The branch, master has been updated
via 918eb3e s4:torture: add smb2.session.expire1
via 50e1861 s4:torture: add smb2.session.reconnect2 test
via 908b737 s4:torture: rename smb2.session.reconnect to
smb2.session.reconnect1
via 184227d s4:torture: remove unused vars in smb2.session.reauth*
via 90c309b s4:auth/gensec_gssapi: add
"gensec_gssapi:requested_life_time" option
via bffa1c5 s3:gse: implement gensec_gse_expire_time()
via 6b38d02 s4:auth/gensec: implement gensec_gssapi_expire_time()
via 9ac855c auth/gensec: implement gensec_spnego_expire_time()
via dce6fdf auth/gensec: add gensec_expire_time()
via 677c4fd s4:auth/gensec_gssapi: add missing 'break' statements
via 943cb79 s4:auth/gensec_gssapi: remember the expire time
via 9ec866f s3:gse: remember the expire time
via ff700ac s3:smb2_sesssetup: make use of nt_status_squash() in
smbd_smb2_session_setup_recv()
from 632af66 Check the return from create_acl_blob
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 918eb3ecc53e0033f119640959803155b0a6af02
Author: Stefan Metzmacher <[email protected]>
Date: Thu May 17 18:32:49 2012 +0200
s4:torture: add smb2.session.expire1
metze
Autobuild-User: Stefan Metzmacher <[email protected]>
Autobuild-Date: Thu May 17 21:53:11 CEST 2012 on sn-devel-104
commit 50e1861381f4f04d8c0430d6e32ec53d59118be9
Author: Stefan Metzmacher <[email protected]>
Date: Mon Apr 30 16:40:14 2012 +0200
s4:torture: add smb2.session.reconnect2 test
This uses just one transport connection
and demonstrates the implicit logoff of the previous session.
metze
commit 908b737a299a9493036e1d661f3742fb197d415f
Author: Stefan Metzmacher <[email protected]>
Date: Mon Apr 30 14:46:54 2012 +0200
s4:torture: rename smb2.session.reconnect to smb2.session.reconnect1
metze
commit 184227d2699b876b38d6929fd5063fea5c8b3485
Author: Stefan Metzmacher <[email protected]>
Date: Thu May 17 18:32:16 2012 +0200
s4:torture: remove unused vars in smb2.session.reauth*
metze
commit 90c309b053c0328419a79361e0c2e32486cef428
Author: Stefan Metzmacher <[email protected]>
Date: Fri Apr 20 13:51:22 2012 +0200
s4:auth/gensec_gssapi: add "gensec_gssapi:requested_life_time" option
metze
commit bffa1c5547dbe8075004f61bd25e63b4d2e3c521
Author: Stefan Metzmacher <[email protected]>
Date: Sat Mar 3 04:34:19 2012 +0100
s3:gse: implement gensec_gse_expire_time()
metze
commit 6b38d0274a209c951fc0ef33e2913aaaa9d48299
Author: Stefan Metzmacher <[email protected]>
Date: Sat Mar 3 04:33:55 2012 +0100
s4:auth/gensec: implement gensec_gssapi_expire_time()
metze
commit 9ac855c8b8680aedc299497fc48004e1523cb49a
Author: Stefan Metzmacher <[email protected]>
Date: Sat Mar 3 04:33:15 2012 +0100
auth/gensec: implement gensec_spnego_expire_time()
metze
commit dce6fdf195f3485be4b4e6b1dcf44b57a4cf7782
Author: Stefan Metzmacher <[email protected]>
Date: Sat Mar 3 04:32:45 2012 +0100
auth/gensec: add gensec_expire_time()
metze
commit 677c4fd2c10435b5d5e06f226db4ee9c7a2ab988
Author: Stefan Metzmacher <[email protected]>
Date: Thu May 17 17:31:09 2012 +0200
s4:auth/gensec_gssapi: add missing 'break' statements
metze
commit 943cb79596e2823f166bc6a59d40008afa187b7a
