#include "system/filesys.h"
#include "libcli/raw/libcliraw.h"
#include "libcli/libcli.h"
+#include "libcli/security/security.h"
#include "torture/util.h"
+#include "torture/smbtorture.h"
+#include "cxd_known.h"
extern int torture_failures;
return torture_ntdenytest(torture, cli1, cli2, 0);
}
+#define COMPARE_STATUS(status, correct) do { \
+ if (!NT_STATUS_EQUAL(status, correct)) { \
+ torture_result(tctx, TORTURE_FAIL, \
+ "(%s) Incorrect status %s - should be %s\n", \
+ __location__, nt_errstr(status), nt_errstr(correct)); \
+ ret = false; \
+ failed = true; \
+ }} while (0)
#define CHECK_STATUS(status, correct) do { \
if (!NT_STATUS_EQUAL(status, correct)) { \
return ret;
}
+#define CXD_MATCHES(_cxd, i) \
+ ((cxd_known[i].cxd_test == (_cxd)->cxd_test) && \
+ (cxd_known[i].cxd_flags == (_cxd)->cxd_flags) && \
+ (cxd_known[i].cxd_access1 == (_cxd)->cxd_access1) && \
+ (cxd_known[i].cxd_sharemode1 == (_cxd)->cxd_sharemode1) && \
+ (cxd_known[i].cxd_access2 == (_cxd)->cxd_access2) && \
+ (cxd_known[i].cxd_sharemode2 == (_cxd)->cxd_sharemode2))
+
+static int cxd_find_known(struct createx_data *cxd)
+{
+ static int i = -1;
+
+ /* Optimization for tests which we don't have results saved for. */
+ if ((cxd->cxd_test == CXD_TEST_CREATEX_ACCESS_EXHAUSTIVE) ||
+ (cxd->cxd_test == CXD_TEST_CREATEX_SHAREMODE_EXTENDED))
+ return -1;
+
+ /* Optimization: If our cxd_known table is too large, it hurts test
+ * performance to search through the entire table each time. If the
+ * caller can pass in the previous result, we can try the next entry.
+ * This works if results are taken directly from the same code. */
+ i++;
+ if ((i >= 0) && (i < sizeof(cxd_known) / sizeof(cxd_known[0])) &&
+ CXD_MATCHES(cxd, i))
+ return i;
+
+ for (i = 0; i < (sizeof(cxd_known) / sizeof(cxd_known[0])); i++) {
+ if (CXD_MATCHES(cxd, i))
+ return i;
+ }
+
+ return -1;
+}
+
+#define FILL_NTCREATEX(_struct, _init...) \
+ do { \
+ (_struct)->generic.level = RAW_OPEN_NTCREATEX; \
+ (_struct)->ntcreatex.in \
+ = (typeof((_struct)->ntcreatex.in)) {_init};\
+ } while (0)
+
+#define CREATEX_NAME "\\createx_dir"
+
+static bool createx_make_dir(struct torture_context *tctx,
+ struct smbcli_tree *tree, TALLOC_CTX *mem_ctx, const char *fname)
+{
+ bool ret = true;
+ NTSTATUS status;
+
+ status = smbcli_mkdir(tree, fname);
+ CHECK_STATUS(status, NT_STATUS_OK);
+
+ done:
+ return ret;
+}
+
+static bool createx_make_file(struct torture_context *tctx,
+ struct smbcli_tree *tree, TALLOC_CTX *mem_ctx, const char *fname)
+{
+ union smb_open open_parms;
+ bool ret = true;
+ NTSTATUS status;
+
+ FILL_NTCREATEX(&open_parms,
+ .flags = 0,
+ .access_mask = SEC_RIGHTS_FILE_ALL,
+ .file_attr = FILE_ATTRIBUTE_NORMAL,
+ .share_access = 0,
+ .open_disposition = NTCREATEX_DISP_CREATE,
+ .create_options = 0,
+ .fname = fname,
+ );
+ status = smb_raw_open(tree, mem_ctx, &open_parms);
+ CHECK_STATUS(status, NT_STATUS_OK);
