r3387: fixed pvfs to pass the NTDENY tests. The tricky bit was

author Andrew Tridgell <tridge@samba.org>

Sat, 30 Oct 2004 05:53:56 +0000 (05:53 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 18:05:04 +0000 (13:05 -0500)
author Andrew Tridgell <tridge@samba.org>
Sat, 30 Oct 2004 05:53:56 +0000 (05:53 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 18:05:04 +0000 (13:05 -0500)
diff --git a/source4/include/smb.h b/source4/include/smb.h

index b36c2a870810e73fa2f45013c4993672a32594cb..623316087cf20dc3d6ed2318c027053ed47eb936 100644 (file)
--- a/source4/include/smb.h
+++ b/source4/include/smb.h
@@ -503,7 +503,7 @@ typedef struct nt_user_token {
  #define FLAGS2_IS_LONG_NAME            0x0040
  #define FLAGS2_EXTENDED_SECURITY       0x0800 
  #define FLAGS2_DFS_PATHNAMES           0x1000
-#define FLAGS2_READ_PERMIT_NO_EXECUTE  0x2000
+#define FLAGS2_READ_PERMIT_EXECUTE     0x2000
  #define FLAGS2_32_BIT_ERROR_CODES      0x4000 
  #define FLAGS2_UNICODE_STRINGS         0x8000
  
diff --git a/source4/ntvfs/common/opendb.c b/source4/ntvfs/common/opendb.c

index dfb1177eae336796eec8cb83a623d54b779eb8dc..5dc68e538282fb75ffae0c57ded16a8a2a40dbb4 100644 (file)
--- a/source4/ntvfs/common/opendb.c
+++ b/source4/ntvfs/common/opendb.c
@@ -154,20 +154,24 @@ static BOOL share_conflict(struct odb_entry *e1, struct odb_entry *e2)
  
         /* if either open involves no read.write or delete access then
            it can't conflict */
-       if (!(e1->access_mask & (SA_RIGHT_FILE_WRITE_DATA | 
+       if (!(e1->access_mask & (SA_RIGHT_FILE_WRITE_APPEND | 
                                  SA_RIGHT_FILE_READ_EXEC | 
                                  STD_RIGHT_DELETE_ACCESS))) {
                 return False;
         }
-       if (!(e2->access_mask & (SA_RIGHT_FILE_WRITE_DATA | 
+       if (!(e2->access_mask & (SA_RIGHT_FILE_WRITE_APPEND | 
                                  SA_RIGHT_FILE_READ_EXEC | 
                                  STD_RIGHT_DELETE_ACCESS))) {
                 return False;
         }
  
         /* check the basic share access */
-       CHECK_MASK(e1->access_mask, e2->share_access, SA_RIGHT_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE);
-       CHECK_MASK(e2->access_mask, e1->share_access, SA_RIGHT_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE);
+       CHECK_MASK(e1->access_mask, e2->share_access, 
+                  SA_RIGHT_FILE_WRITE_APPEND, 
+                  NTCREATEX_SHARE_ACCESS_WRITE);
+       CHECK_MASK(e2->access_mask, e1->share_access, 
+                  SA_RIGHT_FILE_WRITE_APPEND, 
+                  NTCREATEX_SHARE_ACCESS_WRITE);
  
         CHECK_MASK(e1->access_mask, e2->share_access, 
                    SA_RIGHT_FILE_READ_EXEC, 
diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c

index 346b1420e3b1d0fd21897db7477ade2be573acf6..bfaa7bf5a1973511dbf41f9718b25a49970b1265 100644 (file)
--- a/source4/ntvfs/posix/pvfs_open.c
+++ b/source4/ntvfs/posix/pvfs_open.c
@@ -290,9 +290,9 @@ static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs,
         }
  
         if ((access_mask & SA_RIGHT_FILE_READ_EXEC) &&
-           (access_mask & SA_RIGHT_FILE_WRITE_DATA)) {
+           (access_mask & SA_RIGHT_FILE_WRITE_APPEND)) {
                 flags = O_RDWR;
-       } else if (access_mask & SA_RIGHT_FILE_WRITE_DATA) {
+       } else if (access_mask & SA_RIGHT_FILE_WRITE_APPEND) {
                 flags = O_WRONLY;
         } else {
                 flags = O_RDONLY;
@@ -491,9 +491,9 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs,
         }
  
         if ((access_mask & SA_RIGHT_FILE_READ_EXEC) &&
-           (access_mask & SA_RIGHT_FILE_WRITE_DATA)) {
+           (access_mask & SA_RIGHT_FILE_WRITE_APPEND)) {
                 flags |= O_RDWR;
-       } else if (access_mask & SA_RIGHT_FILE_WRITE_DATA) {
+       } else if (access_mask & SA_RIGHT_FILE_WRITE_APPEND) {
                 flags |= O_WRONLY;
         } else {
                 flags |= O_RDONLY;
diff --git a/source4/ntvfs/posix/pvfs_read.c b/source4/ntvfs/posix/pvfs_read.c

index 734134368de2f5fc1484f1c2ab1cb96c9c24b2fa..1f89f01a03579799b71fa0ea5601c674848c0f36 100644 (file)
--- a/source4/ntvfs/posix/pvfs_read.c
+++ b/source4/ntvfs/posix/pvfs_read.c
@@ -34,6 +34,7 @@ NTSTATUS pvfs_read(struct ntvfs_module_context *ntvfs,
         struct pvfs_file *f;
         NTSTATUS status;
         uint32_t maxcnt;
+       uint32_t mask;
  
         if (rd->generic.level != RAW_READ_READX) {
                 return ntvfs_map_read(req, rd, ntvfs);
@@ -48,8 +49,12 @@ NTSTATUS pvfs_read(struct ntvfs_module_context *ntvfs,
                 return NT_STATUS_FILE_IS_A_DIRECTORY;
         }
  
