torture3: Trigger a nasty cleanup bug in smbd

author Volker Lendecke <vl@samba.org>

Sun, 1 Sep 2013 16:54:59 +0000 (18:54 +0200)

committer Karolin Seeger <kseeger@samba.org>

Thu, 26 Sep 2013 09:33:28 +0000 (11:33 +0200)
author Volker Lendecke <vl@samba.org>
Sun, 1 Sep 2013 16:54:59 +0000 (18:54 +0200)
committer Karolin Seeger <kseeger@samba.org>
Thu, 26 Sep 2013 09:33:28 +0000 (11:33 +0200)
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py

index 3fc66846653dd471cdb9b5ebda0ce1f70b58c784..e5ae63e6680c706c21dfa44fe9e3d72b9c42dee7 100755 (executable)
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -63,6 +63,7 @@ tests = ["FDPASS", "LOCK1", "LOCK2", "LOCK3", "LOCK4", "LOCK5", "LOCK6", "LOCK7"
          "SMB2-SESSION-REAUTH", "SMB2-SESSION-RECONNECT",
          "CLEANUP1",
          "CLEANUP2",
+        "CLEANUP4",
          "BAD-NBT-SESSION"]
  
  for t in tests:
diff --git a/source3/torture/proto.h b/source3/torture/proto.h

index 4f4c9e271825e234e0b329a5c62ec945afbc89f8..c9fc2c514ca228f045c76c3641d80dcbeef03bf9 100644 (file)
--- a/source3/torture/proto.h
+++ b/source3/torture/proto.h
@@ -104,6 +104,7 @@ bool run_local_sprintf_append(int dummy);
  bool run_cleanup1(int dummy);
  bool run_cleanup2(int dummy);
  bool run_cleanup3(int dummy);
+bool run_cleanup4(int dummy);
  bool run_ctdb_conn(int dummy);
  bool run_msg_test(int dummy);
  bool run_notify_bench2(int dummy);
diff --git a/source3/torture/test_cleanup.c b/source3/torture/test_cleanup.c

index d9dce402dede9aa58b5e91e3e261ab31381705a6..319a55f3298569551dcf72cfc8b599b485d6a413 100644 (file)
--- a/source3/torture/test_cleanup.c
+++ b/source3/torture/test_cleanup.c
@@ -329,3 +329,73 @@ bool run_cleanup3(int dummy)
  
         return true;
  }
+
+bool run_cleanup4(int dummy)
+{
+       struct cli_state *cli1, *cli2;
+       const char *fname = "\\cleanup4";
+       uint16_t fnum1, fnum2;
+       NTSTATUS status;
+
+       printf("CLEANUP4: Checking that a conflicting share mode is cleaned "
+              "up\n");
+
+       if (!torture_open_connection(&cli1, 0)) {
+               return false;
+       }
+       if (!torture_open_connection(&cli2, 0)) {
+               return false;
+       }
+
+       status = cli_ntcreate(
+               cli1, fname, 0,
+               FILE_GENERIC_READ|DELETE_ACCESS,
+               FILE_ATTRIBUTE_NORMAL,
+               FILE_SHARE_READ|FILE_SHARE_DELETE,
+               FILE_OVERWRITE_IF, 0, 0, &fnum1);
+       if (!NT_STATUS_IS_OK(status)) {
+               printf("creating file failed: %s\n",
+                      nt_errstr(status));
+               return false;
+       }
+
+       status = cli_ntcreate(
+               cli2, fname, 0,
+               FILE_GENERIC_READ|DELETE_ACCESS,
+               FILE_ATTRIBUTE_NORMAL,
+               FILE_SHARE_READ|FILE_SHARE_DELETE,
+               FILE_OPEN, 0, 0, &fnum2);
+       if (!NT_STATUS_IS_OK(status)) {
+               printf("opening file 1st time failed: %s\n",
+                      nt_errstr(status));
+               return false;
+       }
+
+       status = smbXcli_conn_samba_suicide(cli1->conn, 1);
+       if (!NT_STATUS_IS_OK(status)) {
+               printf("smbXcli_conn_samba_suicide failed: %s\n",
+                      nt_errstr(status));
+               return false;
+       }
+
+       /*
+        * The next open will conflict with both opens above. The first open
+        * above will be correctly cleaned up. A bug in smbd iterating over
+        * the share mode array made it skip the share conflict check for the
+        * second open. Trigger this bug.
+        */
+
+       status = cli_ntcreate(
+               cli2, fname, 0,
+               FILE_GENERIC_WRITE|DELETE_ACCESS,
+               FILE_ATTRIBUTE_NORMAL,
+               FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
+               FILE_OPEN, 0, 0, &fnum2);
+       if (!NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION)) {
+               printf("opening file 2nd time returned: %s\n",
+                      nt_errstr(status));
+               return false;
+       }
+
+       return true;
+}
diff --git a/source3/torture/torture.c b/source3/torture/torture.c

index c6c5322a2f193aa69de88be7f35478b1434bc93a..ee51a4d174d3c4296da9c396260f78b50cfa42c0 100644 (file)
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -9509,6 +9509,7 @@ static struct {
         { "CLEANUP1", run_cleanup1 },
         { "CLEANUP2", run_cleanup2 },
         { "CLEANUP3", run_cleanup3 },
+       { "CLEANUP4", run_cleanup4 },
         { "LOCAL-SUBSTITUTE", run_local_substitute, 0},
         { "LOCAL-GENCACHE", run_local_gencache, 0},
         { "LOCAL-TALLOC-DICT", run_local_talloc_dict, 0},
author	Volker Lendecke <vl@samba.org>
	Sun, 1 Sep 2013 16:54:59 +0000 (18:54 +0200)
committer	Karolin Seeger <kseeger@samba.org>
	Thu, 26 Sep 2013 09:33:28 +0000 (11:33 +0200)
source3/selftest/tests.py		patch \| blob \| history
source3/torture/proto.h		patch \| blob \| history
source3/torture/test_cleanup.c		patch \| blob \| history
source3/torture/torture.c		patch \| blob \| history