2 Unix SMB/CIFS implementation.
4 test suite for SMB2 session setups
6 Copyright (C) Michael Adam 2012
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "libcli/smb2/smb2.h"
24 #include "libcli/smb2/smb2_calls.h"
25 #include "torture/torture.h"
26 #include "torture/util.h"
27 #include "torture/smb2/proto.h"
28 #include "../libcli/smb/smbXcli_base.h"
29 #include "lib/cmdline/cmdline.h"
30 #include "auth/credentials/credentials.h"
31 #include "auth/credentials/credentials_krb5.h"
32 #include "libcli/security/security.h"
33 #include "libcli/resolve/resolve.h"
34 #include "lib/param/param.h"
35 #include "lib/util/tevent_ntstatus.h"
37 #define CHECK_CREATED(tctx, __io, __created, __attribute) \
39 torture_assert_int_equal(tctx, (__io)->out.create_action, \
40 NTCREATEX_ACTION_ ## __created, \
41 "out.create_action incorrect"); \
42 torture_assert_int_equal(tctx, (__io)->out.size, 0, \
43 "out.size incorrect"); \
44 torture_assert_int_equal(tctx, (__io)->out.file_attr, \
46 "out.file_attr incorrect"); \
47 torture_assert_int_equal(tctx, (__io)->out.reserved2, 0, \
48 "out.reserverd2 incorrect"); \
51 #define WAIT_FOR_ASYNC_RESPONSE(req) \
52 while (!req->cancel.can_cancel && req->state <= SMB2_REQUEST_RECV) { \
53 if (tevent_loop_once(tctx->ev) != 0) { \
59 * basic test for doing a session reconnect
61 bool test_session_reconnect1(struct torture_context *tctx, struct smb2_tree *tree)
64 TALLOC_CTX *mem_ctx = talloc_new(tctx);
66 struct smb2_handle _h1;
67 struct smb2_handle *h1 = NULL;
68 struct smb2_handle _h2;
69 struct smb2_handle *h2 = NULL;
70 struct smb2_create io1, io2;
71 uint64_t previous_session_id;
73 struct smb2_tree *tree2 = NULL;
74 union smb_fileinfo qfinfo;
76 /* Add some random component to the file name. */
77 snprintf(fname, sizeof(fname), "session_reconnect_%s.dat",
78 generate_random_str(tctx, 8));
80 smb2_util_unlink(tree, fname);
82 smb2_oplock_create_share(&io1, fname,
83 smb2_util_share_access(""),
84 smb2_util_oplock_level("b"));
86 status = smb2_create(tree, mem_ctx, &io1);
87 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
88 "smb2_create failed");
89 _h1 = io1.out.file.handle;
91 CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
92 torture_assert_int_equal(tctx, io1.out.oplock_level,
93 smb2_util_oplock_level("b"),
94 "oplock_level incorrect");
96 /* disconnect, reconnect and then do durable reopen */
97 previous_session_id = smb2cli_session_current_id(tree->session->smbXcli);
99 torture_assert_goto(tctx, torture_smb2_connection_ext(tctx, previous_session_id,
100 &tree->session->transport->options, &tree2),
102 "session reconnect failed\n");
104 /* try to access the file via the old handle */
107 qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
108 qfinfo.generic.in.file.handle = _h1;
109 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
110 torture_assert_ntstatus_equal_goto(tctx, status,
111 NT_STATUS_USER_SESSION_DELETED,
112 ret, done, "smb2_getinfo_file "
113 "returned unexpected status");
116 smb2_oplock_create_share(&io2, fname,
117 smb2_util_share_access(""),
118 smb2_util_oplock_level("b"));
120 status = smb2_create(tree2, mem_ctx, &io2);
121 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
122 "smb2_create failed");
124 CHECK_CREATED(tctx, &io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
125 torture_assert_int_equal(tctx, io1.out.oplock_level,
126 smb2_util_oplock_level("b"),
127 "oplock_level incorrect");
128 _h2 = io2.out.file.handle;
133 smb2_util_close(tree, *h1);
136 smb2_util_close(tree2, *h2);
140 smb2_util_unlink(tree2, fname);
142 smb2_util_unlink(tree, fname);
147 talloc_free(mem_ctx);
153 * basic test for doing a session reconnect on one connection
155 bool test_session_reconnect2(struct torture_context *tctx, struct smb2_tree *tree)
158 TALLOC_CTX *mem_ctx = talloc_new(tctx);
160 struct smb2_handle _h1;
161 struct smb2_handle *h1 = NULL;
162 struct smb2_create io1;
163 uint64_t previous_session_id;
165 struct smb2_session *session2 = NULL;
166 union smb_fileinfo qfinfo;
168 /* Add some random component to the file name. */
169 snprintf(fname, sizeof(fname), "session_reconnect_%s.dat",
170 generate_random_str(tctx, 8));
172 smb2_util_unlink(tree, fname);
174 smb2_oplock_create_share(&io1, fname,
175 smb2_util_share_access(""),
176 smb2_util_oplock_level("b"));
177 io1.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
179 status = smb2_create(tree, mem_ctx, &io1);
180 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
181 "smb2_create failed");
182 _h1 = io1.out.file.handle;
184 CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
185 torture_assert_int_equal(tctx, io1.out.oplock_level,
186 smb2_util_oplock_level("b"),
187 "oplock_level incorrect");
189 /* disconnect, reconnect and then do durable reopen */
190 previous_session_id = smb2cli_session_current_id(tree->session->smbXcli);
192 torture_assert(tctx, torture_smb2_session_setup(tctx, tree->session->transport,
193 previous_session_id, tctx, &session2),
194 "session reconnect (on the same connection) failed");
196 /* try to access the file via the old handle */
199 qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
200 qfinfo.generic.in.file.handle = _h1;
201 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
202 torture_assert_ntstatus_equal_goto(tctx, status,
203 NT_STATUS_USER_SESSION_DELETED,
204 ret, done, "smb2_getinfo_file "
205 "returned unexpected status");
210 smb2_util_close(tree, *h1);
214 talloc_free(session2);
216 talloc_free(mem_ctx);
221 bool test_session_reauth1(struct torture_context *tctx, struct smb2_tree *tree)
224 TALLOC_CTX *mem_ctx = talloc_new(tctx);
226 struct smb2_handle _h1;
227 struct smb2_handle *h1 = NULL;
228 struct smb2_create io1;
230 union smb_fileinfo qfinfo;
232 /* Add some random component to the file name. */
233 snprintf(fname, sizeof(fname), "session_reauth1_%s.dat",
234 generate_random_str(tctx, 8));
236 smb2_util_unlink(tree, fname);
238 smb2_oplock_create_share(&io1, fname,
239 smb2_util_share_access(""),
240 smb2_util_oplock_level("b"));
242 status = smb2_create(tree, mem_ctx, &io1);
243 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
244 "smb2_create failed");
245 _h1 = io1.out.file.handle;
247 CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
248 torture_assert_int_equal(tctx, io1.out.oplock_level,
249 smb2_util_oplock_level("b"),
250 "oplock_level incorrect");
252 status = smb2_session_setup_spnego(tree->session,
253 samba_cmdline_get_creds(),
254 0 /* previous_session_id */);
255 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
256 "smb2_session_setup_spnego failed");
258 /* try to access the file via the old handle */
261 qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
262 qfinfo.generic.in.file.handle = _h1;
263 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
264 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
265 "smb2_getinfo_file failed");
267 status = smb2_session_setup_spnego(tree->session,
268 samba_cmdline_get_creds(),
269 0 /* previous_session_id */);
270 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
271 "smb2_session_setup_spnego failed");
273 /* try to access the file via the old handle */
276 qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
277 qfinfo.generic.in.file.handle = _h1;
278 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
279 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
280 "smb2_getinfo_file failed");
284 smb2_util_close(tree, *h1);
287 smb2_util_unlink(tree, fname);
291 talloc_free(mem_ctx);
296 bool test_session_reauth2(struct torture_context *tctx, struct smb2_tree *tree)
299 TALLOC_CTX *mem_ctx = talloc_new(tctx);
301 struct smb2_handle _h1;
302 struct smb2_handle *h1 = NULL;
303 struct smb2_create io1;
305 union smb_fileinfo qfinfo;
306 struct cli_credentials *anon_creds = NULL;
308 /* Add some random component to the file name. */
309 snprintf(fname, sizeof(fname), "session_reauth2_%s.dat",
310 generate_random_str(tctx, 8));
312 smb2_util_unlink(tree, fname);
314 smb2_oplock_create_share(&io1, fname,
315 smb2_util_share_access(""),
316 smb2_util_oplock_level("b"));
318 status = smb2_create(tree, mem_ctx, &io1);
319 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
320 "smb2_create failed");
321 _h1 = io1.out.file.handle;
323 CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
324 torture_assert_int_equal(tctx, io1.out.oplock_level,
325 smb2_util_oplock_level("b"),
326 "oplock_level incorrect");
328 /* re-authenticate as anonymous */
330 anon_creds = cli_credentials_init_anon(mem_ctx);
331 torture_assert(tctx, (anon_creds != NULL), "talloc error");
333 status = smb2_session_setup_spnego(tree->session,
335 0 /* previous_session_id */);
336 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
337 "smb2_session_setup_spnego failed");
339 /* try to access the file via the old handle */
342 qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
343 qfinfo.generic.in.file.handle = _h1;
344 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
345 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
346 "smb2_getinfo_file failed");
348 /* re-authenticate as original user again */
350 status = smb2_session_setup_spnego(tree->session,
351 samba_cmdline_get_creds(),
352 0 /* previous_session_id */);
353 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
354 "smb2_session_setup_spnego failed");
356 /* try to access the file via the old handle */
359 qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
360 qfinfo.generic.in.file.handle = _h1;
361 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
362 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
363 "smb2_getinfo_file failed");
367 smb2_util_close(tree, *h1);
370 smb2_util_unlink(tree, fname);
374 talloc_free(mem_ctx);
380 * test getting security descriptor after reauth
382 bool test_session_reauth3(struct torture_context *tctx, struct smb2_tree *tree)
385 TALLOC_CTX *mem_ctx = talloc_new(tctx);
387 struct smb2_handle _h1;
388 struct smb2_handle *h1 = NULL;
389 struct smb2_create io1;
391 union smb_fileinfo qfinfo;
392 struct cli_credentials *anon_creds = NULL;
393 uint32_t secinfo_flags = SECINFO_OWNER
396 | SECINFO_PROTECTED_DACL
397 | SECINFO_UNPROTECTED_DACL;
399 /* Add some random component to the file name. */
400 snprintf(fname, sizeof(fname), "session_reauth3_%s.dat",
401 generate_random_str(tctx, 8));
403 smb2_util_unlink(tree, fname);
405 smb2_oplock_create_share(&io1, fname,
406 smb2_util_share_access(""),
407 smb2_util_oplock_level("b"));
409 status = smb2_create(tree, mem_ctx, &io1);
410 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
411 "smb2_create failed");
412 _h1 = io1.out.file.handle;
414 CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
415 torture_assert_int_equal(tctx, io1.out.oplock_level,
416 smb2_util_oplock_level("b"),
417 "oplock_level incorrect");
419 /* get the security descriptor */
423 qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
424 qfinfo.query_secdesc.in.file.handle = _h1;
425 qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
427 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
428 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
429 "smb2_getinfo_file failed");
431 /* re-authenticate as anonymous */
433 anon_creds = cli_credentials_init_anon(mem_ctx);
434 torture_assert(tctx, (anon_creds != NULL), "talloc error");
436 status = smb2_session_setup_spnego(tree->session,
438 0 /* previous_session_id */);
439 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
440 "smb2_session_setup_spnego failed");
442 /* try to access the file via the old handle */
446 qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
447 qfinfo.query_secdesc.in.file.handle = _h1;
448 qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
450 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
451 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
452 "smb2_getinfo_file failed");
454 /* re-authenticate as original user again */
456 status = smb2_session_setup_spnego(tree->session,
457 samba_cmdline_get_creds(),
458 0 /* previous_session_id */);
459 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
460 "smb2_session_setup_spnego failed");
462 /* try to access the file via the old handle */
466 qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
467 qfinfo.query_secdesc.in.file.handle = _h1;
468 qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
470 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
471 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
472 "smb2_getinfo_file failed");
476 smb2_util_close(tree, *h1);
479 smb2_util_unlink(tree, fname);
483 talloc_free(mem_ctx);
489 * test setting security descriptor after reauth.
491 bool test_session_reauth4(struct torture_context *tctx, struct smb2_tree *tree)
494 TALLOC_CTX *mem_ctx = talloc_new(tctx);
496 struct smb2_handle _h1;
497 struct smb2_handle *h1 = NULL;
498 struct smb2_create io1;
500 union smb_fileinfo qfinfo;
501 union smb_setfileinfo sfinfo;
502 struct cli_credentials *anon_creds = NULL;
503 uint32_t secinfo_flags = SECINFO_OWNER
506 | SECINFO_PROTECTED_DACL
507 | SECINFO_UNPROTECTED_DACL;
508 struct security_descriptor *sd1;
509 struct security_ace ace;
510 struct dom_sid *extra_sid;
512 /* Add some random component to the file name. */
513 snprintf(fname, sizeof(fname), "session_reauth4_%s.dat",
514 generate_random_str(tctx, 8));
516 smb2_util_unlink(tree, fname);
518 smb2_oplock_create_share(&io1, fname,
519 smb2_util_share_access(""),
520 smb2_util_oplock_level("b"));
522 status = smb2_create(tree, mem_ctx, &io1);
523 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
524 "smb2_create failed");
525 _h1 = io1.out.file.handle;
527 CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
528 torture_assert_int_equal(tctx, io1.out.oplock_level,
529 smb2_util_oplock_level("b"),
530 "oplock_level incorrect");
532 /* get the security descriptor */
536 qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
537 qfinfo.query_secdesc.in.file.handle = _h1;
538 qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
540 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
541 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
542 "smb2_getinfo_file failed");
544 sd1 = qfinfo.query_secdesc.out.sd;
546 /* re-authenticate as anonymous */
548 anon_creds = cli_credentials_init_anon(mem_ctx);
549 torture_assert(tctx, (anon_creds != NULL), "talloc error");
551 status = smb2_session_setup_spnego(tree->session,
553 0 /* previous_session_id */);
554 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
555 "smb2_session_setup_spnego failed");
557 /* give full access on the file to anonymous */
559 extra_sid = dom_sid_parse_talloc(tctx, SID_NT_ANONYMOUS);
562 ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
564 ace.access_mask = SEC_STD_ALL | SEC_FILE_ALL;
565 ace.trustee = *extra_sid;
567 status = security_descriptor_dacl_add(sd1, &ace);
568 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
569 "security_descriptor_dacl_add failed");
572 sfinfo.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
573 sfinfo.set_secdesc.in.file.handle = _h1;
574 sfinfo.set_secdesc.in.secinfo_flags = SECINFO_DACL;
575 sfinfo.set_secdesc.in.sd = sd1;
577 status = smb2_setinfo_file(tree, &sfinfo);
578 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
579 "smb2_setinfo_file failed");
581 /* re-authenticate as original user again */
583 status = smb2_session_setup_spnego(tree->session,
584 samba_cmdline_get_creds(),
585 0 /* previous_session_id */);
586 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
587 "smb2_session_setup_spnego failed");
589 /* re-get the security descriptor */
593 qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
594 qfinfo.query_secdesc.in.file.handle = _h1;
595 qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
597 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
598 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
599 "smb2_getinfo_file failed");
605 smb2_util_close(tree, *h1);
608 smb2_util_unlink(tree, fname);
612 talloc_free(mem_ctx);
618 * test renaming after reauth.
