r3400: - allow callers to control the flags2 field in raw packets

- added testing of the FLAGS2_READ_PERMIT_EXECUTE bit in the ntdeny tests
(This used to be commit adf4a682705871186f3b77ea6d417942445fc5d3)

diff --git a/source4/include/cli_context.h b/source4/include/cli_context.h
index 1b20985fd8dbdae90ab1cd39a16be8712d92af87..06d7469b70260a7cbeef5c4ddc0890104851d85f 100644 (file)
--- a/source4/include/cli_context.h
+++ b/source4/include/cli_context.h
@@ -189,6 +189,10 @@ struct smbcli_session {
        /* default pid for this session */
        uint32_t pid;
 
+       /* the flags2 for each packet - this allows
+          the user to control these for torture testing */
+       uint16_t flags2;
+
        DATA_BLOB user_session_key;
 
        /* the spnego context if we use extented security */

diff --git a/source4/libcli/raw/clisession.c b/source4/libcli/raw/clisession.c
index 5d769f9e32a2d960dde9c1731371de917ad6ae78..9c73c078318775ef4bfb0994a57b68e6b74a2262 100644 (file)
--- a/source4/libcli/raw/clisession.c
+++ b/source4/libcli/raw/clisession.c
@@ -33,6 +33,8 @@
 struct smbcli_session *smbcli_session_init(struct smbcli_transport *transport)
 {
        struct smbcli_session *session;
+       uint16_t flags2;
+       uint32_t capabilities;
 
        session = talloc_p(transport, struct smbcli_session);
        if (!session) {
@@ -44,6 +46,26 @@ struct smbcli_session *smbcli_session_init(struct smbcli_transport *transport)
        session->pid = (uint16_t)getpid();
        session->vuid = UID_FIELD_INVALID;
 
+       
+       capabilities = transport->negotiate.capabilities;
+
+       flags2 = FLAGS2_LONG_PATH_COMPONENTS;
+
+       if (capabilities & CAP_UNICODE) {
+               flags2 |= FLAGS2_UNICODE_STRINGS;
+       }
+       if (capabilities & CAP_STATUS32) {
+               flags2 |= FLAGS2_32_BIT_ERROR_CODES;
+       }
+       if (capabilities & CAP_EXTENDED_SECURITY) {
+               flags2 |= FLAGS2_EXTENDED_SECURITY;
+       }
+       if (session->transport->negotiate.sign_info.doing_signing) {
+               flags2 |= FLAGS2_SMB_SECURITY_SIGNATURES;
+       }
+
+       session->flags2 = flags2;
+
        return session;
 }
 

diff --git a/source4/libcli/raw/rawrequest.c b/source4/libcli/raw/rawrequest.c
index dd21eb89eaf1c2aa537590089219cf69d2c3c209..26604cbcd4da721231910b9c78aa314f59215c85 100644 (file)
--- a/source4/libcli/raw/rawrequest.c
+++ b/source4/libcli/raw/rawrequest.c
@@ -139,35 +139,17 @@ struct smbcli_request *smbcli_request_setup_transport(struct smbcli_transport *t
   way. This interface is used before a session is setup.
 */
 struct smbcli_request *smbcli_request_setup_session(struct smbcli_session *session,
-                                             uint8_t command, uint_t wct, uint_t buflen)
+                                                   uint8_t command, uint_t wct, uint_t buflen)
 {
        struct smbcli_request *req;
-       uint16_t flags2;
-       uint32_t capabilities;
 
        req = smbcli_request_setup_transport(session->transport, command, wct, buflen);
 
        if (!req) return NULL;
 
        req->session = session;
-       
-       flags2 = FLAGS2_LONG_PATH_COMPONENTS;
-       capabilities = session->transport->negotiate.capabilities;
-
-       if (capabilities & CAP_UNICODE) {
-               flags2 |= FLAGS2_UNICODE_STRINGS;
-       }
-       if (capabilities & CAP_STATUS32) {
-               flags2 |= FLAGS2_32_BIT_ERROR_CODES;
-       }
-       if (capabilities & CAP_EXTENDED_SECURITY) {
-               flags2 |= FLAGS2_EXTENDED_SECURITY;
-       }
-       if (session->transport->negotiate.sign_info.doing_signing) {
-               flags2 |= FLAGS2_SMB_SECURITY_SIGNATURES;
-       }
 
-       SSVAL(req->out.hdr, HDR_FLG2, flags2);
+       SSVAL(req->out.hdr, HDR_FLG2, session->flags2);
        SSVAL(req->out.hdr, HDR_PID, session->pid & 0xFFFF);
        SSVAL(req->out.hdr, HDR_PIDHIGH, session->pid >> 16);
        SSVAL(req->out.hdr, HDR_UID, session->vuid);

diff --git a/source4/torture/basic/denytest.c b/source4/torture/basic/denytest.c
index 8dc6118b7df88a735fa94c5aa529e676deeb3cf4..5dfd610bff0d3aa92aa9f17acd0f2710797031a0 100644 (file)
--- a/source4/torture/basic/denytest.c
+++ b/source4/torture/basic/denytest.c
@@ -1689,7 +1689,7 @@ static const char *bit_string(TALLOC_CTX *mem_ctx, const struct bit_value *bv, i
   determine if two opens conflict
 */
 static NTSTATUS predict_share_conflict(uint32_t sa1, uint32_t am1, uint32_t sa2, uint32_t am2,
-                                      enum deny_result *res)
+                                      uint16_t flags2, enum deny_result *res)
 {
 #define CHECK_MASK(am, sa, right, share) do { \
        if (((am) & (right)) && !((sa) & (share))) { \
@@ -1703,6 +1703,9 @@ static NTSTATUS predict_share_conflict(uint32_t sa1, uint32_t am1, uint32_t sa2,
        }
        if (am2 & SA_RIGHT_FILE_READ_DATA) {
                *res += A_R;
+       } else if ((am2 & SA_RIGHT_FILE_EXECUTE) && 
+                  (flags2 & FLAGS2_READ_PERMIT_EXECUTE)) {
+               *res += A_R;
        }
 
        /* if either open involves no read.write or delete access then
@@ -1820,6 +1823,12 @@ static BOOL torture_ntdenytest(struct smbcli_state *cli1, struct smbcli_state *c
 
                status1 = smb_raw_open(cli1->tree, mem_ctx, &io1);
                status2 = smb_raw_open(cli2->tree, mem_ctx, &io2);
+
+               if (random() % 2 == 0) {
+                       cli2->tree->session->flags2 |= FLAGS2_READ_PERMIT_EXECUTE;
+               } else {
+                       cli2->tree->session->flags2 &= ~FLAGS2_READ_PERMIT_EXECUTE;
+               }
                
                if (!NT_STATUS_IS_OK(status1)) {
                        res = A_X;
@@ -1847,7 +1856,9 @@ static BOOL torture_ntdenytest(struct smbcli_state *cli1, struct smbcli_state *c
                status2_p = predict_share_conflict(io1.ntcreatex.in.share_access,
                                                   io1.ntcreatex.in.access_mask,
                                                   io2.ntcreatex.in.share_access,
-                                                  io2.ntcreatex.in.access_mask, &res2);
+                                                  io2.ntcreatex.in.access_mask, 
+                                                  cli2->tree->session->flags2,
+                                                  &res2);
                
                GetTimeOfDay(&tv);
                tdif = usec_time_diff(&tv, &tv_start);