torture3: Trigger a nasty cleanup bug in smbd

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Sep  3 19:13:14 CEST 2013 on sn-devel-104

diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index afab6872a0f1f9500ffff098252768bf86fc1244..63f119f44dc364f7be0fab8c6407e4994a009b7b 100755 (executable)
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -63,6 +63,7 @@ tests = ["FDPASS", "LOCK1", "LOCK2", "LOCK3", "LOCK4", "LOCK5", "LOCK6", "LOCK7"
         "SMB2-SESSION-REAUTH", "SMB2-SESSION-RECONNECT",
         "CLEANUP1",
         "CLEANUP2",
+        "CLEANUP4",
         "BAD-NBT-SESSION"]
 
 for t in tests:

diff --git a/source3/torture/proto.h b/source3/torture/proto.h
index f6453fd526b9c2da5c2bab2516ea69d67e95f256..d430aef5d8956374d2781fcd6e374f546c6c2c4b 100644 (file)
--- a/source3/torture/proto.h
+++ b/source3/torture/proto.h
@@ -104,6 +104,7 @@ bool run_local_sprintf_append(int dummy);
 bool run_cleanup1(int dummy);
 bool run_cleanup2(int dummy);
 bool run_cleanup3(int dummy);
+bool run_cleanup4(int dummy);
 bool run_ctdb_conn(int dummy);
 bool run_msg_test(int dummy);
 bool run_notify_bench2(int dummy);

diff --git a/source3/torture/test_cleanup.c b/source3/torture/test_cleanup.c
index d9dce402dede9aa58b5e91e3e261ab31381705a6..319a55f3298569551dcf72cfc8b599b485d6a413 100644 (file)
--- a/source3/torture/test_cleanup.c
+++ b/source3/torture/test_cleanup.c
@@ -329,3 +329,73 @@ bool run_cleanup3(int dummy)
 
        return true;
 }
+
+bool run_cleanup4(int dummy)
+{
+       struct cli_state *cli1, *cli2;
+       const char *fname = "\\cleanup4";
+       uint16_t fnum1, fnum2;
+       NTSTATUS status;
+
+       printf("CLEANUP4: Checking that a conflicting share mode is cleaned "
+              "up\n");
+
+       if (!torture_open_connection(&cli1, 0)) {
+               return false;
+       }
+       if (!torture_open_connection(&cli2, 0)) {
+               return false;
+       }
+
+       status = cli_ntcreate(
+               cli1, fname, 0,
+               FILE_GENERIC_READ|DELETE_ACCESS,
+               FILE_ATTRIBUTE_NORMAL,
+               FILE_SHARE_READ|FILE_SHARE_DELETE,
+               FILE_OVERWRITE_IF, 0, 0, &fnum1);
+       if (!NT_STATUS_IS_OK(status)) {
+               printf("creating file failed: %s\n",
+                      nt_errstr(status));
+               return false;
+       }
+
+       status = cli_ntcreate(
+               cli2, fname, 0,
+               FILE_GENERIC_READ|DELETE_ACCESS,
+               FILE_ATTRIBUTE_NORMAL,
+               FILE_SHARE_READ|FILE_SHARE_DELETE,
+               FILE_OPEN, 0, 0, &fnum2);
+       if (!NT_STATUS_IS_OK(status)) {
+               printf("opening file 1st time failed: %s\n",
+                      nt_errstr(status));
+               return false;
+       }
+
+       status = smbXcli_conn_samba_suicide(cli1->conn, 1);
+       if (!NT_STATUS_IS_OK(status)) {
+               printf("smbXcli_conn_samba_suicide failed: %s\n",
+                      nt_errstr(status));
+               return false;
+       }
+
+       /*
+        * The next open will conflict with both opens above. The first open
+        * above will be correctly cleaned up. A bug in smbd iterating over
+        * the share mode array made it skip the share conflict check for the
+        * second open. Trigger this bug.
+        */
+
+       status = cli_ntcreate(
+               cli2, fname, 0,
+               FILE_GENERIC_WRITE|DELETE_ACCESS,
+               FILE_ATTRIBUTE_NORMAL,
+               FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
+               FILE_OPEN, 0, 0, &fnum2);
+       if (!NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION)) {
+               printf("opening file 2nd time returned: %s\n",
+                      nt_errstr(status));
+               return false;
+       }
+
+       return true;
+}

diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 359baa9cb4996c5b2a030c2d1456b252a32af35c..2d1a107b345f0c37b1289cb8d161a9eb979802d7 100644 (file)
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -9554,6 +9554,7 @@ static struct {
        { "CLEANUP1", run_cleanup1 },
        { "CLEANUP2", run_cleanup2 },
        { "CLEANUP3", run_cleanup3 },
+       { "CLEANUP4", run_cleanup4 },
        { "LOCAL-SUBSTITUTE", run_local_substitute, 0},
        { "LOCAL-GENCACHE", run_local_gencache, 0},
        { "LOCAL-TALLOC-DICT", run_local_talloc_dict, 0},