s4: torture: SMB2. Fix smb2.winattr to actually read the SD from the server and check it.

We need READ_CONTROL, and actually have to ask for
the OWNER|GROUP|DACL bits if we're going to properly
check the SD.

Tested against Windows 10.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 16 20:42:58 UTC 2020 on sn-devel-184

diff --git a/source4/torture/smb2/attr.c b/source4/torture/smb2/attr.c
index 58d77f1cb6dfe1b2de7f794b143fac633120c1b5..60068971d4bfdbd37e6b21674e544b6fdcf90bb1 100644 (file)
--- a/source4/torture/smb2/attr.c
+++ b/source4/torture/smb2/attr.c
@@ -255,7 +255,8 @@ bool torture_smb2_winattrtest(struct torture_context *tctx,
 
        /* Open a file*/
        create_io.in.create_flags = 0;
-       create_io.in.desired_access = SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA;
+       create_io.in.desired_access = SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA |
+                               SEC_STD_READ_CONTROL;
        create_io.in.file_attributes = 0;
        create_io.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
        create_io.in.create_disposition = FILE_SUPERSEDE;
@@ -270,7 +271,10 @@ bool torture_smb2_winattrtest(struct torture_context *tctx,
        /* Get security descriptor and store it*/
        query_org.generic.level = RAW_FILEINFO_SEC_DESC;
        query_org.generic.in.file.handle = create_io.out.file.handle;
-       status = smb2_getinfo_file(tree, NULL, &query_org);
+       query_org.query_secdesc.in.secinfo_flags = SECINFO_OWNER|
+                                               SECINFO_GROUP|
+                                               SECINFO_DACL;
+       status = smb2_getinfo_file(tree, tctx, &query_org);
        if(!NT_STATUS_IS_OK(status)){
                NTSTATUS s = smb2_util_close(tree, create_io.out.file.handle);
                torture_assert_ntstatus_ok_goto(tctx, s, ret, error_exit,
@@ -313,7 +317,8 @@ bool torture_smb2_winattrtest(struct torture_context *tctx,
 
                create_io = (struct smb2_create){0};
                create_io.in.create_flags = 0;
-               create_io.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
+               create_io.in.desired_access = SEC_FILE_READ_ATTRIBUTE|
+                                               SEC_STD_READ_CONTROL;
                create_io.in.file_attributes = 0;
                create_io.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
                create_io.in.create_disposition = FILE_OPEN_IF;
@@ -328,6 +333,9 @@ bool torture_smb2_winattrtest(struct torture_context *tctx,
                /*Get security descriptor */
                query.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
                query.query_secdesc.in.file.handle = create_io.out.file.handle;
+               query.query_secdesc.in.secinfo_flags = SECINFO_OWNER|
+                                               SECINFO_GROUP|
+                                               SECINFO_DACL;
                status = smb2_getinfo_file(tree, tctx, &query);
                if(!NT_STATUS_IS_OK(status)){
                        NTSTATUS s = smb2_util_close(tree, create_io.out.file.handle);