session_id */);
184 CHECK_STATUS(status, NT_STATUS_OK);
185
186 /* try to access the file via the old handle */
187
188 ZERO_STRUCT(qfinfo);
189 qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
190 qfinfo.generic.in.file.handle = _h1;
191 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
192 CHECK_STATUS(status, NT_STATUS_OK);
193
194 done:
195 if (h1 != NULL) {
196 smb2_util_close(tree, *h1);
197 }
198
199 smb2_util_unlink(tree, fname);
200
201 talloc_free(tree);
202
203 talloc_free(mem_ctx);
204
205 return ret;
206 }
207
208 bool test_session_reauth2(struct torture_context *tctx, struct smb2_tree *tree)
209 {
210 NTSTATUS status;
211 TALLOC_CTX *mem_ctx = talloc_new(tctx);
212 char fname[256];
213 struct smb2_handle _h1;
214 struct smb2_handle *h1 = NULL;
215 struct smb2_create io1;
216 bool ret = true;
217 union smb_fileinfo qfinfo;
218 struct cli_credentials *anon_creds = NULL;
219
220 /* Add some random component to the file name. */
221 snprintf(fname, 256, "session_reauth2_%s.dat",
222 generate_random_str(tctx, 8));
223
224 smb2_util_unlink(tree, fname);
225
226 smb2_oplock_create_share(&io1, fname,
227 smb2_util_share_access(""),
228 smb2_util_oplock_level("b"));
229
230 status = smb2_create(tree, mem_ctx, &io1);
231 CHECK_STATUS(status, NT_STATUS_OK);
232 _h1 = io1.out.file.handle;
233 h1 = &_h1;
234 CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
235 CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
236
237 /* re-authenticate as anonymous */
238
239 anon_creds = cli_credentials_init_anon(mem_ctx);
240 torture_assert(tctx, (anon_creds != NULL), "talloc error");
241
242 status = smb2_session_setup_spnego(tree->session,
243 anon_creds,
244 0 /* previous_session_id */);
245 CHECK_STATUS(status, NT_STATUS_OK);
246
247 /* try to access the file via the old handle */
248
249 ZERO_STRUCT(qfinfo);
250 qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
251 qfinfo.generic.in.file.handle = _h1;
252 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
253 CHECK_STATUS(status, NT_STATUS_OK);
254
255 /* re-authenticate as original user again */
256
257 status = smb2_session_setup_spnego(tree->session,
258 cmdline_credentials,
259 0 /* previous_session_id */);
260 CHECK_STATUS(status, NT_STATUS_OK);
261
262 /* try to access the file via the old handle */
263
264 ZERO_STRUCT(qfinfo);
265 qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
266 qfinfo.generic.in.file.handle = _h1;
267 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
268 CHECK_STATUS(status, NT_STATUS_OK);
269
270 done:
271 if (h1 != NULL) {
272 smb2_util_close(tree, *h1);
273 }
274
275 smb2_util_unlink(tree, fname);
276
277 talloc_free(tree);
278
279 talloc_free(mem_ctx);
280
281 return ret;
282 }
283
284 /**
285 * test getting security descriptor after reauth
286 */
287 bool test_session_reauth3(struct torture_context *tctx, struct smb2_tree *tree)
288 {
289 NTSTATUS status;
290 TALLOC_CTX *mem_ctx = talloc_new(tctx);
291 char fname[256];
292 struct smb2_handle _h1;
293 struct smb2_handle *h1 = NULL;
294 struct smb2_create io1;
295 bool ret = true;
296 union smb_fileinfo qfinfo;
297 struct cli_credentials *anon_creds = NULL;
298 uint32_t secinfo_flags = SECINFO_OWNER
299 | SECINFO_GROUP
300 | SECINFO_DACL
301 | SECINFO_PROTECTED_DACL
302 | SECINFO_UNPROTECTED_DACL;
303
304 /* Add some random component to the file name. */
305 snprintf(fname, 256, "session_reauth3_%s.dat",
306 generate_random_str(tctx, 8));
307
308 smb2_util_unlink(tree, fname);
309
310 smb2_oplock_create_share(&io1, fname,
311 smb2_util_share_access(""),
312 smb2_util_oplock_level("b"));
313
314 status = smb2_create(tree, mem_ctx, &io1);
315 CHECK_STATUS(status, NT_STATUS_OK);
316 _h1 = io1.out.file.handle;
317 h1 = &_h1;
318 CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
319 CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
320
321 /* get the security descriptor */
322
323 ZERO_STRUCT(qfinfo);
324
325 qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
326 qfinfo.query_secdesc.in.file.handle = _h1;
327 qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
328
329 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
330 CHECK_STATUS(status, NT_STATUS_OK);
331 /* re-authenticate as anonymous */
332
333 anon_creds = cli_credentials_init_anon(mem_ctx);
334 torture_assert(tctx, (anon_creds != NULL), "talloc error");
335
336 status = smb2_session_setup_spnego(tree->session,
337 anon_creds,
338 0 /* previous_session_id */);
339 CHECK_STATUS(status, NT_STATUS_OK);
340
341 /* try to access the file via the old handle */