Author: Stefan Metzmacher <[email protected]>
Date: Fri Mar 2 22:02:36 2012 +0100
s4:auth/gensec_gssapi: remember the expire time
metze
commit 9ec866fb6cdb672b2a7cb882510e7abd80679491
Author: Stefan Metzmacher <[email protected]>
Date: Thu Jan 26 17:32:12 2012 +0100
s3:gse: remember the expire time
metze
commit ff700acdd04b2a3e01d125a616571479410e9657
Author: Stefan Metzmacher <[email protected]>
Date: Wed May 16 15:32:08 2012 +0200
s3:smb2_sesssetup: make use of nt_status_squash() in
smbd_smb2_session_setup_recv()
metze
-----------------------------------------------------------------------
Summary of changes:
auth/gensec/gensec.c | 8 ++
auth/gensec/gensec.h | 4 +
auth/gensec/spnego.c | 12 ++
source3/librpc/crypto/gse.c | 29 +++++-
source3/smbd/smb2_sesssetup.c | 2 +-
source4/auth/gensec/gensec_gssapi.c | 32 ++++++-
source4/auth/gensec/gensec_gssapi.h | 1 +
source4/torture/smb2/session.c | 189 ++++++++++++++++++++++++++++++++++-
8 files changed, 266 insertions(+), 11 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c
index 1e61bf0..ea62861 100644
--- a/auth/gensec/gensec.c
+++ b/auth/gensec/gensec.c
@@ -395,6 +395,14 @@ _PUBLIC_ bool gensec_have_feature(struct gensec_security
*gensec_security,
return gensec_security->ops->have_feature(gensec_security, feature);
}
+_PUBLIC_ NTTIME gensec_expire_time(struct gensec_security *gensec_security)
+{
+ if (!gensec_security->ops->expire_time) {
+ return GENSEC_EXPIRE_TIME_INFINITY;
+ }
+
+ return gensec_security->ops->expire_time(gensec_security);
+}
/**
* Return the credentials structure associated with a GENSEC context
*
diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h
index 0b0689f..efbbabe 100644
--- a/auth/gensec/gensec.h
+++ b/auth/gensec/gensec.h
@@ -61,6 +61,8 @@ struct gensec_target {
#define GENSEC_FEATURE_NEW_SPNEGO 0x00000080
#define GENSEC_FEATURE_UNIX_TOKEN 0x00000100
+#define GENSEC_EXPIRE_TIME_INFINITY (NTTIME)0x8000000000000000LL
+
/* GENSEC mode */
enum gensec_role
{
@@ -153,6 +155,7 @@ struct gensec_security_ops {
uint32_t feature);
bool (*have_feature)(struct gensec_security *gensec_security,
uint32_t feature);
+ NTTIME (*expire_time)(struct gensec_security *gensec_security);
bool enabled;
bool kerberos;
enum gensec_priority priority;
@@ -245,6 +248,7 @@ void gensec_want_feature(struct gensec_security
*gensec_security,
uint32_t feature);
bool gensec_have_feature(struct gensec_security *gensec_security,
uint32_t feature);
+NTTIME gensec_expire_time(struct gensec_security *gensec_security);
NTSTATUS gensec_set_credentials(struct gensec_security *gensec_security,
struct cli_credentials *credentials);
NTSTATUS gensec_set_target_service(struct gensec_security *gensec_security,
const char *service);
const char *gensec_get_target_service(struct gensec_security *gensec_security);
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 15fd8da..6ce97d9 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -1355,6 +1355,17 @@ static bool gensec_spnego_have_feature(struct
gensec_security *gensec_security,
feature);
}
+static NTTIME gensec_spnego_expire_time(struct gensec_security
*gensec_security)
+{
