s4-selftest: add test for read access check

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(backported from commit 55a9d35cabaea6e98211fc058b788cedf9b7b22a)

diff --git a/selftest/knownfail b/selftest/knownfail
index 0973e0600fe66d72d1ba73a42358df72eec44b8f..e83b08599bd4ffdf81796b6b97ae813be503d4a8 100644 (file)
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -340,3 +340,6 @@
 # we don't allow auth_level_connect anymore...
 #
 ^samba3.blackbox.rpcclient.*ncacn_np.*with.*connect.*rpcclient # we don't allow auth_level_connect anymore
+#new read tests fail
+^samba4.smb2.read.access
+^samba3.smb2.read.access

diff --git a/source4/torture/smb2/read.c b/source4/torture/smb2/read.c
index c1105a9d26226ad3a45fd481c32a14b3c9113d88..c4469df7b090ba76b748f86c154364bcff1c3b9b 100644 (file)
--- a/source4/torture/smb2/read.c
+++ b/source4/torture/smb2/read.c
@@ -226,6 +226,79 @@ done:
        return ret;
 }
 
+static bool test_read_access(struct torture_context *torture,
+                            struct smb2_tree *tree)
+{
+       bool ret = true;
+       NTSTATUS status;
+       struct smb2_handle h;
+       uint8_t buf[64 * 1024];
+       struct smb2_read rd;
+       TALLOC_CTX *tmp_ctx = talloc_new(tree);
+
+       ZERO_STRUCT(buf);
+
+       /* create a file */
+       smb2_util_unlink(tree, FNAME);
+
+       status = torture_smb2_testfile(tree, FNAME, &h);
+       CHECK_STATUS(status, NT_STATUS_OK);
+
+       status = smb2_util_write(tree, h, buf, 0, ARRAY_SIZE(buf));
+       CHECK_STATUS(status, NT_STATUS_OK);
+
+       status = smb2_util_close(tree, h);
+       CHECK_STATUS(status, NT_STATUS_OK);
+
+       /* open w/ READ access - success */
+       status = torture_smb2_testfile_access(
+           tree, FNAME, &h, SEC_FILE_READ_ATTRIBUTE | SEC_FILE_READ_DATA);
+       CHECK_STATUS(status, NT_STATUS_OK);
+
+       ZERO_STRUCT(rd);
+       rd.in.file.handle = h;
+       rd.in.length = 5;
+       rd.in.offset = 0;
+       status = smb2_read(tree, tree, &rd);
+       CHECK_STATUS(status, NT_STATUS_OK);
+
+       status = smb2_util_close(tree, h);
+       CHECK_STATUS(status, NT_STATUS_OK);
+
+       /* open w/ EXECUTE access - success */
+       status = torture_smb2_testfile_access(
+           tree, FNAME, &h, SEC_FILE_READ_ATTRIBUTE | SEC_FILE_EXECUTE);
+       CHECK_STATUS(status, NT_STATUS_OK);
+
+       ZERO_STRUCT(rd);
+       rd.in.file.handle = h;
+       rd.in.length = 5;
+       rd.in.offset = 0;
+       status = smb2_read(tree, tree, &rd);
+       CHECK_STATUS(status, NT_STATUS_OK);
+
+       status = smb2_util_close(tree, h);
+       CHECK_STATUS(status, NT_STATUS_OK);
+
+       /* open without READ or EXECUTE access - access denied */
+       status = torture_smb2_testfile_access(tree, FNAME, &h,
+                                             SEC_FILE_READ_ATTRIBUTE);
+       CHECK_STATUS(status, NT_STATUS_OK);
+
+       ZERO_STRUCT(rd);
+       rd.in.file.handle = h;
+       rd.in.length = 5;
+       rd.in.offset = 0;
+       status = smb2_read(tree, tree, &rd);
+       CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+       status = smb2_util_close(tree, h);
+       CHECK_STATUS(status, NT_STATUS_OK);
+
+done:
+       talloc_free(tmp_ctx);
+       return ret;
+}
 
 /* 
    basic testing of SMB2 read
@@ -237,6 +310,7 @@ struct torture_suite *torture_smb2_read_init(void)
        torture_suite_add_1smb2_test(suite, "eof", test_read_eof);
        torture_suite_add_1smb2_test(suite, "position", test_read_position);
        torture_suite_add_1smb2_test(suite, "dir", test_read_dir);
+       torture_suite_add_1smb2_test(suite, "access", test_read_access);
 
        suite->description = talloc_strdup(suite, "SMB2-READ tests");