From: Ralph Boehme <slow@samba.org>
Date: Fri, 19 Aug 2022 09:01:31 +0000 (+0200)
Subject: smbtorture: add a test opening a READ-ONLY file with SEC_FLAG_MAXIMUM_ALLOWED
X-Git-Tag: talloc-2.4.0~1239
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e3d883c0b1caf13596dc8a18a8a108e3e48e7543;p=thirdparty%2Fsamba.git

smbtorture: add a test opening a READ-ONLY file with SEC_FLAG_MAXIMUM_ALLOWED

Passes against Windows, currently fails against Samba.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215
RN: Requesting maximum allowed permission of file with DOS read-only attribute results in access denied error

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---

diff --git a/selftest/knownfail.d/samba3.smb2.maximum_allowed.read_only b/selftest/knownfail.d/samba3.smb2.maximum_allowed.read_only
new file mode 100644
index 00000000000..80fb1a317c3
--- /dev/null
+++ b/selftest/knownfail.d/samba3.smb2.maximum_allowed.read_only
@@ -0,0 +1 @@
+^samba3.smb2.maximum_allowed.read_only
diff --git a/source4/torture/smb2/max_allowed.c b/source4/torture/smb2/max_allowed.c
index e70f0c865a3..af8b08ac9a9 100644
--- a/source4/torture/smb2/max_allowed.c
+++ b/source4/torture/smb2/max_allowed.c
@@ -191,10 +191,58 @@ static bool torture_smb2_maximum_allowed(struct torture_context *tctx,
 	return ret;
 }
 
+static bool torture_smb2_read_only_file(struct torture_context *tctx,
+					struct smb2_tree *tree)
+{
+	struct smb2_create c;
+	struct smb2_handle h = {{0}};
+	bool ret = true;
+	NTSTATUS status;
+
+	smb2_deltree(tree, MAXIMUM_ALLOWED_FILE);
+
+	c = (struct smb2_create) {
+		.in.desired_access = SEC_RIGHTS_FILE_ALL,
+		.in.file_attributes = FILE_ATTRIBUTE_READONLY,
+		.in.create_disposition = NTCREATEX_DISP_CREATE,
+		.in.fname = MAXIMUM_ALLOWED_FILE,
+	};
+
+	status = smb2_create(tree, tctx, &c);
+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+					"smb2_create failed\n");
+	h = c.out.file.handle;
+	smb2_util_close(tree, h);
+	ZERO_STRUCT(h);
+
+	c = (struct smb2_create) {
+		.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED,
+		.in.file_attributes = FILE_ATTRIBUTE_READONLY,
+		.in.create_disposition = NTCREATEX_DISP_OPEN,
+		.in.fname = MAXIMUM_ALLOWED_FILE,
+	};
+
+	status = smb2_create(tree, tctx, &c);
+	torture_assert_ntstatus_ok_goto(
+		tctx, status, ret, done,
+		"Failed to open READ-ONLY file with SEC_FLAG_MAXIMUM_ALLOWED\n");
+	h = c.out.file.handle;
+	smb2_util_close(tree, h);
+	ZERO_STRUCT(h);
+
+done:
+	if (!smb2_util_handle_empty(h)) {
+		smb2_util_close(tree, h);
+	}
+	smb2_deltree(tree, MAXIMUM_ALLOWED_FILE);
+	return ret;
+}
+
 struct torture_suite *torture_smb2_max_allowed(TALLOC_CTX *ctx)
 {
 	struct torture_suite *suite = torture_suite_create(ctx, "maximum_allowed");
 
 	torture_suite_add_1smb2_test(suite, "maximum_allowed", torture_smb2_maximum_allowed);
+	torture_suite_add_1smb2_test(suite, "read_only", torture_smb2_read_only_file);
 	return suite;
 }