git.samba.org - gd/samba-autobuild/.git/commit

author	Jeremy Allison <jra@samba.org>
	Wed, 15 Apr 2020 18:59:17 +0000 (11:59 -0700)
committer	Jeremy Allison <jra@samba.org>
	Thu, 16 Apr 2020 19:07:35 +0000 (19:07 +0000)
commit	cb59b75bee361fd4c98a6d732854a029ce3cb91d
tree	ee1321f65ebe112d2ecb27d68acc073867197891	tree
parent	5c73a2b3c1f802e5ede449b505a0fbc2e775efef	commit \| diff

s4: torture: SMB2. Add a new test that exposes interesting SD query behavior.

If we open a file without READ_CONTROL, requesting a security
descriptor fails with ACCESS_DENIED if any of the requested
bits OWNER|GROUP|DACL are set.

However, if we send zero as the requested bits then a
security descriptor is returned containing no data,
even though reading an SD should fail based on the
access permissions we have on the handle.

This has been tested against Windows 10, and also
passes on Samba - although in smbd we actually
read the SD off disk first, before nulling out
all the data we read. We shouldn't (we have
no rights to do so) and a subsequent commit
will fix this.

This was discovered when investigating the
smb2.winattr test, which currently relies
on exactly this behavior. It shouldn't
and the next commit will fix that.

I wanted to preserve the current smb2.winattr
behavior in a test though.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

selftest/skip		diff \| blob \| history
source4/torture/smb2/attr.c		diff \| blob \| history
source4/torture/smb2/smb2.c		diff \| blob \| history