The branch, master has been updated
via 30f9e1dd596 vfs_zfsacl: fix issue with ACL inheritance in zfsacl
via 063fadd322e vfs_zfsacl: pass config to zfs_get_nt_acl_common()
via cd313d0ade1 vfs_zfsacl: pass nfs4_params to smb_set_nt_acl_nfs4()
via 2c7699e7202 vfs_zfsacl: add manpage entry for
zfsacl:denymissingspecial
via 31d5e945a44 vfs_zfsacl: load parameters on connect
via 33212832b0e Convert samba4.base.rw1 test to smb2
via 946beafb621 Convert samba4.base.*attr tests to smb2
from 670205acab1 s3: remove unused session_keystr from struct user_struct
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 30f9e1dd596a0dc4894f17b07a7e2e58dcb75c16
Author: awalker <[email protected]>
Date: Fri Aug 30 15:30:57 2019 -0400
vfs_zfsacl: fix issue with ACL inheritance in zfsacl
Add parameter zfsacl:map_dacl_protected to address issue preventing Windows
Clients
from disabling inheritance on ACLs. FreeBSD does not currently expose the
ACL_PROTECTED
NFS4.1 flag, but it does expose ACE4_INHERITED_ACE. When the parameter is
enabled,
map the absence of ACE4_INHERITED_ACE to SEC_DESC_DACL_PROTECTED.
See also the discussion at
https://gitlab.com/samba-team/samba/merge_requests/719
Signed-off-by: Andrew Walker <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
Autobuild-User(master): Jeremy Allison <[email protected]>
Autobuild-Date(master): Fri Dec 20 23:24:54 UTC 2019 on sn-devel-184
commit 063fadd322e54ee12689485457ce15a1bb8c0769
Author: Ralph Boehme <[email protected]>
Date: Sat Oct 19 15:37:45 2019 +0200
vfs_zfsacl: pass config to zfs_get_nt_acl_common()
Not used for now, that comes next.
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Andrew Walker <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit cd313d0ade15556875ebec060b047a2c6e087b62
Author: Ralph Boehme <[email protected]>
Date: Sat Oct 19 15:36:15 2019 +0200
vfs_zfsacl: pass nfs4_params to smb_set_nt_acl_nfs4()
Now that we parse nfs4_params in the VFS connect in this module, we can
pass it
to smb_set_nt_acl_nfs4() which avoids having smb_set_nt_acl_nfs4() parse
it *every time* it's called.
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Andrew Walker <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit 2c7699e7202bef6b8d40c829a4e1515a838f0f6d
Author: awalker <[email protected]>
Date: Fri Aug 30 15:17:26 2019 -0400
vfs_zfsacl: add manpage entry for zfsacl:denymissingspecial
Signed-off-by: Andrew Walker <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit 31d5e945a44e5b8a59933b3516f4235e6057ceb7
Author: awalker <[email protected]>
Date: Fri Aug 30 15:15:37 2019 -0400
vfs_zfsacl: load parameters on connect
Convert zfsacl:denymissingspecial so that the parameter loads on connect.
Signed-off-by: Andrew Walker <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit 33212832b0e61b3c5176b819c34957adeaf6fe5e
Author: David Mulder <[email protected]>
Date: Tue Dec 10 13:49:28 2019 -0700
Convert samba4.base.rw1 test to smb2
Signed-off-by: David Mulder <[email protected]>
Reviewed-by: Ralph Böhme <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit 946beafb621c6a5353a87c40264f53a253249c52
Author: David Mulder <[email protected]>
Date: Tue Dec 10 07:47:12 2019 -0700
Convert samba4.base.*attr tests to smb2
Signed-off-by: David Mulder <[email protected]>
Reviewed-by: Ralph Böhme <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/vfs_zfsacl.8.xml | 34 +++
source3/modules/vfs_zfsacl.c | 100 +++++++-
source4/libcli/smb2/util.c | 46 ++++
source4/torture/smb2/attr.c | 496 +++++++++++++++++++++++++++++++++++++
source4/torture/smb2/read_write.c | 163 ++++++++++++
source4/torture/smb2/smb2.c | 3 +
source4/torture/smb2/wscript_build | 2 +
7 files changed, 836 insertions(+), 8 deletions(-)
create mode 100644 source4/torture/smb2/attr.c
create mode 100644 source4/torture/smb2/read_write.c
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/vfs_zfsacl.8.xml
b/docs-xml/manpages/vfs_zfsacl.8.xml
index 56d1d06cce1..ae583409fe1 100644
--- a/docs-xml/manpages/vfs_zfsacl.8.xml
+++ b/docs-xml/manpages/vfs_zfsacl.8.xml
@@ -125,6 +125,40 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>zfsacl:denymissingspecial = [yes|no]</term>
+ <listitem>
+ <para>Prevent users from setting an ACL that lacks NFSv4
special entries
+ (owner@, group@, everyone@). ZFS will automatically generate
these these entries
+ when calculating the inherited ACL of new files if the ACL of
the parent directory
+ lacks an inheriting special entry. This may result in user
confusion and unexpected
+ change in permissions of files and directories as the inherited
ACL is generated.</para>
+ <itemizedlist>
+ <listitem><para><command>yes</command></para></listitem>
+ <listitem><para><command>no
(default)</command></para></listitem>
+ </itemizedlist>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>zfsacl:map_dacl_protected = [yes|no]</term>
+ <listitem>
+ <para>If enabled and the ZFS ACL on the underlying filesystem
does not contain
+ any inherited access control entires, then set the
SEC_DESC_DACL_PROTECTED flag
+ on the Security Descriptor returned to SMB clients.
