source4/torture/raw/samba3hide.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Test samba3 hide unreadable/unwriteable
   4    Copyright (C) Volker Lendecke 2006
   5
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 3 of the License, or
   9    (at your option) any later version.
  10
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15
  16    You should have received a copy of the GNU General Public License
  17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18 */
  19
  20 #include "includes.h"
  21 #include "system/time.h"
  22 #include "system/filesys.h"
  23 #include "libcli/libcli.h"
  24 #include "torture/util.h"
  25 #include "torture/raw/proto.h"
  26
  27 static void init_unixinfo_nochange(union smb_setfileinfo *info)
  28 {
  29         ZERO_STRUCTP(info);
  30         info->unix_basic.level = RAW_SFILEINFO_UNIX_BASIC;
  31         info->unix_basic.in.mode = SMB_MODE_NO_CHANGE;
  32
  33         info->unix_basic.in.end_of_file = SMB_SIZE_NO_CHANGE_HI;
  34         info->unix_basic.in.end_of_file <<= 32;
  35         info->unix_basic.in.end_of_file |= SMB_SIZE_NO_CHANGE_LO;
  36
  37         info->unix_basic.in.num_bytes = SMB_SIZE_NO_CHANGE_HI;
  38         info->unix_basic.in.num_bytes <<= 32;
  39         info->unix_basic.in.num_bytes |= SMB_SIZE_NO_CHANGE_LO;
  40
  41         info->unix_basic.in.status_change_time = SMB_TIME_NO_CHANGE_HI;
  42         info->unix_basic.in.status_change_time <<= 32;
  43         info->unix_basic.in.status_change_time |= SMB_TIME_NO_CHANGE_LO;
  44
  45         info->unix_basic.in.access_time = SMB_TIME_NO_CHANGE_HI;
  46         info->unix_basic.in.access_time <<= 32;
  47         info->unix_basic.in.access_time |= SMB_TIME_NO_CHANGE_LO;
  48
  49         info->unix_basic.in.change_time = SMB_TIME_NO_CHANGE_HI;
  50         info->unix_basic.in.change_time <<= 32;
  51         info->unix_basic.in.change_time |= SMB_TIME_NO_CHANGE_LO;
  52
  53         info->unix_basic.in.uid = SMB_UID_NO_CHANGE;
  54         info->unix_basic.in.gid = SMB_GID_NO_CHANGE;
  55 }
  56
  57 struct list_state {
  58         const char *fname;
  59         bool visible;
  60 };
  61
  62 static void set_visible(struct clilist_file_info *i, const char *mask,
  63                         void *priv)
  64 {
  65         struct list_state *state = (struct list_state *)priv;
  66
  67         if (strcasecmp_m(state->fname, i->name) == 0)
  68                 state->visible = true;
  69 }
  70
  71 static bool is_visible(struct smbcli_tree *tree, const char *fname)
  72 {
  73         struct list_state state;
  74
  75         state.visible = false;
  76         state.fname = fname;
  77
  78         if (smbcli_list(tree, "*.*", 0, set_visible, &state) < 0) {
  79                 return false;
  80         }
  81         return state.visible;
  82 }
  83
  84 static bool is_readable(struct smbcli_tree *tree, const char *fname)
  85 {
  86         int fnum;
  87         fnum = smbcli_open(tree, fname, O_RDONLY, DENY_NONE);
  88         if (fnum < 0) {
  89                 return false;
  90         }
  91         smbcli_close(tree, fnum);
  92         return true;
  93 }
  94
  95 static bool is_writeable(TALLOC_CTX *mem_ctx, struct smbcli_tree *tree,
  96                          const char *fname)
  97 {
  98         int fnum;
  99         fnum = smbcli_open(tree, fname, O_WRONLY, DENY_NONE);
 100         if (fnum < 0) {
 101                 return false;
 102         }
 103         smbcli_close(tree, fnum);
 104         return true;
 105 }
 106
 107 /*
 108  * This is not an exact method because there's a ton of reasons why a getatr
 109  * might fail. But for our purposes it's sufficient.
