From: Jeremy Allison Date: Fri, 17 Apr 2020 22:48:09 +0000 (-0700) Subject: s3: torture: Add an SMB1-specific test SMB1-SYSTEM-SECURITY. X-Git-Tag: ldb-2.2.0~906 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f3f81e8f28afa524fddb8308382cce590c049de2;p=thirdparty%2Fsamba.git s3: torture: Add an SMB1-specific test SMB1-SYSTEM-SECURITY. NB. This is also tested in samba3.base.createx_access but this makes it very explicit what we're looking for. Shows SMB1 allows explicit open of a file with only he SEC_FLAG_SYSTEM_SECURITY access mask requested. SMB2 doesn't. Requires a Windows 10 system with a user with SeSecurityPrivilege set. Passes against Windows 10 with SMB1 enabled. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 562957a34b0..c4951913065 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -7053,6 +7053,100 @@ static bool run_owner_rights(int dummy) return false; } +/* + * Test SMB1-specific open with SEC_FLAG_SYSTEM_SECURITY. + * Note this test only works with a user with SeSecurityPrivilege set. + * + * NB. This is also tested in samba3.base.createx_access + * but this makes it very explicit what we're looking for. + */ +static bool run_smb1_system_security(int dummy) +{ + static struct cli_state *cli = NULL; + const char *fname = "system_security.txt"; + uint16_t fnum = (uint16_t)-1; + NTSTATUS status; + TALLOC_CTX *frame = NULL; + + frame = talloc_stackframe(); + printf("starting smb1 system security test\n"); + + /* SMB1 connection - torture_open_connection() forces this. */ + if (!torture_open_connection(&cli, 0)) { + goto fail; + } + + smbXcli_conn_set_sockopt(cli->conn, sockops); + + /* Start with a clean slate. */ + cli_unlink(cli, fname, FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN); + + /* Create the test file. */ + status = cli_ntcreate(cli, + fname, + 0, + GENERIC_ALL_ACCESS, + FILE_ATTRIBUTE_NORMAL, + FILE_SHARE_READ|FILE_SHARE_WRITE| + FILE_SHARE_DELETE, + FILE_CREATE, + 0, + 0, + &fnum, + NULL); + if (!NT_STATUS_IS_OK(status)) { + printf("Create of %s - %s\n", fname, nt_errstr(status)); + goto fail; + } + + status = cli_close(cli, fnum); + + /* Open with SEC_FLAG_SYSTEM_SECURITY only. */ + /* + * On SMB1 this succeeds - SMB2 it fails, + * see the SMB2-SACL test. + */ + status = cli_ntcreate(cli, + fname, + 0, + SEC_FLAG_SYSTEM_SECURITY, + FILE_ATTRIBUTE_NORMAL, + FILE_SHARE_READ|FILE_SHARE_WRITE| + FILE_SHARE_DELETE, + FILE_OPEN, + 0, + 0, + &fnum, + NULL); + if (!NT_STATUS_IS_OK(status)) { + printf("Open of %s - %s\n", fname, nt_errstr(status)); + goto fail; + } + + status = cli_close(cli, fnum); + + cli_unlink(cli, fname, + FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN); + + torture_close_connection(cli); + TALLOC_FREE(frame); + return true; + + fail: + + if (cli) { + if (fnum != (uint16_t)-1) { + cli_close(cli, fnum); + } + cli_unlink(cli, fname, + FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN); + torture_close_connection(cli); + } + + TALLOC_FREE(frame); + return false; +} + static bool run_pipe_number(int dummy) { struct cli_state *cli1; @@ -14635,6 +14729,10 @@ static struct { .name = "SMB2-PATH-SLASH", .fn = run_smb2_path_slash, }, + { + .name = "SMB1-SYSTEM-SECURITY", + .fn = run_smb1_system_security, + }, { .name = "CLEANUP1", .fn = run_cleanup1,