[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Wed Jun 26 19:32:01 UTC 2019 

The branch, master has been updated
       via  29ee235caee s3: torture: Ensure we can always get a POSIX ACL on a directory handle.
       via  61777349f1e s3: smbd: We also need to open a real directory fd when modifying security.
      from  164570fcbbe lib/param: clang: Fix 'dereference of a null pointer' warning

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 29ee235caee7e703ee9ebee342c8decb017fd099
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Jun 25 13:39:59 2019 -0700

    s3: torture: Ensure we can always get a POSIX ACL on a directory handle.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Wed Jun 26 19:31:28 UTC 2019 on sn-devel-184

commit 61777349f1e86cf8c8a289c04afad6cd123207c0
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Jun 25 10:32:10 2019 -0700

    s3: smbd: We also need to open a real directory fd when modifying security.
    
    Makes the logic identical to file open.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 selftest/skip             |   1 +
 source3/selftest/tests.py |   1 +
 source3/smbd/open.c       |   5 +-
 source3/torture/torture.c | 127 ++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 133 insertions(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/selftest/skip b/selftest/skip
index 9ff673e0c92..563f7e70599 100644
--- a/selftest/skip
+++ b/selftest/skip
@@ -50,6 +50,7 @@
 ^samba3.smbtorture_s3.plain.POSIX-STREAM-DELETE\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server
 ^samba3.smbtorture_s3.plain.POSIX-MKDIR\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server
 ^samba3.smbtorture_s3.plain.POSIX-ACL-OPLOCK\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server
+^samba3.smbtorture_s3.plain.POSIX-ACL-SHAREROOT\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server
 ^samba3.smbtorture_s3.plain.POSIX-BLOCKING-LOCK\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server
 ^samba3.smbtorture_s3.plain.WINDOWS-BAD-SYMLINK\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server
 ^samba3.smbtorture_s3.plain.RENAME-ACCESS\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index c7d24f68d6c..a3cd890e903 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -161,6 +161,7 @@ posix_tests = ["POSIX", "POSIX-APPEND", "POSIX-SYMLINK-ACL", "POSIX-SYMLINK-EA",
                "POSIX-STREAM-DELETE", "WINDOWS-BAD-SYMLINK", "POSIX-MKDIR",
                "POSIX-BLOCKING-LOCK",
                "POSIX-ACL-OPLOCK",
+               "POSIX-ACL-SHAREROOT",
               ]
 
 for t in posix_tests:
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index ba13255245c..095d8c2427d 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -4242,7 +4242,10 @@ static NTSTATUS open_directory(connection_struct *conn,
 			   FILE_ADD_SUBDIRECTORY|
 			   FILE_TRAVERSE|
 			   DELETE_ACCESS|
-			   FILE_DELETE_CHILD)) {
+			   FILE_DELETE_CHILD|
+			   WRITE_DAC_ACCESS|
+			   WRITE_OWNER_ACCESS|
+			   READ_CONTROL_ACCESS)) {
 #ifdef O_DIRECTORY
 		status = fd_open(conn, fsp, O_RDONLY|O_DIRECTORY, 0);
 #else
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index d93a02b2d6a..2cb32efea46 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -8768,6 +8768,129 @@ static bool run_posix_acl_oplock_test(int dummy)
 	return correct;
 }
 
+static bool run_posix_acl_shareroot_test(int dummy)
+{
+	struct cli_state *cli;
+	NTSTATUS status;
+	bool correct = false;
+	char *posix_acl = NULL;
+	size_t posix_acl_len = 0;
+	uint16_t num_file_acls = 0;
+	uint16_t num_dir_acls = 0;
+	uint16_t i;
+	uint32_t expected_size = 0;
+	bool got_user = false;
+	bool got_group = false;
+	bool got_other = false;
+	TALLOC_CTX *frame = NULL;
+
+	frame = talloc_stackframe();
+
+	printf("starting posix_acl_shareroot test\n");
+
+	if (!torture_open_connection(&cli, 0)) {
+		TALLOC_FREE(frame);
+		return false;
+	}
+
+	smbXcli_conn_set_sockopt(cli->conn, sockops);
+
+	status = torture_setup_unix_extensions(cli);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to setup unix extensions\n");
+		goto out;
+	}
+
+	/* Get the POSIX ACL on the root of the share. */
+	status = cli_posix_getacl(cli,
+				".",
+				frame,
+				&posix_acl_len,
+				&posix_acl);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("cli_posix_getacl of '.' failed (%s)\n",
+			nt_errstr(status));
+		goto out;
+	}
+
+	if (posix_acl_len < 6 ||
+			SVAL(posix_acl,0) != SMB_POSIX_ACL_VERSION) {
+		printf("getfacl ., unknown POSIX acl version %u.\n",
+			(unsigned int)CVAL(posix_acl,0) );
+		goto out;
+        }
+
+	num_file_acls = SVAL(posix_acl,2);
+	num_dir_acls = SVAL(posix_acl,4);
+	expected_size = SMB_POSIX_ACL_HEADER_SIZE +
+				SMB_POSIX_ACL_ENTRY_SIZE*
+				(num_file_acls+num_dir_acls);
+
+	if (posix_acl_len != expected_size) {
+                printf("incorrect POSIX acl buffer size "
+			"(should be %u, was %u).\n",
+                        (unsigned int)expected_size,
+                        (unsigned int)posix_acl_len);
+		goto out;
+        }
+
+	/*
+	 * We don't need to know what the ACL's are
+	 * we just need to know we have at least 3
+	 * file entries (u,g,o).
+	 */
+
+	for (i = 0; i < num_file_acls; i++) {
+		unsigned char tagtype =
+			CVAL(posix_acl,
+				SMB_POSIX_ACL_HEADER_SIZE+
+				(i*SMB_POSIX_ACL_ENTRY_SIZE));
+
+		switch(tagtype) {
+			case SMB_POSIX_ACL_USER_OBJ:
+				got_user = true;
+				break;
+			case SMB_POSIX_ACL_GROUP_OBJ:
+				got_group = true;
+				break;
+			case SMB_POSIX_ACL_OTHER:
+				got_other = true;
+				break;
+			default:
+				break;
+		}
+	}
+
+	if (!got_user) {
+		printf("Missing user entry\n");
+		goto out;
+	}
+
+	if (!got_group) {
+		printf("Missing group entry\n");
+		goto out;
+	}
+
+	if (!got_other) {
+		printf("Missing other entry\n");
+		goto out;
+	}
+
+	correct = true;
+
+  out:
+
+	if (!torture_close_connection(cli)) {
+		correct = false;
+	}
+
+	printf("finished posix acl shareroot test\n");
+	TALLOC_FREE(frame);
+
+	return correct;
+}
+
 static uint32_t open_attrs_table[] = {
 		FILE_ATTRIBUTE_NORMAL,
 		FILE_ATTRIBUTE_ARCHIVE,
@@ -13508,6 +13631,10 @@ static struct {
 		.name  = "POSIX-ACL-OPLOCK",
 		.fn    = run_posix_acl_oplock_test,
 	},
+	{
+		.name  = "POSIX-ACL-SHAREROOT",
+		.fn    = run_posix_acl_shareroot_test,
+	},
 	{
 		.name  = "WINDOWS-BAD-SYMLINK",
 		.fn    = run_symlink_open_test,


-- 
Samba Shared Repository

More information about the samba-cvs mailing list