+
+ status = smbcli_close(tree, open_parms.ntcreatex.out.file.fnum);
+ CHECK_STATUS(status, NT_STATUS_OK);
+
+ done:
+ return ret;
+}
+
+static void createx_fill_dir(union smb_open *open_parms, int accessmode,
+ int sharemode, const char *fname)
+{
+ FILL_NTCREATEX(open_parms,
+ .flags = 0,
+ .access_mask = accessmode,
+ .file_attr = FILE_ATTRIBUTE_DIRECTORY,
+ .share_access = sharemode,
+ .open_disposition = NTCREATEX_DISP_OPEN_IF,
+ .create_options = NTCREATEX_OPTIONS_DIRECTORY,
+ .fname = fname,
+ );
+}
+
+static void createx_fill_file(union smb_open *open_parms, int accessmode,
+ int sharemode, const char *fname)
+{
+ FILL_NTCREATEX(open_parms,
+ .flags = 0,
+ .access_mask = accessmode,
+ .file_attr = FILE_ATTRIBUTE_NORMAL,
+ .share_access = sharemode,
+ .open_disposition = NTCREATEX_DISP_OPEN_IF,
+ .create_options = 0,
+ .fname = fname,
+ );
+}
+
+static int data_file_fd = -1;
+
+#define KNOWN "known"
+#define CHILD "child"
+static bool createx_test_dir(struct torture_context *tctx,
+ struct smbcli_tree *tree, int fnum, TALLOC_CTX *mem_ctx, NTSTATUS *result)
+{
+ bool ret = true;
+ NTSTATUS status;
+ union smb_open open_parms;
+
+ /* bypass original handle to guarantee creation */
+ FILL_NTCREATEX(&open_parms,
+ .flags = 0,
+ .access_mask = SEC_RIGHTS_FILE_ALL,
+ .file_attr = FILE_ATTRIBUTE_NORMAL,
+ .share_access = 0,
+ .open_disposition = NTCREATEX_DISP_CREATE,
+ .create_options = 0,
+ .fname = CREATEX_NAME "\\" KNOWN,
+ );
+ status = smb_raw_open(tree, mem_ctx, &open_parms);
+ CHECK_STATUS(status, NT_STATUS_OK);
+ smbcli_close(tree, open_parms.ntcreatex.out.file.fnum);
+
+ result[CXD_DIR_ENUMERATE] = NT_STATUS_OK;
+
+ /* try to create a child */
+ FILL_NTCREATEX(&open_parms,
+ .flags = 0,
+ .access_mask = SEC_RIGHTS_FILE_ALL,
+ .file_attr = FILE_ATTRIBUTE_NORMAL,
+ .share_access = 0,
+ .open_disposition = NTCREATEX_DISP_CREATE,
+ .create_options = 0,
+ .fname = CHILD,
+ .root_fid = fnum,
+ );
+
+ result[CXD_DIR_CREATE_CHILD] =
+ smb_raw_open(tree, mem_ctx, &open_parms);
+ smbcli_close(tree, open_parms.ntcreatex.out.file.fnum);
+
+ /* try to traverse dir to known good file */
+ FILL_NTCREATEX(&open_parms,
+ .flags = 0,
+ .access_mask = SEC_RIGHTS_FILE_ALL,
+ .file_attr = FILE_ATTRIBUTE_NORMAL,
+ .share_access = 0,
+ .open_disposition = NTCREATEX_DISP_OPEN,
+ .create_options = 0,
+ .fname = KNOWN,
+ .root_fid = fnum,
+ );
+
+ result[CXD_DIR_TRAVERSE] =
+ smb_raw_open(tree, mem_ctx, &open_parms);
+
+
+ smbcli_close(tree, open_parms.ntcreatex.out.file.fnum);
+ smbcli_unlink(tree, CREATEX_NAME "\\" KNOWN);
+ smbcli_unlink(tree, CREATEX_NAME "\\" CHILD);
+
+ done:
+ return ret;
+}
+
+static bool createx_test_file(struct torture_context *tctx,
+ struct smbcli_tree *tree, int fnum, TALLOC_CTX *mem_ctx, NTSTATUS *result)
+{
+ union smb_read rd = {};
+ union smb_write wr = {};
+ char buf[256] = "";
+
+ rd.readx.level = RAW_READ_READX;
+ rd.readx.in.file.fnum = fnum;
