diff options
| author | Tim Prouty <tprouty@samba.org> | 2009-12-04 16:07:35 -0800 |
|---|---|---|
| committer | Tim Prouty <tprouty@samba.org> | 2009-12-07 16:54:17 -0800 |
| commit | f717a79eff334835eb33783adcbb261e126185d6 (patch) | |
| tree | 11298a53885cac55169ae84e8515e912f2180e23 /source4/torture/smb2 | |
| parent | f4aa47b5ab265b30a0708b72936e1bc26a793df6 (diff) | |
| download | samba-f717a79eff334835eb33783adcbb261e126185d6.tar.gz samba-f717a79eff334835eb33783adcbb261e126185d6.tar.bz2 samba-f717a79eff334835eb33783adcbb261e126185d6.zip | |
s4 torture: Add a new torture:hide_on_access_denied parameter
It appears some newer versions of windows return
NT_STATUS_OBJECT_NAME_NOT_FOUND on a createfile when access is denied
rather than NT_STATUS_ACCESS_DENIED. I'm not sure how this translates
to directory enumeration yet, but for now make this a parameter that
can be checked in the various torture tests.
This also gets RAW-ACLS and SMB2-CREATE passing against win7.
Diffstat (limited to 'source4/torture/smb2')
| -rw-r--r-- | source4/torture/smb2/acls.c | 9 | ||||
| -rw-r--r-- | source4/torture/smb2/create.c | 24 |
2 files changed, 25 insertions, 8 deletions
diff --git a/source4/torture/smb2/acls.c b/source4/torture/smb2/acls.c index b565a5bce9..c746d96110 100644 --- a/source4/torture/smb2/acls.c +++ b/source4/torture/smb2/acls.c @@ -1186,7 +1186,8 @@ static bool test_inheritance(struct torture_context *tctx, struct smb2_tree *tre CHECK_ACCESS_FLAGS(handle2, SEC_RIGHTS_FILE_ALL); smb2_util_close(tree, handle2); } else { - if (TARGET_IS_WIN7(tctx)) { + if (torture_setting_bool(tctx, "hide_on_access_denied", + false)) { CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND); } else { CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); @@ -1197,7 +1198,7 @@ static bool test_inheritance(struct torture_context *tctx, struct smb2_tree *tre io.in.create_disposition = NTCREATEX_DISP_OPEN; io.in.desired_access = SEC_RIGHTS_FILE_ALL & ~SEC_FILE_EXECUTE; status = smb2_create(tree, tctx, &io); - if (TARGET_IS_WIN7(tctx)) { + if (torture_setting_bool(tctx, "hide_on_access_denied", false)) { CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND); } else { CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); @@ -1207,7 +1208,7 @@ static bool test_inheritance(struct torture_context *tctx, struct smb2_tree *tre io.in.create_disposition = NTCREATEX_DISP_OPEN; io.in.desired_access = SEC_RIGHTS_FILE_ALL; status = smb2_create(tree, tctx, &io); - if (TARGET_IS_WIN7(tctx)) { + if (torture_setting_bool(tctx, "hide_on_access_denied", false)) { CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND); } else { CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); @@ -1232,7 +1233,7 @@ static bool test_inheritance(struct torture_context *tctx, struct smb2_tree *tre io.in.desired_access = SEC_RIGHTS_FILE_ALL; status = smb2_create(tree, tctx, &io); - if (TARGET_IS_WIN7(tctx)) { + if (torture_setting_bool(tctx, "hide_on_access_denied", false)) { CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND); } else { CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); diff --git a/source4/torture/smb2/create.c b/source4/torture/smb2/create.c index 5a29c2603d..b89b14af27 100644 --- a/source4/torture/smb2/create.c +++ b/source4/torture/smb2/create.c @@ -1302,22 +1302,38 @@ static bool test_create_null_dacl(struct torture_context *tctx, torture_comment(tctx, "try open for write => access_denied\n"); io.in.desired_access = SEC_FILE_WRITE_DATA; status = smb2_create(tree, tctx, &io); - CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); + if (torture_setting_bool(tctx, "hide_on_access_denied", false)) { + CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND); + } else { + CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); + } torture_comment(tctx, "try open for read => access_denied\n"); io.in.desired_access = SEC_FILE_READ_DATA; status = smb2_create(tree, tctx, &io); - CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); + if (torture_setting_bool(tctx, "hide_on_access_denied", false)) { + CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND); + } else { + CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); + } torture_comment(tctx, "try open for generic write => access_denied\n"); io.in.desired_access = SEC_GENERIC_WRITE; status = smb2_create(tree, tctx, &io); - CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); + if (torture_setting_bool(tctx, "hide_on_access_denied", false)) { + CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND); + } else { + CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); + } torture_comment(tctx, "try open for generic read => access_denied\n"); io.in.desired_access = SEC_GENERIC_READ; status = smb2_create(tree, tctx, &io); - CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); + if (torture_setting_bool(tctx, "hide_on_access_denied", false)) { + CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND); + } else { + CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); + } torture_comment(tctx, "set empty sd\n"); sd->type &= ~SEC_DESC_DACL_PRESENT; |