The branch, v4-15-test has been updated
via c933b88dbe1 samba-bgqd: Fix samba-bgqd with
"clustering=yes"/"include=registry"
via c33b18ec92e lib:cmdline: Use lp_load_global() for servers
via 2a21ecf1f91 s3:smbd: really support AES-256* in the server
via 13839721f06 s4:torture/smb2: add tests to check all signing and
encryption algorithms
via e606987911e gnutls: allow gnutls_aead_cipher_encryptv2 with gcm
before 3.6.15
via 047cbaad5d9 gitlab: Use shorter names for Samba AD DC env with MIT
KRB5
via f2b2ecec7fc s3:winbindd: Add a check for the path length of
'winbindd socket directory'
from 68bd2229bd4 WHATSNEW: mention the offline domain join feature
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test
- Log -----------------------------------------------------------------
commit c933b88dbe13caf1b8f44751683393504e8516c4
Author: Volker Lendecke <v...@samba.org>
Date: Fri Jul 30 11:43:08 2021 +0200
samba-bgqd: Fix samba-bgqd with "clustering=yes"/"include=registry"
With the above combination, some flavor of lp_load() already
initializes global_event_ctx, for which the closeall_except() later on
will happily close the epoll fd for. If we want to close all file
descriptors at startup, this must be the very first thing overall.
Can't really write a proper test for this with knownfail that is
removed with the fix, because if we have clustering+include=registry,
the whole clusteredmember environment does not even start up.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14768
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
Autobuild-User(master): Stefan Metzmacher <me...@samba.org>
Autobuild-Date(master): Sat Jul 31 16:58:41 UTC 2021 on sn-devel-184
(cherry picked from commit 7818513053aabda046645583fa5bb79a03e2b5ac)
Autobuild-User(v4-15-test): Jule Anger <jan...@samba.org>
Autobuild-Date(v4-15-test): Fri Aug 6 15:39:29 UTC 2021 on sn-devel-184
commit c33b18ec92ecf10bae8b19d57a832b62adbb2732
Author: Andreas Schneider <a...@samba.org>
Date: Wed Jul 21 16:06:15 2021 +0200
lib:cmdline: Use lp_load_global() for servers
As for client we need to enable support for 'config backend = registry'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14768
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
(cherry picked from commit 7b796b5bb735295bde252cd52283591b720d8d6e)
commit 2a21ecf1f9192a3d0fdc84367728e5bf2b3399ee
Author: Stefan Metzmacher <me...@samba.org>
Date: Thu Jul 15 13:20:22 2021 +0200
s3:smbd: really support AES-256* in the server
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14764
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Tue Jul 20 16:13:28 UTC 2021 on sn-devel-184
(cherry picked from commit 0ac71061044e2ee47f4de3a319ad2386128066fc)
commit 13839721f067874be6b496335fe627877596da8a
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Jul 19 18:38:06 2021 +0200
s4:torture/smb2: add tests to check all signing and encryption algorithms
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14764
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(cherry picked from commit 407b458242cd11bdb3ab219dc58b3ffb070b0e7c)
commit e606987911e556c3275528493473eed70cd023e2
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Mar 9 10:40:04 2021 +0100
gnutls: allow gnutls_aead_cipher_encryptv2 with gcm before 3.6.15
The memory leak bug up to 3.6.14 was only related to ccm, but gcm was
fine.