619 * compare security descriptors before and after rename/reauth
621 bool test_session_reauth5(struct torture_context *tctx, struct smb2_tree *tree)
624 TALLOC_CTX *mem_ctx = talloc_new(tctx);
628 struct smb2_handle _dh1;
629 struct smb2_handle *dh1 = NULL;
630 struct smb2_handle _h1;
631 struct smb2_handle *h1 = NULL;
632 struct smb2_create io1;
635 union smb_fileinfo qfinfo;
636 union smb_setfileinfo sfinfo;
637 struct cli_credentials *anon_creds = NULL;
638 uint32_t secinfo_flags = SECINFO_OWNER
641 | SECINFO_PROTECTED_DACL
642 | SECINFO_UNPROTECTED_DACL;
643 struct security_descriptor *f_sd1;
644 struct security_descriptor *d_sd1 = NULL;
645 struct security_ace ace;
646 struct dom_sid *extra_sid;
648 /* Add some random component to the file name. */
649 snprintf(dname, sizeof(dname), "session_reauth5_%s.d",
650 generate_random_str(tctx, 8));
651 snprintf(fname, sizeof(fname), "%s\\file.dat", dname);
653 ok = smb2_util_setup_dir(tctx, tree, dname);
654 torture_assert(tctx, ok, "smb2_util_setup_dir not ok");
656 status = torture_smb2_testdir(tree, dname, &_dh1);
657 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
658 "torture_smb2_testdir failed");
661 smb2_oplock_create_share(&io1, fname,
662 smb2_util_share_access(""),
663 smb2_util_oplock_level("b"));
665 status = smb2_create(tree, mem_ctx, &io1);
666 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
667 "smb2_create failed");
668 _h1 = io1.out.file.handle;
670 CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
671 torture_assert_int_equal(tctx, io1.out.oplock_level,
672 smb2_util_oplock_level("b"),
673 "oplock_level incorrect");
675 /* get the security descriptor */
679 qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
680 qfinfo.query_secdesc.in.file.handle = _h1;
681 qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
683 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
684 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
685 "smb2_getinfo_file failed");
687 f_sd1 = qfinfo.query_secdesc.out.sd;
689 /* re-authenticate as anonymous */
691 anon_creds = cli_credentials_init_anon(mem_ctx);
692 torture_assert(tctx, (anon_creds != NULL), "talloc error");
694 status = smb2_session_setup_spnego(tree->session,
696 0 /* previous_session_id */);
697 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
698 "smb2_session_setup_spnego failed");
700 /* try to rename the file: fails */
702 snprintf(fname2, sizeof(fname2), "%s\\file2.dat", dname);
704 status = smb2_util_unlink(tree, fname2);
705 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
706 "smb2_util_unlink failed");
710 sfinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
711 sfinfo.rename_information.in.file.handle = _h1;
712 sfinfo.rename_information.in.overwrite = true;
713 sfinfo.rename_information.in.new_name = fname2;
715 status = smb2_setinfo_file(tree, &sfinfo);
716 torture_assert_ntstatus_equal_goto(tctx, status,
717 NT_STATUS_ACCESS_DENIED,
718 ret, done, "smb2_setinfo_file "
719 "returned unexpected status");
721 /* re-authenticate as original user again */
723 status = smb2_session_setup_spnego(tree->session,
724 samba_cmdline_get_creds(),
725 0 /* previous_session_id */);
726 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
727 "smb2_session_setup_spnego failed");
729 /* give full access on the file to anonymous */
731 extra_sid = dom_sid_parse_talloc(tctx, SID_NT_ANONYMOUS);
734 ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
736 ace.access_mask = SEC_RIGHTS_FILE_ALL;
737 ace.trustee = *extra_sid;
739 status = security_descriptor_dacl_add(f_sd1, &ace);
740 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
741 "security_descriptor_dacl_add failed");
744 sfinfo.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
745 sfinfo.set_secdesc.in.file.handle = _h1;
746 sfinfo.set_secdesc.in.secinfo_flags = secinfo_flags;
747 sfinfo.set_secdesc.in.sd = f_sd1;
749 status = smb2_setinfo_file(tree, &sfinfo);
750 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
751 "smb2_setinfo_file failed");
753 /* re-get the security descriptor */
757 qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
758 qfinfo.query_secdesc.in.file.handle = _h1;
759 qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
761 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
762 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
763 "smb2_getinfo_file failed");
765 /* re-authenticate as anonymous - again */
767 anon_creds = cli_credentials_init_anon(mem_ctx);
768 torture_assert(tctx, (anon_creds != NULL), "talloc error");
770 status = smb2_session_setup_spnego(tree->session,
772 0 /* previous_session_id */);
773 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
774 "smb2_session_setup_spnego failed");
776 /* try to rename the file: fails */
779 sfinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
780 sfinfo.rename_information.in.file.handle = _h1;
781 sfinfo.rename_information.in.overwrite = true;
782 sfinfo.rename_information.in.new_name = fname2;
784 status = smb2_setinfo_file(tree, &sfinfo);
785 torture_assert_ntstatus_equal_goto(tctx, status,
786 NT_STATUS_ACCESS_DENIED,
787 ret, done, "smb2_setinfo_file "
788 "returned unexpected status");
790 /* give full access on the parent dir to anonymous */
794 qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
795 qfinfo.query_secdesc.in.file.handle = _dh1;
796 qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
798 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
799 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
800 "smb2_getinfo_file failed");
802 d_sd1 = qfinfo.query_secdesc.out.sd;
805 ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
807 ace.access_mask = SEC_RIGHTS_FILE_ALL;
808 ace.trustee = *extra_sid;
810 status = security_descriptor_dacl_add(d_sd1, &ace);
811 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
812 "security_descriptor_dacl_add failed");
815 sfinfo.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
816 sfinfo.set_secdesc.in.file.handle = _dh1;
817 sfinfo.set_secdesc.in.secinfo_flags = secinfo_flags;
818 sfinfo.set_secdesc.in.secinfo_flags = SECINFO_DACL;
819 sfinfo.set_secdesc.in.sd = d_sd1;
821 status = smb2_setinfo_file(tree, &sfinfo);
822 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
823 "smb2_setinfo_file failed");
827 qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
828 qfinfo.query_secdesc.in.file.handle = _dh1;
829 qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
831 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
832 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
833 "smb2_getinfo_file failed");
835 status = smb2_util_close(tree, _dh1);
836 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
837 "smb2_util_close failed");
840 /* try to rename the file: still fails */
843 sfinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
844 sfinfo.rename_information.in.file.handle = _h1;
845 sfinfo.rename_information.in.overwrite = true;
846 sfinfo.rename_information.in.new_name = fname2;
848 status = smb2_setinfo_file(tree, &sfinfo);
849 torture_assert_ntstatus_equal_goto(tctx, status,
850 NT_STATUS_ACCESS_DENIED,
851 ret, done, "smb2_setinfo_file "
852 "returned unexpected status");
854 /* re-authenticate as original user - again */
856 status = smb2_session_setup_spnego(tree->session,
857 samba_cmdline_get_creds(),
858 0 /* previous_session_id */);
859 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
860 "smb2_session_setup_spnego failed");
862 /* rename the file - for verification that it works */
865 sfinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
866 sfinfo.rename_information.in.file.handle = _h1;
867 sfinfo.rename_information.in.overwrite = true;
868 sfinfo.rename_information.in.new_name = fname2;
870 status = smb2_setinfo_file(tree, &sfinfo);
871 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
872 "smb2_setinfo_file failed");
874 /* closs the file, check it is gone and reopen under the new name */
876 status = smb2_util_close(tree, _h1);
877 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
878 "smb2_util_close failed");
881 smb2_generic_create_share(&io1,
882 NULL /* lease */, false /* dir */,
885 smb2_util_share_access(""),
886 smb2_util_oplock_level("b"),
887 0 /* leasekey */, 0 /* leasestate */);
889 status = smb2_create(tree, mem_ctx, &io1);
890 torture_assert_ntstatus_equal_goto(tctx, status,
891 NT_STATUS_OBJECT_NAME_NOT_FOUND,
892 ret, done, "smb2_create "
893 "returned unexpected status");
897 smb2_generic_create_share(&io1,
898 NULL /* lease */, false /* dir */,
901 smb2_util_share_access(""),
902 smb2_util_oplock_level("b"),
903 0 /* leasekey */, 0 /* leasestate */);
905 status = smb2_create(tree, mem_ctx, &io1);
906 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
907 "smb2_create failed");
908 _h1 = io1.out.file.handle;
910 CHECK_CREATED(tctx, &io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
911 torture_assert_int_equal(tctx, io1.out.oplock_level,
912 smb2_util_oplock_level("b"),
913 "oplock_level incorrect");
915 /* try to access the file via the old handle */
919 qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
920 qfinfo.query_secdesc.in.file.handle = _h1;
921 qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
923 status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
924 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
925 "smb2_getinfo_file failed");
929 smb2_util_close(tree, *dh1);
932 smb2_util_close(tree, *h1);
935 smb2_deltree(tree, dname);
939 talloc_free(mem_ctx);
945 * do reauth with wrong credentials,
946 * hence triggering the error path in reauth.
947 * The invalid reauth deletes the session.
949 bool test_session_reauth6(struct torture_context *tctx, struct smb2_tree *tree)
952 TALLOC_CTX *mem_ctx = talloc_new(tctx);
954 struct smb2_handle _h1;
955 struct smb2_handle *h1 = NULL;
956 struct smb2_create io1;
958 char *corrupted_password;
959 struct cli_credentials *broken_creds;
963 enum credentials_use_kerberos krb_state;
965 krb_state = cli_credentials_get_kerberos_state(
966 samba_cmdline_get_creds());
967 if (krb_state == CRED_USE_KERBEROS_REQUIRED) {
969 "Can't test failing session setup with kerberos.");
972 encrypted = smb2cli_tcon_is_encryption_on(tree->smbXcli);
974 /* Add some random component to the file name. */
975 snprintf(fname, sizeof(fname), "session_reauth1_%s.dat",
976 generate_random_str(tctx, 8));
978 smb2_util_unlink(tree, fname);
980 smb2_oplock_create_share(&io1, fname,
981 smb2_util_share_access(""),
982 smb2_util_oplock_level("b"));
983 io1.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
985 status = smb2_create(tree, mem_ctx, &io1);
986 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
987 "smb2_create failed");
988 _h1 = io1.out.file.handle;
990 CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
991 torture_assert_int_equal(tctx, io1.out.oplock_level,
992 smb2_util_oplock_level("b"),
993 "oplock_level incorrect");
996 * reauthentication with invalid credentials:
999 broken_creds = cli_credentials_shallow_copy(mem_ctx,
1000 samba_cmdline_get_creds());
1001 torture_assert(tctx, (broken_creds != NULL), "talloc error");
1003 corrupted_password = talloc_asprintf(mem_ctx, "%s%s",
1004 cli_credentials_get_password(broken_creds),
1006 torture_assert(tctx, (corrupted_password != NULL), "talloc error");
1008 ok = cli_credentials_set_password(broken_creds, corrupted_password,
1010 torture_assert(tctx, ok, "cli_credentials_set_password not ok");
1012 status = smb2_session_setup_spnego(tree->session,
1014 0 /* previous_session_id */);
1015 torture_assert_ntstatus_equal_goto(tctx, status,
1016 NT_STATUS_LOGON_FAILURE, ret, done,
1017 "smb2_session_setup_spnego "
1018 "returned unexpected status");
1020 torture_comment(tctx, "did failed reauth\n");
1022 * now verify that the invalid session reauth has closed our session
1026 expected = NT_STATUS_CONNECTION_DISCONNECTED;
1028 expected = NT_STATUS_USER_SESSION_DELETED;
1031 smb2_oplock_create_share(&io1, fname,
1032 smb2_util_share_access(""),
1033 smb2_util_oplock_level("b"));
1035 status = smb2_create(tree, mem_ctx, &io1);
1036 torture_assert_ntstatus_equal_goto(tctx, status, expected,
1037 ret, done, "smb2_create "
1038 "returned unexpected status");
1042 smb2_util_close(tree, *h1);
1045 smb2_util_unlink(tree, fname);
1049 talloc_free(mem_ctx);
1055 static bool test_session_expire1i(struct torture_context *tctx,
1057 bool force_encryption)
1061 struct smbcli_options options;
1062 const char *host = torture_setting_string(tctx, "host", NULL);
1063 const char *share = torture_setting_string(tctx, "share", NULL);
1064 struct cli_credentials *credentials = samba_cmdline_get_creds();
1065 struct smb2_tree *tree = NULL;
1066 enum credentials_use_kerberos use_kerberos;
1068 struct smb2_handle _h1;
1069 struct smb2_handle *h1 = NULL;
1070 struct smb2_create io1;
1071 union smb_fileinfo qfinfo;
1074 use_kerberos = cli_credentials_get_kerberos_state(credentials);
1075 if (use_kerberos != CRED_USE_KERBEROS_REQUIRED) {
1076 torture_warning(tctx, "smb2.session.expire1 requires -k yes!");
1077 torture_skip(tctx, "smb2.session.expire1 requires -k yes!");
1080 torture_assert_int_equal(tctx, use_kerberos, CRED_USE_KERBEROS_REQUIRED,
1081 "please use -k yes");
1083 cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
1085 lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=4");
1087 lpcfg_smbcli_options(tctx->lp_ctx, &options);
1088 if (force_signing) {
1089 options.signing = SMB_SIGNING_REQUIRED;
1092 status = smb2_connect(tctx,
1094 lpcfg_smb_ports(tctx->lp_ctx),
1096 lpcfg_resolve_context(tctx->lp_ctx),
1101 lpcfg_socket_options(tctx->lp_ctx),
1102 lpcfg_gensec_settings(tctx, tctx->lp_ctx)
1104 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1105 "smb2_connect failed");
1107 if (force_encryption) {
1108 status = smb2cli_session_encryption_on(tree->session->smbXcli);
1109 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1110 "smb2cli_session_encryption_on failed");
1113 /* Add some random component to the file name. */
1114 snprintf(fname, sizeof(fname), "session_expire1_%s.dat",
1115 generate_random_str(tctx, 8));
1117 smb2_util_unlink(tree, fname);
1119 smb2_oplock_create_share(&io1, fname,
1120 smb2_util_share_access(""),
1121 smb2_util_oplock_level("b"));
1122 io1.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
1124 status = smb2_create(tree, tctx, &io1);
1125 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1126 "smb2_create failed");
1127 _h1 = io1.out.file.handle;
1129 CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
1130 torture_assert_int_equal(tctx, io1.out.oplock_level,
1131 smb2_util_oplock_level("b"),
1132 "oplock_level incorrect");
1134 /* get the security descriptor */
1136 ZERO_STRUCT(qfinfo);
1138 qfinfo.access_information.level = RAW_FILEINFO_ACCESS_INFORMATION;
1139 qfinfo.access_information.in.file.handle = _h1;
1141 for (i=0; i < 2; i++) {
1142 torture_comment(tctx, "query info => OK\n");
1144 ZERO_STRUCT(qfinfo.access_information.out);
1145 status = smb2_getinfo_file(tree, tctx, &qfinfo);
1146 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1147 "smb2_getinfo_file failed");
1149 torture_comment(tctx, "sleep 10 seconds\n");
1150 smb_msleep(10*1000);
1152 torture_comment(tctx, "query info => EXPIRED\n");
1153 ZERO_STRUCT(qfinfo.access_information.out);
1154 status = smb2_getinfo_file(tree, tctx, &qfinfo);
1155 torture_assert_ntstatus_equal_goto(tctx, status,
1156 NT_STATUS_NETWORK_SESSION_EXPIRED,
1157 ret, done, "smb2_getinfo_file "
1158 "returned unexpected status");
1161 * the krb5 library may not handle expired creds
1162 * well, lets start with an empty ccache.
1164 cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
1166 if (!force_encryption) {
1167 smb2cli_session_require_signed_response(
1168 tree->session->smbXcli, true);
1171 torture_comment(tctx, "reauth => OK\n");
1172 status = smb2_session_setup_spnego(tree->session,
1174 0 /* previous_session_id */);
1175 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1176 "smb2_session_setup_spnego failed");
1178 smb2cli_session_require_signed_response(
1179 tree->session->smbXcli, false);
1182 ZERO_STRUCT(qfinfo.access_information.out);
1183 status = smb2_getinfo_file(tree, tctx, &qfinfo);
1184 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1185 "smb2_getinfo_file failed");
1189 cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
1192 smb2_util_close(tree, *h1);
1196 lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=0");
1200 static bool test_session_expire1n(struct torture_context *tctx)
1202 return test_session_expire1i(tctx,
1203 false, /* force_signing */
1204 false); /* force_encryption */
1207 static bool test_session_expire1s(struct torture_context *tctx)
1209 return test_session_expire1i(tctx,
1210 true, /* force_signing */
1211 false); /* force_encryption */
1214 static bool test_session_expire1e(struct torture_context *tctx)
1216 return test_session_expire1i(tctx,
1217 true, /* force_signing */
1218 true); /* force_encryption */
1221 static bool test_session_expire2i(struct torture_context *tctx,
1222 bool force_encryption)
1226 struct smbcli_options options;
1227 const char *host = torture_setting_string(tctx, "host", NULL);
1228 const char *share = torture_setting_string(tctx, "share", NULL);
1229 struct cli_credentials *credentials = samba_cmdline_get_creds();
1230 struct smb2_tree *tree = NULL;
1231 const char *unc = NULL;
1232 struct smb2_tree *tree2 = NULL;
1233 struct tevent_req *subreq = NULL;
1234 uint32_t timeout_msec;
1235 enum credentials_use_kerberos use_kerberos;
1238 struct smb2_handle dh;
1239 struct smb2_handle dh2;
1240 struct smb2_handle _h1;
1241 struct smb2_handle *h1 = NULL;
1242 struct smb2_create io1;
1243 union smb_fileinfo qfinfo;
1244 union smb_setfileinfo sfinfo;
1245 struct smb2_flush flsh;
1246 struct smb2_read rd;
1247 const uint8_t wd = 0;
1248 struct smb2_lock lck;
1249 struct smb2_lock_element el;
1250 struct smb2_ioctl ctl;
1251 struct smb2_break oack;
1252 struct smb2_lease_break_ack lack;
1253 struct smb2_find fnd;
1254 union smb_search_data *d = NULL;
1256 struct smb2_request *req = NULL;
1257 struct smb2_notify ntf1;
1258 struct smb2_notify ntf2;
1260 use_kerberos = cli_credentials_get_kerberos_state(credentials);
1261 if (use_kerberos != CRED_USE_KERBEROS_REQUIRED) {
1262 torture_warning(tctx, "smb2.session.expire2 requires -k yes!");
1263 torture_skip(tctx, "smb2.session.expire2 requires -k yes!");
1266 torture_assert_int_equal(tctx, use_kerberos, CRED_USE_KERBEROS_REQUIRED,
1267 "please use -k yes");
1269 cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
1271 lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=4");
1273 lpcfg_smbcli_options(tctx->lp_ctx, &options);
1274 options.signing = SMB_SIGNING_REQUIRED;
1276 unc = talloc_asprintf(tctx, "\\\\%s\\%s", host, share);
1277 torture_assert(tctx, unc != NULL, "talloc_asprintf");
1279 status = smb2_connect(tctx,
1281 lpcfg_smb_ports(tctx->lp_ctx),
1283 lpcfg_resolve_context(tctx->lp_ctx),
1288 lpcfg_socket_options(tctx->lp_ctx),
1289 lpcfg_gensec_settings(tctx, tctx->lp_ctx)
1291 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1292 "smb2_connect failed");
