[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Mon Apr 15 16:47:02 MDT 2013
The branch, master has been updated
via b08c0b3 Add a test that shows the difference between Windows and Samba with respect to DeleteOnClose.
from 0f9eb25 smbd: Fix an error return in change_dir_owner_to_parent
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit b08c0b317cb8064aac5cc32774a52243aa4af973
Author: Richard Sharpe <realrichardsharpe at gmail.com>
Date: Thu Apr 4 17:15:30 2013 -0700
Add a test that shows the difference between Windows and Samba with respect to DeleteOnClose.
Signed-off-by: Richard Sharpe <realrichardsharpe at gmail.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Apr 16 00:46:54 CEST 2013 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source4/torture/smb2/delete-on-close.c | 537 ++++++++++++++++++++++++++++++++
source4/torture/smb2/smb2.c | 2 +
source4/torture/smb2/wscript_build | 2 +-
3 files changed, 540 insertions(+), 1 deletions(-)
create mode 100644 source4/torture/smb2/delete-on-close.c
Changeset truncated at 500 lines:
diff --git a/source4/torture/smb2/delete-on-close.c b/source4/torture/smb2/delete-on-close.c
new file mode 100644
index 0000000..0eef8fa
--- /dev/null
+++ b/source4/torture/smb2/delete-on-close.c
@@ -0,0 +1,537 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ test delete-on-close in more detail
+
+ Copyright (C) Richard Sharpe, 2013
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "unistd.h"
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "torture/torture.h"
+#include "torture/util.h"
+#include "torture/smb2/proto.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_security.h"
+
+#define DNAME "test_dir"
+#define FNAME DNAME "\\test_create.dat"
+
+#define CHECK_STATUS(status, correct) do { \
+ if (!NT_STATUS_EQUAL(status, correct)) { \
+ torture_result(tctx, TORTURE_FAIL, \
+ "(%s) Incorrect status %s - should be %s\n", \
+ __location__, nt_errstr(status), nt_errstr(correct)); \
+ return false; \
+ }} while (0)
+
+static bool create_dir(struct torture_context *tctx, struct smb2_tree *tree)
+{
+ NTSTATUS status;
+ struct smb2_create io;
+ struct smb2_handle handle;
+ union smb_fileinfo q;
+ union smb_setfileinfo set;
+ struct security_descriptor *sd, *sd_orig;
+ const char *owner_sid;
+ uint32_t perms = 0;
+
+ torture_comment(tctx, "Creating Directory for testing: %s\n", DNAME);
+
+ ZERO_STRUCT(io);
+ io.level = RAW_OPEN_SMB2;
+ io.in.create_flags = 0;
+ io.in.desired_access =
+ SEC_STD_READ_CONTROL |
+ SEC_STD_WRITE_DAC |
+ SEC_STD_WRITE_OWNER;
+ io.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+ io.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+ io.in.share_access =
+ NTCREATEX_SHARE_ACCESS_READ |
+ NTCREATEX_SHARE_ACCESS_WRITE;
+ io.in.alloc_size = 0;
+ io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+ io.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS;
+ io.in.security_flags = 0;
+ io.in.fname = DNAME;
+ status = smb2_create(tree, tctx, &io);
+ CHECK_STATUS(status, NT_STATUS_OK);
+ handle = io.out.file.handle;
+
+ torture_comment(tctx, "get the original sd\n");
+ q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+ q.query_secdesc.in.file.handle = handle;
+ q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+ status = smb2_getinfo_file(tree, tctx, &q);
+ CHECK_STATUS(status, NT_STATUS_OK);
+ sd_orig = q.query_secdesc.out.sd;
+
+ owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+ /*
+ * We create an SD that allows us to do most things but we do not
+ * get DELETE and DELETE CHILD access!