This avoids talloc+memcpy on more systems, e.g. ubuntu 20.04,
and brings ~ 20% less cpu overhead, see:
https://hackmd.io/@asn/samba_crypto_benchmarks
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14764
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
(cherry picked from commit 5512416a8fbe00a7a5343afe0d50846e0a8f342b)
commit 047cbaad5d9fa4bc6d901fece9a284de4f991fb3
Author: Andreas Schneider <a...@samba.org>
Date: Tue Aug 3 13:20:40 2021 +0200
gitlab: Use shorter names for Samba AD DC env with MIT KRB5
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14779
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Autobuild-User(master): Andrew Bartlett <abart...@samba.org>
Autobuild-Date(master): Tue Aug 3 20:35:49 UTC 2021 on sn-devel-184
(cherry picked from commit 000f389d09ec9e9906d5e2a0aa317c471c5f5b96)
commit f2b2ecec7fc848ce474771ea5a7dcfad08ff392e
Author: Andreas Schneider <a...@samba.org>
Date: Tue Aug 3 11:04:37 2021 +0200
s3:winbindd: Add a check for the path length of 'winbindd socket directory'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14779
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
(cherry picked from commit aab5cc95e224fef0efafeb1c37a4eb414aee65a0)
-----------------------------------------------------------------------
Summary of changes:
.gitlab-ci-main.yml | 12 +-
lib/cmdline/cmdline.h | 9 +
lib/cmdline/cmdline_s3.c | 2 +-
libcli/smb/smb2_signing.c | 54 +++--
script/autobuild.py | 6 +-
selftest/target/Samba3.pm | 1 +
source3/printing/samba-bgqd.c | 58 +++++-
source3/smbd/smb2_sesssetup.c | 6 +
source3/winbindd/winbindd.c | 25 +++
source4/torture/smb2/session.c | 436 ++++++++++++++++++++++++++++++++++++++++
wscript_configure_system_gnutls | 10 +-
11 files changed, 582 insertions(+), 37 deletions(-)
Changeset truncated at 500 lines:
diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml
index 1aee591b068..0979c007dc6 100644
--- a/.gitlab-ci-main.yml
+++ b/.gitlab-ci-main.yml
@@ -331,10 +331,10 @@ samba-ad-dc-ntvfs:
samba-admem-mit:
extends: .needs_samba-mit-build
-samba-ad-dc-4a-mitkrb5:
+samba-addc-mit-4a:
extends: .needs_samba-mit-build
-samba-ad-dc-4b-mitkrb5:
+samba-addc-mit-4b:
extends: .needs_samba-mit-build
# This task is run first to ensure we compile before we start the
@@ -389,7 +389,7 @@ samba-ad-dc-1:
samba-nt4:
extends: .needs_samba-nt4-build-private
-samba-ad-dc-1-mitkrb5:
+samba-addc-mit-1:
extends: .needs_samba-mit-build-private
samba-no-opath1:
@@ -421,15 +421,15 @@ pages:
- samba-ctdb
- samba-ad-dc-ntvfs
- samba-admem-mit
- - samba-ad-dc-4a-mitkrb5
- - samba-ad-dc-4b-mitkrb5
+ - samba-addc-mit-4a
+ - samba-addc-mit-4b
- samba-ad-back1
- samba-ad-back2
- samba-fileserver
- samba-ad-dc-1
- samba-nt4
- samba-schemaupgrade
- - samba-ad-dc-1-mitkrb5
+ - samba-addc-mit-1
- samba-fips
- samba-no-opath1
- samba-no-opath2
diff --git a/lib/cmdline/cmdline.h b/lib/cmdline/cmdline.h
index 8c816c5bce3..3c0c9e8c18d 100644
--- a/lib/cmdline/cmdline.h
+++ b/lib/cmdline/cmdline.h
@@ -59,6 +59,15 @@ enum smb_cmdline_popt_options {
* The function will also setup fault handler, set logging to STDERR by
* default, setup talloc logging and the panic handler.
*
+ * The function also setups a callback for loading the smb.conf file, the
+ * config file will be parsed after the commandline options have been parsed
+ * by popt. This is done by one of the following options parser:
+ *
+ * POPT_COMMON_DEBUG_ONLY
+ * POPT_COMMON_OPTION_ONLY
+ * POPT_COMMON_CONFIG_ONLY
+ * POPT_COMMON_SAMBA
+ *
* @param[in] mem_ctx The talloc memory context to use for allocating memory.
* This should be a long living context till the client
* exits.