1294 if (force_encryption) {
1295 status = smb2cli_session_encryption_on(tree->session->smbXcli);
1296 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1297 "smb2cli_session_encryption_on failed");
1300 caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
1302 /* Add some random component to the file name. */
1303 snprintf(fname, sizeof(fname), "session_expire2_%s.dat",
1304 generate_random_str(tctx, 8));
1306 smb2_util_unlink(tree, fname);
1308 status = smb2_util_roothandle(tree, &dh);
1309 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1310 "smb2_util_roothandle failed");
1312 smb2_oplock_create_share(&io1, fname,
1313 smb2_util_share_access(""),
1314 smb2_util_oplock_level("b"));
1315 io1.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
1317 status = smb2_create(tree, tctx, &io1);
1318 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1319 "smb2_create failed");
1320 _h1 = io1.out.file.handle;
1322 CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
1323 torture_assert_int_equal(tctx, io1.out.oplock_level,
1324 smb2_util_oplock_level("b"),
1325 "oplock_level incorrect");
1327 /* get the security descriptor */
1329 ZERO_STRUCT(qfinfo);
1331 qfinfo.access_information.level = RAW_FILEINFO_ACCESS_INFORMATION;
1332 qfinfo.access_information.in.file.handle = _h1;
1334 torture_comment(tctx, "query info => OK\n");
1336 ZERO_STRUCT(qfinfo.access_information.out);
1337 status = smb2_getinfo_file(tree, tctx, &qfinfo);
1338 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1339 "smb2_getinfo_file failed");
1341 torture_comment(tctx, "lock => OK\n");
1344 lck.in.lock_count = 0x0001;
1345 lck.in.lock_sequence = 0x00000000;
1346 lck.in.file.handle = *h1;
1348 el.flags = SMB2_LOCK_FLAG_EXCLUSIVE |
1349 SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
1350 el.offset = 0x0000000000000000;
1351 el.length = 0x0000000000000001;
1352 status = smb2_lock(tree, &lck);
1353 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1354 "smb2_lock lock failed");
1356 torture_comment(tctx, "1st notify => PENDING\n");
1358 ntf1.in.file.handle = dh;
1359 ntf1.in.recursive = 0x0000;
1360 ntf1.in.buffer_size = 128;
1361 ntf1.in.completion_filter= FILE_NOTIFY_CHANGE_ATTRIBUTES;
1362 ntf1.in.unknown = 0x00000000;
1363 req = smb2_notify_send(tree, &ntf1);
1365 while (!req->cancel.can_cancel && req->state <= SMB2_REQUEST_RECV) {
1366 if (tevent_loop_once(tctx->ev) != 0) {
1371 torture_assert_goto(tctx, req->state <= SMB2_REQUEST_RECV, ret, done,
1372 "smb2_notify finished");
1374 torture_comment(tctx, "sleep 10 seconds\n");
1375 smb_msleep(10*1000);
1377 torture_comment(tctx, "query info => EXPIRED\n");
1378 ZERO_STRUCT(qfinfo.access_information.out);
1379 status = smb2_getinfo_file(tree, tctx, &qfinfo);
1380 torture_assert_ntstatus_equal_goto(tctx, status,
1381 NT_STATUS_NETWORK_SESSION_EXPIRED,
1382 ret, done, "smb2_getinfo_file "
1383 "returned unexpected status");
1386 torture_comment(tctx, "set info => EXPIRED\n");
1387 ZERO_STRUCT(sfinfo);
1388 sfinfo.end_of_file_info.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
1389 sfinfo.end_of_file_info.in.file.handle = *h1;
1390 sfinfo.end_of_file_info.in.size = 1;
1391 status = smb2_setinfo_file(tree, &sfinfo);
1392 torture_assert_ntstatus_equal_goto(tctx, status,
1393 NT_STATUS_NETWORK_SESSION_EXPIRED,
1394 ret, done, "smb2_setinfo_file "
1395 "returned unexpected status");
1397 torture_comment(tctx, "flush => EXPIRED\n");
1399 flsh.in.file.handle = *h1;
1400 status = smb2_flush(tree, &flsh);
1401 torture_assert_ntstatus_equal_goto(tctx, status,
1402 NT_STATUS_NETWORK_SESSION_EXPIRED,
1403 ret, done, "smb2_flush "
1404 "returned unexpected status");
1406 torture_comment(tctx, "read => EXPIRED\n");
1408 rd.in.file.handle = *h1;
1411 status = smb2_read(tree, tctx, &rd);
1412 torture_assert_ntstatus_equal_goto(tctx, status,
1413 NT_STATUS_NETWORK_SESSION_EXPIRED,
1414 ret, done, "smb2_read "
1415 "returned unexpected status");
1417 torture_comment(tctx, "write => EXPIRED\n");
1418 status = smb2_util_write(tree, *h1, &wd, 0, 1);
1419 torture_assert_ntstatus_equal_goto(tctx, status,
1420 NT_STATUS_NETWORK_SESSION_EXPIRED,
1421 ret, done, "smb2_util_write "
1422 "returned unexpected status");
1424 torture_comment(tctx, "ioctl => EXPIRED\n");
1426 ctl.in.file.handle = *h1;
1427 ctl.in.function = FSCTL_SRV_ENUM_SNAPS;
1428 ctl.in.max_output_response = 16;
1429 ctl.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
1430 status = smb2_ioctl(tree, tctx, &ctl);
1431 torture_assert_ntstatus_equal_goto(tctx, status,
1432 NT_STATUS_NETWORK_SESSION_EXPIRED,
1433 ret, done, "smb2_ioctl "
1434 "returned unexpected status");
1436 torture_comment(tctx, "oplock ack => EXPIRED\n");
1438 oack.in.file.handle = *h1;
1439 status = smb2_break(tree, &oack);
1440 torture_assert_ntstatus_equal_goto(tctx, status,
1441 NT_STATUS_NETWORK_SESSION_EXPIRED,
1442 ret, done, "smb2_break "
1443 "returned unexpected status");
1445 if (caps & SMB2_CAP_LEASING) {
1446 torture_comment(tctx, "lease ack => EXPIRED\n");
1448 lack.in.lease.lease_version = 1;
1449 lack.in.lease.lease_key.data[0] = 1;
1450 lack.in.lease.lease_key.data[1] = 2;
1451 status = smb2_lease_break_ack(tree, &lack);
1452 torture_assert_ntstatus_equal_goto(tctx, status,
1453 NT_STATUS_NETWORK_SESSION_EXPIRED,
1454 ret, done, "smb2_break "
1455 "returned unexpected status");
1458 torture_comment(tctx, "query directory => EXPIRED\n");
1460 fnd.in.file.handle = dh;
1461 fnd.in.pattern = "*";
1462 fnd.in.continue_flags = SMB2_CONTINUE_FLAG_SINGLE;
1463 fnd.in.max_response_size= 0x100;
1464 fnd.in.level = SMB2_FIND_BOTH_DIRECTORY_INFO;
1465 status = smb2_find_level(tree, tree, &fnd, &count, &d);
1466 torture_assert_ntstatus_equal_goto(tctx, status,
1467 NT_STATUS_NETWORK_SESSION_EXPIRED,
1468 ret, done, "smb2_find_level "
1469 "returned unexpected status");
1471 torture_comment(tctx, "1st notify => CANCEL\n");
1474 torture_comment(tctx, "2nd notify => EXPIRED\n");
1476 ntf2.in.file.handle = dh;
1477 ntf2.in.recursive = 0x0000;
1478 ntf2.in.buffer_size = 128;
1479 ntf2.in.completion_filter= FILE_NOTIFY_CHANGE_ATTRIBUTES;
1480 ntf2.in.unknown = 0x00000000;
1481 status = smb2_notify(tree, tctx, &ntf2);
1482 torture_assert_ntstatus_equal_goto(tctx, status,
1483 NT_STATUS_NETWORK_SESSION_EXPIRED,
1484 ret, done, "smb2_notify "
1485 "returned unexpected status");
1487 torture_assert_goto(tctx, req->state > SMB2_REQUEST_RECV, ret, done,
1488 "smb2_notify (1st) not finished");
1490 status = smb2_notify_recv(req, tctx, &ntf1);
1491 torture_assert_ntstatus_equal_goto(tctx, status,
1492 NT_STATUS_CANCELLED,
1493 ret, done, "smb2_notify cancelled"
1494 "returned unexpected status");
1496 torture_comment(tctx, "tcon => EXPIRED\n");
1497 tree2 = smb2_tree_init(tree->session, tctx, false);
1498 torture_assert(tctx, tree2 != NULL, "smb2_tree_init");
1499 timeout_msec = tree->session->transport->options.request_timeout * 1000;
1500 subreq = smb2cli_tcon_send(tree2, tctx->ev,
1501 tree2->session->transport->conn,
1503 tree2->session->smbXcli,
1507 torture_assert(tctx, subreq != NULL, "smb2cli_tcon_send");
1508 torture_assert(tctx,
1509 tevent_req_poll_ntstatus(subreq, tctx->ev, &status),
1510 "tevent_req_poll_ntstatus");
1511 status = smb2cli_tcon_recv(subreq);
1512 TALLOC_FREE(subreq);
1513 torture_assert_ntstatus_equal_goto(tctx, status,
1514 NT_STATUS_NETWORK_SESSION_EXPIRED,
1515 ret, done, "smb2cli_tcon"
1516 "returned unexpected status");
1518 torture_comment(tctx, "create => EXPIRED\n");
1519 status = smb2_util_roothandle(tree, &dh2);
1520 torture_assert_ntstatus_equal_goto(tctx, status,
1521 NT_STATUS_NETWORK_SESSION_EXPIRED,
1522 ret, done, "smb2_util_roothandle"
1523 "returned unexpected status");
1525 torture_comment(tctx, "tdis => EXPIRED\n");
1526 status = smb2_tdis(tree);
1527 torture_assert_ntstatus_equal_goto(tctx, status,
1528 NT_STATUS_NETWORK_SESSION_EXPIRED,
1529 ret, done, "smb2cli_tdis"
1530 "returned unexpected status");
1533 * (Un)Lock, Close and Logoff are still possible
1536 torture_comment(tctx, "1st unlock => OK\n");
1537 el.flags = SMB2_LOCK_FLAG_UNLOCK;
1538 status = smb2_lock(tree, &lck);
1539 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1540 "smb2_lock unlock failed");
1542 torture_comment(tctx, "2nd unlock => RANGE_NOT_LOCKED\n");
1543 status = smb2_lock(tree, &lck);
1544 torture_assert_ntstatus_equal_goto(tctx, status,
1545 NT_STATUS_RANGE_NOT_LOCKED,
1546 ret, done, "smb2_lock 2nd unlock"
1547 "returned unexpected status");
1549 torture_comment(tctx, "lock => EXPIRED\n");
1550 el.flags = SMB2_LOCK_FLAG_EXCLUSIVE |
1551 SMB2_LOCK_FLAG_FAIL_IMMEDIATELY;
1552 status = smb2_lock(tree, &lck);
1553 torture_assert_ntstatus_equal_goto(tctx, status,
1554 NT_STATUS_NETWORK_SESSION_EXPIRED,
1555 ret, done, "smb2_util_roothandle"
1556 "returned unexpected status");
1558 torture_comment(tctx, "close => OK\n");
1559 status = smb2_util_close(tree, *h1);
1561 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1562 "smb2_close failed");
1564 torture_comment(tctx, "echo without session => OK\n");
1565 status = smb2_keepalive(tree->session->transport);
1566 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1567 "smb2_keepalive without session failed");
1569 torture_comment(tctx, "echo with session => OK\n");
1570 req = smb2_keepalive_send(tree->session->transport, tree->session);
1571 status = smb2_keepalive_recv(req);
1572 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1573 "smb2_keepalive with session failed");
1575 torture_comment(tctx, "logoff => OK\n");
1576 status = smb2_logoff(tree->session);
1577 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1578 "smb2_logoff failed");
1582 cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
1585 smb2_util_close(tree, *h1);
1589 lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=0");
1593 static bool test_session_expire2s(struct torture_context *tctx)
1595 return test_session_expire2i(tctx,
1596 false); /* force_encryption */
1599 static bool test_session_expire2e(struct torture_context *tctx)
1601 return test_session_expire2i(tctx,
1602 true); /* force_encryption */
1605 static bool test_session_expire_disconnect(struct torture_context *tctx)
1609 struct smbcli_options options;
1610 const char *host = torture_setting_string(tctx, "host", NULL);
1611 const char *share = torture_setting_string(tctx, "share", NULL);
1612 struct cli_credentials *credentials = samba_cmdline_get_creds();
1613 struct smb2_tree *tree = NULL;
1614 enum credentials_use_kerberos use_kerberos;
1616 struct smb2_handle _h1;
1617 struct smb2_handle *h1 = NULL;
1618 struct smb2_create io1;
1619 union smb_fileinfo qfinfo;
1622 use_kerberos = cli_credentials_get_kerberos_state(credentials);
1623 if (use_kerberos != CRED_USE_KERBEROS_REQUIRED) {
1624 torture_warning(tctx, "smb2.session.expire1 requires -k yes!");
1625 torture_skip(tctx, "smb2.session.expire1 requires -k yes!");
1628 cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
1630 lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=4");
1631 lpcfg_smbcli_options(tctx->lp_ctx, &options);
1632 options.signing = SMB_SIGNING_REQUIRED;
1634 status = smb2_connect(tctx,
1636 lpcfg_smb_ports(tctx->lp_ctx),
1638 lpcfg_resolve_context(tctx->lp_ctx),
1643 lpcfg_socket_options(tctx->lp_ctx),
1644 lpcfg_gensec_settings(tctx, tctx->lp_ctx)
1646 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1647 "smb2_connect failed");
1649 smbXcli_session_set_disconnect_expired(tree->session->smbXcli);
1651 /* Add some random component to the file name. */
1652 snprintf(fname, sizeof(fname), "session_expire1_%s.dat",
1653 generate_random_str(tctx, 8));
1655 smb2_util_unlink(tree, fname);
1657 smb2_oplock_create_share(&io1, fname,
1658 smb2_util_share_access(""),
1659 smb2_util_oplock_level("b"));
1660 io1.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
1662 status = smb2_create(tree, tctx, &io1);
1663 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1664 "smb2_create failed");
1665 _h1 = io1.out.file.handle;
1667 CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
1668 torture_assert_int_equal(tctx, io1.out.oplock_level,
1669 smb2_util_oplock_level("b"),
1670 "oplock_level incorrect");
1672 /* get the security descriptor */
1674 ZERO_STRUCT(qfinfo);
1676 qfinfo.access_information.level = RAW_FILEINFO_ACCESS_INFORMATION;
1677 qfinfo.access_information.in.file.handle = _h1;
1679 torture_comment(tctx, "query info => OK\n");
1681 ZERO_STRUCT(qfinfo.access_information.out);
1682 status = smb2_getinfo_file(tree, tctx, &qfinfo);
1683 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1684 "smb2_getinfo_file failed");
1686 torture_comment(tctx, "sleep 10 seconds\n");
1687 smb_msleep(10*1000);
1689 torture_comment(tctx, "query info => EXPIRED\n");
1690 ZERO_STRUCT(qfinfo.access_information.out);
1691 status = smb2_getinfo_file(tree, tctx, &qfinfo);
1692 torture_assert_ntstatus_equal_goto(tctx, status,
1693 NT_STATUS_NETWORK_SESSION_EXPIRED,
1694 ret, done, "smb2_getinfo_file "
1695 "returned unexpected status");
1697 connected = smbXcli_conn_is_connected(tree->session->transport->conn);
1698 torture_assert_goto(tctx, !connected, ret, done, "connected\n");
1702 cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
1705 smb2_util_close(tree, *h1);
1709 lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=0");
1713 bool test_session_bind1(struct torture_context *tctx, struct smb2_tree *tree1)
1715 const char *host = torture_setting_string(tctx, "host", NULL);
1716 const char *share = torture_setting_string(tctx, "share", NULL);
1717 struct cli_credentials *credentials = samba_cmdline_get_creds();
1719 TALLOC_CTX *mem_ctx = talloc_new(tctx);
1721 struct smb2_handle _h1;
1722 struct smb2_handle *h1 = NULL;
1723 struct smb2_create io1;
1724 union smb_fileinfo qfinfo;
1726 struct smb2_tree *tree2 = NULL;
1727 struct smb2_transport *transport1 = tree1->session->transport;
1728 struct smbcli_options options2;
1729 struct smb2_transport *transport2 = NULL;
1730 struct smb2_session *session1_1 = tree1->session;
1731 struct smb2_session *session1_2 = NULL;
1732 struct smb2_session *session2_1 = NULL;
1733 struct smb2_session *session2_2 = NULL;
1736 caps = smb2cli_conn_server_capabilities(transport1->conn);
1737 if (!(caps & SMB2_CAP_MULTI_CHANNEL)) {
1738 torture_skip(tctx, "server doesn't support SMB2_CAP_MULTI_CHANNEL\n");
1742 * We always want signing for this test!
1744 smb2cli_tcon_should_sign(tree1->smbXcli, true);
1745 options2 = transport1->options;
1746 options2.signing = SMB_SIGNING_REQUIRED;
1748 /* Add some random component to the file name. */
1749 snprintf(fname, sizeof(fname), "session_bind1_%s.dat",
1750 generate_random_str(tctx, 8));
1752 smb2_util_unlink(tree1, fname);
1754 smb2_oplock_create_share(&io1, fname,
1755 smb2_util_share_access(""),
1756 smb2_util_oplock_level("b"));
1758 status = smb2_create(tree1, mem_ctx, &io1);
1759 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1760 "smb2_create failed");
1761 _h1 = io1.out.file.handle;
1763 CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
1764 torture_assert_int_equal(tctx, io1.out.oplock_level,
1765 smb2_util_oplock_level("b"),
1766 "oplock_level incorrect");
1768 status = smb2_connect(tctx,
1770 lpcfg_smb_ports(tctx->lp_ctx),
1772 lpcfg_resolve_context(tctx->lp_ctx),
1777 lpcfg_socket_options(tctx->lp_ctx),
1778 lpcfg_gensec_settings(tctx, tctx->lp_ctx)
1780 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1781 "smb2_connect failed");
1782 session2_2 = tree2->session;
1783 transport2 = tree2->session->transport;
1786 * Now bind the 2nd transport connection to the 1st session
1788 session1_2 = smb2_session_channel(transport2,
1789 lpcfg_gensec_settings(tctx, tctx->lp_ctx),
1792 torture_assert(tctx, session1_2 != NULL, "smb2_session_channel failed");
1794 status = smb2_session_setup_spnego(session1_2,
1795 samba_cmdline_get_creds(),
1796 0 /* previous_session_id */);
1797 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1798 "smb2_session_setup_spnego failed");
1800 /* use the 1st connection, 1st session */
1801 ZERO_STRUCT(qfinfo);
1802 qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
1803 qfinfo.generic.in.file.handle = _h1;
1804 tree1->session = session1_1;
1805 status = smb2_getinfo_file(tree1, mem_ctx, &qfinfo);
1806 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1807 "smb2_getinfo_file failed");
1809 /* use the 2nd connection, 1st session */
1810 ZERO_STRUCT(qfinfo);
1811 qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
1812 qfinfo.generic.in.file.handle = _h1;
1813 tree1->session = session1_2;
1814 status = smb2_getinfo_file(tree1, mem_ctx, &qfinfo);
1815 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1816 "smb2_getinfo_file failed");
1818 tree1->session = session1_1;
1819 status = smb2_util_close(tree1, *h1);
1820 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1821 "smb2_util_close failed");
1825 * Now bind the 1st transport connection to the 2nd session
1827 session2_1 = smb2_session_channel(transport1,
1828 lpcfg_gensec_settings(tctx, tctx->lp_ctx),
1831 torture_assert(tctx, session2_1 != NULL, "smb2_session_channel failed");
1833 status = smb2_session_setup_spnego(session2_1,
1834 samba_cmdline_get_creds(),
1835 0 /* previous_session_id */);
1836 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1837 "smb2_session_setup_spnego failed");
1839 tree2->session = session2_1;
1840 status = smb2_util_unlink(tree2, fname);
1841 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1842 "smb2_util_unlink failed");
1846 tree1->session = session1_1;
1849 smb2_util_close(tree1, *h1);
1852 smb2_util_unlink(tree1, fname);
1856 talloc_free(mem_ctx);
1861 static bool test_session_bind2(struct torture_context *tctx, struct smb2_tree *tree1)
1863 const char *host = torture_setting_string(tctx, "host", NULL);
1864 const char *share = torture_setting_string(tctx, "share", NULL);
1865 struct cli_credentials *credentials = samba_cmdline_get_creds();
1867 TALLOC_CTX *mem_ctx = talloc_new(tctx);
1870 struct smb2_handle _h1f1;
1871 struct smb2_handle *h1f1 = NULL;
1872 struct smb2_handle _h1f2;
1873 struct smb2_handle *h1f2 = NULL;
1874 struct smb2_handle _h2f2;
1875 struct smb2_handle *h2f2 = NULL;
1876 struct smb2_create io1f1;
1877 struct smb2_create io1f2;
1878 struct smb2_create io2f1;
1879 struct smb2_create io2f2;
1880 union smb_fileinfo qfinfo;
1882 struct smb2_transport *transport1 = tree1->session->transport;
1883 struct smbcli_options options2;
1884 struct smb2_tree *tree2 = NULL;
1885 struct smb2_transport *transport2 = NULL;
1886 struct smbcli_options options3;
1887 struct smb2_tree *tree3 = NULL;
1888 struct smb2_transport *transport3 = NULL;
1889 struct smb2_session *session1_1 = tree1->session;
1890 struct smb2_session *session1_2 = NULL;
1891 struct smb2_session *session1_3 = NULL;
1892 struct smb2_session *session2_1 = NULL;
1893 struct smb2_session *session2_2 = NULL;
1894 struct smb2_session *session2_3 = NULL;
1897 caps = smb2cli_conn_server_capabilities(transport1->conn);
1898 if (!(caps & SMB2_CAP_MULTI_CHANNEL)) {
1899 torture_skip(tctx, "server doesn't support SMB2_CAP_MULTI_CHANNEL\n");
1903 * We always want signing for this test!
