IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The strange function custom_smb2_create() was somehow causing
NT_STATUS_DELETE_PENDING failures:
failure: mask [
(../../source4/torture/smb2/notify.c:490) Incorrect status NT_STATUS_DELETE_PENDING - should be NT_STATUS_OK
]
I couldn't figure out what was causing this exactly, but after doing these
cleanups the error went away.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15732
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
These demonstrate which durables handles are kept and which are purged
because of various opens, writes or renames.
smb2.durable-v2-open.keep-disconnected-rh-with-stat-open
smb2.durable-v2-open.keep-disconnected-rh-with-rh-open
smb2.durable-v2-open.keep-disconnected-rh-with-rwh-open
smb2.durable-v2-open.keep-disconnected-rwh-with-stat-open
smb2.durable-v2-open.purge-disconnected-rwh-with-rwh-open
smb2.durable-v2-open.purge-disconnected-rwh-with-rh-open
smb2.durable-v2-open.purge-disconnected-rh-with-share-none-open
smb2.durable-v2-open.purge-disconnected-rh-with-write
smb2.durable-v2-open.purge-disconnected-rh-with-rename
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15649
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15651
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15708
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Creates and opens two files with leases, then tries
rename-with-overwrite on file_src -> file_dst.
Ensures we get a lease break on file_dst before
getting the access denied response.
Passes against Windows, fails against Samba.
Add knownfail.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Sep 18 05:42:15 UTC 2024 on atb-devel-224
FSCTL_QUERY_ALLOCATED_RANGES responses with more than one range should
be truncated to account for a ioctl.smb2.in.max_output_response limit.
Add a test for this.
Flag the new test knownfail; fix in subsequent commit.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
This reproduces a race where one client creates
a directory and other clients see it before
the directory is fully setup including the correct
permissions and similar things.
We have a DENY ACE for SEC_DIR_ADD_FILE, which means
that files can't be created. This is set on
a base directory 'mkdir_visible'.
Then we have a lot of async loops trying to create
a file called 'mkdir_visible\dir\file_NR'. These loop
as fast as possible expecting OBJECT_PATH_NOT_FOUND,
because 'mkdir_visible\dir' is not there.
Then we send a create for 'mkdir_visible\dir' and
expect that to work.
This should turn the 'mkdir_visible\dir\file_NR' loop
into getting ACCESS_DENIED, because the
DENY ACE for SEC_DIR_ADD_FILE should be inherited
before 'mkdir_visible\dir' is visible to other clients.
Because of the complex steps in mkdir_internal(),
smbd allows the creation 'mkdir_visible\dir\file_NR',
as 'mkdir_visible\dir' is already visible after the
mkdirat(), before the DENY ACE is inherited.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This shows that all compound related requests should get
NT_STATUS_NETWORK_SESSION_EXPIRED.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15696
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This test loops over session-setup/logoff as fast as possible,
for nprocs * qdepth loops.
It was created to demonstrate the krb5 replay cache problem
(at least with MIT kerberos before 1.18, I've tested with
1.15 only).
This forces kerberos with the machine account:
time smbtorture //fileserver.example.com/ipc\$ \
smb2.bench.session-setup \
--option="torture:timelimit=600" \
--option="torture:nprocs=50" \
--option="torture:qdepth=1" \
--machine-pass \
--use-kerberos=required
This forces ntlmssp with the machine account:
time smbtorture //fileserver.example.com/ipc\$ \
smb2.bench.session-setup \
--option="torture:timelimit=600" \
--option="torture:nprocs=50" \
--option="torture:qdepth=1" \
--machine-pass \
--use-kerberos=off
This forces anonymous ntlmssp (without depending
on the DC performance):
time smbtorture //fileserver.example.com/ipc\$ \
smb2.bench.session-setup \
--option="torture:timelimit=600" \
--option="torture:nprocs=50" \
--option="torture:qdepth=1" \
-U% \
--use-kerberos=off
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jul 30 15:18:42 UTC 2024 on atb-devel-224
In configurations where vfs_acl_xattr is used with 'ignore system acls'
option we encounter NT_STATUS_ACCESS_DENIED while trying to open an
already existing test_dir in smb2.delete-on-close-perms.READONLY. Due
to missing SEC_STD_DELETE permission from the list of allowed ACEs it
couldn't be removed via previous call to smb2_deltree(). Thus as seen
with other tests we now call set_dir_delete_perms() so that subsequent
attempt to remove it can succeed.