+ This ensures correct Windows client behavior when disabling
inheritance on
+ directories.</para>
+
+ <para>Following is the behaviour of Samba for different values
: </para>
+ <itemizedlist>
+ <listitem><para><command>yes</command> - Enable mapping to
+ SEC_DESC_DACL_PROTECTED</para></listitem>
+ <listitem><para><command>no
(default)</command></para></listitem>
+ </itemizedlist>
+ </listitem>
+ </varlistentry>
+
+
</variablelist>
</refsect1>
diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c
index 2c5d82ae207..524881ab4af 100644
--- a/source3/modules/vfs_zfsacl.c
+++ b/source3/modules/vfs_zfsacl.c
@@ -36,6 +36,12 @@
#define ZFSACL_MODULE_NAME "zfsacl"
+struct zfsacl_config_data {
+ struct smbacl4_vfs_params nfs4_params;
+ bool zfsacl_map_dacl_protected;
+ bool zfsacl_denymissingspecial;
+};
+
/* zfs_get_nt_acl()
* read the local file's acls and return it in NT form
* using the NFSv4 format conversion
@@ -43,7 +49,8 @@
static NTSTATUS zfs_get_nt_acl_common(struct connection_struct *conn,
TALLOC_CTX *mem_ctx,
const struct smb_filename *smb_fname,
- struct SMB4ACL_T **ppacl)
+ struct SMB4ACL_T **ppacl,
+ struct zfsacl_config_data *config)
{
int naces, i;
ace_t *acebuf;
@@ -51,6 +58,7 @@ static NTSTATUS zfs_get_nt_acl_common(struct
connection_struct *conn,
SMB_STRUCT_STAT sbuf;
const SMB_STRUCT_STAT *psbuf = NULL;
int ret;
+ bool inherited_is_present = false;
bool is_dir;
if (VALID_STAT(smb_fname->st)) {
@@ -117,6 +125,11 @@ static NTSTATUS zfs_get_nt_acl_common(struct
connection_struct *conn,
aceprop.aceMask |= SMB_ACE4_DELETE_CHILD;
}
+#ifdef ACE_INHERITED_ACE
+ if (aceprop.aceFlags & ACE_INHERITED_ACE) {
+ inherited_is_present = true;
+ }
+#endif
if(aceprop.aceFlags & ACE_OWNER) {
aceprop.flags = SMB_ACE4_ID_SPECIAL;
aceprop.who.special_id = SMB_ACE4_WHO_OWNER;
@@ -133,6 +146,15 @@ static NTSTATUS zfs_get_nt_acl_common(struct
connection_struct *conn,
return NT_STATUS_NO_MEMORY;
}
+#ifdef ACE_INHERITED_ACE
+ if (!inherited_is_present && config->zfsacl_map_dacl_protected) {
+ DBG_DEBUG("Setting SEC_DESC_DACL_PROTECTED on [%s]\n",
+ smb_fname_str_dbg(smb_fname));
+ smbacl4_set_controlflags(pacl,
+ SEC_DESC_DACL_PROTECTED |
+ SEC_DESC_SELF_RELATIVE);
+ }
+#endif
*ppacl = pacl;
return NT_STATUS_OK;
}
@@ -146,6 +168,11 @@ static bool zfs_process_smbacl(vfs_handle_struct *handle,
files_struct *fsp,
struct SMB4ACE_T *smbace;
TALLOC_CTX *mem_ctx;
bool have_special_id = false;
+ struct zfsacl_config_data *config = NULL;
+
+ SMB_VFS_HANDLE_GET_DATA(handle, config,
+ struct zfsacl_config_data,
+ return False);
/* allocate the field of ZFS aces */
mem_ctx = talloc_tos();
@@ -187,9 +214,7 @@ static bool zfs_process_smbacl(vfs_handle_struct *handle,
files_struct *fsp,
}
}
- if (!have_special_id
- && lp_parm_bool(fsp->conn->params->service, "zfsacl",
- "denymissingspecial", false)) {
+ if (!have_special_id && config->zfsacl_denymissingspecial) {
errno = EACCES;
return false;
}
@@ -220,8 +245,18 @@ static NTSTATUS zfs_set_nt_acl(vfs_handle_struct *handle,
files_struct *fsp,
uint32_t security_info_sent,
const struct security_descriptor *psd)
{
- return smb_set_nt_acl_nfs4(handle, fsp, NULL, security_info_sent, psd,
- zfs_process_smbacl);
+ struct zfsacl_config_data *config = NULL;
+
+ SMB_VFS_HANDLE_GET_DATA(handle, config,
+ struct zfsacl_config_data,
+ return NT_STATUS_INTERNAL_ERROR);
+
+ return smb_set_nt_acl_nfs4(handle,
+ fsp,
+ &config->nfs4_params,
+ security_info_sent,
+ psd,
+ zfs_process_smbacl);
}
static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle,
@@ -232,10 +267,16 @@ static NTSTATUS zfsacl_fget_nt_acl(struct
vfs_handle_struct *handle,
{
struct SMB4ACL_T *pacl;
NTSTATUS status;
+ struct zfsacl_config_data *config = NULL;
+
+ SMB_VFS_HANDLE_GET_DATA(handle, config,
+ struct zfsacl_config_data,
+ return NT_STATUS_INTERNAL_ERROR);
