The branch, v4-3-test has been updated
via 9e8a1cb s3:smbstatus: add stream name to share_entry_forall()
via 60ea0df s3: lsa: lookup_name() logic for unqualified (no DOMAIN\
component) names is incorrect.
via 9f4f2af s3:lib: validate domain name in lookup_wellknown_name()
via a83021f s3:locking: initialize lease pointer in
share_mode_traverse_fn()
via 46ace5b s4: torture: Add SMB2 access-based enumeration test. Passes
against Win2k12R2.
via fc58a7c lib: cli: Add accessor function smb2cli_tcon_flags() to get
tcon flags.
via 52d8aeb s3: smbd: Fix our access-based enumeration on "hide
unreadable" to match Windows.
via 617ffc4 smbd: Fix file name buflen and padding in notify repsonse
from c84322d vfs_fruit: return value of ad_pack in vfs_fruit.c
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-3-test
- Log -----------------------------------------------------------------
commit 9e8a1cb44e8f63073b6df109fe4800c604132e6d
Author: Ralph Boehme <s...@samba.org>
Date: Sun Oct 11 09:38:18 2015 +0200
s3:smbstatus: add stream name to share_entry_forall()
Add stream name argument to share_entry_forall machinery so smbstatus
can print the stream name of a file.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11550
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(cherry picked from commit cd0c2a5eca43cea76491ae0d820414287c234c1a)
Autobuild-User(v4-3-test): Karolin Seeger <ksee...@samba.org>
Autobuild-Date(v4-3-test): Tue Oct 20 11:51:16 CEST 2015 on sn-devel-104
commit 60ea0df0887e686653d4ec944e070bc8be3eaa28
Author: Jeremy Allison <j...@samba.org>
Date: Thu Oct 15 09:20:58 2015 -0700
s3: lsa: lookup_name() logic for unqualified (no DOMAIN\ component) names
is incorrect.
Change so we only use unqualified name lookup logic if
domain component = "" and LOOKUP_NAME_ISOLATED flag is
passed in.
Remember to search for "NT Authority" *before* going
into unqualified name lookup logic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Uri Simchoni <u...@samba.org>
(cherry picked from commit 2f6dc260ada6cd178a650ca003c2ad22e12697c1)
commit 9f4f2af72056f7cc96bff45f9baa9f5a0202abf5
Author: Ralph Boehme <s...@samba.org>
Date: Thu Oct 15 12:35:26 2015 +0200
s3:lib: validate domain name in lookup_wellknown_name()
If domain argument is not an empty string, only search the matching
wellknown domain name.
As the only wellknown domain with a name is "NT Authority", passing ""
to lookup_wellknown_name() will search all domains inlcuding "NT
Authority".
Passing "NT Authority" otoh will obviously only search that domain.
This change makes lookup_wellknown_name() behave like this:
in domain | in name | ok | out sid | out domain
========================================================
Dialup + S-1-5-1 NT Authority
NT Authority Dialup + S-1-5-1 NT Authority
Creator Authority Dialup - - -
Creator Owner + S-1-3-0 ""
Creator Authority Creator Owner - - -
NT Authority Creator Owner - - -
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Uri Simchoni <u...@samba.org>
(cherry picked from commit 23f674488a1f62fcc58bb94bed0abed98078b96d)
commit a83021fe900dbda5058f9a5f2f8c3dd8cd9f04db
Author: Ralph Boehme <s...@samba.org>
Date: Mon Oct 12 12:28:04 2015 +0200
s3:locking: initialize lease pointer in share_mode_traverse_fn()
Initialize lease pointer to point to the share_mode_data leases array
entry at index lease_idx.