 110  */
 111
 112 static bool smbcli_file_exists(struct smbcli_tree *tree, const char *fname)
 113 {
 114         return NT_STATUS_IS_OK(smbcli_getatr(tree, fname, NULL, NULL, NULL));
 115 }
 116
 117 static NTSTATUS smbcli_setup_unix(struct smbcli_tree *tree)
 118 {
 119         union smb_fsinfo fsinfo;
 120         union smb_setfsinfo set_fsinfo;
 121         NTSTATUS status;
 122
 123         ZERO_STRUCT(fsinfo);
 124         ZERO_STRUCT(set_fsinfo);
 125
 126         fsinfo.generic.level = RAW_QFS_UNIX_INFO;
 127         status = smb_raw_fsinfo(tree, NULL, &fsinfo);
 128         if (!NT_STATUS_IS_OK(status)) {
 129                 printf("smb_raw_fsinfo failed %s\n",
 130                         nt_errstr(status));
 131                 return status;
 132         }
 133
 134         set_fsinfo.generic.level = RAW_SETFS_UNIX_INFO;
 135         set_fsinfo.unix_info.in.major_version = fsinfo.unix_info.out.major_version;
 136         set_fsinfo.unix_info.in.minor_version = fsinfo.unix_info.out.minor_version;
 137         set_fsinfo.unix_info.in.capability = fsinfo.unix_info.out.capability;
 138
 139         status = smb_raw_setfsinfo(tree, NULL, &set_fsinfo);
 140         if (!NT_STATUS_IS_OK(status)) {
 141                 printf("smb_raw_setfsinfo failed %s\n",
 142                         nt_errstr(status));
 143         }
 144         return status;
 145 }
 146
 147 static NTSTATUS smbcli_chmod(struct smbcli_tree *tree, const char *fname,
 148                              uint64_t permissions)
 149 {
 150         union smb_setfileinfo sfinfo;
 151         init_unixinfo_nochange(&sfinfo);
 152         sfinfo.unix_basic.in.file.path = fname;
 153         sfinfo.unix_basic.in.permissions = permissions;
 154         return smb_raw_setpathinfo(tree, &sfinfo);
 155 }
 156
 157 bool torture_samba3_hide(struct torture_context *torture)
 158 {
 159         struct smbcli_state *cli;
 160         const char *fname = "test.txt";
 161         int fnum;
 162         NTSTATUS status;
 163         struct smbcli_tree *hideunread;
 164         struct smbcli_tree *hideunwrite;
 165
 166         if (!torture_open_connection_share(
 167                     torture, &cli, torture, torture_setting_string(torture, "host", NULL),
 168                     torture_setting_string(torture, "share", NULL), torture->ev)) {
 169                 torture_fail(torture, "torture_open_connection_share failed\n");
 170         }
 171
 172         status = smbcli_setup_unix(cli->tree);
 173         if (!NT_STATUS_IS_OK(status)) {
 174                 torture_fail(torture,
 175                         talloc_asprintf(torture, "smbcli_setup_unix failed %s\n",
 176                                 nt_errstr(status)));
 177         }
 178
 179         status = torture_second_tcon(torture, cli->session, "hideunread",
 180                                      &hideunread);
 181         torture_assert_ntstatus_ok(torture, status, "second_tcon(hideunread) failed\n");
 182
 183         status = torture_second_tcon(torture, cli->session, "hideunwrite",
 184                                      &hideunwrite);
 185         torture_assert_ntstatus_ok(torture, status, "second_tcon(hideunwrite) failed\n");
 186
 187         status = smbcli_unlink(cli->tree, fname);
 188         if (NT_STATUS_EQUAL(status, NT_STATUS_CANNOT_DELETE)) {
 189                 smbcli_setatr(cli->tree, fname, 0, -1);
 190                 smbcli_unlink(cli->tree, fname);
 191         }
 192
 193         fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
 194         if (fnum == -1) {
 195                 torture_fail(torture,
 196                         talloc_asprintf(torture, "Failed to create %s - %s\n", fname, smbcli_errstr(cli->tree)));
 197         }
 198
 199         smbcli_close(cli->tree, fnum);
 200
 201         if (!smbcli_file_exists(cli->tree, fname)) {
 202                 torture_fail(torture, talloc_asprintf(torture, "%s does not exist\n", fname));
 203         }
 204
 205         /* R/W file should be visible everywhere */
 206
 207         status = smbcli_chmod(cli->tree, fname, UNIX_R_USR|UNIX_W_USR);
 208         torture_assert_ntstatus_ok(torture, status, "smbcli_chmod failed\n");
 209
 210         if (!is_writeable(torture, cli->tree, fname)) {
 211                 torture_fail(torture, "File not writable\n");
 212         }
 213         if (!is_readable(cli->tree, fname)) {
 214                 torture_fail(torture, "File not readable\n");
 215         }
 216         if (!is_visible(cli->tree, fname)) {
 217                 torture_fail(torture, "r/w file not visible via normal share\n");
 218         }
 219         if (!is_visible(hideunread, fname)) {
 220                 torture_fail(torture, "r/w file not visible via hide unreadable\n");
 221         }
 222         if (!is_visible(hideunwrite, fname)) {
 223                 torture_fail(torture, "r/w file not visible via hide unwriteable\n");
 224         }