+ struct spnego_state *spnego_state = (struct spnego_state
*)gensec_security->private_data;
+
+ if (!spnego_state->sub_sec_security) {
+ return GENSEC_EXPIRE_TIME_INFINITY;
+ }
+
+ return gensec_expire_time(spnego_state->sub_sec_security);
+}
+
static const char *gensec_spnego_oids[] = {
GENSEC_OID_SPNEGO,
NULL
@@ -1384,6 +1395,7 @@ static const struct gensec_security_ops
gensec_spnego_security_ops = {
.session_info = gensec_spnego_session_info,
.want_feature = gensec_spnego_want_feature,
.have_feature = gensec_spnego_have_feature,
+ .expire_time = gensec_spnego_expire_time,
.enabled = true,
.priority = GENSEC_SPNEGO
};
diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index a9c9c47..fba942b 100644
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -44,6 +44,8 @@ struct gse_context {
gss_cred_id_t delegated_cred_handle;
+ NTTIME expire_time;
+
/* gensec_gse only */
krb5_context k5ctx;
krb5_ccache ccache;
@@ -145,6 +147,8 @@ static NTSTATUS gse_context_init(TALLOC_CTX *mem_ctx,
}
talloc_set_destructor((TALLOC_CTX *)gse_ctx, gse_context_destructor);
+ gse_ctx->expire_time = GENSEC_EXPIRE_TIME_INFINITY;
+
memcpy(&gse_ctx->gss_mech, gss_mech_krb5, sizeof(gss_OID_desc));
gse_ctx->gss_want_flags = GSS_C_MUTUAL_FLAG |
@@ -290,6 +294,8 @@ static NTSTATUS gse_get_client_auth_token(TALLOC_CTX
*mem_ctx,
gss_buffer_desc out_data;
DATA_BLOB blob = data_blob_null;
NTSTATUS status;
+ OM_uint32 time_rec = 0;
+ struct timeval tv;
in_data.value = token_in->data;
in_data.length = token_in->length;
@@ -302,10 +308,13 @@ static NTSTATUS gse_get_client_auth_token(TALLOC_CTX
*mem_ctx,
gse_ctx->gss_want_flags,
0, GSS_C_NO_CHANNEL_BINDINGS,
&in_data, NULL, &out_data,
- &gse_ctx->gss_got_flags, NULL);
+ &gse_ctx->gss_got_flags, &time_rec);
switch (gss_maj) {
case GSS_S_COMPLETE:
/* we are done with it */
+ tv = timeval_current_ofs(time_rec, 0);
+ gse_ctx->expire_time = timeval_to_nttime(&tv);
+
status = NT_STATUS_OK;
break;
case GSS_S_CONTINUE_NEEDED:
@@ -439,6 +448,8 @@ static NTSTATUS gse_get_server_auth_token(TALLOC_CTX
*mem_ctx,
gss_buffer_desc out_data;
DATA_BLOB blob = data_blob_null;
NTSTATUS status;
+ OM_uint32 time_rec = 0;
+ struct timeval tv;
in_data.value = token_in->data;
in_data.length = token_in->length;
@@ -451,11 +462,15 @@ static NTSTATUS gse_get_server_auth_token(TALLOC_CTX
*mem_ctx,
&gse_ctx->client_name,
&gse_ctx->ret_mech,
&out_data,
- &gse_ctx->gss_got_flags, NULL,
+ &gse_ctx->gss_got_flags,
+ &time_rec,
&gse_ctx->delegated_cred_handle);
switch (gss_maj) {
case GSS_S_COMPLETE:
/* we are done with it */
+ tv = timeval_current_ofs(time_rec, 0);
+ gse_ctx->expire_time = timeval_to_nttime(&tv);
+
status = NT_STATUS_OK;
break;
case GSS_S_CONTINUE_NEEDED:
@@ -1023,6 +1038,15 @@ static bool gensec_gse_have_feature(struct
gensec_security *gensec_security,
return false;
}
+static NTTIME gensec_gse_expire_time(struct gensec_security *gensec_security)
+{
+ struct gse_context *gse_ctx =
+ talloc_get_type_abort(gensec_security->private_data,
+ struct gse_context);
+
+ return gse_ctx->expire_time;
+}
+
/*
* Extract the 'sesssion key' needed by SMB signing and ncacn_np
* (for encrypting some passwords).