1905 smb2cli_tcon_should_sign(tree1->smbXcli, true);
1906 options2 = transport1->options;
1907 options2.signing = SMB_SIGNING_REQUIRED;
1909 /* Add some random component to the file name. */
1910 snprintf(fname1, sizeof(fname1), "session_bind2_1_%s.dat",
1911 generate_random_str(tctx, 8));
1912 snprintf(fname2, sizeof(fname2), "session_bind2_2_%s.dat",
1913 generate_random_str(tctx, 8));
1915 smb2_util_unlink(tree1, fname1);
1916 smb2_util_unlink(tree1, fname2);
1918 smb2_oplock_create_share(&io1f1, fname1,
1919 smb2_util_share_access(""),
1920 smb2_util_oplock_level(""));
1921 smb2_oplock_create_share(&io1f2, fname2,
1922 smb2_util_share_access(""),
1923 smb2_util_oplock_level(""));
1925 status = smb2_create(tree1, mem_ctx, &io1f1);
1926 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1927 "smb2_create failed");
1928 _h1f1 = io1f1.out.file.handle;
1930 CHECK_CREATED(tctx, &io1f1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
1931 torture_assert_int_equal(tctx, io1f1.out.oplock_level,
1932 smb2_util_oplock_level(""),
1933 "oplock_level incorrect");
1935 status = smb2_connect(tctx,
1937 lpcfg_smb_ports(tctx->lp_ctx),
1939 lpcfg_resolve_context(tctx->lp_ctx),
1944 lpcfg_socket_options(tctx->lp_ctx),
1945 lpcfg_gensec_settings(tctx, tctx->lp_ctx)
1947 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1948 "smb2_connect failed");
1949 session2_2 = tree2->session;
1950 transport2 = tree2->session->transport;
1951 smb2cli_tcon_should_sign(tree2->smbXcli, true);
1953 smb2_oplock_create_share(&io2f1, fname1,
1954 smb2_util_share_access(""),
1955 smb2_util_oplock_level(""));
1956 smb2_oplock_create_share(&io2f2, fname2,
1957 smb2_util_share_access(""),
1958 smb2_util_oplock_level(""));
1960 status = smb2_create(tree2, mem_ctx, &io2f2);
1961 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1962 "smb2_create failed");
1963 _h2f2 = io2f2.out.file.handle;
1965 CHECK_CREATED(tctx, &io2f2, CREATED, FILE_ATTRIBUTE_ARCHIVE);
1966 torture_assert_int_equal(tctx, io2f2.out.oplock_level,
1967 smb2_util_oplock_level(""),
1968 "oplock_level incorrect");
1970 options3 = transport1->options;
1971 options3.signing = SMB_SIGNING_REQUIRED;
1972 options3.only_negprot = true;
1974 status = smb2_connect(tctx,
1976 lpcfg_smb_ports(tctx->lp_ctx),
1978 lpcfg_resolve_context(tctx->lp_ctx),
1983 lpcfg_socket_options(tctx->lp_ctx),
1984 lpcfg_gensec_settings(tctx, tctx->lp_ctx)
1986 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
1987 "smb2_connect failed");
1988 transport3 = tree3->session->transport;
1991 * Create a fake session for the 2nd transport connection to the 1st session
1993 session1_2 = smb2_session_channel(transport2,
1994 lpcfg_gensec_settings(tctx, tctx->lp_ctx),
1997 torture_assert(tctx, session1_2 != NULL, "smb2_session_channel failed");
2000 * Now bind the 3rd transport connection to the 1st session
2002 session1_3 = smb2_session_channel(transport3,
2003 lpcfg_gensec_settings(tctx, tctx->lp_ctx),
2006 torture_assert(tctx, session1_3 != NULL, "smb2_session_channel failed");
2008 status = smb2_session_setup_spnego(session1_3,
2010 0 /* previous_session_id */);
2011 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
2012 "smb2_session_setup_spnego failed");
2015 * Create a fake session for the 1st transport connection to the 2nd session
2017 session2_1 = smb2_session_channel(transport1,
2018 lpcfg_gensec_settings(tctx, tctx->lp_ctx),
2021 torture_assert(tctx, session2_1 != NULL, "smb2_session_channel failed");
2024 * Now bind the 3rd transport connection to the 2nd session
2026 session2_3 = smb2_session_channel(transport3,
2027 lpcfg_gensec_settings(tctx, tctx->lp_ctx),
2030 torture_assert(tctx, session2_3 != NULL, "smb2_session_channel failed");
2032 status = smb2_session_setup_spnego(session2_3,
2034 0 /* previous_session_id */);
2035 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
2036 "smb2_session_setup_spnego failed");
2038 ZERO_STRUCT(qfinfo);
2039 qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
2040 qfinfo.generic.in.file.handle = _h1f1;
2041 tree1->session = session1_1;
2042 status = smb2_getinfo_file(tree1, mem_ctx, &qfinfo);
2043 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
2044 "smb2_getinfo_file failed");
2045 tree1->session = session1_2;
2046 status = smb2_getinfo_file(tree1, mem_ctx, &qfinfo);
2047 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_USER_SESSION_DELETED, ret, done,
2048 "smb2_getinfo_file failed");
2049 tree1->session = session1_3;
2050 status = smb2_getinfo_file(tree1, mem_ctx, &qfinfo);
2051 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
2052 "smb2_getinfo_file failed");
2054 ZERO_STRUCT(qfinfo);
2055 qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
2056 qfinfo.generic.in.file.handle = _h2f2;
2057 tree2->session = session2_1;
2058 status = smb2_getinfo_file(tree2, mem_ctx, &qfinfo);
2059 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_USER_SESSION_DELETED, ret, done,
2060 "smb2_getinfo_file failed");
2061 tree2->session = session2_2;
2062 status = smb2_getinfo_file(tree2, mem_ctx, &qfinfo);
2063 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
2064 "smb2_getinfo_file failed");
2065 tree2->session = session2_3;
2066 status = smb2_getinfo_file(tree2, mem_ctx, &qfinfo);
2067 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
2068 "smb2_getinfo_file failed");
2070 tree1->session = session1_1;
2071 status = smb2_create(tree1, mem_ctx, &io1f2);
2072 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_SHARING_VIOLATION, ret, done,
2073 "smb2_create failed");
2074 tree1->session = session1_2;
2075 status = smb2_create(tree1, mem_ctx, &io1f2);
2076 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_USER_SESSION_DELETED, ret, done,
2077 "smb2_create failed");
2078 tree1->session = session1_3;
2079 status = smb2_create(tree1, mem_ctx, &io1f2);
2080 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_SHARING_VIOLATION, ret, done,
2081 "smb2_create failed");
2083 tree2->session = session2_1;
2084 status = smb2_create(tree2, mem_ctx, &io2f1);
2085 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_USER_SESSION_DELETED, ret, done,
2086 "smb2_create failed");
2087 tree2->session = session2_2;
2088 status = smb2_create(tree2, mem_ctx, &io2f1);
2089 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_SHARING_VIOLATION, ret, done,
2090 "smb2_create failed");
2091 tree2->session = session2_3;
2092 status = smb2_create(tree2, mem_ctx, &io2f1);
2093 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_SHARING_VIOLATION, ret, done,
2094 "smb2_create failed");
2096 smbXcli_conn_disconnect(transport3->conn, NT_STATUS_LOCAL_DISCONNECT);
2099 tree1->session = session1_1;
2100 status = smb2_create(tree1, mem_ctx, &io1f2);
2101 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_SHARING_VIOLATION, ret, done,
2102 "smb2_create failed");
2103 tree1->session = session1_2;
2104 status = smb2_create(tree1, mem_ctx, &io1f2);
2105 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_USER_SESSION_DELETED, ret, done,
2106 "smb2_create failed");
2108 tree2->session = session2_1;
2109 status = smb2_create(tree2, mem_ctx, &io2f1);
2110 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_USER_SESSION_DELETED, ret, done,
2111 "smb2_create failed");
2112 tree2->session = session2_2;
2113 status = smb2_create(tree2, mem_ctx, &io2f1);
2114 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_SHARING_VIOLATION, ret, done,
2115 "smb2_create failed");
2117 smbXcli_conn_disconnect(transport2->conn, NT_STATUS_LOCAL_DISCONNECT);
2121 tree1->session = session1_1;
2122 status = smb2_create(tree1, mem_ctx, &io1f2);
2123 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
2124 "smb2_create failed");
2125 _h1f2 = io1f2.out.file.handle;
2127 CHECK_CREATED(tctx, &io1f2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
2128 torture_assert_int_equal(tctx, io1f2.out.oplock_level,
2129 smb2_util_oplock_level(""),
2130 "oplock_level incorrect");
2132 tree1->session = session1_1;
2133 status = smb2_util_close(tree1, *h1f1);
2134 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
2135 "smb2_util_close failed");
2141 smbXcli_conn_disconnect(transport3->conn, NT_STATUS_LOCAL_DISCONNECT);
2142 smbXcli_conn_disconnect(transport2->conn, NT_STATUS_LOCAL_DISCONNECT);
2144 tree1->session = session1_1;
2145 tree2->session = session2_2;
2148 smb2_util_close(tree1, *h1f1);
2151 smb2_util_close(tree1, *h1f2);
2154 smb2_util_close(tree2, *h2f2);
2157 smb2_util_unlink(tree1, fname1);
2158 smb2_util_unlink(tree1, fname2);
2162 talloc_free(mem_ctx);
2167 static bool test_session_bind_auth_mismatch(struct torture_context *tctx,
2168 struct smb2_tree *tree1,
2169 const char *testname,
2170 struct cli_credentials *creds1,
2171 struct cli_credentials *creds2,
2172 bool creds2_require_ok)
2174 const char *host = torture_setting_string(tctx, "host", NULL);
2175 const char *share = torture_setting_string(tctx, "share", NULL);
2177 TALLOC_CTX *mem_ctx = talloc_new(tctx);
2179 struct smb2_handle _h1;
2180 struct smb2_handle *h1 = NULL;
2181 struct smb2_create io1;
2182 union smb_fileinfo qfinfo;
2184 struct smb2_tree *tree2 = NULL;
2185 struct smb2_transport *transport1 = tree1->session->transport;
2186 struct smbcli_options options2;
2187 struct smb2_transport *transport2 = NULL;
2188 struct smb2_session *session1_1 = tree1->session;
2189 struct smb2_session *session1_2 = NULL;
2190 struct smb2_session *session2_1 = NULL;
2191 struct smb2_session *session2_2 = NULL;
2192 struct smb2_session *session3_1 = NULL;
2195 bool creds2_got_ok = false;
2197 encrypted = smb2cli_tcon_is_encryption_on(tree1->smbXcli);
2199 caps = smb2cli_conn_server_capabilities(transport1->conn);
2200 if (!(caps & SMB2_CAP_MULTI_CHANNEL)) {
2201 torture_skip(tctx, "server doesn't support SMB2_CAP_MULTI_CHANNEL\n");
2205 * We always want signing for this test!
2207 smb2cli_tcon_should_sign(tree1->smbXcli, true);
2208 options2 = transport1->options;
2209 options2.signing = SMB_SIGNING_REQUIRED;
2211 /* Add some random component to the file name. */
2212 snprintf(fname, sizeof(fname), "%s_%s.dat", testname,
2213 generate_random_str(tctx, 8));
2215 smb2_util_unlink(tree1, fname);
2217 smb2_oplock_create_share(&io1, fname,
2218 smb2_util_share_access(""),
2219 smb2_util_oplock_level("b"));
2221 status = smb2_create(tree1, mem_ctx, &io1);
2222 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
2223 "smb2_create failed");
2224 _h1 = io1.out.file.handle;
2226 CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
2227 torture_assert_int_equal(tctx, io1.out.oplock_level,
2228 smb2_util_oplock_level("b"),
2229 "oplock_level incorrect");
2231 status = smb2_connect(tctx,
2233 lpcfg_smb_ports(tctx->lp_ctx),
2235 lpcfg_resolve_context(tctx->lp_ctx),
2240 lpcfg_socket_options(tctx->lp_ctx),
2241 lpcfg_gensec_settings(tctx, tctx->lp_ctx)
2243 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
2244 "smb2_connect failed");
2245 session2_2 = tree2->session;
2246 transport2 = tree2->session->transport;
2249 * Now bind the 2nd transport connection to the 1st session
2251 session1_2 = smb2_session_channel(transport2,
2252 lpcfg_gensec_settings(tctx, tctx->lp_ctx),
2255 torture_assert(tctx, session1_2 != NULL, "smb2_session_channel failed");
2257 status = smb2_session_setup_spnego(session1_2,
2259 0 /* previous_session_id */);
2260 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
2261 "smb2_session_setup_spnego failed");
2263 /* use the 1st connection, 1st session */
2264 ZERO_STRUCT(qfinfo);
2265 qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
2266 qfinfo.generic.in.file.handle = _h1;
2267 tree1->session = session1_1;
2268 status = smb2_getinfo_file(tree1, mem_ctx, &qfinfo);
2269 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
2270 "smb2_getinfo_file failed");
2272 /* use the 2nd connection, 1st session */
2273 ZERO_STRUCT(qfinfo);
2274 qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
2275 qfinfo.generic.in.file.handle = _h1;
2276 tree1->session = session1_2;
2277 status = smb2_getinfo_file(tree1, mem_ctx, &qfinfo);
2278 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
2279 "smb2_getinfo_file failed");
2281 tree1->session = session1_1;
2282 status = smb2_util_close(tree1, *h1);
2283 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
2284 "smb2_util_close failed");
2288 * Create a 3rd session in order to check if the invalid (creds2)
2289 * are mapped to guest.
2291 session3_1 = smb2_session_init(transport1,
2292 lpcfg_gensec_settings(tctx, tctx->lp_ctx),
2294 torture_assert(tctx, session3_1 != NULL, "smb2_session_channel failed");
2296 status = smb2_session_setup_spnego(session3_1,
2298 0 /* previous_session_id */);
2299 if (creds2_require_ok) {
2300 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
2301 "smb2_session_setup_spnego worked");
2302 creds2_got_ok = true;
2303 } else if (NT_STATUS_IS_OK(status)) {
2304 bool authentiated = smbXcli_session_is_authenticated(session3_1->smbXcli);
2305 torture_assert(tctx, !authentiated, "Invalid credentials allowed!");
2306 creds2_got_ok = true;
2308 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_LOGON_FAILURE, ret, done,
2309 "smb2_session_setup_spnego worked");
2313 * Now bind the 1st transport connection to the 2nd session
2315 session2_1 = smb2_session_channel(transport1,
2316 lpcfg_gensec_settings(tctx, tctx->lp_ctx),
2319 torture_assert(tctx, session2_1 != NULL, "smb2_session_channel failed");
2321 tree2->session = session2_1;
2322 status = smb2_util_unlink(tree2, fname);
2323 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_USER_SESSION_DELETED, ret, done,
2324 "smb2_util_unlink worked on invalid channel");
2326 status = smb2_session_setup_spnego(session2_1,
2328 0 /* previous_session_id */);
2329 if (creds2_got_ok) {
2331 * attaching with a different user (guest or anonymous) results
2334 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_ACCESS_DENIED, ret, done,
2335 "smb2_session_setup_spnego worked");
2337 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_LOGON_FAILURE, ret, done,
2338 "smb2_session_setup_spnego worked");
2341 tree2->session = session2_1;
2342 status = smb2_util_unlink(tree2, fname);
2343 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_USER_SESSION_DELETED, ret, done,
2344 "smb2_util_unlink worked on invalid channel");
2346 tree2->session = session2_2;
2347 status = smb2_util_unlink(tree2, fname);
2348 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
2349 "smb2_util_unlink failed");
2350 status = smb2_util_unlink(tree2, fname);
2351 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, ret, done,
2352 "smb2_util_unlink worked");
2353 if (creds2_got_ok) {
2355 * We got ACCESS_DENIED on the session bind
2356 * with a different user, now check that
2357 * the correct user can actually bind on
2358 * the same connection.
2360 TALLOC_FREE(session2_1);
2361 session2_1 = smb2_session_channel(transport1,
2362 lpcfg_gensec_settings(tctx, tctx->lp_ctx),
2365 torture_assert(tctx, session2_1 != NULL, "smb2_session_channel failed");
2367 status = smb2_session_setup_spnego(session2_1,
2369 0 /* previous_session_id */);
2370 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
2371 "smb2_session_setup_spnego failed");
2372 tree2->session = session2_1;
2373 status = smb2_util_unlink(tree2, fname);
2374 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, ret, done,
2375 "smb2_util_unlink worked");
2376 tree2->session = session2_2;
2379 tree1->session = session1_1;
2380 status = smb2_util_unlink(tree1, fname);
2381 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, ret, done,
2382 "smb2_util_unlink worked");
2384 tree1->session = session1_2;
2385 status = smb2_util_unlink(tree1, fname);
2386 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, ret, done,
2387 "smb2_util_unlink worked");
2389 if (creds2_got_ok) {
2391 * With valid credentials, there's no point to test a failing
2399 * Do a failing reauth the 2nd channel
2401 status = smb2_session_setup_spnego(session1_2,
2403 0 /* previous_session_id */);
2404 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_LOGON_FAILURE, ret, done,
2405 "smb2_session_setup_spnego worked");
2407 tree1->session = session1_1;
2408 status = smb2_util_unlink(tree1, fname);
2410 torture_assert_goto(tctx, !smbXcli_conn_is_connected(transport1->conn), ret, done,
2411 "smb2_util_unlink worked");
2413 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_USER_SESSION_DELETED, ret, done,
2414 "smb2_util_unlink worked");
2417 tree1->session = session1_2;
2418 status = smb2_util_unlink(tree1, fname);
2420 torture_assert_goto(tctx, !smbXcli_conn_is_connected(transport2->conn), ret, done,
2421 "smb2_util_unlink worked");
2423 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_USER_SESSION_DELETED, ret, done,
2424 "smb2_util_unlink worked");
2427 status = smb2_util_unlink(tree2, fname);
2429 torture_assert_goto(tctx, !smbXcli_conn_is_connected(transport1->conn), ret, done,
2430 "smb2_util_unlink worked");
2431 torture_assert_goto(tctx, !smbXcli_conn_is_connected(transport2->conn), ret, done,
2432 "smb2_util_unlink worked");
2434 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, ret, done,
2435 "smb2_util_unlink worked");
2441 tree1->session = session1_1;
2444 smb2_util_close(tree1, *h1);
2447 smb2_util_unlink(tree1, fname);
2451 talloc_free(mem_ctx);
2456 static bool test_session_bind_invalid_auth(struct torture_context *tctx, struct smb2_tree *tree1)
2458 struct cli_credentials *credentials = samba_cmdline_get_creds();
2459 struct cli_credentials *invalid_credentials = NULL;
2462 invalid_credentials = cli_credentials_init(tctx);
2463 torture_assert(tctx, (invalid_credentials != NULL), "talloc error");
2464 cli_credentials_set_username(invalid_credentials, "__none__invalid__none__", CRED_SPECIFIED);
2465 cli_credentials_set_domain(invalid_credentials, "__none__invalid__none__", CRED_SPECIFIED);
2466 cli_credentials_set_password(invalid_credentials, "__none__invalid__none__", CRED_SPECIFIED);
2467 cli_credentials_set_realm(invalid_credentials, NULL, CRED_SPECIFIED);
2468 cli_credentials_set_workstation(invalid_credentials, "", CRED_UNINITIALISED);
2470 ret = test_session_bind_auth_mismatch(tctx, tree1, __func__,
2472 invalid_credentials,
2477 static bool test_session_bind_different_user(struct torture_context *tctx, struct smb2_tree *tree1)
2479 struct cli_credentials *credentials1 = samba_cmdline_get_creds();
2480 struct cli_credentials *credentials2 = torture_user2_credentials(tctx, tctx);
2481 char *u1 = cli_credentials_get_unparsed_name(credentials1, tctx);
2482 char *u2 = cli_credentials_get_unparsed_name(credentials2, tctx);
2486 torture_assert(tctx, (credentials2 != NULL), "talloc error");
2487 bval = cli_credentials_is_anonymous(credentials2);
2489 torture_skip(tctx, "valid user2 credentials are required");
2491 bval = strequal(u1, u2);
2493 torture_skip(tctx, "different user2 credentials are required");
2496 ret = test_session_bind_auth_mismatch(tctx, tree1, __func__,
2503 static bool test_session_bind_negative_smbXtoX(struct torture_context *tctx,
2504 const char *testname,
2505 struct cli_credentials *credentials,
2506 const struct smbcli_options *options1,
2507 const struct smbcli_options *options2,
2508 NTSTATUS bind_reject_status)
2510 const char *host = torture_setting_string(tctx, "host", NULL);
2511 const char *share = torture_setting_string(tctx, "share", NULL);
2514 struct smb2_tree *tree1 = NULL;
2515 struct smb2_session *session1_1 = NULL;
2517 struct smb2_handle _h1;
2518 struct smb2_handle *h1 = NULL;
2519 struct smb2_create io1;
2520 union smb_fileinfo qfinfo1;
2521 struct smb2_tree *tree2_0 = NULL;
2522 struct smb2_transport *transport2 = NULL;
2523 struct smb2_session *session1_2 = NULL;
2524 uint64_t session1_id = 0;
2525 uint16_t session1_flags = 0;
2526 NTSTATUS deleted_status = NT_STATUS_USER_SESSION_DELETED;
2528 status = smb2_connect(tctx,
2530 lpcfg_smb_ports(tctx->lp_ctx),
2532 lpcfg_resolve_context(tctx->lp_ctx),
2537 lpcfg_socket_options(tctx->lp_ctx),
2538 lpcfg_gensec_settings(tctx, tctx->lp_ctx)
2540 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
2541 "smb2_connect options1 failed");
2542 session1_1 = tree1->session;
2543 session1_id = smb2cli_session_current_id(session1_1->smbXcli);
2544 session1_flags = smb2cli_session_get_flags(session1_1->smbXcli);
2546 /* Add some random component to the file name. */
2547 snprintf(fname, sizeof(fname), "%s_%s.dat",
2548 testname, generate_random_str(tctx, 8));
2550 smb2_util_unlink(tree1, fname);
2552 smb2_oplock_create_share(&io1, fname,
2553 smb2_util_share_access(""),
2554 smb2_util_oplock_level("b"));
2556 io1.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
2557 status = smb2_create(tree1, tctx, &io1);
2558 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
2559 "smb2_create failed");
2560 _h1 = io1.out.file.handle;
2562 CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
2563 torture_assert_int_equal(tctx, io1.out.oplock_level,
2564 smb2_util_oplock_level("b"),
2565 "oplock_level incorrect");
2567 status = smb2_connect(tctx,
2569 lpcfg_smb_ports(tctx->lp_ctx),
2571 lpcfg_resolve_context(tctx->lp_ctx),
2576 lpcfg_socket_options(tctx->lp_ctx),
2577 lpcfg_gensec_settings(tctx, tctx->lp_ctx)
2579 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
2580 "smb2_connect options2 failed");
2581 transport2 = tree2_0->session->transport;
2584 * Now bind the 2nd transport connection to the 1st session
2586 session1_2 = smb2_session_channel(transport2,
2587 lpcfg_gensec_settings(tctx, tctx->lp_ctx),
2590 torture_assert(tctx, session1_2 != NULL, "smb2_session_channel failed");
2592 status = smb2_session_setup_spnego(session1_2,
2594 0 /* previous_session_id */);
2595 torture_assert_ntstatus_equal_goto(tctx, status, bind_reject_status, ret, done,
2596 "smb2_session_setup_spnego failed");
2597 if (NT_STATUS_IS_OK(bind_reject_status)) {
2598 ZERO_STRUCT(qfinfo1);
2599 qfinfo1.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
2600 qfinfo1.generic.in.file.handle = _h1;
2601 tree1->session = session1_2;
2602 status = smb2_getinfo_file(tree1, tctx, &qfinfo1);
2603 tree1->session = session1_1;
2604 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
2605 "smb2_getinfo_file failed");
2607 TALLOC_FREE(session1_2);
2609 /* Check the initial session is still alive */
2610 ZERO_STRUCT(qfinfo1);
2611 qfinfo1.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
2612 qfinfo1.generic.in.file.handle = _h1;
2613 status = smb2_getinfo_file(tree1, tctx, &qfinfo1);
2614 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
2615 "smb2_getinfo_file failed");
2617 if (NT_STATUS_IS_OK(bind_reject_status)) {
2618 deleted_status = NT_STATUS_ACCESS_DENIED;
2619 bind_reject_status = NT_STATUS_ACCESS_DENIED;
2623 * I guess this is not part of MultipleChannel_Negative_SMB2002,
2624 * but we should also check the status without
2625 * SMB2_SESSION_FLAG_BINDING.