+
TALLOC_CTX *frame = talloc_stackframe();
status = zfs_get_nt_acl_common(handle->conn, frame,
- fsp->fsp_name, &pacl);
+ fsp->fsp_name, &pacl, config);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(frame);
if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
@@ -268,9 +309,14 @@ static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct
*handle,
{
struct SMB4ACL_T *pacl;
NTSTATUS status;
+ struct zfsacl_config_data *config = NULL;
+ SMB_VFS_HANDLE_GET_DATA(handle, config,
+ struct zfsacl_config_data,
+ return NT_STATUS_INTERNAL_ERROR);
+
TALLOC_CTX *frame = talloc_stackframe();
- status = zfs_get_nt_acl_common(handle->conn, frame, smb_fname, &pacl);
+ status = zfs_get_nt_acl_common(handle->conn, frame, smb_fname, &pacl,
config);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(frame);
if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
@@ -395,9 +441,47 @@ static int
zfsacl_fail__sys_acl_blob_get_fd(vfs_handle_struct *handle, files_str
return -1;
}
+static int zfsacl_connect(struct vfs_handle_struct *handle,
+ const char *service, const char *user)
+{
+ struct zfsacl_config_data *config = NULL;
+ int ret;
+
+ ret = SMB_VFS_NEXT_CONNECT(handle, service, user);
+ if (ret < 0) {
+ return ret;
+ }
+
+ config = talloc_zero(handle->conn, struct zfsacl_config_data);
+ if (!config) {
+ DBG_ERR("talloc_zero() failed\n");
+ errno = ENOMEM;
+ return -1;
+ }
+
+ config->zfsacl_map_dacl_protected = lp_parm_bool(SNUM(handle->conn),
+ "zfsacl", "map_dacl_protected", false);
+
+ config->zfsacl_denymissingspecial = lp_parm_bool(SNUM(handle->conn),
+ "zfsacl", "denymissingspecial", false);
+
+ ret = smbacl4_get_vfs_params(handle->conn, &config->nfs4_params);
+ if (ret < 0) {
+ TALLOC_FREE(config);
+ return ret;
+ }
+
+ SMB_VFS_HANDLE_SET_DATA(handle, config,
+ NULL, struct zfsacl_config_data,
+ return -1);
+
+ return 0;
+}
+
/* VFS operations structure */
static struct vfs_fn_pointers zfsacl_fns = {
+ .connect_fn = zfsacl_connect,
.sys_acl_get_file_fn = zfsacl_fail__sys_acl_get_file,
.sys_acl_get_fd_fn = zfsacl_fail__sys_acl_get_fd,
.sys_acl_blob_get_file_fn = zfsacl_fail__sys_acl_blob_get_file,
diff --git a/source4/libcli/smb2/util.c b/source4/libcli/smb2/util.c
index 94072bee3ea..882dcb9468b 100644
--- a/source4/libcli/smb2/util.c
+++ b/source4/libcli/smb2/util.c
@@ -99,6 +99,52 @@ NTSTATUS smb2_util_setatr(struct smb2_tree *tree, const char
*name, uint32_t att
}
+/*
+ get file attribute with SMB2
+*/
+NTSTATUS smb2_util_getatr(struct smb2_tree *tree, const char *fname,
+ uint16_t *attr, size_t *size, time_t *t)
+{
+ union smb_fileinfo parms;
+ NTSTATUS status;
+ struct smb2_create create_io = {0};
+
+ create_io.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
+ create_io.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+ create_io.in.create_disposition = FILE_OPEN;
+ create_io.in.fname = fname;
+ status = smb2_create(tree, tree, &create_io);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ ZERO_STRUCT(parms);
+ parms.all_info2.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
+ parms.all_info2.in.file.handle = create_io.out.file.handle;
+ status = smb2_getinfo_file(tree, tree, &parms);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = smb2_util_close(tree, create_io.out.file.handle);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (size) {
+ *size = parms.all_info2.out.size;
+ }
+
+ if (t) {
+ *t = parms.all_info2.out.write_time;
+ }
+
+ if (attr) {
+ *attr = parms.all_info2.out.attrib;
+ }
+
+ return status;
+}
/*
diff --git a/source4/torture/smb2/attr.c b/source4/torture/smb2/attr.c
new file mode 100644
index 00000000000..5947997c05f
--- /dev/null
+++ b/source4/torture/smb2/attr.c
@@ -0,0 +1,496 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ openattr tester
+
+ Copyright (C) Andrew Tridgell 2003