+ */
+
+ perms = SEC_STD_SYNCHRONIZE | SEC_STD_WRITE_OWNER |
+ SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL |
+ SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE |
+ SEC_DIR_TRAVERSE | SEC_DIR_WRITE_EA |
+ SEC_FILE_READ_EA | SEC_FILE_APPEND_DATA |
+ SEC_FILE_WRITE_DATA | SEC_FILE_READ_DATA;
+
+ torture_comment(tctx, "Setting permissions on dir to 0x1e01bf\n");
+ sd = security_descriptor_dacl_create(tctx,
+ 0, owner_sid, NULL,
+ owner_sid,
+ SEC_ACE_TYPE_ACCESS_ALLOWED,
+ perms,
+ SEC_ACE_FLAG_OBJECT_INHERIT,
+ NULL);
+
+ set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+ set.set_secdesc.in.file.handle = handle;
+ set.set_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+ set.set_secdesc.in.sd = sd;
+
+ status = smb2_setinfo_file(tree, &set);
+ CHECK_STATUS(status, NT_STATUS_OK);
+
+ status = smb2_util_close(tree, handle);
+
+ return true;
+}
+
+static bool set_dir_delete_perms(struct torture_context *tctx, struct smb2_tree *tree)
+{
+ NTSTATUS status;
+ struct smb2_create io;
+ struct smb2_handle handle;
+ union smb_fileinfo q;
+ union smb_setfileinfo set;
+ struct security_descriptor *sd, *sd_orig;
+ const char *owner_sid;
+ uint32_t perms = 0;
+
+ torture_comment(tctx, "Opening Directory for setting new SD: %s\n", DNAME);
+
+ ZERO_STRUCT(io);
+ io.level = RAW_OPEN_SMB2;
+ io.in.create_flags = 0;
+ io.in.desired_access =
+ SEC_STD_READ_CONTROL |
+ SEC_STD_WRITE_DAC |
+ SEC_STD_WRITE_OWNER;
+ io.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+ io.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
+ io.in.share_access =
+ NTCREATEX_SHARE_ACCESS_READ |
+ NTCREATEX_SHARE_ACCESS_WRITE;
+ io.in.alloc_size = 0;
+ io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+ io.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS;
+ io.in.security_flags = 0;
+ io.in.fname = DNAME;
+ status = smb2_create(tree, tctx, &io);
+ CHECK_STATUS(status, NT_STATUS_OK);
+ handle = io.out.file.handle;
+
+ torture_comment(tctx, "get the original sd\n");
+ q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+ q.query_secdesc.in.file.handle = handle;
+ q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+ status = smb2_getinfo_file(tree, tctx, &q);
+ CHECK_STATUS(status, NT_STATUS_OK);
+ sd_orig = q.query_secdesc.out.sd;
+
+ owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+ /*
+ * We create an SD that allows us to do most things including
+ * get DELETE and DELETE CHILD access!
+ */
+
+ perms = SEC_STD_SYNCHRONIZE | SEC_STD_WRITE_OWNER |
+ SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL |
+ SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE |
+ SEC_DIR_TRAVERSE | SEC_DIR_WRITE_EA |
+ SEC_FILE_READ_EA | SEC_FILE_APPEND_DATA |
+ SEC_DIR_DELETE_CHILD | SEC_STD_DELETE |
+ SEC_FILE_WRITE_DATA | SEC_FILE_READ_DATA;
+
+ torture_comment(tctx, "Setting permissions on dir to 0x%0x\n", perms);
+ sd = security_descriptor_dacl_create(tctx,
+ 0, owner_sid, NULL,
+ owner_sid,
+ SEC_ACE_TYPE_ACCESS_ALLOWED,
+ perms,
+ 0,
+ NULL);
+
+ set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+ set.set_secdesc.in.file.handle = handle;
+ set.set_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+ set.set_secdesc.in.sd = sd;
+
+ status = smb2_setinfo_file(tree, &set);
+ CHECK_STATUS(status, NT_STATUS_OK);
+
+ status = smb2_util_close(tree, handle);
+
+ return true;
+}
+
+static bool test_doc_overwrite_if(struct torture_context *tctx, struct smb2_tree *tree)
+{
+ struct smb2_create io;
+ NTSTATUS status;
+ uint32_t perms = 0;
+
+ /* File should not exist for this first test, so make sure */
+ set_dir_delete_perms(tctx, tree);
+
+ smb2_deltree(tree, DNAME);
+
+ create_dir(tctx, tree);
+
+ torture_comment(tctx, "Create file with DeleteOnClose on non-existent file (OVERWRITE_IF)\n");
+ torture_comment(tctx, "We expect NT_STATUS_OK\n");
+
+ perms = SEC_STD_SYNCHRONIZE | SEC_STD_READ_CONTROL | SEC_STD_DELETE |
+ SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE |
+ SEC_DIR_WRITE_EA | SEC_FILE_APPEND_DATA |
+ SEC_FILE_WRITE_DATA;
+
+ ZERO_STRUCT(io);
+ io.in.desired_access = perms;
+ io.in.file_attributes = 0;
+ io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+ io.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE;
+ io.in.create_options = NTCREATEX_OPTIONS_DELETE_ON_CLOSE |
+ NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+ io.in.fname = FNAME;
+
+ status = smb2_create(tree, tctx, &io);
+ CHECK_STATUS(status, NT_STATUS_OK);
+
+ status = smb2_util_close(tree, io.out.file.handle);
+
+ /* Check it was deleted */
+ ZERO_STRUCT(io);
+ io.in.desired_access = perms;
+ io.in.file_attributes = 0;
+ io.in.create_disposition = NTCREATEX_DISP_OPEN;
+ io.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE;
+ io.in.create_options = 0;
+ io.in.fname = FNAME;
+
+ torture_comment(tctx, "Testing if the file was deleted when closed\n");
+ torture_comment(tctx, "We expect NT_STATUS_OBJECT_NAME_NOT_FOUND\n");
+
+ status = smb2_create(tree, tctx, &io);
+ CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+ return true;
+}
+
+static bool test_doc_overwrite_if_exist(struct torture_context *tctx, struct smb2_tree *tree)
+{
+ struct smb2_create io;
+ NTSTATUS status;
+ uint32_t perms = 0;
+
+ /* File should not exist for this first test, so make sure */
+ /* And set the SEC Descriptor appropriately */
+ set_dir_delete_perms(tctx, tree);
+
+ smb2_deltree(tree, DNAME);
+
+ create_dir(tctx, tree);
+
+ torture_comment(tctx, "Create file with DeleteOnClose on existing file (OVERWRITE_IF)\n");
+ torture_comment(tctx, "We expect NT_STATUS_ACCESS_DENIED\n");
+
+ perms = SEC_STD_SYNCHRONIZE | SEC_STD_READ_CONTROL | SEC_STD_DELETE |
+ SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE |
+ SEC_DIR_WRITE_EA | SEC_FILE_APPEND_DATA |
+ SEC_FILE_WRITE_DATA;
+
+ /* First, create this file ... */
+ ZERO_STRUCT(io);
+ io.in.desired_access = perms;
+ io.in.file_attributes = 0;
+ io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+ io.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE;
+ io.in.create_options = 0x0;
+ io.in.fname = FNAME;
+
+ status = smb2_create(tree, tctx, &io);
+ CHECK_STATUS(status, NT_STATUS_OK);
+
+ status = smb2_util_close(tree, io.out.file.handle);
+
+ /* Next, try to open it for Delete On Close */
+ ZERO_STRUCT(io);
+ io.in.desired_access = perms;
+ io.in.file_attributes = 0;
+ io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+ io.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE;
+ io.in.create_options = NTCREATEX_OPTIONS_DELETE_ON_CLOSE |
+ NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+ io.in.fname = FNAME;
+
+ status = smb2_create(tree, tctx, &io);
+ CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+ status = smb2_util_close(tree, io.out.file.handle);
+
+ return true;
+}
+
+static bool test_doc_create(struct torture_context *tctx, struct smb2_tree *tree)
+{
+ struct smb2_create io;
+ NTSTATUS status;
+ uint32_t perms = 0;
+
+ /* File should not exist for this first test, so make sure */
+ set_dir_delete_perms(tctx, tree);
+
+ smb2_deltree(tree, DNAME);
+
+ create_dir(tctx, tree);
+
+ torture_comment(tctx, "Create file with DeleteOnClose on non-existent file (CREATE) \n");
+ torture_comment(tctx, "We expect NT_STATUS_OK\n");
+
+ perms = SEC_STD_SYNCHRONIZE | SEC_STD_READ_CONTROL | SEC_STD_DELETE |
+ SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE |
+ SEC_DIR_WRITE_EA | SEC_FILE_APPEND_DATA |
+ SEC_FILE_WRITE_DATA;
+
+ ZERO_STRUCT(io);
+ io.in.desired_access = perms;
+ io.in.file_attributes = 0;
+ io.in.create_disposition = NTCREATEX_DISP_CREATE;
+ io.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE;
+ io.in.create_options = NTCREATEX_OPTIONS_DELETE_ON_CLOSE |
+ NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+ io.in.fname = FNAME;
+
+ status = smb2_create(tree, tctx, &io);
+ CHECK_STATUS(status, NT_STATUS_OK);
+
+ status = smb2_util_close(tree, io.out.file.handle);
+
+ /* Check it was deleted */
+ ZERO_STRUCT(io);
+ io.in.desired_access = perms;
+ io.in.file_attributes = 0;
+ io.in.create_disposition = NTCREATEX_DISP_OPEN;
+ io.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE;
+ io.in.create_options = 0;
+ io.in.fname = FNAME;
+
+ torture_comment(tctx, "Testing if the file was deleted when closed\n");
+ torture_comment(tctx, "We expect NT_STATUS_OBJECT_NAME_NOT_FOUND\n");
+
+ status = smb2_create(tree, tctx, &io);
+ CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+ return true;
+}
+
+static bool test_doc_create_exist(struct torture_context *tctx, struct smb2_tree *tree)
+{
+ struct smb2_create io;
+ NTSTATUS status;