-       if (!(f->access_mask & SA_RIGHT_FILE_READ_EXEC)) {
-               return NT_STATUS_ACCESS_VIOLATION;
+       mask = SA_RIGHT_FILE_READ_DATA;
+       if (req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) {
+               mask |= SA_RIGHT_FILE_EXECUTE;
+       }
+       if (!(f->access_mask & mask)) {
+               return NT_STATUS_ACCESS_DENIED;
         }
  
         maxcnt = rd->readx.in.maxcnt;
diff --git a/source4/ntvfs/posix/pvfs_write.c b/source4/ntvfs/posix/pvfs_write.c

index 235a21882ad9417f21143ee1212181106fe0cf02..018f43e6d0a1bb1e76366fd9a0df79e4f73e4b93 100644 (file)
--- a/source4/ntvfs/posix/pvfs_write.c
+++ b/source4/ntvfs/posix/pvfs_write.c
@@ -48,7 +48,7 @@ NTSTATUS pvfs_write(struct ntvfs_module_context *ntvfs,
                 return NT_STATUS_FILE_IS_A_DIRECTORY;
         }
  
-       if (!(f->access_mask & SA_RIGHT_FILE_WRITE_DATA)) {
+       if (!(f->access_mask & SA_RIGHT_FILE_WRITE_APPEND)) {
                 return NT_STATUS_ACCESS_VIOLATION;
         }
  
diff --git a/source4/torture/basic/denytest.c b/source4/torture/basic/denytest.c

index 32f44044cc6b3282323ac6ba50b4b49711c5d504..8dc6118b7df88a735fa94c5aa529e676deeb3cf4 100644 (file)
--- a/source4/torture/basic/denytest.c
+++ b/source4/torture/basic/denytest.c
@@ -1773,24 +1773,27 @@ static BOOL torture_ntdenytest(struct smbcli_state *cli1, struct smbcli_state *c
         union smb_open io1, io2;
         extern int torture_numops;
         int failures = 0;
+       char buf[1];
  
-       fname = talloc_asprintf(cli1, "\\ntdeny_%d.dat", client);
+       ZERO_STRUCT(buf);
+
+       fname = talloc_asprintf(cli1, "\\ntdeny_%d.dll", client);
  
         smbcli_unlink(cli1->tree, fname);
         fnum1 = smbcli_open(cli1->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
-       smbcli_write(cli1->tree, fnum1, 0, fname, 0, strlen(fname));
+       smbcli_write(cli1->tree, fnum1, 0, buf, 0, sizeof(buf));
         smbcli_close(cli1->tree, fnum1);
  
         GetTimeOfDay(&tv_start);
  
         io1.ntcreatex.level = RAW_OPEN_NTCREATEX;
         io1.ntcreatex.in.root_fid = 0;
-       io1.ntcreatex.in.flags = 0;
-       io1.ntcreatex.in.create_options = 0;
-       io1.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+       io1.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+       io1.ntcreatex.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+       io1.ntcreatex.in.file_attr = 0;
         io1.ntcreatex.in.alloc_size = 0;
         io1.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
-       io1.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+       io1.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_IMPERSONATION;
         io1.ntcreatex.in.security_flags = 0;
         io1.ntcreatex.in.fname = fname;
         io2 = io1;
@@ -1814,7 +1817,7 @@ static BOOL torture_ntdenytest(struct smbcli_state *cli1, struct smbcli_state *c
                 
                 io2.ntcreatex.in.share_access = map_bits(share_access_bits, b_sa2, nbits1);
                 io2.ntcreatex.in.access_mask  = map_bits(access_mask_bits,  b_am2, nbits2);
-               
+
                 status1 = smb_raw_open(cli1->tree, mem_ctx, &io1);
                 status2 = smb_raw_open(cli2->tree, mem_ctx, &io2);
                 
@@ -1823,14 +1826,13 @@ static BOOL torture_ntdenytest(struct smbcli_state *cli1, struct smbcli_state *c
                 } else if (!NT_STATUS_IS_OK(status2)) {
                         res = A_0;
                 } else {
-                       char x = 1;
                         res = A_0;
                         if (smbcli_read(cli2->tree, 
-                                       io2.ntcreatex.out.fnum, (void *)&x, 0, 1) == 1) {
+                                       io2.ntcreatex.out.fnum, (void *)buf, 0, sizeof(buf)) >= 1) {
                                 res += A_R;
                         }
                         if (smbcli_write(cli2->tree, 
-                                        io2.ntcreatex.out.fnum, 0, (void *)&x, 0, 1) == 1) {
+                                        io2.ntcreatex.out.fnum, 0, (void *)buf, 0, sizeof(buf)) >= 1) {
                                 res += A_W;
                         }
                 }
author	Andrew Tridgell <tridge@samba.org>
	Sat, 30 Oct 2004 05:53:56 +0000 (05:53 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 18:05:04 +0000 (13:05 -0500)
source4/include/smb.h		patch \| blob \| history
source4/ntvfs/common/opendb.c		patch \| blob \| history
source4/ntvfs/posix/pvfs_open.c		patch \| blob \| history
source4/ntvfs/posix/pvfs_read.c		patch \| blob \| history
source4/ntvfs/posix/pvfs_write.c		patch \| blob \| history
source4/torture/basic/denytest.c		patch \| blob \| history