s4:torture/smb2: smb2.lease.breaking3 test

This demonstrates a race case where the client reuses a lease,
while the server already sent a break.

The open succeeds with SMB2_LEASE_FLAG_BREAK_IN_PROGRESS being set.

This is more complex that smb2.lease.breaking[1-2] as it generates breaks
from RWH => RH => R => NONE.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

1 files changed, 189 insertions, 0 deletions

diff --git a/source4/torture/smb2/lease.c b/source4/torture/smb2/lease.c
index b694dd834a2..76715e7b1da 100644
--- a/source4/torture/smb2/lease.c
+++ b/source4/torture/smb2/lease.c
@@ -2036,6 +2036,194 @@ done:
 	return ret;
 }
 
+static bool test_lease_breaking3(struct torture_context *tctx,
+				 struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	struct smb2_create io1 = {};
+	struct smb2_create io2 = {};
+	struct smb2_create io3 = {};
+	struct smb2_lease ls1 = {};
+	struct smb2_handle h1a = {};
+	struct smb2_handle h1b = {};
+	struct smb2_handle h2 = {};
+	struct smb2_handle h3 = {};
+	struct smb2_request *req2 = NULL;
+	struct smb2_request *req3 = NULL;
+	struct torture_lease_break break_info_tmp = {};
+	struct smb2_lease_break_ack ack = {};
+	const char *fname = "lease_breaking3.dat";
+	bool ret = true;
+	NTSTATUS status;
+	uint32_t caps;
+
+	caps = smb2cli_conn_server_capabilities(tree->session->transport->conn);
+	if (!(caps & SMB2_CAP_LEASING)) {
+		torture_skip(tctx, "leases are not supported");
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	tree->session->transport->lease.handler	= torture_lease_handler;
+	tree->session->transport->lease.private_data = tree;
+	tree->session->transport->oplock.handler = torture_oplock_handler;
+	tree->session->transport->oplock.private_data = tree;
+
+	/*
+	 * we defer acking the lease break.
+	 */
+	ZERO_STRUCT(break_info);
+	break_info.lease_skip_ack = true;
+
+	smb2_lease_create_share(&io1, &ls1, false, fname,
+				smb2_util_share_access("RWD"),
+				LEASE1,
+				smb2_util_lease_state("RWH"));
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1a = io1.out.file.handle;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RWH", true, LEASE1, 0);
+
+	/*
+	 * a conflicting open is blocked until we ack the
+	 * lease break
+	 */
+	smb2_oplock_create(&io2, fname, SMB2_OPLOCK_LEVEL_NONE);
+	req2 = smb2_create_send(tree, &io2);
+	torture_assert(tctx, req2 != NULL, "smb2_create_send");
+
+	/*
+	 * we got the lease break, but defer the ack.
+	 */
+	CHECK_BREAK_INFO("RWH", "RH", LEASE1);
+
+	torture_assert(tctx, req2->state == SMB2_REQUEST_RECV, "req2 pending");
+
+	/*
+	 * a open using the same lease key is still works,
+	 * but reports SMB2_LEASE_FLAG_BREAK_IN_PROGRESS
+	 */
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1b = io1.out.file.handle;
+	CHECK_CREATED(&io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RWH", true, LEASE1, SMB2_LEASE_FLAG_BREAK_IN_PROGRESS);
+	smb2_util_close(tree, h1b);
+
+	/*
+	 * a conflicting open with NTCREATEX_DISP_OVERWRITE
+	 * doesn't trigger an immediate lease break to none.
+	 */
+	break_info_tmp = break_info;
+	ZERO_STRUCT(break_info);
+	smb2_oplock_create(&io3, fname, SMB2_OPLOCK_LEVEL_NONE);
+	io3.in.create_disposition = NTCREATEX_DISP_OVERWRITE;
+	req3 = smb2_create_send(tree, &io3);
+	torture_assert(tctx, req3 != NULL, "smb2_create_send");
+	CHECK_NO_BREAK(tctx);
+	break_info = break_info_tmp;
+
+	torture_assert(tctx, req3->state == SMB2_REQUEST_RECV, "req3 pending");
+
+	ack.in.lease.lease_key =