+ uint32_t perms = 0;
+
+ /* File should not exist for this first test, so make sure */
+ set_dir_delete_perms(tctx, tree);
+
+ smb2_deltree(tree, DNAME);
+
+ create_dir(tctx, tree);
+
+ torture_comment(tctx, "Create file with DeleteOnClose on non-existent file (CREATE) \n");
+ torture_comment(tctx, "We expect NT_STATUS_OBJECT_NAME_COLLISION\n");
+
+ perms = SEC_STD_SYNCHRONIZE | SEC_STD_READ_CONTROL | SEC_STD_DELETE |
+ SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE |
+ SEC_DIR_WRITE_EA | SEC_FILE_APPEND_DATA |
+ SEC_FILE_WRITE_DATA;
+
+ /* First, create the file */
+ ZERO_STRUCT(io);
+ io.in.desired_access = perms;
+ io.in.file_attributes = 0;
+ io.in.create_disposition = NTCREATEX_DISP_CREATE;
+ io.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE;
+ io.in.create_options = 0x0;
+ io.in.fname = FNAME;
+
+ status = smb2_create(tree, tctx, &io);
+ CHECK_STATUS(status, NT_STATUS_OK);
+
+ status = smb2_util_close(tree, io.out.file.handle);
+
+ /* Next, try to open it for Delete on Close */
+ status = smb2_util_close(tree, io.out.file.handle);
+ ZERO_STRUCT(io);
+ io.in.desired_access = perms;
+ io.in.file_attributes = 0;
+ io.in.create_disposition = NTCREATEX_DISP_CREATE;
+ io.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE;
+ io.in.create_options = NTCREATEX_OPTIONS_DELETE_ON_CLOSE |
+ NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+ io.in.fname = FNAME;
+
+ status = smb2_create(tree, tctx, &io);
+ CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_COLLISION);
+
+ status = smb2_util_close(tree, io.out.file.handle);
+
+ return true;
+}
+
+static bool test_doc_create_if(struct torture_context *tctx, struct smb2_tree *tree)
+{
+ struct smb2_create io;
+ NTSTATUS status;
+ uint32_t perms = 0;
+
+ /* File should not exist for this first test, so make sure */
+ set_dir_delete_perms(tctx, tree);
+
+ smb2_deltree(tree, DNAME);
+
+ create_dir(tctx, tree);
+
+ torture_comment(tctx, "Create file with DeleteOnClose on non-existent file (OPEN_IF)\n");
+ torture_comment(tctx, "We expect NT_STATUS_OK\n");
+
+ perms = SEC_STD_SYNCHRONIZE | SEC_STD_READ_CONTROL | SEC_STD_DELETE |
+ SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE |
+ SEC_DIR_WRITE_EA | SEC_FILE_APPEND_DATA |
+ SEC_FILE_WRITE_DATA;
+
+ ZERO_STRUCT(io);
+ io.in.desired_access = perms;
+ io.in.file_attributes = 0;
+ io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+ io.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE;
+ io.in.create_options = NTCREATEX_OPTIONS_DELETE_ON_CLOSE |
+ NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+ io.in.fname = FNAME;
+
+ status = smb2_create(tree, tctx, &io);
+ CHECK_STATUS(status, NT_STATUS_OK);
+
+ status = smb2_util_close(tree, io.out.file.handle);
+
+ /* Check it was deleted */
+ ZERO_STRUCT(io);
+ io.in.desired_access = perms;
+ io.in.file_attributes = 0;
+ io.in.create_disposition = NTCREATEX_DISP_OPEN;
+ io.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE;
+ io.in.create_options = 0;
+ io.in.fname = FNAME;
+
+ torture_comment(tctx, "Testing if the file was deleted when closed\n");
+ torture_comment(tctx, "We expect NT_STATUS_OBJECT_NAME_NOT_FOUND\n");
+
+ status = smb2_create(tree, tctx, &io);
+ CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+ return true;
+}
+
+static bool test_doc_create_if_exist(struct torture_context *tctx, struct smb2_tree *tree)
+{
+ struct smb2_create io;
+ NTSTATUS status;
+ uint32_t perms = 0;
+
+ /* File should not exist for this first test, so make sure */
+ set_dir_delete_perms(tctx, tree);
+
+ smb2_deltree(tree, DNAME);
+
+ create_dir(tctx, tree);
+
+ torture_comment(tctx, "Create file with DeleteOnClose on existing file (OPEN_IF)\n");
+ torture_comment(tctx, "We expect NT_STATUS_ACCESS_DENIED\n");
+
+ perms = SEC_STD_SYNCHRONIZE | SEC_STD_READ_CONTROL | SEC_STD_DELETE |
+ SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE |
+ SEC_DIR_WRITE_EA | SEC_FILE_APPEND_DATA |
+ SEC_FILE_WRITE_DATA;
+
+ /* Create the file first */
+ ZERO_STRUCT(io);
+ io.in.desired_access = perms;
+ io.in.file_attributes = 0;
+ io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+ io.in.share_access = NTCREATEX_SHARE_ACCESS_DELETE;
+ io.in.create_options = 0x0;
--
Samba Shared Repository
More information about the samba-cvs
mailing list