+ rd.readx.in.mincnt = sizeof(buf);
+ rd.readx.in.maxcnt = sizeof(buf);
+ rd.readx.out.data = buf;
+ result[CXD_FILE_READ] = smb_raw_read(tree, &rd);
+
+ wr.writex.level = RAW_WRITE_WRITEX;
+ wr.writex.in.file.fnum = fnum;
+ wr.writex.in.count = sizeof(buf);
+ wr.writex.in.data = buf;
+
+ result[CXD_FILE_WRITE] = smb_raw_write(tree, &wr);
+
+ memset(&rd, 0, sizeof(rd));
+ rd.readx.level = RAW_READ_READX;
+ rd.readx.in.file.fnum = fnum;
+ rd.readx.in.mincnt = sizeof(buf);
+ rd.readx.in.maxcnt = sizeof(buf);
+ rd.readx.in.read_for_execute = 1;
+ rd.readx.out.data = buf;
+
+ result[CXD_FILE_EXECUTE] = smb_raw_read(tree, &rd);
+
+ return true;
+}
+
+/* TODO When redirecting stdout to a file, the progress bar really screws up
+ * the output. Could use a switch "--noprogress", or direct the progress bar to
+ * stderr? No other solution? */
+static void createx_progress_bar(struct torture_context *tctx, uint_t i,
+ uint_t total, uint_t skipped)
+{
+ if (torture_setting_bool(tctx, "progress", true)) {
+ torture_comment(tctx, "%5d/%5d (%d skipped)\r", i, total,
+ skipped);
+ fflush(stdout);
+ }
+}
+
+static bool torture_createx_specific(struct torture_context *tctx, struct
+ smbcli_state *cli, struct smbcli_state *cli2, TALLOC_CTX *mem_ctx, struct
+ createx_data *cxd, int estimated_count)
+{
+ static int call_count = 1;
+ static int unskipped_call_count = 1;
+ const char *fname = CREATEX_NAME;
+ int fnum = -1, fnum2 = -1, res, i;
+ union smb_open open_parms1, open_parms2;
+ bool ret = true;
+ bool is_dir = cxd->cxd_flags & CXD_FLAGS_DIRECTORY;
+ NTSTATUS *result = &cxd->cxd_result[0];
+ NTSTATUS *result2 = &cxd->cxd_result2[0];
+ bool found = false, failed = false;
+
+ bool (*make_func)(struct torture_context *,
+ struct smbcli_tree *, TALLOC_CTX *, const char *);
+ void (*fill_func)(union smb_open *, int, int, const char *);
+ bool (*test_func)(struct torture_context *,
+ struct smbcli_tree *, int, TALLOC_CTX *, NTSTATUS *);
+ NTSTATUS (*destroy_func)(struct smbcli_tree *, const char *);
+
+ if (is_dir) {
+ make_func = createx_make_dir;
+ fill_func = createx_fill_dir;
+ test_func = createx_test_dir;
+ destroy_func = smbcli_rmdir;
+ } else {
+ make_func = createx_make_file;
+ fill_func = createx_fill_file;
+ test_func = createx_test_file;
+ destroy_func = smbcli_unlink;
+ }
+
+ if (cxd->cxd_flags & CXD_FLAGS_MAKE_BEFORE_CREATEX) {
+ ret = make_func(tctx, cli->tree, mem_ctx, fname);
+ if (!ret) {
+ torture_result(tctx, TORTURE_FAIL,
+ "Initial creation failed\n");
+ goto done;
+ }
+ }
+
+ /* Initialize. */
+ fill_func(&open_parms1, cxd->cxd_access1, cxd->cxd_sharemode1, fname);
+
+ if (cxd->cxd_test == CXD_TEST_CREATEX_SHAREMODE) {
+ fill_func(&open_parms2, cxd->cxd_access2, cxd->cxd_sharemode2,
+ fname);
+ }
+
+ for (i = CXD_CREATEX + 1; i < CXD_MAX; i++) {
+ result[i] = NT_STATUS_UNSUCCESSFUL;
+ result2[i] = NT_STATUS_UNSUCCESSFUL;
+ }
+