@@ -1154,6 +1178,7 @@ const struct gensec_security_ops
gensec_gse_krb5_security_ops = {
.wrap = gensec_gse_wrap,
.unwrap = gensec_gse_unwrap,
.have_feature = gensec_gse_have_feature,
+ .expire_time = gensec_gse_expire_time,
.enabled = true,
.kerberos = true,
.priority = GENSEC_GSSAPI
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 2dafa06..939cfac 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -484,7 +484,7 @@ static NTSTATUS smbd_smb2_session_setup_recv(struct
tevent_req *req,
if (tevent_req_is_nterror(req, &status)) {
if (!NT_STATUS_EQUAL(status,
NT_STATUS_MORE_PROCESSING_REQUIRED)) {
tevent_req_received(req);
- return status;
+ return nt_status_squash(status);
}
} else {
status = NT_STATUS_OK;
diff --git a/source4/auth/gensec/gensec_gssapi.c
b/source4/auth/gensec/gensec_gssapi.c
index 3196473..dde481a 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -129,6 +129,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security
*gensec_security)
gensec_gssapi_state->client_name = GSS_C_NO_NAME;
gensec_gssapi_state->gss_want_flags = 0;
+ gensec_gssapi_state->expire_time = GENSEC_EXPIRE_TIME_INFINITY;
if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi",
"delegation_by_kdc_policy", true)) {
gensec_gssapi_state->gss_want_flags |= GSS_C_DELEG_POLICY_FLAG;
@@ -415,6 +416,14 @@ static NTSTATUS gensec_gssapi_update(struct
gensec_security *gensec_security,
OM_uint32 min_stat2;
gss_buffer_desc input_token, output_token;
gss_OID gss_oid_p = NULL;
+ OM_uint32 time_req = 0;
+ OM_uint32 time_rec = 0;
+ struct timeval tv;
+
+ time_req = gensec_setting_int(gensec_security->settings,
+ "gensec_gssapi", "requested_life_time",
+ time_req);
+
input_token.length = in.length;
input_token.value = in.data;
@@ -449,13 +458,13 @@ static NTSTATUS gensec_gssapi_update(struct
gensec_security *gensec_security,
gensec_gssapi_state->server_name,
gensec_gssapi_state->gss_oid,
gensec_gssapi_state->gss_want_flags,
- 0,
+ time_req,
gensec_gssapi_state->input_chan_bindings,
&input_token,
&gss_oid_p,
&output_token,
&gensec_gssapi_state->gss_got_flags, /* ret flags */
- NULL);
+ &time_rec);
if (gss_oid_p) {
gensec_gssapi_state->gss_oid = gss_oid_p;
}
@@ -484,7 +493,7 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security
*gensec_security,
&gss_oid_p,
&output_token,
&gensec_gssapi_state->gss_got_flags,
- NULL,
+ &time_rec,
&gensec_gssapi_state->delegated_cred_handle);
if (gss_oid_p) {
gensec_gssapi_state->gss_oid = gss_oid_p;
@@ -508,6 +517,9 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security
*gensec_security,
DEBUG(5, ("gensec_gssapi: NO credentials were
delegated\n"));
}
+ tv = timeval_current_ofs(time_rec, 0);
+ gensec_gssapi_state->expire_time =
timeval_to_nttime(&tv);
+
/* We may have been invoked as SASL, so there
* is more work to do */
if (gensec_gssapi_state->sasl) {
@@ -547,9 +559,11 @@ static NTSTATUS gensec_gssapi_update(struct
gensec_security *gensec_security,
case GENSEC_CLIENT:
creds = gensec_gssapi_state->client_cred->creds;
role = "client";
+ break;
case GENSEC_SERVER:
creds = gensec_gssapi_state->server_cred->creds;
role = "server";
+ break;
}
maj_stat = gss_inquire_cred(&min_stat,
@@ -1254,6 +1268,15 @@ static bool gensec_gssapi_have_feature(struct
gensec_security *gensec_security,
return false;
}
+static NTTIME gensec_gssapi_expire_time(struct gensec_security
*gensec_security)
+{
+ struct gensec_gssapi_state *gensec_gssapi_state =
+ talloc_get_type_abort(gensec_security->private_data,
+ struct gensec_gssapi_state);
+
+ return gensec_gssapi_state->expire_time;
+}
+
/*
* Extract the 'sesssion key' needed by SMB signing and ncacn_np
* (for encrypting some passwords).