+ Copyright (C) David Mulder 2019
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+#include "torture/torture.h"
+#include "libcli/security/security_descriptor.h"
+#include "torture/smb2/proto.h"
+
+static const uint32_t open_attrs_table[] = {
+ FILE_ATTRIBUTE_NORMAL,
+ FILE_ATTRIBUTE_ARCHIVE,
+ FILE_ATTRIBUTE_READONLY,
+ FILE_ATTRIBUTE_HIDDEN,
+ FILE_ATTRIBUTE_SYSTEM,
+
+ FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY,
+ FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN,
+ FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM,
+
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN,
+
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM,
+
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM,
+
+ FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN,
+ FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM,
+
FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM,
+ FILE_ATTRIBUTE_HIDDEN,FILE_ATTRIBUTE_SYSTEM,
+};
+
+struct trunc_open_results {
+ unsigned int num;
+ uint32_t init_attr;
+ uint32_t trunc_attr;
+ uint32_t result_attr;
+};
+
+static const struct trunc_open_results attr_results[] = {
+ { 0, FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_NORMAL,
FILE_ATTRIBUTE_ARCHIVE },
+ { 1, FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_ARCHIVE,
FILE_ATTRIBUTE_ARCHIVE },
+ { 2, FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_READONLY,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY },
+ { 16, FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NORMAL,
FILE_ATTRIBUTE_ARCHIVE },
+ { 17, FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_ARCHIVE,
FILE_ATTRIBUTE_ARCHIVE },
+ { 18, FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_READONLY,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY },
+ { 51, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_HIDDEN,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN },
+ { 54, FILE_ATTRIBUTE_HIDDEN,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN },
+ { 56, FILE_ATTRIBUTE_HIDDEN,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN },
+ { 68, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_SYSTEM,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM },
+ { 71, FILE_ATTRIBUTE_SYSTEM,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM },
+ { 73, FILE_ATTRIBUTE_SYSTEM,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM },
+ { 99, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN,
FILE_ATTRIBUTE_HIDDEN,FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN },
+ { 102, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN },
+ { 104, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN },
+ { 116, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM,
FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM },
+ { 119, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM },
+ { 121, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM },
+ { 170,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN },
+ { 173,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN,
FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM
},
+ { 227, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_HIDDEN,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN },
+ { 230, FILE_ATTRIBUTE_HIDDEN,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN },
+ { 232, FILE_ATTRIBUTE_HIDDEN,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN },
+ { 244, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_SYSTEM,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM },
+ { 247, FILE_ATTRIBUTE_SYSTEM,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM },
+ { 249, FILE_ATTRIBUTE_SYSTEM,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM,
FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM }
+};
+