342
343 ZERO_STRUCT(qfinfo);
344
345 qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
346 qfinfo.query_secdesc.in.file.handle = _h1;
347 qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
348
349 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
350 CHECK_STATUS(status, NT_STATUS_OK);
351
352 /* re-authenticate as original user again */
353
354 status = smb2_session_setup_spnego(tree->session,
355 cmdline_credentials,
356 0 /* previous_session_id */);
357 CHECK_STATUS(status, NT_STATUS_OK);
358
359 /* try to access the file via the old handle */
360
361 ZERO_STRUCT(qfinfo);
362
363 qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
364 qfinfo.query_secdesc.in.file.handle = _h1;
365 qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
366
367 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
368 CHECK_STATUS(status, NT_STATUS_OK);
369
370 done:
371 if (h1 != NULL) {
372 smb2_util_close(tree, *h1);
373 }
374
375 smb2_util_unlink(tree, fname);
376
377 talloc_free(tree);
378
379 talloc_free(mem_ctx);
380
381 return ret;
382 }
383
384 /**
385 * test setting security descriptor after reauth.
386 */
387 bool test_session_reauth4(struct torture_context *tctx, struct smb2_tree *tree)
388 {
389 NTSTATUS status;
390 TALLOC_CTX *mem_ctx = talloc_new(tctx);
391 char fname[256];
392 struct smb2_handle _h1;
393 struct smb2_handle *h1 = NULL;
394 struct smb2_create io1;
395 bool ret = true;
396 union smb_fileinfo qfinfo;
397 union smb_setfileinfo sfinfo;
398 struct cli_credentials *anon_creds = NULL;
399 uint32_t secinfo_flags = SECINFO_OWNER
400 | SECINFO_GROUP
401 | SECINFO_DACL
402 | SECINFO_PROTECTED_DACL
403 | SECINFO_UNPROTECTED_DACL;
404 struct security_descriptor *sd1;
405 struct security_ace ace;
406 struct dom_sid *extra_sid;
407
408 /* Add some random component to the file name. */
409 snprintf(fname, 256, "session_reauth4_%s.dat",
410 generate_random_str(tctx, 8));
411
412 smb2_util_unlink(tree, fname);
413
414 smb2_oplock_create_share(&io1, fname,
415 smb2_util_share_access(""),
416 smb2_util_oplock_level("b"));
417
418 status = smb2_create(tree, mem_ctx, &io1);
419 CHECK_STATUS(status, NT_STATUS_OK);
420 _h1 = io1.out.file.handle;
421 h1 = &_h1;
422 CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
423 CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
424
425 /* get the security descriptor */
426
427 ZERO_STRUCT(qfinfo);
428
429 qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
430 qfinfo.query_secdesc.in.file.handle = _h1;
431 qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
432
433 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
434 CHECK_STATUS(status, NT_STATUS_OK);
435
436 sd1 = qfinfo.query_secdesc.out.sd;
437
438 /* re-authenticate as anonymous */
439
440 anon_creds = cli_credentials_init_anon(mem_ctx);
441 torture_assert(tctx, (anon_creds != NULL), "talloc error");
442
443 status = smb2_session_setup_spnego(tree->session,
444 anon_creds,
445 0 /* previous_session_id */);
446 CHECK_STATUS(status, NT_STATUS_OK);
447
448 /* give full access on the file to anonymous */
449
450 extra_sid = dom_sid_parse_talloc(tctx, SID_NT_ANONYMOUS);
451
452 ZERO_STRUCT(ace);
453 ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
454 ace.flags = 0;
455 ace.access_mask = SEC_STD_ALL | SEC_FILE_ALL;
456 ace.trustee = *extra_sid;
457
458 status = security_descriptor_dacl_add(sd1, &ace);
459 CHECK_STATUS(status, NT_STATUS_OK);
460
461 ZERO_STRUCT(sfinfo);
462 sfinfo.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
463 sfinfo.set_secdesc.in.file.handle = _h1;
464 sfinfo.set_secdesc.in.secinfo_flags = SECINFO_DACL;
465 sfinfo.set_secdesc.in.sd = sd1;
466
467 status = smb2_setinfo_file(tree, &sfinfo);
468 CHECK_STATUS(status, NT_STATUS_OK);
469
470 /* re-authenticate as original user again */
471
472 status = smb2_session_setup_spnego(tree->session,
473 cmdline_credentials,
474 0 /* previous_session_id */);
475 CHECK_STATUS(status, NT_STATUS_OK);
476
477 /* re-get the security descriptor */
478
479 ZERO_STRUCT(qfinfo);
480
481 qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
482 qfinfo.query_secdesc.in.file.handle = _h1;
483 qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
484
485 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
486 CHECK_STATUS(status, NT_STATUS_OK);
487
488 ret = true;
489
490 done:
491 if (h1 != NULL) {
492 smb2_util_close(tree, *h1);
493 }
494
495 smb2_util_unlink(tree, fname);
496
497 talloc_free(tree);
498
499 talloc_free(mem_ctx);
500
501 return ret;
502 }
503
504 /**
505 * test renaming after reauth.