+		break_info.lease_break.current_lease.lease_key;
+	ack.in.lease.lease_state =
+		break_info.lease_break.new_lease_state;
+	ZERO_STRUCT(break_info);
+
+	/*
+	 * a open using the same lease key is still works,
+	 * but reports SMB2_LEASE_FLAG_BREAK_IN_PROGRESS
+	 */
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1b = io1.out.file.handle;
+	CHECK_CREATED(&io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RWH", true, LEASE1, SMB2_LEASE_FLAG_BREAK_IN_PROGRESS);
+	smb2_util_close(tree, h1b);
+
+	CHECK_NO_BREAK(tctx);
+
+	/*
+	 * We ack the lease break, but defer acking the next break (to "R")
+	 */
+	break_info.lease_skip_ack = true;
+	status = smb2_lease_break_ack(tree, &ack);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_LEASE_BREAK_ACK(&ack, "RH", LEASE1);
+
+	/*
+	 * We got an additional break downgrading to just "R"
+	 * while we defer the ack.
+	 */
+	CHECK_BREAK_INFO("RH", "R", LEASE1);
+
+	ack.in.lease.lease_key =
+		break_info.lease_break.current_lease.lease_key;
+	ack.in.lease.lease_state =
+		break_info.lease_break.new_lease_state;
+	ZERO_STRUCT(break_info);
+
+	/*
+	 * a open using the same lease key is still works,
+	 * but reports SMB2_LEASE_FLAG_BREAK_IN_PROGRESS
+	 */
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h1b = io1.out.file.handle;
+	CHECK_CREATED(&io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_LEASE(&io1, "RH", true, LEASE1, SMB2_LEASE_FLAG_BREAK_IN_PROGRESS);
+	smb2_util_close(tree, h1b);
+
+	CHECK_NO_BREAK(tctx);
+
+	torture_assert(tctx, req2->state == SMB2_REQUEST_RECV, "req2 pending");
+	torture_assert(tctx, req3->state == SMB2_REQUEST_RECV, "req3 pending");
+
+	/*
+	 * We ack the downgrade to "R" and get an immediate break to none
+	 */
+	status = smb2_lease_break_ack(tree, &ack);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	CHECK_LEASE_BREAK_ACK(&ack, "R", LEASE1);
+
+	/*
+	 * We get the downgrade to none.
+	 */
+	CHECK_BREAK_INFO("R", "", LEASE1);
+
+	torture_assert(tctx, req2->cancel.can_cancel,
+		       "req2 can_cancel");
+	torture_assert(tctx, req3->cancel.can_cancel,
+		       "req3 can_cancel");
+
+	ZERO_STRUCT(break_info);
+
+	status = smb2_create_recv(req2, tctx, &io2);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h2 = io2.out.file.handle;
+	CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io2.out.oplock_level, SMB2_OPLOCK_LEVEL_NONE);
+
+	status = smb2_create_recv(req3, tctx, &io3);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	h3 = io3.out.file.handle;
+	CHECK_CREATED(&io3, TRUNCATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io3.out.oplock_level, SMB2_OPLOCK_LEVEL_NONE);
+
+	CHECK_NO_BREAK(tctx);
+done:
+	smb2_util_close(tree, h1a);
+	smb2_util_close(tree, h1b);
+	smb2_util_close(tree, h2);
+	smb2_util_close(tree, h3);
+
+	smb2_util_unlink(tree, fname);
+	talloc_free(mem_ctx);
+	return ret;
+}
+
 static bool test_lease_complex1(struct torture_context *tctx,
 				struct smb2_tree *tree1a)
 {
@@ -2325,6 +2513,7 @@ struct torture_suite *torture_smb2_lease_init(void)
 	torture_suite_add_1smb2_test(suite, "multibreak", test_lease_multibreak);
 	torture_suite_add_1smb2_test(suite, "breaking1", test_lease_breaking1);
 	torture_suite_add_1smb2_test(suite, "breaking2", test_lease_breaking2);
+	torture_suite_add_1smb2_test(suite, "breaking3", test_lease_breaking3);
 	torture_suite_add_1smb2_test(suite, "complex1", test_lease_complex1);
 	torture_suite_add_1smb2_test(suite, "v2_request_parent",
 				     test_lease_v2_request_parent);