2627 session1_2 = smb2_session_channel(transport2,
2628 lpcfg_gensec_settings(tctx, tctx->lp_ctx),
2631 torture_assert(tctx, session1_2 != NULL, "smb2_session_channel failed");
2632 session1_2->needs_bind = false;
2634 status = smb2_session_setup_spnego(session1_2,
2636 0 /* previous_session_id */);
2637 torture_assert_ntstatus_equal_goto(tctx, status, deleted_status, ret, done,
2638 "smb2_session_setup_spnego failed");
2639 TALLOC_FREE(session1_2);
2642 * ... and we should also check the status without any existing
2645 session1_2 = smb2_session_init(transport2,
2646 lpcfg_gensec_settings(tctx, tctx->lp_ctx),
2648 torture_assert(tctx, session1_2 != NULL, "smb2_session_channel failed");
2649 talloc_steal(tree2_0->session, transport2);
2650 smb2cli_session_set_id_and_flags(session1_2->smbXcli,
2651 session1_id, session1_flags);
2653 status = smb2_session_setup_spnego(session1_2,
2655 0 /* previous_session_id */);
2656 torture_assert_ntstatus_equal_goto(tctx, status, deleted_status, ret, done,
2657 "smb2_session_setup_spnego failed");
2658 TALLOC_FREE(session1_2);
2660 /* Check the initial session is still alive */
2661 ZERO_STRUCT(qfinfo1);
2662 qfinfo1.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
2663 qfinfo1.generic.in.file.handle = _h1;
2664 status = smb2_getinfo_file(tree1, tctx, &qfinfo1);
2665 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
2666 "smb2_getinfo_file failed");
2669 * Now bind the 2nd transport connection to the 1st session (again)
2671 session1_2 = smb2_session_channel(transport2,
2672 lpcfg_gensec_settings(tctx, tctx->lp_ctx),
2675 torture_assert(tctx, session1_2 != NULL, "smb2_session_channel failed");
2677 status = smb2_session_setup_spnego(session1_2,
2679 0 /* previous_session_id */);
2680 torture_assert_ntstatus_equal_goto(tctx, status, bind_reject_status, ret, done,
2681 "smb2_session_setup_spnego failed");
2682 TALLOC_FREE(session1_2);
2684 /* Check the initial session is still alive */
2685 ZERO_STRUCT(qfinfo1);
2686 qfinfo1.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
2687 qfinfo1.generic.in.file.handle = _h1;
2688 status = smb2_getinfo_file(tree1, tctx, &qfinfo1);
2689 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
2690 "smb2_getinfo_file failed");
2694 talloc_free(tree2_0);
2696 smb2_util_close(tree1, *h1);
2704 * This is similar to the MultipleChannel_Negative_SMB2002 test
2705 * from the Windows Protocol Test Suite.
2707 * It demonstrates that the server needs to do lookup
2708 * in the global session table in order to get the signing
2709 * and error code of invalid session setups correct.
2711 * See: https://bugzilla.samba.org/show_bug.cgi?id=14512
2713 * Note you can ignore tree0...
2715 static bool test_session_bind_negative_smb202(struct torture_context *tctx, struct smb2_tree *tree0)
2717 struct cli_credentials *credentials = samba_cmdline_get_creds();
2719 struct smb2_transport *transport0 = tree0->session->transport;
2720 struct smbcli_options options1;
2721 struct smbcli_options options2;
2724 encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
2727 "Can't test SMB 2.02 if encrytion is required");
2730 options1 = transport0->options;
2731 options1.client_guid = GUID_zero();
2732 options1.max_protocol = PROTOCOL_SMB2_02;
2734 options2 = options1;
2735 options2.only_negprot = true;
2737 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
2739 &options1, &options2,
2740 NT_STATUS_REQUEST_NOT_ACCEPTED);
2745 static bool test_session_bind_negative_smb210s(struct torture_context *tctx, struct smb2_tree *tree0)
2747 struct cli_credentials *credentials = samba_cmdline_get_creds();
2749 struct smb2_transport *transport0 = tree0->session->transport;
2750 struct smbcli_options options1;
2751 struct smbcli_options options2;
2754 encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
2757 "Can't test SMB 2.10 if encrytion is required");
2760 options1 = transport0->options;
2761 options1.client_guid = GUID_random();
2762 options1.max_protocol = PROTOCOL_SMB2_10;
2764 /* same client guid */
2765 options2 = options1;
2766 options2.only_negprot = true;
2768 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
2770 &options1, &options2,
2771 NT_STATUS_REQUEST_NOT_ACCEPTED);
2776 static bool test_session_bind_negative_smb210d(struct torture_context *tctx, struct smb2_tree *tree0)
2778 struct cli_credentials *credentials = samba_cmdline_get_creds();
2780 struct smb2_transport *transport0 = tree0->session->transport;
2781 struct smbcli_options options1;
2782 struct smbcli_options options2;
2785 encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
2788 "Can't test SMB 2.10 if encrytion is required");
2791 options1 = transport0->options;
2792 options1.client_guid = GUID_random();
2793 options1.max_protocol = PROTOCOL_SMB2_10;
2795 /* different client guid */
2796 options2 = options1;
2797 options2.client_guid = GUID_random();
2798 options2.only_negprot = true;
2800 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
2802 &options1, &options2,
2803 NT_STATUS_REQUEST_NOT_ACCEPTED);
2808 static bool test_session_bind_negative_smb2to3s(struct torture_context *tctx, struct smb2_tree *tree0)
2810 struct cli_credentials *credentials = samba_cmdline_get_creds();
2812 struct smb2_transport *transport0 = tree0->session->transport;
2813 struct smbcli_options options1;
2814 struct smbcli_options options2;
2817 encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
2820 "Can't test SMB 2.10 if encrytion is required");
2823 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_00) {
2825 "Can't test without SMB3 support");
2828 options1 = transport0->options;
2829 options1.client_guid = GUID_random();
2830 options1.min_protocol = PROTOCOL_SMB2_02;
2831 options1.max_protocol = PROTOCOL_SMB2_10;
2833 /* same client guid */
2834 options2 = options1;
2835 options2.only_negprot = true;
2836 options2.min_protocol = PROTOCOL_SMB3_00;
2837 options2.max_protocol = PROTOCOL_SMB3_11;
2838 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
2841 SMB2_SIGNING_AES128_CMAC,
2845 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
2847 &options1, &options2,
2848 NT_STATUS_INVALID_PARAMETER);
2853 static bool test_session_bind_negative_smb2to3d(struct torture_context *tctx, struct smb2_tree *tree0)
2855 struct cli_credentials *credentials = samba_cmdline_get_creds();
2857 struct smb2_transport *transport0 = tree0->session->transport;
2858 struct smbcli_options options1;
2859 struct smbcli_options options2;
2862 encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
2865 "Can't test SMB 2.10 if encrytion is required");
2868 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_00) {
2870 "Can't test without SMB3 support");
2873 options1 = transport0->options;
2874 options1.client_guid = GUID_random();
2875 options1.min_protocol = PROTOCOL_SMB2_02;
2876 options1.max_protocol = PROTOCOL_SMB2_10;
2878 /* different client guid */
2879 options2 = options1;
2880 options2.client_guid = GUID_random();
2881 options2.only_negprot = true;
2882 options2.min_protocol = PROTOCOL_SMB3_00;
2883 options2.max_protocol = PROTOCOL_SMB3_11;
2884 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
2887 SMB2_SIGNING_AES128_CMAC,
2891 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
2893 &options1, &options2,
2894 NT_STATUS_INVALID_PARAMETER);
2899 static bool test_session_bind_negative_smb3to2s(struct torture_context *tctx, struct smb2_tree *tree0)
2901 struct cli_credentials *credentials = samba_cmdline_get_creds();
2903 struct smb2_transport *transport0 = tree0->session->transport;
2904 struct smbcli_options options1;
2905 struct smbcli_options options2;
2908 encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
2911 "Can't test SMB 2.10 if encrytion is required");
2914 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_00) {
2916 "Can't test without SMB3 support");
2919 options1 = transport0->options;
2920 options1.client_guid = GUID_random();
2921 options1.min_protocol = PROTOCOL_SMB3_00;
2922 options1.max_protocol = PROTOCOL_SMB3_11;
2923 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
2926 SMB2_SIGNING_AES128_CMAC,
2930 /* same client guid */
2931 options2 = options1;
2932 options2.only_negprot = true;
2933 options2.min_protocol = PROTOCOL_SMB2_02;
2934 options2.max_protocol = PROTOCOL_SMB2_10;
2935 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
2938 SMB2_SIGNING_HMAC_SHA256,
2942 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
2944 &options1, &options2,
2945 NT_STATUS_REQUEST_NOT_ACCEPTED);
2950 static bool test_session_bind_negative_smb3to2d(struct torture_context *tctx, struct smb2_tree *tree0)
2952 struct cli_credentials *credentials = samba_cmdline_get_creds();
2954 struct smb2_transport *transport0 = tree0->session->transport;
2955 struct smbcli_options options1;
2956 struct smbcli_options options2;
2959 encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
2962 "Can't test SMB 2.10 if encrytion is required");
2965 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_00) {
2967 "Can't test without SMB3 support");
2970 options1 = transport0->options;
2971 options1.client_guid = GUID_random();
2972 options1.min_protocol = PROTOCOL_SMB3_00;
2973 options1.max_protocol = PROTOCOL_SMB3_11;
2974 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
2977 SMB2_SIGNING_AES128_CMAC,
2981 /* different client guid */
2982 options2 = options1;
2983 options2.client_guid = GUID_random();
2984 options2.only_negprot = true;
2985 options2.min_protocol = PROTOCOL_SMB2_02;
2986 options2.max_protocol = PROTOCOL_SMB2_10;
2987 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
2990 SMB2_SIGNING_HMAC_SHA256,
2994 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
2996 &options1, &options2,
2997 NT_STATUS_REQUEST_NOT_ACCEPTED);
3002 static bool test_session_bind_negative_smb3to3s(struct torture_context *tctx, struct smb2_tree *tree0)
3004 struct cli_credentials *credentials = samba_cmdline_get_creds();
3006 struct smb2_transport *transport0 = tree0->session->transport;
3007 struct smbcli_options options1;
3008 struct smbcli_options options2;
3010 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
3012 "Can't test without SMB 3.1.1 support");
3015 options1 = transport0->options;
3016 options1.client_guid = GUID_random();
3017 options1.min_protocol = PROTOCOL_SMB3_02;
3018 options1.max_protocol = PROTOCOL_SMB3_02;
3020 /* same client guid */
3021 options2 = options1;
3022 options2.only_negprot = true;
3023 options2.min_protocol = PROTOCOL_SMB3_11;
3024 options2.max_protocol = PROTOCOL_SMB3_11;
3025 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3028 SMB2_SIGNING_AES128_CMAC,
3032 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
3034 &options1, &options2,
3035 NT_STATUS_INVALID_PARAMETER);
3040 static bool test_session_bind_negative_smb3to3d(struct torture_context *tctx, struct smb2_tree *tree0)
3042 struct cli_credentials *credentials = samba_cmdline_get_creds();
3044 struct smb2_transport *transport0 = tree0->session->transport;
3045 struct smbcli_options options1;
3046 struct smbcli_options options2;
3048 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
3050 "Can't test without SMB 3.1.1 support");
3053 options1 = transport0->options;
3054 options1.client_guid = GUID_random();
3055 options1.min_protocol = PROTOCOL_SMB3_02;
3056 options1.max_protocol = PROTOCOL_SMB3_02;
3058 /* different client guid */
3059 options2 = options1;
3060 options2.client_guid = GUID_random();
3061 options2.only_negprot = true;
3062 options2.min_protocol = PROTOCOL_SMB3_11;
3063 options2.max_protocol = PROTOCOL_SMB3_11;
3064 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3067 SMB2_SIGNING_AES128_CMAC,
3071 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
3073 &options1, &options2,
3074 NT_STATUS_INVALID_PARAMETER);
3079 static bool test_session_bind_negative_smb3encGtoCs(struct torture_context *tctx, struct smb2_tree *tree0)
3081 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
3082 struct cli_credentials *credentials = NULL;
3084 struct smb2_transport *transport0 = tree0->session->transport;
3085 struct smbcli_options options1;
3086 struct smbcli_options options2;
3089 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
3091 "Can't test without SMB 3.1.1 support");
3094 credentials = cli_credentials_shallow_copy(tctx, credentials0);
3095 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
3096 ok = cli_credentials_set_smb_encryption(credentials,
3097 SMB_ENCRYPTION_REQUIRED,
3099 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
3101 options1 = transport0->options;
3102 options1.client_guid = GUID_random();
3103 options1.min_protocol = PROTOCOL_SMB3_11;
3104 options1.max_protocol = PROTOCOL_SMB3_11;
3105 options1.signing = SMB_SIGNING_REQUIRED;
3106 options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
3109 SMB2_ENCRYPTION_AES128_GCM,
3113 /* same client guid */
3114 options2 = options1;
3115 options2.only_negprot = true;
3116 options2.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
3119 SMB2_ENCRYPTION_AES128_CCM,
3123 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
3125 &options1, &options2,
3126 NT_STATUS_INVALID_PARAMETER);
3131 static bool test_session_bind_negative_smb3encGtoCd(struct torture_context *tctx, struct smb2_tree *tree0)
3133 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
3134 struct cli_credentials *credentials = NULL;
3136 struct smb2_transport *transport0 = tree0->session->transport;
3137 struct smbcli_options options1;
3138 struct smbcli_options options2;
3141 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
3143 "Can't test without SMB 3.1.1 support");
3146 credentials = cli_credentials_shallow_copy(tctx, credentials0);
3147 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
3148 ok = cli_credentials_set_smb_encryption(credentials,
3149 SMB_ENCRYPTION_REQUIRED,
3151 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
3153 options1 = transport0->options;
3154 options1.client_guid = GUID_random();
3155 options1.min_protocol = PROTOCOL_SMB3_11;
3156 options1.max_protocol = PROTOCOL_SMB3_11;
3157 options1.signing = SMB_SIGNING_REQUIRED;
3158 options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
3161 SMB2_ENCRYPTION_AES128_GCM,
3165 /* different client guid */
3166 options2 = options1;
3167 options2.client_guid = GUID_random();
3168 options2.only_negprot = true;
3169 options2.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
3172 SMB2_ENCRYPTION_AES128_CCM,
3176 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
3178 &options1, &options2,
3179 NT_STATUS_INVALID_PARAMETER);
3184 static bool test_session_bind_negative_smb3signCtoHs(struct torture_context *tctx, struct smb2_tree *tree0)
3186 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
3187 struct cli_credentials *credentials = NULL;
3189 struct smb2_transport *transport0 = tree0->session->transport;
3190 struct smbcli_options options1;
3191 struct smbcli_options options2;
3194 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
3196 "Can't test without SMB 3.1.1 support");
3199 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
3201 "Can't test without SMB 3.1.1 signing negotiation support");
3204 credentials = cli_credentials_shallow_copy(tctx, credentials0);
3205 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
3206 ok = cli_credentials_set_smb_encryption(credentials,
3207 SMB_ENCRYPTION_REQUIRED,
3209 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
3211 options1 = transport0->options;
3212 options1.client_guid = GUID_random();
3213 options1.min_protocol = PROTOCOL_SMB3_11;
3214 options1.max_protocol = PROTOCOL_SMB3_11;
3215 options1.signing = SMB_SIGNING_REQUIRED;
3216 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3219 SMB2_SIGNING_AES128_CMAC,
3223 /* same client guid */
3224 options2 = options1;
3225 options2.only_negprot = true;
3226 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3229 SMB2_SIGNING_HMAC_SHA256,
3233 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
3235 &options1, &options2,
3241 static bool test_session_bind_negative_smb3signCtoHd(struct torture_context *tctx, struct smb2_tree *tree0)
3243 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
3244 struct cli_credentials *credentials = NULL;
3246 struct smb2_transport *transport0 = tree0->session->transport;
3247 struct smbcli_options options1;
3248 struct smbcli_options options2;
3251 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
3253 "Can't test without SMB 3.1.1 support");
3256 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
3258 "Can't test without SMB 3.1.1 signing negotiation support");
3261 credentials = cli_credentials_shallow_copy(tctx, credentials0);
3262 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
3263 ok = cli_credentials_set_smb_encryption(credentials,
3264 SMB_ENCRYPTION_REQUIRED,
3266 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
3268 options1 = transport0->options;
3269 options1.client_guid = GUID_random();
3270 options1.min_protocol = PROTOCOL_SMB3_11;
3271 options1.max_protocol = PROTOCOL_SMB3_11;
3272 options1.signing = SMB_SIGNING_REQUIRED;
3273 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3276 SMB2_SIGNING_AES128_CMAC,
3280 /* different client guid */
3281 options2 = options1;
3282 options2.client_guid = GUID_random();
3283 options2.only_negprot = true;
3284 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3287 SMB2_SIGNING_HMAC_SHA256,
3291 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
3293 &options1, &options2,
3299 static bool test_session_bind_negative_smb3signHtoCs(struct torture_context *tctx, struct smb2_tree *tree0)
3301 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
3302 struct cli_credentials *credentials = NULL;
3304 struct smb2_transport *transport0 = tree0->session->transport;
3305 struct smbcli_options options1;
3306 struct smbcli_options options2;
3309 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
3311 "Can't test without SMB 3.1.1 support");
3314 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
3316 "Can't test without SMB 3.1.1 signing negotiation support");
3319 credentials = cli_credentials_shallow_copy(tctx, credentials0);
3320 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
3321 ok = cli_credentials_set_smb_encryption(credentials,
3322 SMB_ENCRYPTION_REQUIRED,
3324 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
3326 options1 = transport0->options;
3327 options1.client_guid = GUID_random();
3328 options1.min_protocol = PROTOCOL_SMB3_11;
3329 options1.max_protocol = PROTOCOL_SMB3_11;
3330 options1.signing = SMB_SIGNING_REQUIRED;
3331 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3334 SMB2_SIGNING_HMAC_SHA256,
3338 /* same client guid */
3339 options2 = options1;
3340 options2.only_negprot = true;
3341 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3344 SMB2_SIGNING_AES128_CMAC,
3348 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
3350 &options1, &options2,
3356 static bool test_session_bind_negative_smb3signHtoCd(struct torture_context *tctx, struct smb2_tree *tree0)
3358 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
3359 struct cli_credentials *credentials = NULL;
3361 struct smb2_transport *transport0 = tree0->session->transport;
3362 struct smbcli_options options1;
3363 struct smbcli_options options2;
3366 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
3368 "Can't test without SMB 3.1.1 support");
3371 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
3373 "Can't test without SMB 3.1.1 signing negotiation support");
3376 credentials = cli_credentials_shallow_copy(tctx, credentials0);
3377 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
3378 ok = cli_credentials_set_smb_encryption(credentials,
3379 SMB_ENCRYPTION_REQUIRED,
3381 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
3383 options1 = transport0->options;
3384 options1.client_guid = GUID_random();
3385 options1.min_protocol = PROTOCOL_SMB3_11;
3386 options1.max_protocol = PROTOCOL_SMB3_11;