This fixes a bug in smbstatus where the lease info is not printed.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11549
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Tue Oct 13 01:14:09 CEST 2015 on sn-devel-104
(cherry picked from commit 0ef9c67b56a0b493ed06f9a64ac2bc2233041aee)
commit 46ace5b6275d2cb3aabc9f7894e6fe72ceeae4f0
Author: Jeremy Allison <j...@samba.org>
Date: Tue Oct 13 15:33:47 2015 -0700
s4: torture: Add SMB2 access-based enumeration test. Passes against
Win2k12R2.
https://bugzilla.samba.org/show_bug.cgi?id=10252
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Volker Lendecke <v...@samba.org>
Autobuild-User(master): Volker Lendecke <v...@samba.org>
Autobuild-Date(master): Wed Oct 14 19:00:03 CEST 2015 on sn-devel-104
(cherry picked from commit 808f29cb2f9de47dcf78b380cc8767e9546e1954)
commit fc58a7c25a4ebfcb87476400e7013ce53a4261be
Author: Jeremy Allison <j...@samba.org>
Date: Fri Oct 9 15:08:05 2015 -0700
lib: cli: Add accessor function smb2cli_tcon_flags() to get tcon flags.
We need this to see if a share supports access-based enumeration.
https://bugzilla.samba.org/show_bug.cgi?id=10252
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Volker Lendecke <v...@samba.org>
(cherry picked from commit b1bd84e9c9867092055f29fe39279e1c767f570a)
commit 52d8aeb9e783a17313e81860d58f14ac1f7bb0d5
Author: Jeremy Allison <j...@samba.org>
Date: Tue Oct 13 16:49:41 2015 -0700
s3: smbd: Fix our access-based enumeration on "hide unreadable" to match
Windows.
Torture test to follow.
https://bugzilla.samba.org/show_bug.cgi?id=10252
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Volker Lendecke <v...@samba.org>
(cherry picked from commit cc05f73872c36cd307da3d6fed200beb16d5c2a8)
commit 617ffc4c88c371bab4a4fb5db4025153e97d79c9
Author: Jeremy Allison <j...@samba.org>
Date: Fri Oct 16 15:13:47 2015 -0700
smbd: Fix file name buflen and padding in notify repsonse
The array is uint16, doubling the file name length consumes twice the space
required.
As we're hand assembling this as a series of concatinated individual
data_blobs,
we must take care to ensure the correct 4 byte alignment that was
being masked by the previous doubling of the filename length.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10634
Signed-off-by: Jeremy Allison <j...@samba.org>
Signed-off-by: Volker Lendecke <v...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Sun Oct 18 01:56:41 CEST 2015 on sn-devel-104
(cherry picked from commit 7c483690ac6ed007798aeeb7b8549c9d55877e56)
-----------------------------------------------------------------------
Summary of changes:
libcli/smb/smbXcli_base.c | 5 +
libcli/smb/smbXcli_base.h | 1 +
librpc/idl/notify.idl | 4 +-
selftest/knownfail | 1 +
source3/lib/util_wellknown.c | 13 +-
source3/locking/proto.h | 3 +-
source3/locking/share_mode_lock.c | 21 ++-
source3/passdb/lookup_sid.c | 31 +++-
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 21 ++-
source3/smbd/dir.c | 64 ++++++++-
source3/smbd/notify.c | 14 +-
source3/utils/status.c | 6 +-
source4/torture/smb2/acls.c | 230 ++++++++++++++++++++++++++++++
13 files changed, 391 insertions(+), 23 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index c1e9e58..6fe4816 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -5991,6 +5991,11 @@ uint32_t smb2cli_tcon_capabilities(struct smbXcli_tcon
*tcon)
return tcon->smb2.capabilities;
}
+uint32_t smb2cli_tcon_flags(struct smbXcli_tcon *tcon)
+{
+ return tcon->smb2.flags;
+}
+
void smb2cli_tcon_set_values(struct smbXcli_tcon *tcon,
struct smbXcli_session *session,
uint32_t tcon_id,
diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h
index cf93135..e4cfb10 100644
--- a/libcli/smb/smbXcli_base.h
+++ b/libcli/smb/smbXcli_base.h
@@ -442,6 +442,7 @@ bool smb1cli_tcon_set_values(struct smbXcli_tcon *tcon,
const char *fs_type);
uint32_t smb2cli_tcon_current_id(struct smbXcli_tcon *tcon);
uint32_t smb2cli_tcon_capabilities(struct smbXcli_tcon *tcon);
+uint32_t smb2cli_tcon_flags(struct smbXcli_tcon *tcon);
void smb2cli_tcon_set_values(struct smbXcli_tcon *tcon,