@@ -1464,6 +1487,7 @@ static const struct gensec_security_ops
gensec_gssapi_spnego_security_ops = {
.wrap = gensec_gssapi_wrap,
.unwrap = gensec_gssapi_unwrap,
.have_feature = gensec_gssapi_have_feature,
+ .expire_time = gensec_gssapi_expire_time,
.enabled = false,
.kerberos = true,
.priority = GENSEC_GSSAPI
@@ -1488,6 +1512,7 @@ static const struct gensec_security_ops
gensec_gssapi_krb5_security_ops = {
.wrap = gensec_gssapi_wrap,
.unwrap = gensec_gssapi_unwrap,
.have_feature = gensec_gssapi_have_feature,
+ .expire_time = gensec_gssapi_expire_time,
.enabled = true,
.kerberos = true,
.priority = GENSEC_GSSAPI
@@ -1507,6 +1532,7 @@ static const struct gensec_security_ops
gensec_gssapi_sasl_krb5_security_ops = {
.wrap = gensec_gssapi_wrap,
.unwrap = gensec_gssapi_unwrap,
.have_feature = gensec_gssapi_have_feature,
+ .expire_time = gensec_gssapi_expire_time,
.enabled = true,
.kerberos = true,
.priority = GENSEC_GSSAPI
diff --git a/source4/auth/gensec/gensec_gssapi.h
b/source4/auth/gensec/gensec_gssapi.h
index 569d787..b7429b5 100644
--- a/source4/auth/gensec/gensec_gssapi.h
+++ b/source4/auth/gensec/gensec_gssapi.h
@@ -43,6 +43,7 @@ struct gensec_gssapi_state {
gss_cred_id_t delegated_cred_handle;
+ NTTIME expire_time;
/* gensec_gssapi only */
gss_krb5_lucid_context_v1_t *lucid;
diff --git a/source4/torture/smb2/session.c b/source4/torture/smb2/session.c
index 1f27222..6051145 100644
--- a/source4/torture/smb2/session.c
+++ b/source4/torture/smb2/session.c
@@ -28,7 +28,8 @@
#include "lib/cmdline/popt_common.h"
#include "auth/credentials/credentials.h"
#include "libcli/security/security.h"
-
+#include "libcli/resolve/resolve.h"
+#include "lib/param/param.h"
#define CHECK_VAL(v, correct) do { \
if ((v) != (correct)) { \
@@ -58,7 +59,7 @@
/**
* basic test for doing a session reconnect
*/
-bool test_session_reconnect(struct torture_context *tctx, struct smb2_tree
*tree)
+bool test_session_reconnect1(struct torture_context *tctx, struct smb2_tree
*tree)
{
NTSTATUS status;
TALLOC_CTX *mem_ctx = talloc_new(tctx);
@@ -137,6 +138,69 @@ done:
return ret;
}
+/**
+ * basic test for doing a session reconnect on one connection
+ */
+bool test_session_reconnect2(struct torture_context *tctx, struct smb2_tree
*tree)
+{
+ NTSTATUS status;
+ TALLOC_CTX *mem_ctx = talloc_new(tctx);
+ char fname[256];
+ struct smb2_handle _h1;
+ struct smb2_handle *h1 = NULL;
+ struct smb2_create io1;
+ uint64_t previous_session_id;
+ bool ret = true;
+ struct smb2_session *session2;
+ union smb_fileinfo qfinfo;
+
+ /* Add some random component to the file name. */
+ snprintf(fname, 256, "session_reconnect_%s.dat",
+ generate_random_str(tctx, 8));
+
+ smb2_util_unlink(tree, fname);
+
+ smb2_oplock_create_share(&io1, fname,
+ smb2_util_share_access(""),
+ smb2_util_oplock_level("b"));
+ io1.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+
+ status = smb2_create(tree, mem_ctx, &io1);
+ CHECK_STATUS(status, NT_STATUS_OK);
+ _h1 = io1.out.file.handle;
+ h1 = &_h1;
+ CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+ CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
+
+ /* disconnect, reconnect and then do durable reopen */
+ previous_session_id =
smb2cli_session_current_id(tree->session->smbXcli);
+
+ torture_assert(tctx, torture_smb2_session_setup(tctx,
tree->session->transport,
+ previous_session_id, tctx, &session2),
+ "session reconnect (on the same connection)
failed");
+