3387 options1.signing = SMB_SIGNING_REQUIRED;
3388 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3391 SMB2_SIGNING_HMAC_SHA256,
3395 /* different client guid */
3396 options2 = options1;
3397 options2.client_guid = GUID_random();
3398 options2.only_negprot = true;
3399 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3402 SMB2_SIGNING_AES128_CMAC,
3406 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
3408 &options1, &options2,
3414 static bool test_session_bind_negative_smb3signHtoGs(struct torture_context *tctx, struct smb2_tree *tree0)
3416 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
3417 struct cli_credentials *credentials = NULL;
3419 struct smb2_transport *transport0 = tree0->session->transport;
3420 struct smbcli_options options1;
3421 struct smbcli_options options2;
3424 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
3426 "Can't test without SMB 3.1.1 support");
3429 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
3431 "Can't test without SMB 3.1.1 signing negotiation support");
3434 credentials = cli_credentials_shallow_copy(tctx, credentials0);
3435 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
3436 ok = cli_credentials_set_smb_encryption(credentials,
3437 SMB_ENCRYPTION_REQUIRED,
3439 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
3441 options1 = transport0->options;
3442 options1.client_guid = GUID_random();
3443 options1.min_protocol = PROTOCOL_SMB3_11;
3444 options1.max_protocol = PROTOCOL_SMB3_11;
3445 options1.signing = SMB_SIGNING_REQUIRED;
3446 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3449 SMB2_SIGNING_HMAC_SHA256,
3453 /* same client guid */
3454 options2 = options1;
3455 options2.only_negprot = true;
3456 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3459 SMB2_SIGNING_AES128_GMAC,
3463 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
3465 &options1, &options2,
3466 NT_STATUS_NOT_SUPPORTED);
3471 static bool test_session_bind_negative_smb3signHtoGd(struct torture_context *tctx, struct smb2_tree *tree0)
3473 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
3474 struct cli_credentials *credentials = NULL;
3476 struct smb2_transport *transport0 = tree0->session->transport;
3477 struct smbcli_options options1;
3478 struct smbcli_options options2;
3481 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
3483 "Can't test without SMB 3.1.1 support");
3486 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
3488 "Can't test without SMB 3.1.1 signing negotiation support");
3491 credentials = cli_credentials_shallow_copy(tctx, credentials0);
3492 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
3493 ok = cli_credentials_set_smb_encryption(credentials,
3494 SMB_ENCRYPTION_REQUIRED,
3496 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
3498 options1 = transport0->options;
3499 options1.client_guid = GUID_random();
3500 options1.min_protocol = PROTOCOL_SMB3_11;
3501 options1.max_protocol = PROTOCOL_SMB3_11;
3502 options1.signing = SMB_SIGNING_REQUIRED;
3503 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3506 SMB2_SIGNING_HMAC_SHA256,
3510 /* different client guid */
3511 options2 = options1;
3512 options2.client_guid = GUID_random();
3513 options2.only_negprot = true;
3514 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3517 SMB2_SIGNING_AES128_GMAC,
3521 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
3523 &options1, &options2,
3524 NT_STATUS_NOT_SUPPORTED);
3529 static bool test_session_bind_negative_smb3signCtoGs(struct torture_context *tctx, struct smb2_tree *tree0)
3531 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
3532 struct cli_credentials *credentials = NULL;
3534 struct smb2_transport *transport0 = tree0->session->transport;
3535 struct smbcli_options options1;
3536 struct smbcli_options options2;
3539 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
3541 "Can't test without SMB 3.1.1 support");
3544 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
3546 "Can't test without SMB 3.1.1 signing negotiation support");
3549 credentials = cli_credentials_shallow_copy(tctx, credentials0);
3550 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
3551 ok = cli_credentials_set_smb_encryption(credentials,
3552 SMB_ENCRYPTION_REQUIRED,
3554 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
3556 options1 = transport0->options;
3557 options1.client_guid = GUID_random();
3558 options1.min_protocol = PROTOCOL_SMB3_11;
3559 options1.max_protocol = PROTOCOL_SMB3_11;
3560 options1.signing = SMB_SIGNING_REQUIRED;
3561 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3564 SMB2_SIGNING_AES128_CMAC,
3568 /* same client guid */
3569 options2 = options1;
3570 options2.only_negprot = true;
3571 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3574 SMB2_SIGNING_AES128_GMAC,
3578 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
3580 &options1, &options2,
3581 NT_STATUS_NOT_SUPPORTED);
3586 static bool test_session_bind_negative_smb3signCtoGd(struct torture_context *tctx, struct smb2_tree *tree0)
3588 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
3589 struct cli_credentials *credentials = NULL;
3591 struct smb2_transport *transport0 = tree0->session->transport;
3592 struct smbcli_options options1;
3593 struct smbcli_options options2;
3596 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
3598 "Can't test without SMB 3.1.1 support");
3601 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
3603 "Can't test without SMB 3.1.1 signing negotiation support");
3606 credentials = cli_credentials_shallow_copy(tctx, credentials0);
3607 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
3608 ok = cli_credentials_set_smb_encryption(credentials,
3609 SMB_ENCRYPTION_REQUIRED,
3611 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
3613 options1 = transport0->options;
3614 options1.client_guid = GUID_random();
3615 options1.min_protocol = PROTOCOL_SMB3_11;
3616 options1.max_protocol = PROTOCOL_SMB3_11;
3617 options1.signing = SMB_SIGNING_REQUIRED;
3618 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3621 SMB2_SIGNING_AES128_CMAC,
3625 /* different client guid */
3626 options2 = options1;
3627 options2.client_guid = GUID_random();
3628 options2.only_negprot = true;
3629 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3632 SMB2_SIGNING_AES128_GMAC,
3636 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
3638 &options1, &options2,
3639 NT_STATUS_NOT_SUPPORTED);
3644 static bool test_session_bind_negative_smb3signGtoCs(struct torture_context *tctx, struct smb2_tree *tree0)
3646 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
3647 struct cli_credentials *credentials = NULL;
3649 struct smb2_transport *transport0 = tree0->session->transport;
3650 struct smbcli_options options1;
3651 struct smbcli_options options2;
3654 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
3656 "Can't test without SMB 3.1.1 support");
3659 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
3661 "Can't test without SMB 3.1.1 signing negotiation support");
3664 credentials = cli_credentials_shallow_copy(tctx, credentials0);
3665 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
3666 ok = cli_credentials_set_smb_encryption(credentials,
3667 SMB_ENCRYPTION_REQUIRED,
3669 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
3671 options1 = transport0->options;
3672 options1.client_guid = GUID_random();
3673 options1.min_protocol = PROTOCOL_SMB3_11;
3674 options1.max_protocol = PROTOCOL_SMB3_11;
3675 options1.signing = SMB_SIGNING_REQUIRED;
3676 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3679 SMB2_SIGNING_AES128_GMAC,
3683 /* same client guid */
3684 options2 = options1;
3685 options2.only_negprot = true;
3686 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3689 SMB2_SIGNING_AES128_CMAC,
3693 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
3695 &options1, &options2,
3696 NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
3701 static bool test_session_bind_negative_smb3signGtoCd(struct torture_context *tctx, struct smb2_tree *tree0)
3703 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
3704 struct cli_credentials *credentials = NULL;
3706 struct smb2_transport *transport0 = tree0->session->transport;
3707 struct smbcli_options options1;
3708 struct smbcli_options options2;
3711 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
3713 "Can't test without SMB 3.1.1 support");
3716 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
3718 "Can't test without SMB 3.1.1 signing negotiation support");
3721 credentials = cli_credentials_shallow_copy(tctx, credentials0);
3722 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
3723 ok = cli_credentials_set_smb_encryption(credentials,
3724 SMB_ENCRYPTION_REQUIRED,
3726 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
3728 options1 = transport0->options;
3729 options1.client_guid = GUID_random();
3730 options1.min_protocol = PROTOCOL_SMB3_11;
3731 options1.max_protocol = PROTOCOL_SMB3_11;
3732 options1.signing = SMB_SIGNING_REQUIRED;
3733 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3736 SMB2_SIGNING_AES128_GMAC,
3740 /* different client guid */
3741 options2 = options1;
3742 options2.client_guid = GUID_random();
3743 options2.only_negprot = true;
3744 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3747 SMB2_SIGNING_AES128_CMAC,
3751 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
3753 &options1, &options2,
3754 NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
3759 static bool test_session_bind_negative_smb3signGtoHs(struct torture_context *tctx, struct smb2_tree *tree0)
3761 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
3762 struct cli_credentials *credentials = NULL;
3764 struct smb2_transport *transport0 = tree0->session->transport;
3765 struct smbcli_options options1;
3766 struct smbcli_options options2;
3769 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
3771 "Can't test without SMB 3.1.1 support");
3774 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
3776 "Can't test without SMB 3.1.1 signing negotiation support");
3779 credentials = cli_credentials_shallow_copy(tctx, credentials0);
3780 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
3781 ok = cli_credentials_set_smb_encryption(credentials,
3782 SMB_ENCRYPTION_REQUIRED,
3784 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
3786 options1 = transport0->options;
3787 options1.client_guid = GUID_random();
3788 options1.min_protocol = PROTOCOL_SMB3_11;
3789 options1.max_protocol = PROTOCOL_SMB3_11;
3790 options1.signing = SMB_SIGNING_REQUIRED;
3791 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3794 SMB2_SIGNING_AES128_GMAC,
3798 /* same client guid */
3799 options2 = options1;
3800 options2.only_negprot = true;
3801 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3804 SMB2_SIGNING_HMAC_SHA256,
3808 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
3810 &options1, &options2,
3811 NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
3816 static bool test_session_bind_negative_smb3signGtoHd(struct torture_context *tctx, struct smb2_tree *tree0)
3818 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
3819 struct cli_credentials *credentials = NULL;
3821 struct smb2_transport *transport0 = tree0->session->transport;
3822 struct smbcli_options options1;
3823 struct smbcli_options options2;
3826 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
3828 "Can't test without SMB 3.1.1 support");
3831 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
3833 "Can't test without SMB 3.1.1 signing negotiation support");
3836 credentials = cli_credentials_shallow_copy(tctx, credentials0);
3837 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
3838 ok = cli_credentials_set_smb_encryption(credentials,
3839 SMB_ENCRYPTION_REQUIRED,
3841 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
3843 options1 = transport0->options;
3844 options1.client_guid = GUID_random();
3845 options1.min_protocol = PROTOCOL_SMB3_11;
3846 options1.max_protocol = PROTOCOL_SMB3_11;
3847 options1.signing = SMB_SIGNING_REQUIRED;
3848 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3851 SMB2_SIGNING_AES128_GMAC,
3855 /* different client guid */
3856 options2 = options1;
3857 options2.client_guid = GUID_random();
3858 options2.only_negprot = true;
3859 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3862 SMB2_SIGNING_HMAC_SHA256,
3866 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
3868 &options1, &options2,
3869 NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
3874 static bool test_session_bind_negative_smb3sneGtoCs(struct torture_context *tctx, struct smb2_tree *tree0)
3876 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
3877 struct cli_credentials *credentials = NULL;
3879 struct smb2_transport *transport0 = tree0->session->transport;
3880 struct smbcli_options options1;
3881 struct smbcli_options options2;
3884 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
3886 "Can't test without SMB 3.1.1 support");
3889 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
3891 "Can't test without SMB 3.1.1 signing negotiation support");
3894 credentials = cli_credentials_shallow_copy(tctx, credentials0);
3895 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
3896 ok = cli_credentials_set_smb_encryption(credentials,
3897 SMB_ENCRYPTION_REQUIRED,
3899 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
3901 options1 = transport0->options;
3902 options1.client_guid = GUID_random();
3903 options1.min_protocol = PROTOCOL_SMB3_11;
3904 options1.max_protocol = PROTOCOL_SMB3_11;
3905 options1.signing = SMB_SIGNING_REQUIRED;
3906 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3909 SMB2_SIGNING_AES128_GMAC,
3912 options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
3915 SMB2_ENCRYPTION_AES128_GCM,
3919 /* same client guid */
3920 options2 = options1;
3921 options2.only_negprot = true;
3922 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3925 SMB2_SIGNING_AES128_CMAC,
3928 options2.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
3931 SMB2_ENCRYPTION_AES128_CCM,
3935 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
3937 &options1, &options2,
3938 NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
3943 static bool test_session_bind_negative_smb3sneGtoCd(struct torture_context *tctx, struct smb2_tree *tree0)
3945 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
3946 struct cli_credentials *credentials = NULL;
3948 struct smb2_transport *transport0 = tree0->session->transport;
3949 struct smbcli_options options1;
3950 struct smbcli_options options2;
3953 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
3955 "Can't test without SMB 3.1.1 support");
3958 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
3960 "Can't test without SMB 3.1.1 signing negotiation support");
3963 credentials = cli_credentials_shallow_copy(tctx, credentials0);
3964 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
3965 ok = cli_credentials_set_smb_encryption(credentials,
3966 SMB_ENCRYPTION_REQUIRED,
3968 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
3970 options1 = transport0->options;
3971 options1.client_guid = GUID_random();
3972 options1.min_protocol = PROTOCOL_SMB3_11;
3973 options1.max_protocol = PROTOCOL_SMB3_11;
3974 options1.signing = SMB_SIGNING_REQUIRED;
3975 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3978 SMB2_SIGNING_AES128_GMAC,
3981 options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
3984 SMB2_ENCRYPTION_AES128_GCM,
3988 /* different client guid */
3989 options2 = options1;
3990 options2.client_guid = GUID_random();
3991 options2.only_negprot = true;
3992 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
3995 SMB2_SIGNING_AES128_CMAC,
3998 options2.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
4001 SMB2_ENCRYPTION_AES128_CCM,
4005 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
4007 &options1, &options2,
4008 NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
4013 static bool test_session_bind_negative_smb3sneGtoHs(struct torture_context *tctx, struct smb2_tree *tree0)
4015 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
4016 struct cli_credentials *credentials = NULL;
4018 struct smb2_transport *transport0 = tree0->session->transport;
4019 struct smbcli_options options1;
4020 struct smbcli_options options2;
4023 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
4025 "Can't test without SMB 3.1.1 support");
4028 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
4030 "Can't test without SMB 3.1.1 signing negotiation support");
4033 credentials = cli_credentials_shallow_copy(tctx, credentials0);
4034 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
4035 ok = cli_credentials_set_smb_encryption(credentials,
4036 SMB_ENCRYPTION_REQUIRED,
4038 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
4040 options1 = transport0->options;
4041 options1.client_guid = GUID_random();
4042 options1.min_protocol = PROTOCOL_SMB3_11;
4043 options1.max_protocol = PROTOCOL_SMB3_11;
4044 options1.signing = SMB_SIGNING_REQUIRED;
4045 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
4048 SMB2_SIGNING_AES128_GMAC,
4051 options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
4054 SMB2_ENCRYPTION_AES128_GCM,
4058 /* same client guid */
4059 options2 = options1;
4060 options2.only_negprot = true;
4061 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
4064 SMB2_SIGNING_HMAC_SHA256,
4067 options2.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
4070 SMB2_ENCRYPTION_AES128_CCM,
4074 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
4076 &options1, &options2,
4077 NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
4082 static bool test_session_bind_negative_smb3sneGtoHd(struct torture_context *tctx, struct smb2_tree *tree0)
4084 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
4085 struct cli_credentials *credentials = NULL;
4087 struct smb2_transport *transport0 = tree0->session->transport;
4088 struct smbcli_options options1;
4089 struct smbcli_options options2;
4092 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
4094 "Can't test without SMB 3.1.1 support");
4097 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
4099 "Can't test without SMB 3.1.1 signing negotiation support");
4102 credentials = cli_credentials_shallow_copy(tctx, credentials0);
4103 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
4104 ok = cli_credentials_set_smb_encryption(credentials,
4105 SMB_ENCRYPTION_REQUIRED,
4107 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
4109 options1 = transport0->options;
4110 options1.client_guid = GUID_random();
4111 options1.min_protocol = PROTOCOL_SMB3_11;
4112 options1.max_protocol = PROTOCOL_SMB3_11;
4113 options1.signing = SMB_SIGNING_REQUIRED;
4114 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
4117 SMB2_SIGNING_AES128_GMAC,
4120 options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
4123 SMB2_ENCRYPTION_AES128_GCM,
4127 /* different client guid */
4128 options2 = options1;
4129 options2.client_guid = GUID_random();
4130 options2.only_negprot = true;
4131 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
4134 SMB2_SIGNING_HMAC_SHA256,
4137 options2.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
4140 SMB2_ENCRYPTION_AES128_CCM,
4144 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
4146 &options1, &options2,
4147 NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
4152 static bool test_session_bind_negative_smb3sneCtoGs(struct torture_context *tctx, struct smb2_tree *tree0)
4154 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
4155 struct cli_credentials *credentials = NULL;
4157 struct smb2_transport *transport0 = tree0->session->transport;
4158 struct smbcli_options options1;
4159 struct smbcli_options options2;
4162 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
4164 "Can't test without SMB 3.1.1 support");
4167 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
4169 "Can't test without SMB 3.1.1 signing negotiation support");