struct smbXcli_session *session,
uint32_t tcon_id,
diff --git a/librpc/idl/notify.idl b/librpc/idl/notify.idl
index 66422ec..09d06be 100644
--- a/librpc/idl/notify.idl
+++ b/librpc/idl/notify.idl
@@ -93,6 +93,8 @@ interface notify
uint32 NextEntryOffset;
FILE_NOTIFY_ACTION Action;
[value(strlen_m(FileName1)*2)] uint32 FileNameLength;
- [charset(UTF16),flag(STR_NOTERM)] uint16
FileName1[FileNameLength];
+ [charset(UTF16),flag(STR_NOTERM)]
+ uint16 FileName1[strlen_m(FileName1)];
+ DATA_BLOB _pad;
} FILE_NOTIFY_INFORMATION;
}
diff --git a/selftest/knownfail b/selftest/knownfail
index bf73176..0d74933 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -147,6 +147,7 @@
^samba4.smb2.acls.*.generic
^samba4.smb2.acls.*.inheritflags
^samba4.smb2.acls.*.owner
+^samba4.smb2.acls.*.ACCESSBASED
^samba4.ldap.dirsync.python.ad_dc_ntvfs..__main__.ExtendedDirsyncTests.test_dirsync_deleted_items
#^samba4.ldap.dirsync.python.ad_dc_ntvfs..__main__.ExtendedDirsyncTests.*
^samba4.libsmbclient.opendir.opendir # This requires netbios browsing
diff --git a/source3/lib/util_wellknown.c b/source3/lib/util_wellknown.c
index 0f627d1..a3db9ab 100644
--- a/source3/lib/util_wellknown.c
+++ b/source3/lib/util_wellknown.c
@@ -154,16 +154,23 @@ bool lookup_wellknown_sid(TALLOC_CTX *mem_ctx, const
struct dom_sid *sid,
***************************************************************************/
bool lookup_wellknown_name(TALLOC_CTX *mem_ctx, const char *name,
- struct dom_sid *sid, const char **domain)
+ struct dom_sid *sid, const char **pdomain)
{
int i, j;
+ const char *domain = *pdomain;
- DEBUG(10,("map_name_to_wellknown_sid: looking up %s\n", name));
+ DEBUG(10,("map_name_to_wellknown_sid: looking up %s\\%s\n", domain,
name));
for (i=0; special_domains[i].sid != NULL; i++) {
const struct rid_name_map *users =
special_domains[i].known_users;
+ if (domain[0] != '\0') {
+ if (!strequal(domain, special_domains[i].name)) {
+ continue;
+ }
+ }
+
if (users == NULL)
continue;
@@ -171,7 +178,7 @@ bool lookup_wellknown_name(TALLOC_CTX *mem_ctx, const char
*name,
if ( strequal(users[j].name, name) ) {
sid_compose(sid, special_domains[i].sid,
users[j].rid);
- *domain = talloc_strdup(
+ *pdomain = talloc_strdup(
mem_ctx, special_domains[i].name);
return True;
}
diff --git a/source3/locking/proto.h b/source3/locking/proto.h
index 652ec2a..8ff1c7c 100644
--- a/source3/locking/proto.h
+++ b/source3/locking/proto.h
@@ -202,7 +202,8 @@ int share_mode_forall(int (*fn)(struct file_id fid,
const struct share_mode_data *data,
void *private_data),
void *private_data);
-int share_entry_forall(int (*fn)(const struct share_mode_entry *, const char *,
+int share_entry_forall(int (*fn)(const struct share_mode_entry *,
+ const char *, const char *,
const char *, void *),
void *private_data);
bool share_mode_cleanup_disconnected(struct file_id id,
diff --git a/source3/locking/share_mode_lock.c
b/source3/locking/share_mode_lock.c
index 5eedcc5..fe105e3 100644
--- a/source3/locking/share_mode_lock.c
+++ b/source3/locking/share_mode_lock.c
@@ -687,13 +687,17 @@ static int share_mode_traverse_fn(struct db_record *rec,
void *_state)
DEBUG(1, ("ndr_pull_share_mode_lock failed\n"));
return 0;
}
+
+ for (i=0; i<d->num_share_modes; i++) {
+ struct share_mode_entry *entry = &d->share_modes[i];
+ entry->stale = false; /* [skip] in idl */
+ entry->lease = &d->leases[entry->lease_idx];
+ }
+
if (DEBUGLEVEL > 10) {
DEBUG(11, ("parse_share_modes:\n"));
NDR_PRINT_DEBUG(share_mode_data, d);
}
- for (i=0; i<d->num_share_modes; i++) {
- d->share_modes[i].stale = false; /* [skip] in idl */
- }
ret = state->fn(fid, d, state->private_data);
@@ -728,7 +732,9 @@ int share_mode_forall(int (*fn)(struct file_id fid,
struct share_entry_forall_state {
int (*fn)(const struct share_mode_entry *e,
- const char *service_path, const char *base_name,
+ const char *service_path,
+ const char *base_name,
+ const char *stream_name,
void *private_data);
void *private_data;
};
@@ -744,7 +750,9 @@ static int share_entry_traverse_fn(struct file_id fid,
int ret;
ret = state->fn(&data->share_modes[i],
