{
struct smb2_create c;
struct smb2_handle h = {{0}};
+ union smb_fileinfo getinfo;
bool ret = true;
NTSTATUS status;
.in.file_attributes = FILE_ATTRIBUTE_READONLY,
.in.create_disposition = NTCREATEX_DISP_OPEN,
.in.fname = MAXIMUM_ALLOWED_FILE,
+ .in.query_maximal_access = true,
};
status = smb2_create(tree, tctx, &c);
tctx, status, ret, done,
"Failed to open READ-ONLY file with SEC_FLAG_MAXIMUM_ALLOWED\n");
h = c.out.file.handle;
+
+ /*
+ * Verify maximum access from create context
+ */
+
+ torture_assert_u32_equal_goto(tctx,
+ c.out.maximal_access,
+ SEC_RIGHTS_FILE_ALL,
+ ret, done,
+ "Wrong maxaccess\n");
+
+ /*
+ * Verify actual access mask from infolevel
+ */
+
+ ZERO_STRUCT(getinfo);
+ getinfo.generic.level = RAW_FILEINFO_ACCESS_INFORMATION;
+ getinfo.generic.in.file.handle = h;
+
+ status = smb2_getinfo_file(tree, tree, &getinfo);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_getinfo_file\n");
+
+ torture_assert_u32_equal_goto(
+ tctx,
+ getinfo.access_information.out.access_flags,
+ /*
+ * Use exactly the bits from MS-FSA 2.1.5.1.2.1 "Algorithm to
+ * Check Access to an Existing File" and note that
+ * SEC_FILE_APPEND_DATA = SEC_DIR_ADD_SUBDIR
+ */
+ SEC_RIGHTS_FILE_ALL & ~(
+ SEC_FILE_WRITE_DATA |
+ SEC_FILE_APPEND_DATA |
+ SEC_DIR_ADD_SUBDIR |
+ SEC_DIR_DELETE_CHILD
+ ),
+ ret, done,
+ "Bad access mask\n");
+
+ status = smb2_util_write(tree, h, "foo", 0, 3);
+ torture_assert_ntstatus_equal_goto(tctx,
+ status,
+ NT_STATUS_ACCESS_DENIED,
+ ret, done,
+ "smb2_getinfo_file\n");
+
smb2_util_close(tree, h);
ZERO_STRUCT(h);
projects / thirdparty / samba.git / commitdiff