diff --git a/lib/cmdline/cmdline_s3.c b/lib/cmdline/cmdline_s3.c
index 31250b1996e..70fd768a648 100644
--- a/lib/cmdline/cmdline_s3.c
+++ b/lib/cmdline/cmdline_s3.c
@@ -56,7 +56,7 @@ static bool _samba_cmdline_load_config_s3(void)
ok = lp_load_client(config_file);
break;
case SAMBA_CMDLINE_CONFIG_SERVER:
- ok = lp_load_initial_only(config_file);
+ ok = lp_load_global(config_file);
break;
}
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index 830f3bf1570..fdb69e90a07 100644
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -324,7 +324,7 @@ static NTSTATUS smb2_signing_gmac(gnutls_aead_cipher_hd_t
cipher_hnd,
{
size_t tag_size = _tag_size;
int rc;
-#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2)
+#ifdef ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM
rc = gnutls_aead_cipher_encryptv2(cipher_hnd,
iv, iv_size,
@@ -336,7 +336,7 @@ static NTSTATUS smb2_signing_gmac(gnutls_aead_cipher_hd_t
cipher_hnd,
}
return NT_STATUS_OK;
-#else /* HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2 */
+#else /* ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM */
TALLOC_CTX *tmp_ctx = NULL;
size_t atext_size = 0;
uint8_t *atext = NULL;
@@ -387,7 +387,7 @@ static NTSTATUS smb2_signing_gmac(gnutls_aead_cipher_hd_t
cipher_hnd,
}
return NT_STATUS_OK;
-#endif /* HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2 */
+#endif /* ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM */
}
static NTSTATUS smb2_signing_calc_signature(struct smb2_signing_key
*signing_key,
@@ -808,6 +808,9 @@ NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key
*encryption_key,
struct iovec *vector,
int count)
{
+#ifdef HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2
+ bool use_encryptv2 = false;
+#endif
uint16_t cipher_id;
uint8_t *tf;
size_t a_total;
@@ -851,18 +854,30 @@ NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key
*encryption_key,
case SMB2_ENCRYPTION_AES128_CCM:
algo = GNUTLS_CIPHER_AES_128_CCM;
iv_size = SMB2_AES_128_CCM_NONCE_SIZE;
+#ifdef ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_CCM
+ use_encryptv2 = true;
+#endif
break;
case SMB2_ENCRYPTION_AES128_GCM:
algo = GNUTLS_CIPHER_AES_128_GCM;
iv_size = gnutls_cipher_get_iv_size(algo);
+#ifdef ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM
+ use_encryptv2 = true;
+#endif
break;
case SMB2_ENCRYPTION_AES256_CCM:
algo = GNUTLS_CIPHER_AES_256_CCM;
iv_size = SMB2_AES_128_CCM_NONCE_SIZE;
+#ifdef ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_CCM
+ use_encryptv2 = true;
+#endif
break;
case SMB2_ENCRYPTION_AES256_GCM:
algo = GNUTLS_CIPHER_AES_256_GCM;
iv_size = gnutls_cipher_get_iv_size(algo);
+#ifdef ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM
+ use_encryptv2 = true;
+#endif
break;
default:
return NT_STATUS_INVALID_PARAMETER;
@@ -903,8 +918,8 @@ NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key
*encryption_key,
0,
16 - iv_size);
-#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2)
- {
+#ifdef HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2
+ if (use_encryptv2) {
uint8_t tag[tag_size];
giovec_t auth_iov[1];
@@ -928,8 +943,8 @@ NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key
*encryption_key,
}
memcpy(tf + SMB2_TF_SIGNATURE, tag, tag_size);
- }
-#else /* HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2 */
+ } else
+#endif /* HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2 */
{
size_t ptext_size = m_total;
uint8_t *ptext = NULL;
@@ -1007,7 +1022,6 @@ NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key
*encryption_key,
TALLOC_FREE(ptext);
TALLOC_FREE(ctext);
}
-#endif /* HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2 */
DBG_INFO("Encrypted SMB2 message\n");
@@ -1020,6 +1034,9 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key
*decryption_key,
struct iovec *vector,
int count)
{
+#ifdef HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2
+ bool use_encryptv2 = false;
+#endif
uint16_t cipher_id;
uint8_t *tf;
uint16_t flags;
@@ -1073,18 +1090,30 @@ NTSTATUS smb2_signing_decrypt_pdu(struct
smb2_signing_key *decryption_key,
case SMB2_ENCRYPTION_AES128_CCM:
algo = GNUTLS_CIPHER_AES_128_CCM;