- data->servicepath, data->base_name,
+ data->servicepath,
+ data->base_name,
+ data->stream_name,
state->private_data);
if (ret != 0) {
return ret;
@@ -760,7 +768,8 @@ static int share_entry_traverse_fn(struct file_id fid,
********************************************************************/
int share_entry_forall(int (*fn)(const struct share_mode_entry *,
- const char *, const char *, void *),
+ const char *, const char *,
+ const char *, void *),
void *private_data)
{
struct share_entry_forall_state state = {
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 3f99ee1..1ffd657 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -140,7 +140,31 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
return false;
}
- if ((domain[0] == '\0') && (!(flags & LOOKUP_NAME_ISOLATED))) {
+ /*
+ * Finally check for a well known domain name ("NT Authority"),
+ * this is taken care if in lookup_wellknown_name().
+ */
+ if ((domain[0] != '\0') &&
+ (flags & LOOKUP_NAME_WKN) &&
+ lookup_wellknown_name(tmp_ctx, name, &sid, &domain))
+ {
+ type = SID_NAME_WKN_GRP;
+ goto ok;
+ }
+
+ /*
+ * If we're told not to look up 'isolated' names then we're
+ * done.
+ */
+ if (!(flags & LOOKUP_NAME_ISOLATED)) {
+ TALLOC_FREE(tmp_ctx);
+ return false;
+ }
+
+ /*
+ * No domain names beyond this point
+ */
+ if (domain[0] != '\0') {
TALLOC_FREE(tmp_ctx);
return false;
}
@@ -152,6 +176,11 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
/* 1. well-known names */
+ /*
+ * Check for well known names without a domain name.
+ * e.g. \Creator Owner.
+ */
+
if ((flags & LOOKUP_NAME_WKN) &&
lookup_wellknown_name(tmp_ctx, name, &sid, &domain))
{
diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index be79e6a..96c022b 100644
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -80,7 +80,9 @@ struct share_conn_stat {
********************************************************************/
static int enum_file_fn(const struct share_mode_entry *e,
- const char *sharepath, const char *fname,
+ const char *sharepath,
+ const char *fname,
+ const char *sname,
void *private_data)
{
struct file_enum_count *fenum =
@@ -129,8 +131,9 @@ static int enum_file_fn(const struct share_mode_entry *e,
if ( strcmp( fname, "." ) == 0 ) {
fullpath = talloc_asprintf(fenum->ctx, "C:%s", sharepath );
} else {
- fullpath = talloc_asprintf(fenum->ctx, "C:%s/%s",
- sharepath, fname );
+ fullpath = talloc_asprintf(fenum->ctx, "C:%s/%s%s",
+ sharepath, fname,
+ sname ? sname : "");
}
if (!fullpath) {
return 0;
@@ -829,7 +832,9 @@ static WERROR init_srv_sess_info_0(struct pipes_struct *p,
**********************************************************************/
static int count_sess_files_fn(const struct share_mode_entry *e,
- const char *sharepath, const char *fname,
+ const char *sharepath,
+ const char *fname,
+ const char *sname,
void *data)
{
struct sess_file_info *info = data;
@@ -954,7 +959,9 @@ static WERROR init_srv_sess_info_1(struct pipes_struct *p,
********************************************************************/
static int share_file_fn(const struct share_mode_entry *e,
- const char *sharepath, const char *fname,
+ const char *sharepath,
+ const char *fname,
+ const char *sname,
void *data)
{
struct share_file_stat *sfs = data;
@@ -2692,7 +2699,9 @@ struct enum_file_close_state {
};
static int enum_file_close_fn(const struct share_mode_entry *e,
- const char *sharepath, const char *fname,
+ const char *sharepath,
+ const char *fname,
+ const char *sname,
void *private_data)
{
char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index c700cb7..86c5f10 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -1343,6 +1343,15 @@ bool get_dir_entry(TALLOC_CTX *ctx,
static bool user_can_read_file(connection_struct *conn,
struct smb_filename *smb_fname)
{
+ NTSTATUS status;
+ uint32_t rejected_share_access = 0;
+ uint32_t rejected_mask = 0;
+ struct security_descriptor *sd = NULL;
+ uint32_t access_mask = FILE_READ_DATA|
+ FILE_READ_EA|
+ FILE_READ_ATTRIBUTES|
+ SEC_STD_READ_CONTROL;
+
/*
* Never hide files from the root user.
