From 225dc69e687a6fd07dc594ea19b5d740a4abd313 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 23 Sep 2020 13:49:27 +0200 Subject: [PATCH 1/3] source4/torture/smb2/session.c two_logoff --- source4/torture/smb2/session.c | 43 ++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/source4/torture/smb2/session.c b/source4/torture/smb2/session.c index 07c6faebb155..e0cca854fede 100644 --- a/source4/torture/smb2/session.c +++ b/source4/torture/smb2/session.c @@ -1850,6 +1850,48 @@ done: return ret; } +static bool test_session_two_logoff(struct torture_context *tctx, + struct smb2_tree *tree1) +{ + NTSTATUS status; + bool ret = true; + struct smbcli_options transport2_options; + struct smb2_tree *tree2 = NULL; + struct smb2_session *session2 = NULL; + struct smb2_session *session1 = tree1->session; + struct smb2_transport *transport1 = tree1->session->transport; + struct smb2_transport *transport2; + bool ok; + + /* Connect 2nd connection */ + torture_comment(tctx, "connect tree2 with the same client_guid\n"); + transport2_options = transport1->options; + ok = torture_smb2_connection_ext(tctx, 0, &transport2_options, &tree2); + torture_assert(tctx, ok, "couldn't connect tree2\n"); + transport2 = tree2->session->transport; + session2 = tree2->session; + + torture_comment(tctx, "session2: logoff\n"); + status = smb2_logoff(session2); + torture_assert_ntstatus_ok(tctx, status, "session2: logoff"); + torture_comment(tctx, "transport2: keepalive\n"); + status = smb2_keepalive(transport2); + torture_assert_ntstatus_ok(tctx, status, "transport2: keepalive"); + torture_comment(tctx, "transport2: disconnect\n"); + TALLOC_FREE(tree2); + + torture_comment(tctx, "session1: logoff\n"); + status = smb2_logoff(session1); + torture_assert_ntstatus_ok(tctx, status, "session1: logoff"); + torture_comment(tctx, "transport1: keepalive\n"); + status = smb2_keepalive(transport1); + torture_assert_ntstatus_ok(tctx, status, "transport1: keepalive"); + torture_comment(tctx, "transport1: disconnect\n"); + TALLOC_FREE(tree1); + + return ret; +} + struct torture_suite *torture_smb2_session_init(TALLOC_CTX *ctx) { struct torture_suite *suite = @@ -1871,6 +1913,7 @@ struct torture_suite *torture_smb2_session_init(TALLOC_CTX *ctx) torture_suite_add_simple_test(suite, "expire_disconnect", test_session_expire_disconnect); torture_suite_add_1smb2_test(suite, "bind1", test_session_bind1); + torture_suite_add_1smb2_test(suite, "two_logoff", test_session_two_logoff); suite->description = talloc_strdup(suite, "SMB2-SESSION tests"); -- 2.17.1 From d678a5987c671ff0ad91ecd31822e26cd15ec6b3 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 23 Sep 2020 06:00:28 +0200 Subject: [PATCH 2/3] source3/smbd/smbXsrv_session.c session->db_rec = NULL after session->db_rec = local_rec --- source3/smbd/smbXsrv_session.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/source3/smbd/smbXsrv_session.c b/source3/smbd/smbXsrv_session.c index c55a57885a57..a816981f93a3 100644 --- a/source3/smbd/smbXsrv_session.c +++ b/source3/smbd/smbXsrv_session.c @@ -1830,8 +1830,8 @@ static int smbXsrv_session_logoff_all_callback(struct db_record *local_rec, session = talloc_get_type_abort(ptr, struct smbXsrv_session); session->db_rec = local_rec; - status = smbXsrv_session_clear_and_logoff(session); + session->db_rec = NULL; if (!NT_STATUS_IS_OK(status)) { if (NT_STATUS_IS_OK(state->first_status)) { state->first_status = status; @@ -1900,6 +1900,7 @@ static int smbXsrv_session_local_traverse_cb(struct db_record *local_rec, TDB_DATA val; void *ptr = NULL; struct smbXsrv_session *session = NULL; + int ret; val = dbwrap_record_get_value(local_rec); if (val.dsize != sizeof(ptr)) { @@ -1909,9 +1910,12 @@ static int smbXsrv_session_local_traverse_cb(struct db_record *local_rec, memcpy(&ptr, val.dptr, val.dsize); session = talloc_get_type_abort(ptr, struct smbXsrv_session); + session->db_rec = local_rec; + ret = state->caller_cb(session, state->caller_data); + session->db_rec = NULL; - return state->caller_cb(session, state->caller_data); + return ret; } struct smbXsrv_session_disconnect_xconn_state { @@ -2018,6 +2022,7 @@ static int smbXsrv_session_disconnect_xconn_callback(struct db_record *local_rec state->first_status = status; } state->errors++; + session->db_rec = NULL; return 0; } ARRAY_DEL_ELEMENT(global->channels, n, global->num_channels); @@ -2033,6 +2038,7 @@ static int smbXsrv_session_disconnect_xconn_callback(struct db_record *local_rec state->errors++; } + session->db_rec = NULL; return 0; } -- 2.17.1 From 3dd82fd80e235b9b4660d447a07c0f59a7061481 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 23 Sep 2020 11:24:46 +0200 Subject: [PATCH 3/3] source3/smbd/smbXsrv_tcon.c explicitly set tcon->db_rec = NULL after tcon->db_rec = local_rec --- source3/smbd/smbXsrv_tcon.c | 1 + 1 file changed, 1 insertion(+) diff --git a/source3/smbd/smbXsrv_tcon.c b/source3/smbd/smbXsrv_tcon.c index d6c2bca0abca..938eb7ab1626 100644 --- a/source3/smbd/smbXsrv_tcon.c +++ b/source3/smbd/smbXsrv_tcon.c @@ -1061,6 +1061,7 @@ static int smbXsrv_tcon_disconnect_all_callback(struct db_record *local_rec, tcon->db_rec = local_rec; status = smbXsrv_tcon_disconnect(tcon, vuid); + tcon->db_rec = NULL; if (!NT_STATUS_IS_OK(status)) { if (NT_STATUS_IS_OK(state->first_status)) { state->first_status = status; -- 2.17.1