4172 credentials = cli_credentials_shallow_copy(tctx, credentials0);
4173 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
4174 ok = cli_credentials_set_smb_encryption(credentials,
4175 SMB_ENCRYPTION_REQUIRED,
4177 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
4179 options1 = transport0->options;
4180 options1.client_guid = GUID_random();
4181 options1.min_protocol = PROTOCOL_SMB3_11;
4182 options1.max_protocol = PROTOCOL_SMB3_11;
4183 options1.signing = SMB_SIGNING_REQUIRED;
4184 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
4187 SMB2_SIGNING_AES128_CMAC,
4190 options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
4193 SMB2_ENCRYPTION_AES128_CCM,
4197 /* same client guid */
4198 options2 = options1;
4199 options2.only_negprot = true;
4200 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
4203 SMB2_SIGNING_AES128_GMAC,
4206 options2.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
4209 SMB2_ENCRYPTION_AES128_GCM,
4213 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
4215 &options1, &options2,
4216 NT_STATUS_NOT_SUPPORTED);
4221 static bool test_session_bind_negative_smb3sneCtoGd(struct torture_context *tctx, struct smb2_tree *tree0)
4223 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
4224 struct cli_credentials *credentials = NULL;
4226 struct smb2_transport *transport0 = tree0->session->transport;
4227 struct smbcli_options options1;
4228 struct smbcli_options options2;
4231 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
4233 "Can't test without SMB 3.1.1 support");
4236 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
4238 "Can't test without SMB 3.1.1 signing negotiation support");
4241 credentials = cli_credentials_shallow_copy(tctx, credentials0);
4242 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
4243 ok = cli_credentials_set_smb_encryption(credentials,
4244 SMB_ENCRYPTION_REQUIRED,
4246 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
4248 options1 = transport0->options;
4249 options1.client_guid = GUID_random();
4250 options1.min_protocol = PROTOCOL_SMB3_11;
4251 options1.max_protocol = PROTOCOL_SMB3_11;
4252 options1.signing = SMB_SIGNING_REQUIRED;
4253 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
4256 SMB2_SIGNING_AES128_CMAC,
4259 options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
4262 SMB2_ENCRYPTION_AES128_CCM,
4266 /* different client guid */
4267 options2 = options1;
4268 options2.client_guid = GUID_random();
4269 options2.only_negprot = true;
4270 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
4273 SMB2_SIGNING_AES128_GMAC,
4276 options2.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
4279 SMB2_ENCRYPTION_AES128_GCM,
4283 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
4285 &options1, &options2,
4286 NT_STATUS_NOT_SUPPORTED);
4291 static bool test_session_bind_negative_smb3sneHtoGs(struct torture_context *tctx, struct smb2_tree *tree0)
4293 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
4294 struct cli_credentials *credentials = NULL;
4296 struct smb2_transport *transport0 = tree0->session->transport;
4297 struct smbcli_options options1;
4298 struct smbcli_options options2;
4301 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
4303 "Can't test without SMB 3.1.1 support");
4306 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
4308 "Can't test without SMB 3.1.1 signing negotiation support");
4311 credentials = cli_credentials_shallow_copy(tctx, credentials0);
4312 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
4313 ok = cli_credentials_set_smb_encryption(credentials,
4314 SMB_ENCRYPTION_REQUIRED,
4316 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
4318 options1 = transport0->options;
4319 options1.client_guid = GUID_random();
4320 options1.min_protocol = PROTOCOL_SMB3_11;
4321 options1.max_protocol = PROTOCOL_SMB3_11;
4322 options1.signing = SMB_SIGNING_REQUIRED;
4323 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
4326 SMB2_SIGNING_HMAC_SHA256,
4329 options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
4332 SMB2_ENCRYPTION_AES128_CCM,
4336 /* same client guid */
4337 options2 = options1;
4338 options2.only_negprot = true;
4339 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
4342 SMB2_SIGNING_AES128_GMAC,
4345 options2.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
4348 SMB2_ENCRYPTION_AES128_GCM,
4352 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
4354 &options1, &options2,
4355 NT_STATUS_NOT_SUPPORTED);
4360 static bool test_session_bind_negative_smb3sneHtoGd(struct torture_context *tctx, struct smb2_tree *tree0)
4362 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
4363 struct cli_credentials *credentials = NULL;
4365 struct smb2_transport *transport0 = tree0->session->transport;
4366 struct smbcli_options options1;
4367 struct smbcli_options options2;
4370 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
4372 "Can't test without SMB 3.1.1 support");
4375 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
4377 "Can't test without SMB 3.1.1 signing negotiation support");
4380 credentials = cli_credentials_shallow_copy(tctx, credentials0);
4381 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
4382 ok = cli_credentials_set_smb_encryption(credentials,
4383 SMB_ENCRYPTION_REQUIRED,
4385 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
4387 options1 = transport0->options;
4388 options1.client_guid = GUID_random();
4389 options1.min_protocol = PROTOCOL_SMB3_11;
4390 options1.max_protocol = PROTOCOL_SMB3_11;
4391 options1.signing = SMB_SIGNING_REQUIRED;
4392 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
4395 SMB2_SIGNING_HMAC_SHA256,
4398 options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
4401 SMB2_ENCRYPTION_AES128_CCM,
4405 /* different client guid */
4406 options2 = options1;
4407 options2.client_guid = GUID_random();
4408 options2.only_negprot = true;
4409 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
4412 SMB2_SIGNING_AES128_GMAC,
4415 options2.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
4418 SMB2_ENCRYPTION_AES128_GCM,
4422 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
4424 &options1, &options2,
4425 NT_STATUS_NOT_SUPPORTED);
4430 static bool test_session_bind_negative_smb3signC30toGs(struct torture_context *tctx, struct smb2_tree *tree0)
4432 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
4433 struct cli_credentials *credentials = NULL;
4435 struct smb2_transport *transport0 = tree0->session->transport;
4436 struct smbcli_options options1;
4437 struct smbcli_options options2;
4440 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
4442 "Can't test without SMB 3.1.1 support");
4445 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
4447 "Can't test without SMB 3.1.1 signing negotiation support");
4450 credentials = cli_credentials_shallow_copy(tctx, credentials0);
4451 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
4452 ok = cli_credentials_set_smb_encryption(credentials,
4453 SMB_ENCRYPTION_REQUIRED,
4455 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
4457 options1 = transport0->options;
4458 options1.client_guid = GUID_random();
4459 options1.min_protocol = PROTOCOL_SMB3_00;
4460 options1.max_protocol = PROTOCOL_SMB3_02;
4461 options1.signing = SMB_SIGNING_REQUIRED;
4463 /* same client guid */
4464 options2 = options1;
4465 options2.only_negprot = true;
4466 options2.min_protocol = PROTOCOL_SMB3_11;
4467 options2.max_protocol = PROTOCOL_SMB3_11;
4468 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
4471 SMB2_SIGNING_AES128_GMAC,
4475 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
4477 &options1, &options2,
4478 NT_STATUS_NOT_SUPPORTED);
4483 static bool test_session_bind_negative_smb3signC30toGd(struct torture_context *tctx, struct smb2_tree *tree0)
4485 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
4486 struct cli_credentials *credentials = NULL;
4488 struct smb2_transport *transport0 = tree0->session->transport;
4489 struct smbcli_options options1;
4490 struct smbcli_options options2;
4493 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
4495 "Can't test without SMB 3.1.1 support");
4498 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
4500 "Can't test without SMB 3.1.1 signing negotiation support");
4503 credentials = cli_credentials_shallow_copy(tctx, credentials0);
4504 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
4505 ok = cli_credentials_set_smb_encryption(credentials,
4506 SMB_ENCRYPTION_REQUIRED,
4508 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
4510 options1 = transport0->options;
4511 options1.client_guid = GUID_random();
4512 options1.min_protocol = PROTOCOL_SMB3_00;
4513 options1.max_protocol = PROTOCOL_SMB3_02;
4514 options1.signing = SMB_SIGNING_REQUIRED;
4516 /* different client guid */
4517 options2 = options1;
4518 options2.client_guid = GUID_random();
4519 options2.only_negprot = true;
4520 options2.min_protocol = PROTOCOL_SMB3_11;
4521 options2.max_protocol = PROTOCOL_SMB3_11;
4522 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
4525 SMB2_SIGNING_AES128_GMAC,
4529 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
4531 &options1, &options2,
4532 NT_STATUS_NOT_SUPPORTED);
4537 static bool test_session_bind_negative_smb3signH2XtoGs(struct torture_context *tctx, struct smb2_tree *tree0)
4539 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
4540 struct cli_credentials *credentials = NULL;
4542 struct smb2_transport *transport0 = tree0->session->transport;
4543 struct smbcli_options options1;
4544 struct smbcli_options options2;
4548 encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
4551 "Can't test SMB 2.10 if encrytion is required");
4554 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
4556 "Can't test without SMB 3.1.1 support");
4559 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
4561 "Can't test without SMB 3.1.1 signing negotiation support");
4564 credentials = cli_credentials_shallow_copy(tctx, credentials0);
4565 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
4566 ok = cli_credentials_set_smb_encryption(credentials,
4569 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
4571 options1 = transport0->options;
4572 options1.client_guid = GUID_random();
4573 options1.min_protocol = PROTOCOL_SMB2_02;
4574 options1.max_protocol = PROTOCOL_SMB2_10;
4575 options1.signing = SMB_SIGNING_REQUIRED;
4577 /* same client guid */
4578 options2 = options1;
4579 options2.only_negprot = true;
4580 options2.min_protocol = PROTOCOL_SMB3_11;
4581 options2.max_protocol = PROTOCOL_SMB3_11;
4582 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
4585 SMB2_SIGNING_AES128_GMAC,
4589 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
4591 &options1, &options2,
4592 NT_STATUS_NOT_SUPPORTED);
4597 static bool test_session_bind_negative_smb3signH2XtoGd(struct torture_context *tctx, struct smb2_tree *tree0)
4599 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
4600 struct cli_credentials *credentials = NULL;
4602 struct smb2_transport *transport0 = tree0->session->transport;
4603 struct smbcli_options options1;
4604 struct smbcli_options options2;
4608 encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
4611 "Can't test SMB 2.10 if encrytion is required");
4614 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
4616 "Can't test without SMB 3.1.1 support");
4619 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
4621 "Can't test without SMB 3.1.1 signing negotiation support");
4624 credentials = cli_credentials_shallow_copy(tctx, credentials0);
4625 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
4626 ok = cli_credentials_set_smb_encryption(credentials,
4629 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
4631 options1 = transport0->options;
4632 options1.client_guid = GUID_random();
4633 options1.min_protocol = PROTOCOL_SMB2_02;
4634 options1.max_protocol = PROTOCOL_SMB2_10;
4635 options1.signing = SMB_SIGNING_REQUIRED;
4637 /* different client guid */
4638 options2 = options1;
4639 options2.client_guid = GUID_random();
4640 options2.only_negprot = true;
4641 options2.min_protocol = PROTOCOL_SMB3_11;
4642 options2.max_protocol = PROTOCOL_SMB3_11;
4643 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
4646 SMB2_SIGNING_AES128_GMAC,
4650 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
4652 &options1, &options2,
4653 NT_STATUS_NOT_SUPPORTED);
4658 static bool test_session_bind_negative_smb3signGtoC30s(struct torture_context *tctx, struct smb2_tree *tree0)
4660 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
4661 struct cli_credentials *credentials = NULL;
4663 struct smb2_transport *transport0 = tree0->session->transport;
4664 struct smbcli_options options1;
4665 struct smbcli_options options2;
4668 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
4670 "Can't test without SMB 3.1.1 support");
4673 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
4675 "Can't test without SMB 3.1.1 signing negotiation support");
4678 credentials = cli_credentials_shallow_copy(tctx, credentials0);
4679 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
4680 ok = cli_credentials_set_smb_encryption(credentials,
4681 SMB_ENCRYPTION_REQUIRED,
4683 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
4685 options1 = transport0->options;
4686 options1.client_guid = GUID_random();
4687 options1.min_protocol = PROTOCOL_SMB3_11;
4688 options1.max_protocol = PROTOCOL_SMB3_11;
4689 options1.signing = SMB_SIGNING_REQUIRED;
4690 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
4693 SMB2_SIGNING_AES128_GMAC,
4697 /* same client guid */
4698 options2 = options1;
4699 options2.only_negprot = true;
4700 options2.min_protocol = PROTOCOL_SMB3_00;
4701 options2.max_protocol = PROTOCOL_SMB3_02;
4702 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
4705 SMB2_SIGNING_AES128_CMAC,
4709 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
4711 &options1, &options2,
4712 NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
4717 static bool test_session_bind_negative_smb3signGtoC30d(struct torture_context *tctx, struct smb2_tree *tree0)
4719 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
4720 struct cli_credentials *credentials = NULL;
4722 struct smb2_transport *transport0 = tree0->session->transport;
4723 struct smbcli_options options1;
4724 struct smbcli_options options2;
4727 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
4729 "Can't test without SMB 3.1.1 support");
4732 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
4734 "Can't test without SMB 3.1.1 signing negotiation support");
4737 credentials = cli_credentials_shallow_copy(tctx, credentials0);
4738 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
4739 ok = cli_credentials_set_smb_encryption(credentials,
4740 SMB_ENCRYPTION_REQUIRED,
4742 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
4744 options1 = transport0->options;
4745 options1.client_guid = GUID_random();
4746 options1.min_protocol = PROTOCOL_SMB3_11;
4747 options1.max_protocol = PROTOCOL_SMB3_11;
4748 options1.signing = SMB_SIGNING_REQUIRED;
4749 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
4752 SMB2_SIGNING_AES128_GMAC,
4756 /* different client guid */
4757 options2 = options1;
4758 options2.client_guid = GUID_random();
4759 options2.only_negprot = true;
4760 options2.min_protocol = PROTOCOL_SMB3_00;
4761 options2.max_protocol = PROTOCOL_SMB3_02;
4762 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
4765 SMB2_SIGNING_AES128_CMAC,
4769 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
4771 &options1, &options2,
4772 NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
4777 static bool test_session_bind_negative_smb3signGtoH2Xs(struct torture_context *tctx, struct smb2_tree *tree0)
4779 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
4780 struct cli_credentials *credentials = NULL;
4782 struct smb2_transport *transport0 = tree0->session->transport;
4783 struct smbcli_options options1;
4784 struct smbcli_options options2;
4788 encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
4791 "Can't test SMB 2.10 if encrytion is required");
4794 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
4796 "Can't test without SMB 3.1.1 support");
4799 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
4801 "Can't test without SMB 3.1.1 signing negotiation support");
4804 credentials = cli_credentials_shallow_copy(tctx, credentials0);
4805 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
4806 ok = cli_credentials_set_smb_encryption(credentials,
4807 SMB_ENCRYPTION_REQUIRED,
4809 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
4811 options1 = transport0->options;
4812 options1.client_guid = GUID_random();
4813 options1.min_protocol = PROTOCOL_SMB3_11;
4814 options1.max_protocol = PROTOCOL_SMB3_11;
4815 options1.signing = SMB_SIGNING_REQUIRED;
4816 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
4819 SMB2_SIGNING_AES128_GMAC,
4823 /* same client guid */
4824 options2 = options1;
4825 options2.only_negprot = true;
4826 options2.min_protocol = PROTOCOL_SMB2_02;
4827 options2.max_protocol = PROTOCOL_SMB2_10;
4828 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
4831 SMB2_SIGNING_HMAC_SHA256,
4835 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
4837 &options1, &options2,
4838 NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
4843 static bool test_session_bind_negative_smb3signGtoH2Xd(struct torture_context *tctx, struct smb2_tree *tree0)
4845 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
4846 struct cli_credentials *credentials = NULL;
4848 struct smb2_transport *transport0 = tree0->session->transport;
4849 struct smbcli_options options1;
4850 struct smbcli_options options2;
4854 encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
4857 "Can't test SMB 2.10 if encrytion is required");
4860 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
4862 "Can't test without SMB 3.1.1 support");
4865 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
4867 "Can't test without SMB 3.1.1 signing negotiation support");
4870 credentials = cli_credentials_shallow_copy(tctx, credentials0);
4871 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
4872 ok = cli_credentials_set_smb_encryption(credentials,
4873 SMB_ENCRYPTION_REQUIRED,
4875 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
4877 options1 = transport0->options;
4878 options1.client_guid = GUID_random();
4879 options1.min_protocol = PROTOCOL_SMB3_11;
4880 options1.max_protocol = PROTOCOL_SMB3_11;
4881 options1.signing = SMB_SIGNING_REQUIRED;
4882 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
4885 SMB2_SIGNING_AES128_GMAC,
4889 /* different client guid */
4890 options2 = options1;
4891 options2.client_guid = GUID_random();
4892 options2.only_negprot = true;
4893 options2.min_protocol = PROTOCOL_SMB2_02;
4894 options2.max_protocol = PROTOCOL_SMB2_10;
4895 options2.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
4898 SMB2_SIGNING_HMAC_SHA256,
4902 ret = test_session_bind_negative_smbXtoX(tctx, __func__,
4904 &options1, &options2,
4905 NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
4910 static bool test_session_two_logoff(struct torture_context *tctx,
4911 struct smb2_tree *tree1)
4915 struct smbcli_options transport2_options;
4916 struct smb2_tree *tree2 = NULL;
4917 struct smb2_session *session2 = NULL;
4918 struct smb2_session *session1 = tree1->session;
4919 struct smb2_transport *transport1 = tree1->session->transport;
4920 struct smb2_transport *transport2;
4923 /* Connect 2nd connection */
4924 torture_comment(tctx, "connect tree2 with the same client_guid\n");
4925 transport2_options = transport1->options;
4926 ok = torture_smb2_connection_ext(tctx, 0, &transport2_options, &tree2);
4927 torture_assert(tctx, ok, "couldn't connect tree2\n");
4928 transport2 = tree2->session->transport;
4929 session2 = tree2->session;
4931 torture_comment(tctx, "session2: logoff\n");
4932 status = smb2_logoff(session2);
4933 torture_assert_ntstatus_ok(tctx, status, "session2: logoff");