* We use (uid_t)0 here not sec_initial_uid()
@@ -1353,10 +1362,59 @@ static bool user_can_read_file(connection_struct *conn,
return True;
}
- return NT_STATUS_IS_OK(smbd_check_access_rights(conn,
- smb_fname,
+ /*
+ * We can't directly use smbd_check_access_rights()
+ * here, as this implicitly grants FILE_READ_ATTRIBUTES
+ * which the Windows access-based-enumeration code
+ * explicitly checks for on the file security descriptor.
+ * See bug:
+ *
+ * https://bugzilla.samba.org/show_bug.cgi?id=10252
+ *
+ * and the smb2.acl2.ACCESSBASED test for details.
+ */
+
+ rejected_share_access = access_mask & ~(conn->share_access);
+ if (rejected_share_access) {
+ DEBUG(10, ("rejected share access 0x%x "
+ "on %s (0x%x)\n",
+ (unsigned int)access_mask,
+ smb_fname_str_dbg(smb_fname),
+ (unsigned int)rejected_share_access ));
+ return false;
+ }
+
+ status = SMB_VFS_GET_NT_ACL(conn,
+ smb_fname->base_name,
+ (SECINFO_OWNER |
+ SECINFO_GROUP |
+ SECINFO_DACL),
+ talloc_tos(),
+ &sd);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("Could not get acl "
+ "on %s: %s\n",
+ smb_fname_str_dbg(smb_fname),
+ nt_errstr(status)));
+ return false;
+ }
+
+ status = se_file_access_check(sd,
+ get_current_nttok(conn),
false,
- FILE_READ_DATA));
+ access_mask,
+ &rejected_mask);
+
+ TALLOC_FREE(sd);
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+ DEBUG(10,("rejected bits 0x%x read access for %s\n",
+ (unsigned int)rejected_mask,
+ smb_fname_str_dbg(smb_fname) ));
+ return false;
+ }
+ return true;
}
/*******************************************************************
diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c
index e776749..6257260 100644
--- a/source3/smbd/notify.c
+++ b/source3/smbd/notify.c
@@ -138,6 +138,7 @@ static bool notify_marshall_changes(int num_changes,
struct notify_change_event *c;
struct FILE_NOTIFY_INFORMATION m;
DATA_BLOB blob;
+ uint16_t pad = 0;
/* Coalesce any identical records. */
while (i+1 < num_changes &&
@@ -151,12 +152,23 @@ static bool notify_marshall_changes(int num_changes,
m.FileName1 = c->name;
m.FileNameLength = strlen_m(c->name)*2;
m.Action = c->action;
- m.NextEntryOffset = (i == num_changes-1) ? 0 :
ndr_size_FILE_NOTIFY_INFORMATION(&m, 0);
+
+ m._pad = data_blob_null;
/*
* Offset to next entry, only if there is one
*/
+ if (i == (num_changes-1)) {
+ m.NextEntryOffset = 0;
+ } else {
+ if ((m.FileNameLength % 4) == 2) {
+ m._pad = data_blob_const(&pad, 2);
+ }
+ m.NextEntryOffset =
+ ndr_size_FILE_NOTIFY_INFORMATION(&m, 0);
+ }
+
ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), &m,
(ndr_push_flags_fn_t)ndr_push_FILE_NOTIFY_INFORMATION);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
diff --git a/source3/utils/status.c b/source3/utils/status.c
index a22d05b..f81ab5f 100644
--- a/source3/utils/status.c