+ /* try to access the file via the old handle */
+
+ ZERO_STRUCT(qfinfo);
+ qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
+ qfinfo.generic.in.file.handle = _h1;
+ status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+ CHECK_STATUS(status, NT_STATUS_USER_SESSION_DELETED);
+ h1 = NULL;
+
+done:
+ if (h1 != NULL) {
+ smb2_util_close(tree, *h1);
+ }
+
+ talloc_free(tree);
+ talloc_free(session2);
+
+ talloc_free(mem_ctx);
+
+ return ret;
+}
+
bool test_session_reauth1(struct torture_context *tctx, struct smb2_tree *tree)
{
NTSTATUS status;
@@ -401,7 +465,7 @@ bool test_session_reauth4(struct torture_context *tctx,
struct smb2_tree *tree)
| SECINFO_DACL
| SECINFO_PROTECTED_DACL
| SECINFO_UNPROTECTED_DACL;
- struct security_descriptor *sd1, *sd2, sd3;
+ struct security_descriptor *sd1;
struct security_ace ace;
struct dom_sid *extra_sid;
@@ -523,7 +587,7 @@ bool test_session_reauth5(struct torture_context *tctx,
struct smb2_tree *tree)
| SECINFO_DACL
| SECINFO_PROTECTED_DACL
| SECINFO_UNPROTECTED_DACL;
- struct security_descriptor *sd1, *sd2, sd3;
+ struct security_descriptor *sd1, *sd2;
struct security_ace ace;
struct dom_sid *extra_sid;
@@ -728,17 +792,132 @@ done:
return ret;
}
+static bool test_session_expire1(struct torture_context *tctx)
+{
+ NTSTATUS status;
+ bool ret = false;
+ struct smbcli_options options;
+ const char *host = torture_setting_string(tctx, "host", NULL);
+ const char *share = torture_setting_string(tctx, "share", NULL);
+ struct cli_credentials *credentials = cmdline_credentials;
+ struct smb2_tree *tree;
+ enum credentials_use_kerberos use_kerberos;
+ char fname[256];
+ struct smb2_handle _h1;
+ struct smb2_handle *h1 = NULL;
+ struct smb2_create io1;
+ union smb_fileinfo qfinfo;
+ size_t i;
+
+ use_kerberos = cli_credentials_get_kerberos_state(credentials);
+ if (use_kerberos != CRED_MUST_USE_KERBEROS) {
+ torture_warning(tctx, "smb2.session.expire1 requires -k yes!");
+ torture_skip(tctx, "smb2.session.expire1 requires -k yes!");
+ }
+
+ torture_assert_int_equal(tctx, use_kerberos, CRED_MUST_USE_KERBEROS,
+ "please use -k yes");
+
+ lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=4");
+
+ lpcfg_smbcli_options(tctx->lp_ctx, &options);
+
+ status = smb2_connect(tctx,
+ host,
+ lpcfg_smb_ports(tctx->lp_ctx),
+ share,
+ lpcfg_resolve_context(tctx->lp_ctx),
+ credentials,
+ &tree,
+ tctx->ev,
+ &options,
+ lpcfg_socket_options(tctx->lp_ctx),
+ lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+ );
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_connect failed");
+
+ /* Add some random component to the file name. */
+ snprintf(fname, 256, "session_expire1_%s.dat",
+ generate_random_str(tctx, 8));
+
+ smb2_util_unlink(tree, fname);
+
+ smb2_oplock_create_share(&io1, fname,
+ smb2_util_share_access(""),
+ smb2_util_oplock_level("b"));
+ io1.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
+
+ status = smb2_create(tree, tctx, &io1);
+ CHECK_STATUS(status, NT_STATUS_OK);
+ _h1 = io1.out.file.handle;
+ h1 = &_h1;
+ CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+ CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
+
+ /* get the security descriptor */
+
+ ZERO_STRUCT(qfinfo);
+
+ qfinfo.access_information.level = RAW_FILEINFO_ACCESS_INFORMATION;
+ qfinfo.access_information.in.file.handle = _h1;
+
+ for (i=0; i < 2; i++) {
+ torture_comment(tctx, "query info => OK\n");
--
Samba Shared Repository