+ /* Perform open(s). */
+ result[CXD_CREATEX] = smb_raw_open(cli->tree, mem_ctx, &open_parms1);
+ if (NT_STATUS_IS_OK(result[CXD_CREATEX])) {
+ fnum = open_parms1.ntcreatex.out.file.fnum;
+ ret = test_func(tctx, cli->tree, fnum, mem_ctx, result);
+ smbcli_close(cli->tree, fnum);
+ }
+
+ if (cxd->cxd_test == CXD_TEST_CREATEX_SHAREMODE) {
+ result2[CXD_CREATEX] = smb_raw_open(cli2->tree, mem_ctx,
+ &open_parms2);
+ if (NT_STATUS_IS_OK(result2[CXD_CREATEX])) {
+ fnum2 = open_parms2.ntcreatex.out.file.fnum;
+ ret = test_func(tctx, cli2->tree, fnum2, mem_ctx,
+ result2);
+ smbcli_close(cli2->tree, fnum2);
+ }
+ }
+
+ if (data_file_fd >= 0) {
+ found = true;
+ res = write(data_file_fd, &cxd, sizeof(cxd));
+ if (res != sizeof(cxd)) {
+ torture_result(tctx, TORTURE_FAIL,
+ "(%s): write failed: %s!",
+ __location__, strerror(errno));
+ ret = false;
+ }
+ } else if ((res = cxd_find_known(cxd)) >= 0) {
+ found = true;
+ for (i = 0; i < CXD_MAX; i++) {
+ /* Note: COMPARE_STATUS will set the "failed" bool. */
+ COMPARE_STATUS(result[i], cxd_known[res].cxd_result[i]);
+ if (i == 0 && !NT_STATUS_IS_OK(result[i]))
+ break;
+
+ if (cxd->cxd_test == CXD_TEST_CREATEX_SHAREMODE) {
+ COMPARE_STATUS(result2[i],
+ cxd_known[res].cxd_result2[i]);
+ if (i == 0 && !NT_STATUS_IS_OK(result2[i]))
+ break;
+ }
+ }
+ }
+
+ /* We print if its not in the "cxd_known" list or if we fail. */
+ if (!found || failed) {
+ torture_comment(tctx,
+ " { .cxd_test = %d, .cxd_flags = %#3x, "
+ ".cxd_access1 = %#10x, .cxd_sharemode1=%1x, "
+ ".cxd_access2=%#10x, .cxd_sharemode2=%1x, "
+ ".cxd_result = { ", cxd->cxd_test, cxd->cxd_flags,
+ cxd->cxd_access1, cxd->cxd_sharemode1, cxd->cxd_access2,
+ cxd->cxd_sharemode2);
+ for (i = 0; i < CXD_MAX; i++) {
+ torture_comment(tctx, "%s, ", nt_errstr(result[i]));
+ if (i == 0 && !NT_STATUS_IS_OK(result[i]))
+ break;
+ }
+ torture_comment(tctx, "}");
+ if (cxd->cxd_test == CXD_TEST_CREATEX_SHAREMODE) {
+ torture_comment(tctx, ", .cxd_result2 = { ");
+ for (i = 0; i < CXD_MAX; i++) {
+ torture_comment(tctx, "%s, ",
+ nt_errstr(result2[i]));
+ if (i == 0 && !NT_STATUS_IS_OK(result2[i]))
+ break;
+ }
+ torture_comment(tctx, "}");
+ }
+ torture_comment(tctx, "}, \n");
+ } else {
+ createx_progress_bar(tctx, call_count, estimated_count,
+ call_count - unskipped_call_count);
+ }
+ /* Count tests that we didn't skip. */
+ unskipped_call_count++;
+ done:
+ call_count++;
+
+ destroy_func(cli->tree, fname);
+ return ret;
+}
+
+uint32_t sec_access_bit_groups[] = {
+ SEC_RIGHTS_FILE_READ,
+ SEC_RIGHTS_FILE_WRITE,
+ SEC_RIGHTS_FILE_EXECUTE
+};
+#define NUM_ACCESS_GROUPS (sizeof(sec_access_bit_groups) / sizeof(uint32_t))
+#define ACCESS_GROUPS_COUNT ((1 << NUM_ACCESS_GROUPS))
+#define BITSINBYTE 8
+
+/* Note: See NTCREATEX_SHARE_ACCESS_{NONE,READ,WRITE,DELETE} for share mode
+ * declarations. */
+#define NUM_SHAREMODE_PERMUTATIONS 8
+
+/**
+ * NTCREATEX and SHARE MODE test.