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jun 10 13:17:58 UTC 2024 on atb-devel-224
In shares where acl_xattr vfs module is loaded with 'ignore system acls'
set, smb2.delete-on-close-perms.FIND_and_set_DOC fails to open test_dir
due to NT_STATUS_ACCESS_DENIED as it lacks few permissions for owner
when created using create_dir(). Test case aims to set delete-on-close
for which delete permission is necessary in first place. Therefore we
now perform the creation and subsequent opening of directory using
torture_smb2_testdir() so that the open handle comes with SEC_STD_DELETE
permission.
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
These demonstrate how anonymous encryption and signing work.
They pass against Windows 2022 as ad dc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
torture_assert_u64_equal_goto() can only print meaningful error message
for incorrect values if only if the function is invoked with test run
value and expected value respectively as second and thrid arguments.
Otherwise it displays the reversed message causing confusion in overall
test results.
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Mar 27 13:00:29 UTC 2024 on atb-devel-224
basic.maximum_allowed and smb2.maximum_allowed attempt to unlink the
files created by those tests. But the restrictive SD with which they
were created prohibits the deletion inside shares where vfs_acl_xattr
is configured including "ignore system acls". The very same file will
otherwise cause problems while progressing with remaining sub tests.
SEC_STD_DELETE could be the minimum required additional access mask
to successfully delete the file under the said configuration using
vfs_acl_xattr and "ignore system acls" option without loosing the
integrity of the overall test.
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Feb 26 18:35:43 UTC 2024 on atb-devel-224
Test more modifying operations are blocked and access masks are correct.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This reverts commit c6d0df787a.
Said commit did not help with GitLab CI timeouts, but just made the CI
pipeline take longer when the test did time out.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Print the time (as reckoned by tevent) at which each ‘negprot done’ and
‘echo done’ message is produced, and print another message if one of the
requests times out.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15498
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Oct 24 15:51:40 UTC 2023 on atb-devel-224
This fixes the failing samba-codecheck CI job and is not part of the functional
security fix.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This demonstrates the race quite easily against
Samba and works fine against Windows Server 2022.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This test opens one file for each loop (for nprocs * qdepth loops)
and for each file it loops in read requests for the first
io_size bytes.
time smbtorture //127.0.0.1/m -Uroot%test smb2.bench.read \
--option="torture:timelimit=600" \
--option="torture:nprocs=1" \
--option="torture:qdepth=4" \
--option="torture:io_size=4096"
In order to generate constant load for profiles
--option="torture:looplimit=150000" can be used to stop
after the given number of loops before the timelimit hits.
Sometimes the bottleneck is the smbtorture process.
In order to bring the smbd process to 100% cpu, you can use
'--option="libsmb:client_guid=6112f7d3-9528-4a2a-8861-0ca129aae6c4"'
and run multiple instances of the test at the same time,
which both talk to the same smbd process.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jun 1 08:14:23 UTC 2023 on atb-devel-224
Also see the commit message of 23988f19e7
for other examples...
This test calls SMB2_Echo in a loop per connection.
time smbtorture //127.0.0.1/m -Uroot%test smb2.bench.echo \
--option="torture:timelimit=600" \
--option="torture:looplimit=150000" \
--option="torture:nprocs=1" \
--option="torture:qdepth=1"
This is a very useful test to show how many requests are possible
at the raw SMB2 layer.
In order to do profiling and being able to compare the
profiles between runs, it is important to produce the
exact same load in each run, which is not possible
with the typical --option="torture:timelimit=600".
E.g. when the server runs under 'valgrind --tool=callgrind bin/smbd'
I typically run without "torture:looplimit" first in order to
see, which rate is possible per second, then I'll add a
"torture:looplimit" in order to run about half of the timelimit.
Then the looplimit should run for some time, but finish
before the timelimit.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
It also only waits for the required amount of time elapsed. Hopefully
this should avoid running into timeouts.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
