The Samba-Bugzilla – Attachment 16283 Details for
Bug 14532
Two SMB2_LOGOFF messages kill the whole client smbd when multi-channel is used
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Work in progress patches for master
tmp.diff.txt (text/plain), 5.47 KB, created by
Stefan Metzmacher
on 2020-10-14 12:43:51 UTC
(
hide
)
Description:
Work in progress patches for master
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2020-10-14 12:43:51 UTC
Size:
5.47 KB
patch
obsolete
>From 225dc69e687a6fd07dc594ea19b5d740a4abd313 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 23 Sep 2020 13:49:27 +0200 >Subject: [PATCH 1/3] source4/torture/smb2/session.c two_logoff > >--- > source4/torture/smb2/session.c | 43 ++++++++++++++++++++++++++++++++++ > 1 file changed, 43 insertions(+) > >diff --git a/source4/torture/smb2/session.c b/source4/torture/smb2/session.c >index 07c6faebb155..e0cca854fede 100644 >--- a/source4/torture/smb2/session.c >+++ b/source4/torture/smb2/session.c >@@ -1850,6 +1850,48 @@ done: > return ret; > } > >+static bool test_session_two_logoff(struct torture_context *tctx, >+ struct smb2_tree *tree1) >+{ >+ NTSTATUS status; >+ bool ret = true; >+ struct smbcli_options transport2_options; >+ struct smb2_tree *tree2 = NULL; >+ struct smb2_session *session2 = NULL; >+ struct smb2_session *session1 = tree1->session; >+ struct smb2_transport *transport1 = tree1->session->transport; >+ struct smb2_transport *transport2; >+ bool ok; >+ >+ /* Connect 2nd connection */ >+ torture_comment(tctx, "connect tree2 with the same client_guid\n"); >+ transport2_options = transport1->options; >+ ok = torture_smb2_connection_ext(tctx, 0, &transport2_options, &tree2); >+ torture_assert(tctx, ok, "couldn't connect tree2\n"); >+ transport2 = tree2->session->transport; >+ session2 = tree2->session; >+ >+ torture_comment(tctx, "session2: logoff\n"); >+ status = smb2_logoff(session2); >+ torture_assert_ntstatus_ok(tctx, status, "session2: logoff"); >+ torture_comment(tctx, "transport2: keepalive\n"); >+ status = smb2_keepalive(transport2); >+ torture_assert_ntstatus_ok(tctx, status, "transport2: keepalive"); >+ torture_comment(tctx, "transport2: disconnect\n"); >+ TALLOC_FREE(tree2); >+ >+ torture_comment(tctx, "session1: logoff\n"); >+ status = smb2_logoff(session1); >+ torture_assert_ntstatus_ok(tctx, status, "session1: logoff"); >+ torture_comment(tctx, "transport1: keepalive\n"); >+ status = smb2_keepalive(transport1); >+ torture_assert_ntstatus_ok(tctx, status, "transport1: keepalive"); >+ torture_comment(tctx, "transport1: disconnect\n"); >+ TALLOC_FREE(tree1); >+ >+ return ret; >+} >+ > struct torture_suite *torture_smb2_session_init(TALLOC_CTX *ctx) > { > struct torture_suite *suite = >@@ -1871,6 +1913,7 @@ struct torture_suite *torture_smb2_session_init(TALLOC_CTX *ctx) > torture_suite_add_simple_test(suite, "expire_disconnect", > test_session_expire_disconnect); > torture_suite_add_1smb2_test(suite, "bind1", test_session_bind1); >+ torture_suite_add_1smb2_test(suite, "two_logoff", test_session_two_logoff); > > suite->description = talloc_strdup(suite, "SMB2-SESSION tests"); > >-- >2.17.1 > > >From d678a5987c671ff0ad91ecd31822e26cd15ec6b3 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 23 Sep 2020 06:00:28 +0200 >Subject: [PATCH 2/3] source3/smbd/smbXsrv_session.c session->db_rec = NULL > after session->db_rec = local_rec > >--- > source3/smbd/smbXsrv_session.c | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > >diff --git a/source3/smbd/smbXsrv_session.c b/source3/smbd/smbXsrv_session.c >index c55a57885a57..a816981f93a3 100644 >--- a/source3/smbd/smbXsrv_session.c >+++ b/source3/smbd/smbXsrv_session.c >@@ -1830,8 +1830,8 @@ static int smbXsrv_session_logoff_all_callback(struct db_record *local_rec, > session = talloc_get_type_abort(ptr, struct smbXsrv_session); > > session->db_rec = local_rec; >- > status = smbXsrv_session_clear_and_logoff(session); >+ session->db_rec = NULL; > if (!NT_STATUS_IS_OK(status)) { > if (NT_STATUS_IS_OK(state->first_status)) { > state->first_status = status; >@@ -1900,6 +1900,7 @@ static int smbXsrv_session_local_traverse_cb(struct db_record *local_rec, > TDB_DATA val; > void *ptr = NULL; > struct smbXsrv_session *session = NULL; >+ int ret; > > val = dbwrap_record_get_value(local_rec); > if (val.dsize != sizeof(ptr)) { >@@ -1909,9 +1910,12 @@ static int smbXsrv_session_local_traverse_cb(struct db_record *local_rec, > > memcpy(&ptr, val.dptr, val.dsize); > session = talloc_get_type_abort(ptr, struct smbXsrv_session); >+ > session->db_rec = local_rec; >+ ret = state->caller_cb(session, state->caller_data); >+ session->db_rec = NULL; > >- return state->caller_cb(session, state->caller_data); >+ return ret; > } > > struct smbXsrv_session_disconnect_xconn_state { >@@ -2018,6 +2022,7 @@ static int smbXsrv_session_disconnect_xconn_callback(struct db_record *local_rec > state->first_status = status; > } > state->errors++; >+ session->db_rec = NULL; > return 0; > } > ARRAY_DEL_ELEMENT(global->channels, n, global->num_channels); >@@ -2033,6 +2038,7 @@ static int smbXsrv_session_disconnect_xconn_callback(struct db_record *local_rec > state->errors++; > } > >+ session->db_rec = NULL; > return 0; > } > >-- >2.17.1 > > >From 3dd82fd80e235b9b4660d447a07c0f59a7061481 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 23 Sep 2020 11:24:46 +0200 >Subject: [PATCH 3/3] source3/smbd/smbXsrv_tcon.c explicitly set tcon->db_rec = > NULL after tcon->db_rec = local_rec > >--- > source3/smbd/smbXsrv_tcon.c | 1 + > 1 file changed, 1 insertion(+) > >diff --git a/source3/smbd/smbXsrv_tcon.c b/source3/smbd/smbXsrv_tcon.c >index d6c2bca0abca..938eb7ab1626 100644 >--- a/source3/smbd/smbXsrv_tcon.c >+++ b/source3/smbd/smbXsrv_tcon.c >@@ -1061,6 +1061,7 @@ static int smbXsrv_tcon_disconnect_all_callback(struct db_record *local_rec, > > tcon->db_rec = local_rec; > status = smbXsrv_tcon_disconnect(tcon, vuid); >+ tcon->db_rec = NULL; > if (!NT_STATUS_IS_OK(status)) { > if (NT_STATUS_IS_OK(state->first_status)) { > state->first_status = status; >-- >2.17.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 14532
: 16283