+ *
+ * Open with combinations of (access_mode, share_mode).
+ * - Check status
+ * Open 2nd time with combination of (access_mode2, share_mode2).
+ * - Check status
+ * Perform operations to verify?
+ * - Read
+ * - Write
+ * - Delete
+ */
+bool torture_createx_sharemodes(struct torture_context *tctx,
+ struct smbcli_state *cli,
+ struct smbcli_state *cli2,
+ bool dir,
+ bool extended)
+{
+ TALLOC_CTX *mem_ctx;
+ bool ret = true;
+ int i, j, est;
+ int gp1, gp2; /* group permuters */
+ struct createx_data cxd = {0};
+ int num_access_bits1 = sizeof(cxd.cxd_access1) * BITSINBYTE;
+ int num_access_bits2 = sizeof(cxd.cxd_access2) * BITSINBYTE;
+
+ mem_ctx = talloc_init("createx_sharemodes");
+ if (!mem_ctx)
+ return false;
+
+ cxd.cxd_test = extended ? CXD_TEST_CREATEX_SHAREMODE_EXTENDED :
+ CXD_TEST_CREATEX_SHAREMODE;
+ cxd.cxd_flags = dir ? CXD_FLAGS_DIRECTORY: 0;
+
+ /* HACK for progress bar: figure out estimated count. */
+ est = (NUM_SHAREMODE_PERMUTATIONS * NUM_SHAREMODE_PERMUTATIONS) *
+ ((ACCESS_GROUPS_COUNT * ACCESS_GROUPS_COUNT) +
+ (extended ? num_access_bits1 * num_access_bits2 : 0));
+
+ /* Blank slate. */
+ smbcli_deltree(cli->tree, CREATEX_NAME);
+ smbcli_unlink(cli->tree, CREATEX_NAME);
+
+ /* Choose 2 random share modes. */
+ for (cxd.cxd_sharemode1 = 0;
+ cxd.cxd_sharemode1 < NUM_SHAREMODE_PERMUTATIONS;
+ cxd.cxd_sharemode1++) {
+ for (cxd.cxd_sharemode2 = 0;
+ cxd.cxd_sharemode2 < NUM_SHAREMODE_PERMUTATIONS;
+ cxd.cxd_sharemode2++) {
+
+ /* Permutate through our access_bit_groups. */
+ for (gp1 = 0; gp1 < ACCESS_GROUPS_COUNT; gp1++) {
+ for (gp2 = 0; gp2 < ACCESS_GROUPS_COUNT; gp2++)
+ {
+ cxd.cxd_access1 = cxd.cxd_access2 = 0;
+
+ for (i = 0; i < NUM_ACCESS_GROUPS; i++)
+ {
+ cxd.cxd_access1 |=
+ (gp1 & (1 << i)) ?
+ sec_access_bit_groups[i]:0;
+ cxd.cxd_access2 |=
+ (gp2 & (1 << i)) ?
