smbtorture: test creating stream doesn't crash when using "inherit permissions =...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15695

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

diff --git a/selftest/knownfail.d/samba3.smb2.stream-inherit-perms b/selftest/knownfail.d/samba3.smb2.stream-inherit-perms
new file mode 100644 (file)
index 0000000..fa311ac
--- /dev/null
+++ b/selftest/knownfail.d/samba3.smb2.stream-inherit-perms
@@ -0,0 +1 @@
+^samba3.smb2.stream-inherit-perms.stream-inherit-perms\(fileserver\)

diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index aea64bf5d5df314059e5e0cb766a3718052584f1..a7dd1b20e66034de0000a44958e23035db7720e5 100755 (executable)
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -2126,6 +2126,11 @@ sub setup_fileserver
        comment = Home directories
        browseable = No
        read only = No
+
+[inherit_perms]
+       path = $share_dir
+       vfs objects = streams_depot
+       inherit permissions = yes
 ";
 
        if (defined($more_conf)) {

diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 2de6c8ecd45662fe15edd05cbde73e1b95d7b79e..88151caea11fb08cbfee3832fe37f07a34fa3c50 100755 (executable)
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -1355,6 +1355,8 @@ for t in tests:
         plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
         plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD')
         plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/streams_xattr -U$USERNAME%$PASSWORD', 'streams_xattr')
+    elif t == "smb2.stream-inherit-perms":
+        plansmbtorture4testsuite(t, "fileserver", '//$SERVER/inherit_perms -U$USERNAME%$PASSWORD')
     elif t == "smb2.aio_delay":
         plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/aio_delay_inject -U$USERNAME%$PASSWORD')
     elif t == "smb2.delete-on-close-perms":

diff --git a/source4/torture/smb2/smb2.c b/source4/torture/smb2/smb2.c
index 5b6477e47bc3f1a3e24a9ffcf1387923b454d3f5..28a62f49c47d3cf9fa90e28d077b8fe0d5267f6c 100644 (file)
--- a/source4/torture/smb2/smb2.c
+++ b/source4/torture/smb2/smb2.c
@@ -178,6 +178,8 @@ NTSTATUS torture_smb2_init(TALLOC_CTX *ctx)
        torture_suite_add_suite(suite, torture_smb2_oplocks_init(suite));
        torture_suite_add_suite(suite, torture_smb2_kernel_oplocks_init(suite));
        torture_suite_add_suite(suite, torture_smb2_streams_init(suite));
+       torture_suite_add_1smb2_test(suite, "stream-inherit-perms",
+                                    test_stream_inherit_perms);
        torture_suite_add_suite(suite, torture_smb2_ioctl_init(suite));
        torture_suite_add_simple_test(suite, "set-sparse-ioctl",
                                      test_ioctl_set_sparse);

diff --git a/source4/torture/smb2/streams.c b/source4/torture/smb2/streams.c
index 640976d490f7da8857a2d7e2407094ab53c0b927..bfdb41a3a38cf8a679e892da94b4aa93c803478c 100644 (file)
--- a/source4/torture/smb2/streams.c
+++ b/source4/torture/smb2/streams.c
@@ -30,6 +30,7 @@
 #include "system/filesys.h"
 #include "system/locale.h"
 #include "lib/util/tsort.h"
+#include "libcli/security/security_descriptor.h"
 
 #define DNAME "teststreams"
 
@@ -2348,6 +2349,78 @@ done:
        return ret;
 }
 
+/*
+ * Simple test creating a stream on a share with "inherit permissions"
+ * enabled. This tests specifically bug 15695.
+ */
+bool test_stream_inherit_perms(struct torture_context *tctx,
+                              struct smb2_tree *tree)
+{
+       NTSTATUS status;
+       struct smb2_handle h = {};
+       union smb_fileinfo q = {};
+       union smb_setfileinfo setinfo = {};
+       struct security_descriptor *sd = NULL;
+       struct security_ace ace = {};
+       const char *fname = DNAME "\\test_stream_inherit_perms:stream";
+       bool ret = true;
+
+       smb2_deltree(tree, DNAME);
+
+       status = torture_smb2_testdir(tree, DNAME, &h);
+       torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+                                       "torture_smb2_testdir failed\n");
+
+       torture_comment(tctx, "getting original sd\n");
+
+       q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+       q.query_secdesc.in.file.handle = h;
+       q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+
+       status = smb2_getinfo_file(tree, tctx, &q);
+       torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+                                       "smb2_getinfo_file failed\n");
+
+       sd = q.query_secdesc.out.sd;
+
+       /*
+        * Add one explicit non-inheriting ACE which will be stored
+        * as a non-inheriting POSIX ACE. These are the ACEs that
+        * "inherit permissions" will want to inherit.
+        */
+       ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+       ace.access_mask = SEC_STD_ALL;
+       ace.trustee = *(sd->owner_sid);
+
+       status = security_descriptor_dacl_add(sd, &ace);
+       torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+                                       "security_descriptor_dacl_add failed\n");
+
+       setinfo.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+       setinfo.set_secdesc.in.file.handle = h;
+       setinfo.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+       setinfo.set_secdesc.in.sd = sd;
+
+       status = smb2_setinfo_file(tree, &setinfo);
+       torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+                                       "smb2_setinfo_file failed");
+
+       smb2_util_close(tree, h);
+       ZERO_STRUCT(h);
+
+       /* This triggers the crash */
+       status = torture_smb2_testfile(tree, fname, &h);
+       torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+                                       "torture_smb2_testfile failed");
+
+done:
+       if (!smb2_util_handle_empty(h)) {
+               smb2_util_close(tree, h);
+       }
+       smb2_deltree(tree, DNAME);
+       return ret;
+}
+
 /*
    basic testing of streams calls SMB2
 */