506 * compare security descriptors before and after rename/reauth
507 */
508 bool test_session_reauth5(struct torture_context *tctx, struct smb2_tree *tree)
509 {
510 NTSTATUS status;
511 TALLOC_CTX *mem_ctx = talloc_new(tctx);
512 char fname[256];
513 char fname2[256];
514 struct smb2_handle _h1;
515 struct smb2_handle *h1 = NULL;
516 struct smb2_create io1;
517 bool ret = true;
518 union smb_fileinfo qfinfo;
519 union smb_setfileinfo sfinfo;
520 struct cli_credentials *anon_creds = NULL;
521 uint32_t secinfo_flags = SECINFO_OWNER
522 | SECINFO_GROUP
523 | SECINFO_DACL
524 | SECINFO_PROTECTED_DACL
525 | SECINFO_UNPROTECTED_DACL;
526 struct security_descriptor *sd1, *sd2;
527 struct security_ace ace;
528 struct dom_sid *extra_sid;
529
530 /* Add some random component to the file name. */
531 snprintf(fname, 256, "session_reauth5_%s.dat",
532 generate_random_str(tctx, 8));
533
534 smb2_util_unlink(tree, fname);
535
536 smb2_oplock_create_share(&io1, fname,
537 smb2_util_share_access(""),
538 smb2_util_oplock_level("b"));
539
540 status = smb2_create(tree, mem_ctx, &io1);
541 CHECK_STATUS(status, NT_STATUS_OK);
542 _h1 = io1.out.file.handle;
543 h1 = &_h1;
544 CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
545 CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
546
547 /* get the security descriptor */
548
549 ZERO_STRUCT(qfinfo);
550
551 qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
552 qfinfo.query_secdesc.in.file.handle = _h1;
553 qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
554
555 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
556 CHECK_STATUS(status, NT_STATUS_OK);
557
558 sd1 = qfinfo.query_secdesc.out.sd;
559
560 /* re-authenticate as anonymous */
561
562 anon_creds = cli_credentials_init_anon(mem_ctx);
563 torture_assert(tctx, (anon_creds != NULL), "talloc error");
564
565 status = smb2_session_setup_spnego(tree->session,
566 anon_creds,
567 0 /* previous_session_id */);
568 CHECK_STATUS(status, NT_STATUS_OK);
569
570 /* try to rename the file: fails */
571
572 snprintf(fname2, 256, "session_reauth5.2_%s.dat",
573 generate_random_str(tctx, 8));
574
575 smb2_util_unlink(tree, fname2);
576
577 ZERO_STRUCT(sfinfo);
578 sfinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
579 sfinfo.rename_information.in.file.handle = _h1;
580 sfinfo.rename_information.in.overwrite = true;
581 sfinfo.rename_information.in.new_name = fname2;
582
583 status = smb2_setinfo_file(tree, &sfinfo);
584 CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
585
586 /* re-authenticate as original user again */
587
588 status = smb2_session_setup_spnego(tree->session,
589 cmdline_credentials,
590 0 /* previous_session_id */);
591 CHECK_STATUS(status, NT_STATUS_OK);
592
593 /* give full access on the file to anonymous */
594
595 extra_sid = dom_sid_parse_talloc(tctx, SID_NT_ANONYMOUS);
596
597 ZERO_STRUCT(ace);
598 ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
599 ace.flags = 0;
600 ace.access_mask = SEC_STD_ALL | SEC_FILE_ALL;
601 ace.trustee = *extra_sid;
602
603 status = security_descriptor_dacl_add(sd1, &ace);
604 CHECK_STATUS(status, NT_STATUS_OK);
605
606 ZERO_STRUCT(sfinfo);
607 sfinfo.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
608 sfinfo.set_secdesc.in.file.handle = _h1;
609 sfinfo.set_secdesc.in.secinfo_flags = secinfo_flags;
610 sfinfo.set_secdesc.in.sd = sd1;
611
612 status = smb2_setinfo_file(tree, &sfinfo);
613 CHECK_STATUS(status, NT_STATUS_OK);
614
615 /* re-get the security descriptor */
616
617 ZERO_STRUCT(qfinfo);
618
619 qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
620 qfinfo.query_secdesc.in.file.handle = _h1;
621 qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
622
623 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
624 CHECK_STATUS(status, NT_STATUS_OK);