+ sec_access_bit_groups[i]:0;
+ }
+
+ torture_createx_specific(tctx, cli,
+ cli2, mem_ctx, &cxd, est);
+ }
+ }
+
+ /* Only do the single access bits on an extended run. */
+ if (!extended)
+ continue;
+
+ for (i = 0; i < num_access_bits1; i++) {
+ for (j = 0; j < num_access_bits2; j++) {
+ cxd.cxd_access1 = 1ull << i;
+ cxd.cxd_access2 = 1ull << j;
+
+ torture_createx_specific(tctx, cli,
+ cli2, mem_ctx, &cxd, est);
+ }
+ }
+ }
+ }
+ torture_comment(tctx, "\n");
+
+ talloc_free(mem_ctx);
+ return ret;
+}
+
+bool torture_createx_sharemodes_file(struct torture_context *tctx,
+ struct smbcli_state *cli, struct smbcli_state *cli2)
+{
+ return torture_createx_sharemodes(tctx, cli, cli2, false, false);
+}
+
+bool torture_createx_sharemodes_dir(struct torture_context *tctx,
+ struct smbcli_state *cli, struct smbcli_state *cli2)
+{
+ return torture_createx_sharemodes(tctx, cli, cli2, true, false);
+}
+
+bool torture_createx_access(struct torture_context *tctx,
+ struct smbcli_state *cli)
+{
+ TALLOC_CTX *mem_ctx;
+ bool ret = true;
+ uint32_t group_permuter;
+ uint32_t i;
+ struct createx_data cxd = {0};
+ int est;
+ int num_access_bits = sizeof(cxd.cxd_access1) * BITSINBYTE;
+
+ mem_ctx = talloc_init("createx_dir");
+ if (!mem_ctx)
+ return false;
+
+ cxd.cxd_test = CXD_TEST_CREATEX_ACCESS;
+
+ /* HACK for progress bar: figure out estimated count. */
+ est = CXD_FLAGS_COUNT * (ACCESS_GROUPS_COUNT + (num_access_bits * 3));
+
+ /* Blank slate. */
+ smbcli_deltree(cli->tree, CREATEX_NAME);
+ smbcli_unlink(cli->tree, CREATEX_NAME);
+
+ for (cxd.cxd_flags = 0; cxd.cxd_flags <= CXD_FLAGS_MASK;
+ cxd.cxd_flags++) {
+ /**
+ * This implements a basic permutation of all elements of
+ * 'bit_group'. group_permuter is a bit field representing
+ * which groups to turn on.
+ */
+ for (group_permuter = 0; group_permuter < (1 <<
+ NUM_ACCESS_GROUPS); group_permuter++) {
+ for (i = 0, cxd.cxd_access1 = 0;
+ i < NUM_ACCESS_GROUPS; i++) {
+ cxd.cxd_access1 |= (group_permuter & (1 << i))
+ ? sec_access_bit_groups[i] : 0;
+ }
+
+ torture_createx_specific(tctx, cli, NULL, mem_ctx,
+ &cxd, est);
+ }
+
+ for (i = 0; i < num_access_bits; i++) {
+ /* And now run through the single access bits. */
+ cxd.cxd_access1 = 1 << i;
+ torture_createx_specific(tctx, cli, NULL, mem_ctx,
+ &cxd, est);
+
+ /* Does SEC_FLAG_MAXIMUM_ALLOWED override? */
+ cxd.cxd_access1 |= SEC_FLAG_MAXIMUM_ALLOWED;
+ torture_createx_specific(tctx, cli, NULL, mem_ctx,
+ &cxd, est);
+
+ /* What about SEC_FLAG_SYSTEM_SECURITY? */
+ cxd.cxd_access1 |= SEC_FLAG_SYSTEM_SECURITY;
+ torture_createx_specific(tctx, cli, NULL, mem_ctx,
+ &cxd, est);
+ }
+ }
+
+ talloc_free(mem_ctx);
+ return ret;
+}
+
+#define ACCESS_KNOWN_MASK 0xF31F01FFull
+
+bool torture_createx_access_exhaustive(struct torture_context *tctx,
+ struct smbcli_state *cli)
+{
+ char *data_file;
+ TALLOC_CTX *mem_ctx;
+ bool ret = true, first;
+ uint32_t i;
+ struct createx_data cxd = {0};
+
+ mem_ctx = talloc_init("createx_dir");
+ if (!mem_ctx)
+ return false;
+
+ data_file = getenv("CREATEX_DATA");
