From a60419838bacd6e9bb5f2184b2aa6b26ab342c0b Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Sat, 6 Jul 2024 17:10:21 +0200 Subject: [PATCH] smbtorture: test creating stream doesn't crash when using "inherit permissions = yes" BUG: https://bugzilla.samba.org/show_bug.cgi?id=15695 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke (cherry picked from commit 09835608307ff2580f1aada84d44feddae17c80f) --- .../samba3.smb2.stream-inherit-perms | 1 + selftest/target/Samba3.pm | 5 ++ source3/selftest/tests.py | 2 + source4/torture/smb2/smb2.c | 2 + source4/torture/smb2/streams.c | 73 +++++++++++++++++++ 5 files changed, 83 insertions(+) create mode 100644 selftest/knownfail.d/samba3.smb2.stream-inherit-perms diff --git a/selftest/knownfail.d/samba3.smb2.stream-inherit-perms b/selftest/knownfail.d/samba3.smb2.stream-inherit-perms new file mode 100644 index 00000000000..fa311ac924d --- /dev/null +++ b/selftest/knownfail.d/samba3.smb2.stream-inherit-perms @@ -0,0 +1 @@ +^samba3.smb2.stream-inherit-perms.stream-inherit-perms\(fileserver\) diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index cf40633d127..b9abb28061d 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -2054,6 +2054,11 @@ sub setup_fileserver comment = Home directories browseable = No read only = No + +[inherit_perms] + path = $share_dir + vfs objects = streams_depot + inherit permissions = yes "; if (defined($more_conf)) { diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 0648797df16..29e7421c0af 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -1334,6 +1334,8 @@ for t in tests: plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD') plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/streams_xattr -U$USERNAME%$PASSWORD', 'streams_xattr') + elif t == "smb2.stream-inherit-perms": + plansmbtorture4testsuite(t, "fileserver", '//$SERVER/inherit_perms -U$USERNAME%$PASSWORD') elif t == "smb2.aio_delay": plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/aio_delay_inject -U$USERNAME%$PASSWORD') elif t == "smb2.delete-on-close-perms": diff --git a/source4/torture/smb2/smb2.c b/source4/torture/smb2/smb2.c index 5b6477e47bc..28a62f49c47 100644 --- a/source4/torture/smb2/smb2.c +++ b/source4/torture/smb2/smb2.c @@ -178,6 +178,8 @@ NTSTATUS torture_smb2_init(TALLOC_CTX *ctx) torture_suite_add_suite(suite, torture_smb2_oplocks_init(suite)); torture_suite_add_suite(suite, torture_smb2_kernel_oplocks_init(suite)); torture_suite_add_suite(suite, torture_smb2_streams_init(suite)); + torture_suite_add_1smb2_test(suite, "stream-inherit-perms", + test_stream_inherit_perms); torture_suite_add_suite(suite, torture_smb2_ioctl_init(suite)); torture_suite_add_simple_test(suite, "set-sparse-ioctl", test_ioctl_set_sparse); diff --git a/source4/torture/smb2/streams.c b/source4/torture/smb2/streams.c index f18048f7762..abc1fe21960 100644 --- a/source4/torture/smb2/streams.c +++ b/source4/torture/smb2/streams.c @@ -30,6 +30,7 @@ #include "system/filesys.h" #include "system/locale.h" #include "lib/util/tsort.h" +#include "libcli/security/security_descriptor.h" #define DNAME "teststreams" @@ -2395,6 +2396,78 @@ done: return ret; } +/* + * Simple test creating a stream on a share with "inherit permissions" + * enabled. This tests specifically bug 15695. + */ +bool test_stream_inherit_perms(struct torture_context *tctx, + struct smb2_tree *tree) +{ + NTSTATUS status; + struct smb2_handle h = {}; + union smb_fileinfo q = {}; + union smb_setfileinfo setinfo = {}; + struct security_descriptor *sd = NULL; + struct security_ace ace = {}; + const char *fname = DNAME "\\test_stream_inherit_perms:stream"; + bool ret = true; + + smb2_deltree(tree, DNAME); + + status = torture_smb2_testdir(tree, DNAME, &h); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "torture_smb2_testdir failed\n"); + + torture_comment(tctx, "getting original sd\n"); + + q.query_secdesc.level = RAW_FILEINFO_SEC_DESC; + q.query_secdesc.in.file.handle = h; + q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER; + + status = smb2_getinfo_file(tree, tctx, &q); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_getinfo_file failed\n"); + + sd = q.query_secdesc.out.sd; + + /* + * Add one explicit non-inheriting ACE which will be stored + * as a non-inheriting POSIX ACE. These are the ACEs that + * "inherit permissions" will want to inherit. + */ + ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED; + ace.access_mask = SEC_STD_ALL; + ace.trustee = *(sd->owner_sid); + + status = security_descriptor_dacl_add(sd, &ace); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "security_descriptor_dacl_add failed\n"); + + setinfo.set_secdesc.level = RAW_SFILEINFO_SEC_DESC; + setinfo.set_secdesc.in.file.handle = h; + setinfo.set_secdesc.in.secinfo_flags = SECINFO_DACL; + setinfo.set_secdesc.in.sd = sd; + + status = smb2_setinfo_file(tree, &setinfo); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_setinfo_file failed"); + + smb2_util_close(tree, h); + ZERO_STRUCT(h); + + /* This triggers the crash */ + status = torture_smb2_testfile(tree, fname, &h); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "torture_smb2_testfile failed"); + +done: + if (!smb2_util_handle_empty(h)) { + smb2_util_close(tree, h); + } + smb2_deltree(tree, DNAME); + return ret; +} + /* basic testing of streams calls SMB2 */