+static NTSTATUS smb2_setatr(struct smb2_tree *tree, const char *name,
+ uint32_t attrib)
+{
+ NTSTATUS status;
+ struct smb2_create create_io = {0};
+ union smb_setfileinfo io;
+
+ create_io.in.desired_access = SEC_FILE_READ_DATA |
+ SEC_FILE_WRITE_ATTRIBUTE;
+ create_io.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+ create_io.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+ create_io.in.create_disposition = NTCREATEX_DISP_OPEN;
+ create_io.in.fname = name;
+ status = smb2_create(tree, tree, &create_io);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ ZERO_STRUCT(io);
+ io.basic_info.level = RAW_SFILEINFO_BASIC_INFORMATION;
+ io.basic_info.in.file.handle = create_io.out.file.handle;
+ io.basic_info.in.attrib = attrib;
+ status = smb2_setinfo_file(tree, &io);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = smb2_util_close(tree, create_io.out.file.handle);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return status;
+}
+
+bool torture_smb2_openattrtest(struct torture_context *tctx,
+ struct smb2_tree *tree)
+{
+ NTSTATUS status;
+ const char *fname = "openattr.file";
+ uint16_t attr;
+ unsigned int i, j, k, l;
+ int ret = true;
+
+ for (k = 0, i = 0; i < sizeof(open_attrs_table)/sizeof(uint32_t); i++) {
+ struct smb2_create create_io = {0};
+ smb2_setatr(tree, fname, FILE_ATTRIBUTE_NORMAL);
+ smb2_util_unlink(tree, fname);
+ create_io.in.create_flags = 0;
+ create_io.in.desired_access = SEC_FILE_WRITE_DATA;
+ create_io.in.file_attributes = open_attrs_table[i];
+ create_io.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+ create_io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+ create_io.in.create_options = 0;
+ create_io.in.security_flags = 0;
+ create_io.in.fname = fname;
+ status = smb2_create(tree, tctx, &create_io);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, error_exit,
+ talloc_asprintf(tctx, "open %d (1) of %s failed (%s)",
+ i, fname, nt_errstr(status)));
+
+ status = smb2_util_close(tree, create_io.out.file.handle);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, error_exit,
+ talloc_asprintf(tctx, "close %d (1) of %s failed (%s)",
+ i, fname, nt_errstr(status)));
+
+ for (j = 0; j < ARRAY_SIZE(open_attrs_table); j++) {
+ create_io = (struct smb2_create){0};
+ create_io.in.create_flags = 0;
+ create_io.in.desired_access = SEC_FILE_READ_DATA|
+ SEC_FILE_WRITE_DATA;
+ create_io.in.file_attributes = open_attrs_table[j];
+ create_io.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+ create_io.in.create_disposition =
NTCREATEX_DISP_OVERWRITE;
+ create_io.in.create_options = 0;
+ create_io.in.security_flags = 0;
+ create_io.in.fname = fname;
+ status = smb2_create(tree, tctx, &create_io);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ for (l = 0; l < ARRAY_SIZE(attr_results); l++) {
+ torture_assert_goto(tctx,
+ attr_results[l].num != k,
+ ret, error_exit,
+ talloc_asprintf(tctx,
+ "[%d] trunc open 0x%x "
+ "-> 0x%x of %s failed "
+ "- should have "
+ "succeeded !(%s)",
+ k, open_attrs_table[i],
+ open_attrs_table[j],
+ fname,
+ nt_errstr(status)));
+ }
+ torture_assert_ntstatus_equal_goto(tctx,
+ status, NT_STATUS_ACCESS_DENIED,
+ ret, error_exit,
+ talloc_asprintf(tctx,
+ "[%d] trunc open 0x%x "
+ "-> 0x%x failed with "
+ "wrong error code %s",
+ k, open_attrs_table[i],
+ open_attrs_table[j],
+ nt_errstr(status)));
+ k++;
+ continue;
+ }
+
+ status = smb2_util_close(tree,
create_io.out.file.handle);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret,
+ error_exit, talloc_asprintf(tctx,
+ "close %d (2) of %s failed (%s)", j,
+ fname, nt_errstr(status)));
+
+ status = smb2_util_getatr(tree, fname, &attr, NULL,
NULL);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret,
+ error_exit, talloc_asprintf(tctx,
+ "getatr(2) failed (%s)",
--
Samba Shared Repository