+ if (data_file) {
+ data_file_fd = open(data_file, O_WRONLY|O_CREAT|O_TRUNC, 0666);
+ if (data_file_fd < 0) {
+ torture_result(tctx, TORTURE_FAIL,
+ "(%s): data file open failedu: %s!",
+ __location__, strerror(errno));
+ ret = false;
+ goto done;
+ }
+ }
+
+ /* Blank slate. */
+ smbcli_deltree(cli->tree, CREATEX_NAME);
+ smbcli_unlink(cli->tree, CREATEX_NAME);
+
+ cxd.cxd_test = CXD_TEST_CREATEX_ACCESS_EXHAUSTIVE;
+
+ for (cxd.cxd_flags = 0; cxd.cxd_flags <= CXD_FLAGS_MASK;
+ cxd.cxd_flags++) {
+ for (i = 0, first = true; (i != 0) || first; first = false,
+ i = ((i | ~ACCESS_KNOWN_MASK) + 1) & ACCESS_KNOWN_MASK) {
+ cxd.cxd_access1 = i;
+ ret = torture_createx_specific(tctx, cli, NULL,
+ mem_ctx, &cxd, 0);
+ if (!ret)
+ break;
+ }
+ }
+
+ close(data_file_fd);
+ data_file_fd = -1;
+
+ done:
+ talloc_free(mem_ctx);
+ return ret;
+}
+
+#define MAXIMUM_ALLOWED_FILE "torture_maximum_allowed"
+bool torture_maximum_allowed(struct torture_context *tctx,
+ struct smbcli_state *cli)
+{
+ struct security_descriptor *sd;
+ union smb_open io = {};
+ static TALLOC_CTX *mem_ctx;
+ int fnum, i;
+ bool ret = true;
+ NTSTATUS status;
+
+ mem_ctx = talloc_init("torture_maximum_allowed");
+
+ sd = security_descriptor_dacl_create(mem_ctx,
+ 0, NULL, NULL,
+ SID_NT_AUTHENTICATED_USERS,
+ SEC_ACE_TYPE_ACCESS_ALLOWED,
+ SEC_RIGHTS_FILE_READ,
+ 0, NULL);
+
+ /* Blank slate */
+ smbcli_unlink(cli->tree, MAXIMUM_ALLOWED_FILE);
+
+ /* create initial file with restrictive SD */
+ io.generic.level = RAW_OPEN_NTTRANS_CREATE;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+ io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+ io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+ io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+ io.ntcreatex.in.fname = MAXIMUM_ALLOWED_FILE;
+ io.ntcreatex.in.sec_desc = sd;
+
+ status = smb_raw_open(cli->tree, mem_ctx, &io);
+ CHECK_STATUS(status, NT_STATUS_OK);
+ fnum = io.ntcreatex.out.file.fnum;
+
+ smbcli_close(cli->tree, fnum);
+
+ for (i = 0; i < 32; i++) {
+ uint32_t mask = SEC_FLAG_MAXIMUM_ALLOWED | (1u << i);
+
+ memset(&io, 0, sizeof(io));
+ io.generic.level = RAW_OPEN_NTTRANS_CREATE;
+ io.ntcreatex.in.access_mask = mask;
+ io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+ io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+ io.ntcreatex.in.impersonation =
+ NTCREATEX_IMPERSONATION_ANONYMOUS;
+ io.ntcreatex.in.fname = MAXIMUM_ALLOWED_FILE;
+
+ status = smb_raw_open(cli->tree, mem_ctx, &io);
+ if (mask & SEC_RIGHTS_FILE_READ ||
+ mask & SEC_GENERIC_READ ||
+ mask & SEC_STD_DELETE || /* owner gets delete */
+ mask & SEC_STD_WRITE_DAC || /* and write_dac */
+ mask & SEC_STD_WRITE_OWNER ||
+ mask & SEC_FLAG_SYSTEM_SECURITY ||
+ mask == SEC_FLAG_MAXIMUM_ALLOWED)
+ CHECK_STATUS(status, NT_STATUS_OK);
+ else
+ CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+ fnum = io.ntcreatex.out.file.fnum;
+
+ smbcli_close(cli->tree, fnum);
+ }
+
+ done:
+ return ret;
+}
git.samba.org / bbaumbach / samba-autobuild / .git / blobdiff