diff options
author | Andrew Tridgell <tridge@samba.org> | 2004-10-31 03:26:30 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:05:05 -0500 |
commit | b24fcfc1aadf56130f9f2f2371282c0c399611c2 (patch) | |
tree | 00280ff144492488eccaad1561f4930f9c3b411e /source4 | |
parent | 50c5059ab048a5a1b9b03ca78029b333197178ba (diff) | |
download | samba-b24fcfc1aadf56130f9f2f2371282c0c399611c2.tar.gz samba-b24fcfc1aadf56130f9f2f2371282c0c399611c2.tar.bz2 samba-b24fcfc1aadf56130f9f2f2371282c0c399611c2.zip |
r3400: - allow callers to control the flags2 field in raw packets
- added testing of the FLAGS2_READ_PERMIT_EXECUTE bit in the ntdeny tests
(This used to be commit adf4a682705871186f3b77ea6d417942445fc5d3)
Diffstat (limited to 'source4')
-rw-r--r-- | source4/include/cli_context.h | 4 | ||||
-rw-r--r-- | source4/libcli/raw/clisession.c | 22 | ||||
-rw-r--r-- | source4/libcli/raw/rawrequest.c | 22 | ||||
-rw-r--r-- | source4/torture/basic/denytest.c | 15 |
4 files changed, 41 insertions, 22 deletions
diff --git a/source4/include/cli_context.h b/source4/include/cli_context.h index 1b20985fd8..06d7469b70 100644 --- a/source4/include/cli_context.h +++ b/source4/include/cli_context.h @@ -189,6 +189,10 @@ struct smbcli_session { /* default pid for this session */ uint32_t pid; + /* the flags2 for each packet - this allows + the user to control these for torture testing */ + uint16_t flags2; + DATA_BLOB user_session_key; /* the spnego context if we use extented security */ diff --git a/source4/libcli/raw/clisession.c b/source4/libcli/raw/clisession.c index 5d769f9e32..9c73c07831 100644 --- a/source4/libcli/raw/clisession.c +++ b/source4/libcli/raw/clisession.c @@ -33,6 +33,8 @@ struct smbcli_session *smbcli_session_init(struct smbcli_transport *transport) { struct smbcli_session *session; + uint16_t flags2; + uint32_t capabilities; session = talloc_p(transport, struct smbcli_session); if (!session) { @@ -44,6 +46,26 @@ struct smbcli_session *smbcli_session_init(struct smbcli_transport *transport) session->pid = (uint16_t)getpid(); session->vuid = UID_FIELD_INVALID; + + capabilities = transport->negotiate.capabilities; + + flags2 = FLAGS2_LONG_PATH_COMPONENTS; + + if (capabilities & CAP_UNICODE) { + flags2 |= FLAGS2_UNICODE_STRINGS; + } + if (capabilities & CAP_STATUS32) { + flags2 |= FLAGS2_32_BIT_ERROR_CODES; + } + if (capabilities & CAP_EXTENDED_SECURITY) { + flags2 |= FLAGS2_EXTENDED_SECURITY; + } + if (session->transport->negotiate.sign_info.doing_signing) { + flags2 |= FLAGS2_SMB_SECURITY_SIGNATURES; + } + + session->flags2 = flags2; + return session; } diff --git a/source4/libcli/raw/rawrequest.c b/source4/libcli/raw/rawrequest.c index dd21eb89ea..26604cbcd4 100644 --- a/source4/libcli/raw/rawrequest.c +++ b/source4/libcli/raw/rawrequest.c @@ -139,35 +139,17 @@ struct smbcli_request *smbcli_request_setup_transport(struct smbcli_transport *t way. This interface is used before a session is setup. */ struct smbcli_request *smbcli_request_setup_session(struct smbcli_session *session, - uint8_t command, uint_t wct, uint_t buflen) + uint8_t command, uint_t wct, uint_t buflen) { struct smbcli_request *req; - uint16_t flags2; - uint32_t capabilities; req = smbcli_request_setup_transport(session->transport, command, wct, buflen); if (!req) return NULL; req->session = session; - - flags2 = FLAGS2_LONG_PATH_COMPONENTS; - capabilities = session->transport->negotiate.capabilities; - - if (capabilities & CAP_UNICODE) { - flags2 |= FLAGS2_UNICODE_STRINGS; - } - if (capabilities & CAP_STATUS32) { - flags2 |= FLAGS2_32_BIT_ERROR_CODES; - } - if (capabilities & CAP_EXTENDED_SECURITY) { - flags2 |= FLAGS2_EXTENDED_SECURITY; - } - if (session->transport->negotiate.sign_info.doing_signing) { - flags2 |= FLAGS2_SMB_SECURITY_SIGNATURES; - } - SSVAL(req->out.hdr, HDR_FLG2, flags2); + SSVAL(req->out.hdr, HDR_FLG2, session->flags2); SSVAL(req->out.hdr, HDR_PID, session->pid & 0xFFFF); SSVAL(req->out.hdr, HDR_PIDHIGH, session->pid >> 16); SSVAL(req->out.hdr, HDR_UID, session->vuid); diff --git a/source4/torture/basic/denytest.c b/source4/torture/basic/denytest.c index 8dc6118b7d..5dfd610bff 100644 --- a/source4/torture/basic/denytest.c +++ b/source4/torture/basic/denytest.c @@ -1689,7 +1689,7 @@ static const char *bit_string(TALLOC_CTX *mem_ctx, const struct bit_value *bv, i determine if two opens conflict */ static NTSTATUS predict_share_conflict(uint32_t sa1, uint32_t am1, uint32_t sa2, uint32_t am2, - enum deny_result *res) + uint16_t flags2, enum deny_result *res) { #define CHECK_MASK(am, sa, right, share) do { \ if (((am) & (right)) && !((sa) & (share))) { \ @@ -1703,6 +1703,9 @@ static NTSTATUS predict_share_conflict(uint32_t sa1, uint32_t am1, uint32_t sa2, } if (am2 & SA_RIGHT_FILE_READ_DATA) { *res += A_R; + } else if ((am2 & SA_RIGHT_FILE_EXECUTE) && + (flags2 & FLAGS2_READ_PERMIT_EXECUTE)) { + *res += A_R; } /* if either open involves no read.write or delete access then @@ -1820,6 +1823,12 @@ static BOOL torture_ntdenytest(struct smbcli_state *cli1, struct smbcli_state *c status1 = smb_raw_open(cli1->tree, mem_ctx, &io1); status2 = smb_raw_open(cli2->tree, mem_ctx, &io2); + + if (random() % 2 == 0) { + cli2->tree->session->flags2 |= FLAGS2_READ_PERMIT_EXECUTE; + } else { + cli2->tree->session->flags2 &= ~FLAGS2_READ_PERMIT_EXECUTE; + } if (!NT_STATUS_IS_OK(status1)) { res = A_X; @@ -1847,7 +1856,9 @@ static BOOL torture_ntdenytest(struct smbcli_state *cli1, struct smbcli_state *c status2_p = predict_share_conflict(io1.ntcreatex.in.share_access, io1.ntcreatex.in.access_mask, io2.ntcreatex.in.share_access, - io2.ntcreatex.in.access_mask, &res2); + io2.ntcreatex.in.access_mask, + cli2->tree->session->flags2, + &res2); GetTimeOfDay(&tv); tdif = usec_time_diff(&tv, &tv_start); |