4934 torture_comment(tctx, "transport2: keepalive\n");
4935 status = smb2_keepalive(transport2);
4936 torture_assert_ntstatus_ok(tctx, status, "transport2: keepalive");
4937 torture_comment(tctx, "transport2: disconnect\n");
4940 torture_comment(tctx, "session1: logoff\n");
4941 status = smb2_logoff(session1);
4942 torture_assert_ntstatus_ok(tctx, status, "session1: logoff");
4943 torture_comment(tctx, "transport1: keepalive\n");
4944 status = smb2_keepalive(transport1);
4945 torture_assert_ntstatus_ok(tctx, status, "transport1: keepalive");
4946 torture_comment(tctx, "transport1: disconnect\n");
4952 static bool test_session_sign_enc(struct torture_context *tctx,
4953 const char *testname,
4954 struct cli_credentials *credentials1,
4955 const struct smbcli_options *options1)
4957 const char *host = torture_setting_string(tctx, "host", NULL);
4958 const char *share = torture_setting_string(tctx, "share", NULL);
4961 struct smb2_tree *tree1 = NULL;
4963 struct smb2_handle rh = {{0}};
4964 struct smb2_handle _h1;
4965 struct smb2_handle *h1 = NULL;
4966 struct smb2_create io1;
4967 union smb_fileinfo qfinfo1;
4968 union smb_notify notify;
4969 struct smb2_request *req = NULL;
4971 status = smb2_connect(tctx,
4973 lpcfg_smb_ports(tctx->lp_ctx),
4975 lpcfg_resolve_context(tctx->lp_ctx),
4980 lpcfg_socket_options(tctx->lp_ctx),
4981 lpcfg_gensec_settings(tctx, tctx->lp_ctx)
4983 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
4984 "smb2_connect options1 failed");
4986 status = smb2_util_roothandle(tree1, &rh);
4987 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
4988 "smb2_util_roothandle failed");
4990 /* Add some random component to the file name. */
4991 snprintf(fname, sizeof(fname), "%s_%s.dat",
4992 testname, generate_random_str(tctx, 8));
4994 smb2_util_unlink(tree1, fname);
4996 smb2_oplock_create_share(&io1, fname,
4997 smb2_util_share_access(""),
4998 smb2_util_oplock_level("b"));
5000 io1.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
5001 status = smb2_create(tree1, tctx, &io1);
5002 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
5003 "smb2_create failed");
5004 _h1 = io1.out.file.handle;
5006 CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
5007 torture_assert_int_equal(tctx, io1.out.oplock_level,
5008 smb2_util_oplock_level("b"),
5009 "oplock_level incorrect");
5011 /* Check the initial session is still alive */
5012 ZERO_STRUCT(qfinfo1);
5013 qfinfo1.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
5014 qfinfo1.generic.in.file.handle = _h1;
5015 status = smb2_getinfo_file(tree1, tctx, &qfinfo1);
5016 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
5017 "smb2_getinfo_file failed");
5019 /* ask for a change notify,
5020 on file or directory name changes */
5021 ZERO_STRUCT(notify);
5022 notify.smb2.level = RAW_NOTIFY_SMB2;
5023 notify.smb2.in.buffer_size = 1000;
5024 notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
5025 notify.smb2.in.file.handle = rh;
5026 notify.smb2.in.recursive = true;
5028 req = smb2_notify_send(tree1, &(notify.smb2));
5029 WAIT_FOR_ASYNC_RESPONSE(req);
5031 status = smb2_cancel(req);
5032 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
5033 "smb2_cancel failed");
5035 status = smb2_notify_recv(req, tctx, &(notify.smb2));
5036 torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_CANCELLED,
5038 "smb2_notify_recv failed");
5040 /* Check the initial session is still alive */
5041 ZERO_STRUCT(qfinfo1);
5042 qfinfo1.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
5043 qfinfo1.generic.in.file.handle = _h1;
5044 status = smb2_getinfo_file(tree1, tctx, &qfinfo1);
5045 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
5046 "smb2_getinfo_file failed");
5051 smb2_util_close(tree1, *h1);
5058 static bool test_session_signing_hmac_sha_256(struct torture_context *tctx, struct smb2_tree *tree0)
5060 struct cli_credentials *credentials = samba_cmdline_get_creds();
5062 struct smb2_transport *transport0 = tree0->session->transport;
5063 struct smbcli_options options1;
5066 encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
5069 "Can't test signing only if encrytion is required");
5072 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
5074 "Can't test without SMB 3.1.1 support");
5077 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
5079 "Can't test without SMB 3.1.1 signing negotiation support");
5082 options1 = transport0->options;
5083 options1.client_guid = GUID_random();
5084 options1.min_protocol = PROTOCOL_SMB3_11;
5085 options1.max_protocol = PROTOCOL_SMB3_11;
5086 options1.signing = SMB_SIGNING_REQUIRED;
5087 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
5090 SMB2_SIGNING_HMAC_SHA256,
5094 ret = test_session_sign_enc(tctx,
5102 static bool test_session_signing_aes_128_cmac(struct torture_context *tctx, struct smb2_tree *tree0)
5104 struct cli_credentials *credentials = samba_cmdline_get_creds();
5106 struct smb2_transport *transport0 = tree0->session->transport;
5107 struct smbcli_options options1;
5110 encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
5113 "Can't test signing only if encrytion is required");
5116 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
5118 "Can't test without SMB 3.1.1 support");
5121 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
5123 "Can't test without SMB 3.1.1 signing negotiation support");
5126 options1 = transport0->options;
5127 options1.client_guid = GUID_random();
5128 options1.min_protocol = PROTOCOL_SMB3_11;
5129 options1.max_protocol = PROTOCOL_SMB3_11;
5130 options1.signing = SMB_SIGNING_REQUIRED;
5131 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
5134 SMB2_SIGNING_AES128_CMAC,
5138 ret = test_session_sign_enc(tctx,
5146 static bool test_session_signing_aes_128_gmac(struct torture_context *tctx, struct smb2_tree *tree0)
5148 struct cli_credentials *credentials = samba_cmdline_get_creds();
5150 struct smb2_transport *transport0 = tree0->session->transport;
5151 struct smbcli_options options1;
5154 encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
5157 "Can't test signing only if encrytion is required");
5160 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
5162 "Can't test without SMB 3.1.1 support");
5165 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
5167 "Can't test without SMB 3.1.1 signing negotiation support");
5170 options1 = transport0->options;
5171 options1.client_guid = GUID_random();
5172 options1.min_protocol = PROTOCOL_SMB3_11;
5173 options1.max_protocol = PROTOCOL_SMB3_11;
5174 options1.signing = SMB_SIGNING_REQUIRED;
5175 options1.smb3_capabilities.signing = (struct smb3_signing_capabilities) {
5178 SMB2_SIGNING_AES128_GMAC,
5182 ret = test_session_sign_enc(tctx,
5190 static bool test_session_encryption_aes_128_ccm(struct torture_context *tctx, struct smb2_tree *tree0)
5192 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
5193 struct cli_credentials *credentials = NULL;
5195 struct smb2_transport *transport0 = tree0->session->transport;
5196 struct smbcli_options options1;
5199 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
5201 "Can't test without SMB 3.1.1 support");
5204 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
5206 "Can't test without SMB 3.1.1 signing negotiation support");
5209 credentials = cli_credentials_shallow_copy(tctx, credentials0);
5210 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
5211 ok = cli_credentials_set_smb_encryption(credentials,
5212 SMB_ENCRYPTION_REQUIRED,
5214 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
5216 options1 = transport0->options;
5217 options1.client_guid = GUID_random();
5218 options1.min_protocol = PROTOCOL_SMB3_11;
5219 options1.max_protocol = PROTOCOL_SMB3_11;
5220 options1.signing = SMB_SIGNING_REQUIRED;
5221 options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
5224 SMB2_ENCRYPTION_AES128_CCM,
5228 ret = test_session_sign_enc(tctx,
5236 static bool test_session_encryption_aes_128_gcm(struct torture_context *tctx, struct smb2_tree *tree0)
5238 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
5239 struct cli_credentials *credentials = NULL;
5241 struct smb2_transport *transport0 = tree0->session->transport;
5242 struct smbcli_options options1;
5245 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
5247 "Can't test without SMB 3.1.1 support");
5250 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
5252 "Can't test without SMB 3.1.1 signing negotiation support");
5255 credentials = cli_credentials_shallow_copy(tctx, credentials0);
5256 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
5257 ok = cli_credentials_set_smb_encryption(credentials,
5258 SMB_ENCRYPTION_REQUIRED,
5260 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
5262 options1 = transport0->options;
5263 options1.client_guid = GUID_random();
5264 options1.min_protocol = PROTOCOL_SMB3_11;
5265 options1.max_protocol = PROTOCOL_SMB3_11;
5266 options1.signing = SMB_SIGNING_REQUIRED;
5267 options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
5270 SMB2_ENCRYPTION_AES128_GCM,
5274 ret = test_session_sign_enc(tctx,
5282 static bool test_session_encryption_aes_256_ccm(struct torture_context *tctx, struct smb2_tree *tree0)
5284 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
5285 struct cli_credentials *credentials = NULL;
5287 struct smb2_transport *transport0 = tree0->session->transport;
5288 struct smbcli_options options1;
5291 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
5293 "Can't test without SMB 3.1.1 support");
5296 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
5298 "Can't test without SMB 3.1.1 signing negotiation support");
5301 credentials = cli_credentials_shallow_copy(tctx, credentials0);
5302 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
5303 ok = cli_credentials_set_smb_encryption(credentials,
5304 SMB_ENCRYPTION_REQUIRED,
5306 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
5308 options1 = transport0->options;
5309 options1.client_guid = GUID_random();
5310 options1.min_protocol = PROTOCOL_SMB3_11;
5311 options1.max_protocol = PROTOCOL_SMB3_11;
5312 options1.signing = SMB_SIGNING_REQUIRED;
5313 options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
5316 SMB2_ENCRYPTION_AES256_CCM,
5320 ret = test_session_sign_enc(tctx,
5328 static bool test_session_encryption_aes_256_gcm(struct torture_context *tctx, struct smb2_tree *tree0)
5330 struct cli_credentials *credentials0 = samba_cmdline_get_creds();
5331 struct cli_credentials *credentials = NULL;
5333 struct smb2_transport *transport0 = tree0->session->transport;
5334 struct smbcli_options options1;
5337 if (smbXcli_conn_protocol(transport0->conn) < PROTOCOL_SMB3_11) {
5339 "Can't test without SMB 3.1.1 support");
5342 if (smb2cli_conn_server_signing_algo(transport0->conn) < SMB2_SIGNING_AES128_GMAC) {
5344 "Can't test without SMB 3.1.1 signing negotiation support");
5347 credentials = cli_credentials_shallow_copy(tctx, credentials0);
5348 torture_assert(tctx, credentials != NULL, "cli_credentials_shallow_copy");
5349 ok = cli_credentials_set_smb_encryption(credentials,
5350 SMB_ENCRYPTION_REQUIRED,
5352 torture_assert(tctx, ok, "cli_credentials_set_smb_encryption");
5354 options1 = transport0->options;
5355 options1.client_guid = GUID_random();
5356 options1.min_protocol = PROTOCOL_SMB3_11;
5357 options1.max_protocol = PROTOCOL_SMB3_11;
5358 options1.signing = SMB_SIGNING_REQUIRED;
5359 options1.smb3_capabilities.encryption = (struct smb3_encryption_capabilities) {
5362 SMB2_ENCRYPTION_AES256_GCM,
5366 ret = test_session_sign_enc(tctx,
5374 static bool test_session_ntlmssp_bug14932(struct torture_context *tctx, struct smb2_tree *tree)
5376 struct cli_credentials *ntlm_creds =
5377 cli_credentials_shallow_copy(tctx, samba_cmdline_get_creds());
5381 * This is a NTLMv2_RESPONSE with the strange
5382 * NTLMv2_CLIENT_CHALLENGE used by the net diag
5385 * As we expect an error anyway we fill the
5386 * Response part with 0xab...
5388 static const char *netapp_magic =
5389 "\xab\xab\xab\xab\xab\xab\xab\xab"
5390 "\xab\xab\xab\xab\xab\xab\xab\xab"
5391 "\x01\x01\x00\x00\x00\x00\x00\x00"
5392 "\x3f\x3f\x3f\x3f\x3f\x3f\x3f\x3f"
5393 "\xb8\x82\x3a\xf1\xb3\xdd\x08\x15"
5394 "\x00\x00\x00\x00\x11\xa2\x08\x81"
5395 "\x50\x38\x22\x78\x2b\x94\x47\xfe"
5396 "\x54\x94\x7b\xff\x17\x27\x5a\xb4"
5397 "\xf4\x18\xba\xdc\x2c\x38\xfd\x5b"
5398 "\xfb\x0e\xc1\x85\x1e\xcc\x92\xbb"
5399 "\x9b\xb1\xc4\xd5\x53\x14\xff\x8c"
5400 "\x76\x49\xf5\x45\x90\x19\xa2";
5401 DATA_BLOB lm_response = data_blob_talloc_zero(tctx, 24);
5402 DATA_BLOB lm_session_key = data_blob_talloc_zero(tctx, 16);
5403 DATA_BLOB nt_response = data_blob_const(netapp_magic, 95);
5404 DATA_BLOB nt_session_key = data_blob_talloc_zero(tctx, 16);
5406 cli_credentials_set_kerberos_state(ntlm_creds,
5407 CRED_USE_KERBEROS_DISABLED,
5409 cli_credentials_set_ntlm_response(ntlm_creds,
5415 status = smb2_session_setup_spnego(tree->session,
5417 0 /* previous_session_id */);
5418 torture_assert_ntstatus_equal(tctx, status, NT_STATUS_INVALID_PARAMETER,
5419 "smb2_session_setup_spnego failed");
5424 struct torture_suite *torture_smb2_session_init(TALLOC_CTX *ctx)
5426 struct torture_suite *suite =
5427 torture_suite_create(ctx, "session");
5429 torture_suite_add_1smb2_test(suite, "reconnect1", test_session_reconnect1);
5430 torture_suite_add_1smb2_test(suite, "reconnect2", test_session_reconnect2);
5431 torture_suite_add_1smb2_test(suite, "reauth1", test_session_reauth1);
5432 torture_suite_add_1smb2_test(suite, "reauth2", test_session_reauth2);
5433 torture_suite_add_1smb2_test(suite, "reauth3", test_session_reauth3);
5434 torture_suite_add_1smb2_test(suite, "reauth4", test_session_reauth4);
5435 torture_suite_add_1smb2_test(suite, "reauth5", test_session_reauth5);
5436 torture_suite_add_1smb2_test(suite, "reauth6", test_session_reauth6);
5437 torture_suite_add_simple_test(suite, "expire1n", test_session_expire1n);
5438 torture_suite_add_simple_test(suite, "expire1s", test_session_expire1s);
5439 torture_suite_add_simple_test(suite, "expire1e", test_session_expire1e);
5440 torture_suite_add_simple_test(suite, "expire2s", test_session_expire2s);
5441 torture_suite_add_simple_test(suite, "expire2e", test_session_expire2e);
5442 torture_suite_add_simple_test(suite, "expire_disconnect",
5443 test_session_expire_disconnect);
5444 torture_suite_add_1smb2_test(suite, "bind1", test_session_bind1);
5445 torture_suite_add_1smb2_test(suite, "bind2", test_session_bind2);
5446 torture_suite_add_1smb2_test(suite, "bind_invalid_auth", test_session_bind_invalid_auth);
5447 torture_suite_add_1smb2_test(suite, "bind_different_user", test_session_bind_different_user);
5448 torture_suite_add_1smb2_test(suite, "bind_negative_smb202", test_session_bind_negative_smb202);
5449 torture_suite_add_1smb2_test(suite, "bind_negative_smb210s", test_session_bind_negative_smb210s);
5450 torture_suite_add_1smb2_test(suite, "bind_negative_smb210d", test_session_bind_negative_smb210d);
5451 torture_suite_add_1smb2_test(suite, "bind_negative_smb2to3s", test_session_bind_negative_smb2to3s);
5452 torture_suite_add_1smb2_test(suite, "bind_negative_smb2to3d", test_session_bind_negative_smb2to3d);
5453 torture_suite_add_1smb2_test(suite, "bind_negative_smb3to2s", test_session_bind_negative_smb3to2s);
5454 torture_suite_add_1smb2_test(suite, "bind_negative_smb3to2d", test_session_bind_negative_smb3to2d);
5455 torture_suite_add_1smb2_test(suite, "bind_negative_smb3to3s", test_session_bind_negative_smb3to3s);
5456 torture_suite_add_1smb2_test(suite, "bind_negative_smb3to3d", test_session_bind_negative_smb3to3d);
5457 torture_suite_add_1smb2_test(suite, "bind_negative_smb3encGtoCs", test_session_bind_negative_smb3encGtoCs);
5458 torture_suite_add_1smb2_test(suite, "bind_negative_smb3encGtoCd", test_session_bind_negative_smb3encGtoCd);
5459 torture_suite_add_1smb2_test(suite, "bind_negative_smb3signCtoHs", test_session_bind_negative_smb3signCtoHs);
5460 torture_suite_add_1smb2_test(suite, "bind_negative_smb3signCtoHd", test_session_bind_negative_smb3signCtoHd);
5461 torture_suite_add_1smb2_test(suite, "bind_negative_smb3signCtoGs", test_session_bind_negative_smb3signCtoGs);
5462 torture_suite_add_1smb2_test(suite, "bind_negative_smb3signCtoGd", test_session_bind_negative_smb3signCtoGd);
5463 torture_suite_add_1smb2_test(suite, "bind_negative_smb3signHtoCs", test_session_bind_negative_smb3signHtoCs);
5464 torture_suite_add_1smb2_test(suite, "bind_negative_smb3signHtoCd", test_session_bind_negative_smb3signHtoCd);
5465 torture_suite_add_1smb2_test(suite, "bind_negative_smb3signHtoGs", test_session_bind_negative_smb3signHtoGs);
5466 torture_suite_add_1smb2_test(suite, "bind_negative_smb3signHtoGd", test_session_bind_negative_smb3signHtoGd);
5467 torture_suite_add_1smb2_test(suite, "bind_negative_smb3signGtoCs", test_session_bind_negative_smb3signGtoCs);
5468 torture_suite_add_1smb2_test(suite, "bind_negative_smb3signGtoCd", test_session_bind_negative_smb3signGtoCd);
5469 torture_suite_add_1smb2_test(suite, "bind_negative_smb3signGtoHs", test_session_bind_negative_smb3signGtoHs);
5470 torture_suite_add_1smb2_test(suite, "bind_negative_smb3signGtoHd", test_session_bind_negative_smb3signGtoHd);
5471 torture_suite_add_1smb2_test(suite, "bind_negative_smb3sneGtoCs", test_session_bind_negative_smb3sneGtoCs);
5472 torture_suite_add_1smb2_test(suite, "bind_negative_smb3sneGtoCd", test_session_bind_negative_smb3sneGtoCd);
5473 torture_suite_add_1smb2_test(suite, "bind_negative_smb3sneGtoHs", test_session_bind_negative_smb3sneGtoHs);
5474 torture_suite_add_1smb2_test(suite, "bind_negative_smb3sneGtoHd", test_session_bind_negative_smb3sneGtoHd);
5475 torture_suite_add_1smb2_test(suite, "bind_negative_smb3sneCtoGs", test_session_bind_negative_smb3sneCtoGs);
5476 torture_suite_add_1smb2_test(suite, "bind_negative_smb3sneCtoGd", test_session_bind_negative_smb3sneCtoGd);
5477 torture_suite_add_1smb2_test(suite, "bind_negative_smb3sneHtoGs", test_session_bind_negative_smb3sneHtoGs);
5478 torture_suite_add_1smb2_test(suite, "bind_negative_smb3sneHtoGd", test_session_bind_negative_smb3sneHtoGd);
5479 torture_suite_add_1smb2_test(suite, "bind_negative_smb3signC30toGs", test_session_bind_negative_smb3signC30toGs);
5480 torture_suite_add_1smb2_test(suite, "bind_negative_smb3signC30toGd", test_session_bind_negative_smb3signC30toGd);
5481 torture_suite_add_1smb2_test(suite, "bind_negative_smb3signH2XtoGs", test_session_bind_negative_smb3signH2XtoGs);
5482 torture_suite_add_1smb2_test(suite, "bind_negative_smb3signH2XtoGd", test_session_bind_negative_smb3signH2XtoGd);
5483 torture_suite_add_1smb2_test(suite, "bind_negative_smb3signGtoC30s", test_session_bind_negative_smb3signGtoC30s);
5484 torture_suite_add_1smb2_test(suite, "bind_negative_smb3signGtoC30d", test_session_bind_negative_smb3signGtoC30d);
5485 torture_suite_add_1smb2_test(suite, "bind_negative_smb3signGtoH2Xs", test_session_bind_negative_smb3signGtoH2Xs);
5486 torture_suite_add_1smb2_test(suite, "bind_negative_smb3signGtoH2Xd", test_session_bind_negative_smb3signGtoH2Xd);
5487 torture_suite_add_1smb2_test(suite, "two_logoff", test_session_two_logoff);
5488 torture_suite_add_1smb2_test(suite, "signing-hmac-sha-256", test_session_signing_hmac_sha_256);
5489 torture_suite_add_1smb2_test(suite, "signing-aes-128-cmac", test_session_signing_aes_128_cmac);
5490 torture_suite_add_1smb2_test(suite, "signing-aes-128-gmac", test_session_signing_aes_128_gmac);
5491 torture_suite_add_1smb2_test(suite, "encryption-aes-128-ccm", test_session_encryption_aes_128_ccm);
5492 torture_suite_add_1smb2_test(suite, "encryption-aes-128-gcm", test_session_encryption_aes_128_gcm);
5493 torture_suite_add_1smb2_test(suite, "encryption-aes-256-ccm", test_session_encryption_aes_256_ccm);
5494 torture_suite_add_1smb2_test(suite, "encryption-aes-256-gcm", test_session_encryption_aes_256_gcm);
5495 torture_suite_add_1smb2_test(suite, "ntlmssp_bug14932", test_session_ntlmssp_bug14932);
5497 suite->description = talloc_strdup(suite, "SMB2-SESSION tests");