625
626 /* re-authenticate as anonymous - again */
627
628 anon_creds = cli_credentials_init_anon(mem_ctx);
629 torture_assert(tctx, (anon_creds != NULL), "talloc error");
630
631 status = smb2_session_setup_spnego(tree->session,
632 anon_creds,
633 0 /* previous_session_id */);
634 CHECK_STATUS(status, NT_STATUS_OK);
635
636 /* try to rename the file: fails */
637
638 snprintf(fname2, 256, "session_reauth3.2_%s.dat",
639 generate_random_str(tctx, 8));
640
641 smb2_util_unlink(tree, fname2);
642
643 ZERO_STRUCT(sfinfo);
644 sfinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
645 sfinfo.rename_information.in.file.handle = _h1;
646 sfinfo.rename_information.in.overwrite = true;
647 sfinfo.rename_information.in.new_name = fname2;
648
649 status = smb2_setinfo_file(tree, &sfinfo);
650 CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
651
652 /* re-authenticate as original user - again */
653
654 status = smb2_session_setup_spnego(tree->session,
655 cmdline_credentials,
656 0 /* previous_session_id */);
657 CHECK_STATUS(status, NT_STATUS_OK);
658
659 /* rename the file - for verification that it works */
660
661 ZERO_STRUCT(sfinfo);
662 sfinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
663 sfinfo.rename_information.in.file.handle = _h1;
664 sfinfo.rename_information.in.overwrite = true;
665 sfinfo.rename_information.in.new_name = fname2;
666
667 status = smb2_setinfo_file(tree, &sfinfo);
668 CHECK_STATUS(status, NT_STATUS_OK);
669
670 /* closs the file, check it is gone and reopen under the new name */
671
672 smb2_util_close(tree, _h1);
673
674 ZERO_STRUCT(io1);
675
676 smb2_generic_create_share(&io1,
677 NULL /* lease */, false /* dir */,
678 fname,
679 NTCREATEX_DISP_OPEN,
680 smb2_util_share_access(""),
681 smb2_util_oplock_level("b"),
682 0 /* leasekey */, 0 /* leasestate */);
683
684 status = smb2_create(tree, mem_ctx, &io1);
685 CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
686
687 ZERO_STRUCT(io1);
688
689 smb2_generic_create_share(&io1,
690 NULL /* lease */, false /* dir */,
691 fname2,
692 NTCREATEX_DISP_OPEN,
693 smb2_util_share_access(""),
694 smb2_util_oplock_level("b"),
695 0 /* leasekey */, 0 /* leasestate */);
696
697 status = smb2_create(tree, mem_ctx, &io1);
698 CHECK_STATUS(status, NT_STATUS_OK);
699 _h1 = io1.out.file.handle;
700 h1 = &_h1;
701 CHECK_CREATED(&io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
702 CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
703
704 /* try to access the file via the old handle */
705
706 ZERO_STRUCT(qfinfo);
707
708 qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
709 qfinfo.query_secdesc.in.file.handle = _h1;
710 qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
711
712 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
713 CHECK_STATUS(status, NT_STATUS_OK);
714
715 sd2 = qfinfo.query_secdesc.out.sd;
716
717 done:
718 if (h1 != NULL) {
719 smb2_util_close(tree, *h1);
720 }
721
722 smb2_util_unlink(tree, fname);
723
724 talloc_free(tree);
725
726 talloc_free(mem_ctx);
727
728 return ret;
729 }
730
731 struct torture_suite *torture_smb2_session_init(void)
732 {
733 struct torture_suite *suite =
734 torture_suite_create(talloc_autofree_context(), "session");
735
736 torture_suite_add_1smb2_test(suite, "reconnect1", test_session_reconnect1);
737 torture_suite_add_1smb2_test(suite, "reauth1", test_session_reauth1);
738 torture_suite_add_1smb2_test(suite, "reauth2", test_session_reauth2);
739 torture_suite_add_1smb2_test(suite, "reauth3", test_session_reauth3);
740 torture_suite_add_1smb2_test(suite, "reauth4", test_session_reauth4);
741 torture_suite_add_1smb2_test(suite, "reauth5", test_session_reauth5);
742
743 suite->description = talloc_strdup(suite, "SMB2-SESSION tests");
744
745 return suite;
746 }
reg import