 225
 226         /* R/O file should not be visible via hide unwriteable files */
 227
 228         status = smbcli_chmod(cli->tree, fname, UNIX_R_USR);
 229         torture_assert_ntstatus_ok(torture, status, "smbcli_chmod failed\n");
 230
 231         if (is_writeable(torture, cli->tree, fname)) {
 232                 torture_fail(torture, "r/o is writable\n");
 233         }
 234         if (!is_readable(cli->tree, fname)) {
 235                 torture_fail(torture, "r/o not readable\n");
 236         }
 237         if (!is_visible(cli->tree, fname)) {
 238                 torture_fail(torture, "r/o file not visible via normal share\n");
 239         }
 240         if (!is_visible(hideunread, fname)) {
 241                 torture_fail(torture, "r/o file not visible via hide unreadable\n");
 242         }
 243         if (is_visible(hideunwrite, fname)) {
 244                 torture_fail(torture, "r/o file visible via hide unwriteable\n");
 245         }
 246
 247         /* inaccessible file should be only visible on normal share */
 248
 249         status = smbcli_chmod(cli->tree, fname, 0);
 250         torture_assert_ntstatus_ok(torture, status, "smbcli_chmod failed\n");
 251
 252         if (is_writeable(torture, cli->tree, fname)) {
 253                 torture_fail(torture, "inaccessible file is writable\n");
 254         }
 255         if (is_readable(cli->tree, fname)) {
 256                 torture_fail(torture, "inaccessible file is readable\n");
 257         }
 258         if (!is_visible(cli->tree, fname)) {
 259                 torture_fail(torture, "inaccessible file not visible via normal share\n");
 260         }
 261         if (is_visible(hideunread, fname)) {
 262                 torture_fail(torture, "inaccessible file visible via hide unreadable\n");
 263         }
 264         if (is_visible(hideunwrite, fname)) {
 265                 torture_fail(torture, "inaccessible file visible via hide unwriteable\n");
 266         }
 267
 268         smbcli_chmod(cli->tree, fname, UNIX_R_USR|UNIX_W_USR);
 269         smbcli_unlink(cli->tree, fname);
 270
 271         return true;
 272 }
 273
 274 /*
 275  * Try to force smb_close to return an error. The only way I can think of is
 276  * to open a file with delete on close, chmod the parent dir to 000 and then
 277  * close. smb_close should return NT_STATUS_ACCESS_DENIED.
 278  */
 279
 280 bool torture_samba3_closeerr(struct torture_context *tctx)
 281 {
 282         struct smbcli_state *cli = NULL;
 283         bool result = false;
 284         NTSTATUS status;
 285         const char *dname = "closeerr.dir";
 286         const char *fname = "closeerr.dir\\closerr.txt";
 287         int fnum;
 288
 289         if (!torture_open_connection(&cli, tctx, 0)) {
 290                 goto fail;
 291         }
 292
 293         smbcli_deltree(cli->tree, dname);
 294
 295         torture_assert_ntstatus_ok(
 296                 tctx, smbcli_mkdir(cli->tree, dname),
 297                 talloc_asprintf(tctx, "smbcli_mdir failed: (%s)\n",
 298                                 smbcli_errstr(cli->tree)));
 299
 300         fnum = smbcli_open(cli->tree, fname, O_CREAT|O_RDWR,
 301                             DENY_NONE);
 302         torture_assert(tctx, fnum != -1,
 303                        talloc_asprintf(tctx, "smbcli_open failed: %s\n",
 304                                        smbcli_errstr(cli->tree)));
 305         smbcli_close(cli->tree, fnum);
 306
 307         fnum = smbcli_nt_create_full(cli->tree, fname, 0,
 308                                       SEC_RIGHTS_FILE_ALL,
 309                                       FILE_ATTRIBUTE_NORMAL,
 310                                       NTCREATEX_SHARE_ACCESS_DELETE,
 311                                       NTCREATEX_DISP_OPEN, 0, 0);
 312
 313         torture_assert(tctx, fnum != -1,
 314                        talloc_asprintf(tctx, "smbcli_open failed: %s\n",
 315                                        smbcli_errstr(cli->tree)));
 316
 317         status = smbcli_nt_delete_on_close(cli->tree, fnum, true);
 318
 319         torture_assert_ntstatus_ok(tctx, status,
 320                                    "setting delete_on_close on file failed !");
 321
 322         status = smbcli_chmod(cli->tree, dname, 0);
 323
 324         torture_assert_ntstatus_ok(tctx, status,
 325                                    "smbcli_chmod on file failed !");
 326
 327         status = smbcli_close(cli->tree, fnum);
 328
 329         smbcli_chmod(cli->tree, dname, UNIX_R_USR|UNIX_W_USR|UNIX_X_USR);
 330         smbcli_deltree(cli->tree, dname);
 331
 332         torture_assert_ntstatus_equal(tctx, status, NT_STATUS_ACCESS_DENIED,
 333                                       "smbcli_close");
 334
 335         result = true;
 336
 337  fail:
 338         if (cli) {
 339                 torture_close_connection(cli);
 340         }
 341         return result;
 342 }