diff options
| author | Tim Prouty <tprouty@samba.org> | 2009-12-04 16:07:35 -0800 |
|---|---|---|
| committer | Tim Prouty <tprouty@samba.org> | 2009-12-07 16:54:17 -0800 |
| commit | f717a79eff334835eb33783adcbb261e126185d6 (patch) | |
| tree | 11298a53885cac55169ae84e8515e912f2180e23 | |
| parent | f4aa47b5ab265b30a0708b72936e1bc26a793df6 (diff) | |
| download | samba-f717a79eff334835eb33783adcbb261e126185d6.tar.gz samba-f717a79eff334835eb33783adcbb261e126185d6.tar.bz2 samba-f717a79eff334835eb33783adcbb261e126185d6.zip | |
s4 torture: Add a new torture:hide_on_access_denied parameter
It appears some newer versions of windows return
NT_STATUS_OBJECT_NAME_NOT_FOUND on a createfile when access is denied
rather than NT_STATUS_ACCESS_DENIED. I'm not sure how this translates
to directory enumeration yet, but for now make this a parameter that
can be checked in the various torture tests.
This also gets RAW-ACLS and SMB2-CREATE passing against win7.
| -rw-r--r-- | source4/torture/raw/acls.c | 29 | ||||
| -rw-r--r-- | source4/torture/smb2/acls.c | 9 | ||||
| -rw-r--r-- | source4/torture/smb2/create.c | 24 | ||||
| -rw-r--r-- | source4/torture/smbtorture.c | 3 | ||||
| -rw-r--r-- | source4/torture/smbtorture.h | 6 | ||||
| -rw-r--r-- | source4/torture/util.h | 1 |
6 files changed, 57 insertions, 15 deletions
diff --git a/source4/torture/raw/acls.c b/source4/torture/raw/acls.c index 94274237af..e34a901ebc 100644 --- a/source4/torture/raw/acls.c +++ b/source4/torture/raw/acls.c @@ -1768,20 +1768,32 @@ static bool test_inheritance(struct torture_context *tctx, CHECK_ACCESS_FLAGS(fnum2, SEC_RIGHTS_FILE_ALL); smbcli_close(cli->tree, fnum2); } else { - CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); + if (TARGET_IS_WIN7(tctx)) { + CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND); + } else { + CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); + } } torture_comment(tctx, "trying without execute\n"); io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN; io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL & ~SEC_FILE_EXECUTE; status = smb_raw_open(cli->tree, tctx, &io); - CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); + if (TARGET_IS_WIN7(tctx)) { + CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND); + } else { + CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); + } torture_comment(tctx, "and with full permissions again\n"); io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN; io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL; status = smb_raw_open(cli->tree, tctx, &io); - CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); + if (TARGET_IS_WIN7(tctx)) { + CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND); + } else { + CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); + } io.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA; status = smb_raw_open(cli->tree, tctx, &io); @@ -1802,7 +1814,11 @@ static bool test_inheritance(struct torture_context *tctx, io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL; status = smb_raw_open(cli->tree, tctx, &io); - CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); + if (TARGET_IS_WIN7(tctx)) { + CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND); + } else { + CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); + } io.ntcreatex.in.access_mask = SEC_FILE_WRITE_DATA; status = smb_raw_open(cli->tree, tctx, &io); @@ -1811,9 +1827,6 @@ static bool test_inheritance(struct torture_context *tctx, CHECK_ACCESS_FLAGS(fnum2, SEC_FILE_WRITE_DATA | SEC_FILE_READ_ATTRIBUTE); smbcli_close(cli->tree, fnum2); - smbcli_unlink(cli->tree, fname1); - smbcli_rmdir(cli->tree, dname); - done: if (sd_orig != NULL) { set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC; @@ -1824,6 +1837,8 @@ done: } smbcli_close(cli->tree, fnum); + smbcli_unlink(cli->tree, fname1); + smbcli_rmdir(cli->tree, dname); smb_raw_exit(cli->session); smbcli_deltree(cli->tree, BASEDIR); return ret; diff --git a/source4/torture/smb2/acls.c b/source4/torture/smb2/acls.c index b565a5bce9..c746d96110 100644 --- a/source4/torture/smb2/acls.c +++ b/source4/torture/smb2/acls.c @@ -1186,7 +1186,8 @@ static bool test_inheritance(struct torture_context *tctx, struct smb2_tree *tre CHECK_ACCESS_FLAGS(handle2, SEC_RIGHTS_FILE_ALL); smb2_util_close(tree, handle2); } else { - if (TARGET_IS_WIN7(tctx)) { + if (torture_setting_bool(tctx, "hide_on_access_denied", + false)) { CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND); } else { CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); @@ -1197,7 +1198,7 @@ static bool test_inheritance(struct torture_context *tctx, struct smb2_tree *tre io.in.create_disposition = NTCREATEX_DISP_OPEN; io.in.desired_access = SEC_RIGHTS_FILE_ALL & ~SEC_FILE_EXECUTE; status = smb2_create(tree, tctx, &io); - if (TARGET_IS_WIN7(tctx)) { + if (torture_setting_bool(tctx, "hide_on_access_denied", false)) { CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND); } else { CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); @@ -1207,7 +1208,7 @@ static bool test_inheritance(struct torture_context *tctx, struct smb2_tree *tre io.in.create_disposition = NTCREATEX_DISP_OPEN; io.in.desired_access = SEC_RIGHTS_FILE_ALL; status = smb2_create(tree, tctx, &io); - if (TARGET_IS_WIN7(tctx)) { + if (torture_setting_bool(tctx, "hide_on_access_denied", false)) { CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND); } else { CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); @@ -1232,7 +1233,7 @@ static bool test_inheritance(struct torture_context *tctx, struct smb2_tree *tre io.in.desired_access = SEC_RIGHTS_FILE_ALL; status = smb2_create(tree, tctx, &io); - if (TARGET_IS_WIN7(tctx)) { + if (torture_setting_bool(tctx, "hide_on_access_denied", false)) { CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND); } else { CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); diff --git a/source4/torture/smb2/create.c b/source4/torture/smb2/create.c index 5a29c2603d..b89b14af27 100644 --- a/source4/torture/smb2/create.c +++ b/source4/torture/smb2/create.c @@ -1302,22 +1302,38 @@ static bool test_create_null_dacl(struct torture_context *tctx, torture_comment(tctx, "try open for write => access_denied\n"); io.in.desired_access = SEC_FILE_WRITE_DATA; status = smb2_create(tree, tctx, &io); - CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); + if (torture_setting_bool(tctx, "hide_on_access_denied", false)) { + CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND); + } else { + CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); + } torture_comment(tctx, "try open for read => access_denied\n"); io.in.desired_access = SEC_FILE_READ_DATA; status = smb2_create(tree, tctx, &io); - CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); + if (torture_setting_bool(tctx, "hide_on_access_denied", false)) { + CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND); + } else { + CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); + } torture_comment(tctx, "try open for generic write => access_denied\n"); io.in.desired_access = SEC_GENERIC_WRITE; status = smb2_create(tree, tctx, &io); - CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); + if (torture_setting_bool(tctx, "hide_on_access_denied", false)) { + CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND); + } else { + CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); + } torture_comment(tctx, "try open for generic read => access_denied\n"); io.in.desired_access = SEC_GENERIC_READ; status = smb2_create(tree, tctx, &io); - CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); + if (torture_setting_bool(tctx, "hide_on_access_denied", false)) { + CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND); + } else { + CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); + } torture_comment(tctx, "set empty sd\n"); sd->type &= ~SEC_DESC_DACL_PRESENT; diff --git a/source4/torture/smbtorture.c b/source4/torture/smbtorture.c index cb080dfded..8e0a25b032 100644 --- a/source4/torture/smbtorture.c +++ b/source4/torture/smbtorture.c @@ -543,6 +543,9 @@ int main(int argc,char *argv[]) /* RAW-SEARCH for fails for inexplicable reasons against win7 */ lp_set_cmdline(cmdline_lp_ctx, "torture:search_ea_support", "false"); + + lp_set_cmdline(cmdline_lp_ctx, "torture:hide_on_access_denied", + "true"); } else if (strcmp(target, "onefs") == 0) { lp_set_cmdline(cmdline_lp_ctx, "torture:onefs", "true"); lp_set_cmdline(cmdline_lp_ctx, "torture:openx_deny_dos_support", diff --git a/source4/torture/smbtorture.h b/source4/torture/smbtorture.h index a4f25958a6..38969f1bcc 100644 --- a/source4/torture/smbtorture.h +++ b/source4/torture/smbtorture.h @@ -113,4 +113,10 @@ bool torture_register_suite(struct torture_suite *suite); * the appropriate test. */ +/* torture:hide_on_acess_denied + * + * Some servers (win7) choose to hide files when certain access has been + * denied. When true, torture will expect NT_STATUS_OBJECT_NAME_NOT_FOUND + * rather than NT_STATUS_ACCESS_DENIED when trying to open one of these files. + */ #endif /* __SMBTORTURE_H__ */ diff --git a/source4/torture/util.h b/source4/torture/util.h index 0dadc89be6..3721273915 100644 --- a/source4/torture/util.h +++ b/source4/torture/util.h @@ -107,4 +107,5 @@ NTSTATUS torture_check_privilege(struct smbcli_state *cli, const char *sid_str, const char *privilege); + #endif /* _TORTURE_UTIL_H_ */ |