iv_size = SMB2_AES_128_CCM_NONCE_SIZE;
+#ifdef ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_CCM
+ use_encryptv2 = true;
+#endif
break;
case SMB2_ENCRYPTION_AES128_GCM:
algo = GNUTLS_CIPHER_AES_128_GCM;
iv_size = gnutls_cipher_get_iv_size(algo);
+#ifdef ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM
+ use_encryptv2 = true;
+#endif
break;
case SMB2_ENCRYPTION_AES256_CCM:
algo = GNUTLS_CIPHER_AES_256_CCM;
iv_size = SMB2_AES_128_CCM_NONCE_SIZE;
+#ifdef ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_CCM
+ use_encryptv2 = true;
+#endif
break;
case SMB2_ENCRYPTION_AES256_GCM:
algo = GNUTLS_CIPHER_AES_256_GCM;
iv_size = gnutls_cipher_get_iv_size(algo);
+#ifdef ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM
+ use_encryptv2 = true;
+#endif
break;
default:
return NT_STATUS_INVALID_PARAMETER;
@@ -1122,8 +1151,8 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key
*decryption_key,
}
/* gnutls_aead_cipher_encryptv2() has a bug in version 3.6.10 */
-#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2)
- {
+#ifdef HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2
+ if (use_encryptv2) {
giovec_t auth_iov[1];
auth_iov[0] = (giovec_t) {
@@ -1144,8 +1173,8 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key
*decryption_key,
status = gnutls_error_to_ntstatus(rc,
NT_STATUS_INTERNAL_ERROR);
goto out;
}
- }
-#else /* HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2 */
+ } else
+#endif /* HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2 */
{
size_t ctext_size = m_total + tag_size;
uint8_t *ctext = NULL;
@@ -1229,7 +1258,6 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key
*decryption_key,
TALLOC_FREE(ptext);
TALLOC_FREE(ctext);
}
-#endif /* HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2 */
DBG_INFO("Decrypted SMB2 message\n");
diff --git a/script/autobuild.py b/script/autobuild.py
index 85dff88a773..c554c331da4 100755
--- a/script/autobuild.py
+++ b/script/autobuild.py
@@ -655,7 +655,7 @@ tasks = {
],
},
- "samba-ad-dc-1-mitkrb5": {
+ "samba-addc-mit-1": {
"dependency": "samba-mit-build",
"sequence": [
("random-sleep", random_sleep(1, 1)),
@@ -671,7 +671,7 @@ tasks = {
],
},
- "samba-ad-dc-4a-mitkrb5": {
+ "samba-addc-mit-4a": {
"dependency": "samba-mit-build",
"sequence": [
("random-sleep", random_sleep(1, 1)),
@@ -684,7 +684,7 @@ tasks = {
("check-clean-tree", CLEAN_SOURCE_TREE_CMD),
],
},
- "samba-ad-dc-4b-mitkrb5": {
+ "samba-addc-mit-4b": {
"dependency": "samba-mit-build",
"sequence": [
("random-sleep", random_sleep(1, 1)),
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index dc1c14e9628..d0ef659da99 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -517,6 +517,7 @@ sub setup_clusteredmember
server signing = on
clustering = yes
ctdbd socket = ${socket}
+ include = registry
dbwrap_tdb_mutexes:* = yes
${require_mutexes}
";
diff --git a/source3/printing/samba-bgqd.c b/source3/printing/samba-bgqd.c
index 4b96fc43092..8ac6ec525b2 100644
--- a/source3/printing/samba-bgqd.c
+++ b/source3/printing/samba-bgqd.c
@@ -195,6 +195,44 @@ static int closeall_except(int *fds, size_t num_fds)
return 0;
}
+static int closeall_except_fd_params(
+ size_t num_fd_params,
+ const char *fd_params[],
+ int argc,
+ const char *argv[])
+{
+ int fds[num_fd_params+3];
+ size_t i;
+ struct poptOption long_options[num_fd_params + 1];
+ poptContext pc;
+ int ret;
+
+ for (i=0; i<num_fd_params; i++) {
+ fds[i] = -1;
+ long_options[i] = (struct poptOption) {
+ .longName = fd_params[i],
+ .argInfo = POPT_ARG_INT,
+ .arg = &fds[i],
+ };
+ }
+ long_options[num_fd_params] = (struct poptOption) { .longName=NULL, };
+
+ fds[num_fd_params] = 0;
+ fds[num_fd_params+1] = 1;
+ fds[num_fd_params+2] = 2;
+
+ pc = poptGetContext(argv[0], argc, argv, long_options, 0);
+
+ while ((ret = poptGetNextOpt(pc)) != -1) {
+ /* do nothing */
+ }
+
+ poptFreeContext(pc);
+
+ ret = closeall_except(fds, ARRAY_SIZE(fds));
+ return ret;
+}
+
int main(int argc, const char *argv[])
{
const struct loadparm_substitution *lp_sub =
@@ -261,6 +299,15 @@ int main(int argc, const char *argv[])
POPT_TABLEEND
};
+ {
+ const char *fd_params[] = {
