mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
smbtorture: test creating stream doesn't crash when using "inherit permissions = yes"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15695
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 0983560830
)
This commit is contained in:
parent
60052ea77a
commit
a60419838b
1
selftest/knownfail.d/samba3.smb2.stream-inherit-perms
Normal file
1
selftest/knownfail.d/samba3.smb2.stream-inherit-perms
Normal file
@ -0,0 +1 @@
|
||||
^samba3.smb2.stream-inherit-perms.stream-inherit-perms\(fileserver\)
|
@ -2054,6 +2054,11 @@ sub setup_fileserver
|
||||
comment = Home directories
|
||||
browseable = No
|
||||
read only = No
|
||||
|
||||
[inherit_perms]
|
||||
path = $share_dir
|
||||
vfs objects = streams_depot
|
||||
inherit permissions = yes
|
||||
";
|
||||
|
||||
if (defined($more_conf)) {
|
||||
|
@ -1334,6 +1334,8 @@ for t in tests:
|
||||
plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
|
||||
plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD')
|
||||
plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/streams_xattr -U$USERNAME%$PASSWORD', 'streams_xattr')
|
||||
elif t == "smb2.stream-inherit-perms":
|
||||
plansmbtorture4testsuite(t, "fileserver", '//$SERVER/inherit_perms -U$USERNAME%$PASSWORD')
|
||||
elif t == "smb2.aio_delay":
|
||||
plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/aio_delay_inject -U$USERNAME%$PASSWORD')
|
||||
elif t == "smb2.delete-on-close-perms":
|
||||
|
@ -178,6 +178,8 @@ NTSTATUS torture_smb2_init(TALLOC_CTX *ctx)
|
||||
torture_suite_add_suite(suite, torture_smb2_oplocks_init(suite));
|
||||
torture_suite_add_suite(suite, torture_smb2_kernel_oplocks_init(suite));
|
||||
torture_suite_add_suite(suite, torture_smb2_streams_init(suite));
|
||||
torture_suite_add_1smb2_test(suite, "stream-inherit-perms",
|
||||
test_stream_inherit_perms);
|
||||
torture_suite_add_suite(suite, torture_smb2_ioctl_init(suite));
|
||||
torture_suite_add_simple_test(suite, "set-sparse-ioctl",
|
||||
test_ioctl_set_sparse);
|
||||
|
@ -30,6 +30,7 @@
|
||||
#include "system/filesys.h"
|
||||
#include "system/locale.h"
|
||||
#include "lib/util/tsort.h"
|
||||
#include "libcli/security/security_descriptor.h"
|
||||
|
||||
#define DNAME "teststreams"
|
||||
|
||||
@ -2395,6 +2396,78 @@ done:
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* Simple test creating a stream on a share with "inherit permissions"
|
||||
* enabled. This tests specifically bug 15695.
|
||||
*/
|
||||
bool test_stream_inherit_perms(struct torture_context *tctx,
|
||||
struct smb2_tree *tree)
|
||||
{
|
||||
NTSTATUS status;
|
||||
struct smb2_handle h = {};
|
||||
union smb_fileinfo q = {};
|
||||
union smb_setfileinfo setinfo = {};
|
||||
struct security_descriptor *sd = NULL;
|
||||
struct security_ace ace = {};
|
||||
const char *fname = DNAME "\\test_stream_inherit_perms:stream";
|
||||
bool ret = true;
|
||||
|
||||
smb2_deltree(tree, DNAME);
|
||||
|
||||
status = torture_smb2_testdir(tree, DNAME, &h);
|
||||
torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
|
||||
"torture_smb2_testdir failed\n");
|
||||
|
||||
torture_comment(tctx, "getting original sd\n");
|
||||
|
||||
q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
|
||||
q.query_secdesc.in.file.handle = h;
|
||||
q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
|
||||
|
||||
status = smb2_getinfo_file(tree, tctx, &q);
|
||||
torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
|
||||
"smb2_getinfo_file failed\n");
|
||||
|
||||
sd = q.query_secdesc.out.sd;
|
||||
|
||||
/*
|
||||
* Add one explicit non-inheriting ACE which will be stored
|
||||
* as a non-inheriting POSIX ACE. These are the ACEs that
|
||||
* "inherit permissions" will want to inherit.
|
||||
*/
|
||||
ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
|
||||
ace.access_mask = SEC_STD_ALL;
|
||||
ace.trustee = *(sd->owner_sid);
|
||||
|
||||
status = security_descriptor_dacl_add(sd, &ace);
|
||||
torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
|
||||
"security_descriptor_dacl_add failed\n");
|
||||
|
||||
setinfo.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
|
||||
setinfo.set_secdesc.in.file.handle = h;
|
||||
setinfo.set_secdesc.in.secinfo_flags = SECINFO_DACL;
|
||||
setinfo.set_secdesc.in.sd = sd;
|
||||
|
||||
status = smb2_setinfo_file(tree, &setinfo);
|
||||
torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
|
||||
"smb2_setinfo_file failed");
|
||||
|
||||
smb2_util_close(tree, h);
|
||||
ZERO_STRUCT(h);
|
||||
|
||||
/* This triggers the crash */
|
||||
status = torture_smb2_testfile(tree, fname, &h);
|
||||
torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
|
||||
"torture_smb2_testfile failed");
|
||||
|
||||
done:
|
||||
if (!smb2_util_handle_empty(h)) {
|
||||
smb2_util_close(tree, h);
|
||||
}
|
||||
smb2_deltree(tree, DNAME);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
basic testing of streams calls SMB2
|
||||
*/
|
||||
|
Loading…
Reference in New Issue
Block a user