+++ b/source3/utils/status.c
@@ -117,6 +117,7 @@ static bool Ucrit_addPid( struct server_id pid )
static int print_share_mode(const struct share_mode_entry *e,
const char *sharepath,
const char *fname,
+ const char *sname,
void *dummy)
{
static int count;
@@ -190,7 +191,10 @@ static int print_share_mode(const struct share_mode_entry
*e,
d_printf("NONE ");
}
- d_printf(" %s %s %s",sharepath, fname,
time_to_asc((time_t)e->time.tv_sec));
+ d_printf(" %s %s%s %s",
+ sharepath, fname,
+ sname ? sname : "",
+ time_to_asc((time_t)e->time.tv_sec));
}
return 0;
diff --git a/source4/torture/smb2/acls.c b/source4/torture/smb2/acls.c
index 37052c6..8066bc9 100644
--- a/source4/torture/smb2/acls.c
+++ b/source4/torture/smb2/acls.c
@@ -20,13 +20,17 @@
*/
#include "includes.h"
+#include "lib/cmdline/popt_common.h"
#include "libcli/smb2/smb2.h"
#include "libcli/smb2/smb2_calls.h"
+#include "libcli/smb/smbXcli_base.h"
#include "torture/torture.h"
+#include "libcli/resolve/resolve.h"
#include "torture/util.h"
#include "torture/smb2/proto.h"
#include "libcli/security/security.h"
#include "librpc/gen_ndr/ndr_security.h"
+#include "lib/param/param.h"
#define CHECK_STATUS(status, correct) do { \
if (!NT_STATUS_EQUAL(status, correct)) { \
@@ -1855,6 +1859,231 @@ done:
}
#endif
+/**
+ * SMB2 connect with explicit share
+ **/
+static bool torture_smb2_con_share(struct torture_context *tctx,
+ const char *share,
+ struct smb2_tree **tree)
+{
+ struct smbcli_options options;
+ NTSTATUS status;
+ const char *host = torture_setting_string(tctx, "host", NULL);
+ struct cli_credentials *credentials = cmdline_credentials;
+
+ lpcfg_smbcli_options(tctx->lp_ctx, &options);
+
+ status = smb2_connect_ext(tctx,
+ host,
+ lpcfg_smb_ports(tctx->lp_ctx),
+ share,
+ lpcfg_resolve_context(tctx->lp_ctx),
+ credentials,
+ 0,
+ tree,
+ tctx->ev,
+ &options,
+ lpcfg_socket_options(tctx->lp_ctx),
+ lpcfg_gensec_settings(tctx, tctx->lp_ctx)
+ );
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("Failed to connect to SMB2 share \\\\%s\\%s - %s\n",
+ host, share, nt_errstr(status));
+ return false;
+ }
+ return true;
+}
+
+static bool test_access_based(struct torture_context *tctx,
+ struct smb2_tree *tree)
+{
+ struct smb2_tree *tree1 = NULL;
+ NTSTATUS status;
+ struct smb2_create io;
+ const char *fname = BASEDIR "\\testfile";
+ bool ret = true;
+ struct smb2_handle fhandle, dhandle;
+ union smb_fileinfo q;
+ union smb_setfileinfo set;
+ struct security_descriptor *sd, *sd_orig=NULL;
+ const char *owner_sid;
+ uint32_t flags = 0;
+ /*
+ * Can't test without SEC_STD_READ_CONTROL as we
+ * own the file and implicitly have SEC_STD_READ_CONTROL.
+ */
+ uint32_t access_masks[] = {
+ /* Full READ access. */
+ SEC_STD_READ_CONTROL|FILE_READ_DATA|
+ FILE_READ_ATTRIBUTES|FILE_READ_EA,
--
Samba Shared Repository