+ "ready-signal-fd", "parent-watch-fd",
+ };
+
+ closeall_except_fd_params(
+ ARRAY_SIZE(fd_params), fd_params, argc, argv);
+ }
+
frame = talloc_stackframe();
umask(0);
@@ -293,17 +340,6 @@ int main(int argc, const char *argv[])
log_stdout = (debug_get_log_type() == DEBUG_STDOUT);
- {
- int keep[] = { 0, 1, 2, ready_signal_fd, watch_fd };
- ret = closeall_except(keep, ARRAY_SIZE(keep));
- if (ret != 0) {
- fprintf(stderr,
- "Could not close fds: %s\n",
- strerror(ret));
- goto done;
- }
- }
-
if (foreground) {
daemon_status(progname, "Starting process ... ");
} else {
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 8cbad36cc7b..38049e8535f 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -346,6 +346,12 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct
smbXsrv_session *session,
case SMB2_ENCRYPTION_AES128_GCM:
nonce_size =
gnutls_cipher_get_iv_size(GNUTLS_CIPHER_AES_128_GCM);
break;
+ case SMB2_ENCRYPTION_AES256_CCM:
+ nonce_size = SMB2_AES_128_CCM_NONCE_SIZE;
+ break;
+ case SMB2_ENCRYPTION_AES256_GCM:
+ nonce_size =
gnutls_cipher_get_iv_size(GNUTLS_CIPHER_AES_256_GCM);
+ break;
default:
nonce_size = 0;
break;
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index 4f367d07ecb..89e62b43ca0 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -1658,6 +1658,7 @@ int main(int argc, const char **argv)
bool ok;
const struct dcesrv_endpoint_server *ep_server = NULL;
struct dcesrv_context *dce_ctx = NULL;
+ size_t winbindd_socket_dir_len = 0;
setproctitle_init(argc, discard_const(argv), environ);
@@ -1810,6 +1811,30 @@ int main(int argc, const char **argv)
}
}
+ winbindd_socket_dir_len = strlen(lp_winbindd_socket_directory());
+ if (winbindd_socket_dir_len > 0) {
+ size_t winbindd_socket_len =
+ winbindd_socket_dir_len + 1 +
+ strlen(WINBINDD_SOCKET_NAME);
+ struct sockaddr_un un = {
+ .sun_family = AF_UNIX,
+ };
+ size_t sun_path_len = sizeof(un.sun_path);
+
+ if (winbindd_socket_len >= sun_path_len) {
+ DBG_ERR("The winbind socket path [%s/%s] is too long "
+ "(%zu >= %zu)\n",
+ lp_winbindd_socket_directory(),
+ WINBINDD_SOCKET_NAME,
+ winbindd_socket_dir_len,
+ sun_path_len);
+ exit(1);
+ }
+ } else {
+ DBG_ERR("'winbindd_socket_directory' parameter is empty\n");
+ exit(1);
+ }
+
if (!cluster_probe_ok()) {
exit(1);
}
diff --git a/source4/torture/smb2/session.c b/source4/torture/smb2/session.c
index cc554717ff0..1bf8f83efcc 100644
--- a/source4/torture/smb2/session.c
+++ b/source4/torture/smb2/session.c
@@ -48,6 +48,13 @@
"out.reserverd2 incorrect");
\
} while(0)
+#define WAIT_FOR_ASYNC_RESPONSE(req) \
+ while (!req->cancel.can_cancel && req->state <= SMB2_REQUEST_RECV) { \
+ if (tevent_loop_once(tctx->ev) != 0) { \
+ break; \
+ } \
+ }
+
/**
* basic test for doing a session reconnect
*/
@@ -4942,6 +4949,428 @@ static bool test_session_two_logoff(struct
torture_context *tctx,
return ret;
}
+static bool test_session_sign_enc(struct torture_context *tctx,
+ const char *testname,
+ struct cli_credentials *credentials1,
+ const struct smbcli_options *options1)
+{
+ const char *host = torture_setting_string(tctx, "host", NULL);
+ const char *share = torture_setting_string(tctx, "share", NULL);
+ NTSTATUS status;
+ bool ret = false;
+ struct smb2_tree *tree1 = NULL;
+ char fname[256];
+ struct smb2_handle rh = {{0}};
+ struct smb2_handle _h1;
+ struct smb2_handle *h1 = NULL;
+ struct smb2_create io1;
+ union smb_fileinfo qfinfo1;
+ union smb_notify notify;
+ struct smb2_request *req = NULL;
+
+ status = smb2_connect(tctx,
+ host,
+ lpcfg_smb_ports(tctx->lp_ctx),
+ share,
+ lpcfg_resolve_context(tctx->lp_ctx),
+ credentials1,
+ &tree1,
+ tctx->ev,
+ options1,
+ lpcfg_socket_options(tctx->lp_ctx),
+ lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+ );
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_connect options1 failed");
+
+ status = smb2_util_roothandle(tree1, &rh);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_util_roothandle failed");
+
+ /* Add some random component to the file name. */
+ snprintf(fname, sizeof(fname), "%s_%s.dat",
+ testname, generate_random_str(tctx, 8));
--
Samba Shared Repository
