From 763941f2456f6c50581a1fa54aaba810a2b9efd1 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Sat, 18 Jun 2011 09:56:12 +0200
Subject: s3: Test nttrans_create

This is a test for the share security descriptor exception for nttrans_create
---
 source3/Makefile.in                   |   1 +
 source3/torture/proto.h               |   1 +
 source3/torture/test_nttrans_create.c | 108 ++++++++++++++++++++++++++++++++++
 source3/torture/torture.c             |   1 +
 source3/wscript_build                 |   1 +
 5 files changed, 112 insertions(+)
 create mode 100644 source3/torture/test_nttrans_create.c

diff --git a/source3/Makefile.in b/source3/Makefile.in
index 9140659c8f..6c17947f72 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -1232,6 +1232,7 @@ SMBTORTURE_OBJ1 = torture/torture.o torture/nbio.o torture/scanner.o torture/uta
 		torture/nbench.o \
 		torture/test_async_echo.o \
 		torture/test_smbsock_any_connect.o \
+		torture/test_nttrans_create.o \
 		torture/test_notify_online.o \
 		torture/test_addrchange.o \
 		torture/test_case_insensitive.o \
diff --git a/source3/torture/proto.h b/source3/torture/proto.h
index ebaf6cf1eb..6a47a18cd7 100644
--- a/source3/torture/proto.h
+++ b/source3/torture/proto.h
@@ -90,5 +90,6 @@ bool run_async_echo(int dummy);
 bool run_smb_any_connect(int dummy);
 bool run_addrchange(int dummy);
 bool run_notify_online(int dummy);
+bool run_nttrans_create(int dummy);
 
 #endif /* __TORTURE_H__ */
diff --git a/source3/torture/test_nttrans_create.c b/source3/torture/test_nttrans_create.c
new file mode 100644
index 0000000000..9869f020e9
--- /dev/null
+++ b/source3/torture/test_nttrans_create.c
@@ -0,0 +1,108 @@
+/*
+   Unix SMB/CIFS implementation.
+   Basic test for share secdescs vs nttrans_create
+   Copyright (C) Volker Lendecke 2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/proto.h"
+#include "libsmb/libsmb.h"
+#include "libcli/security/dom_sid.h"
+#include "libcli/security/secdesc.h"
+#include "libcli/security/security.h"
+
+bool run_nttrans_create(int dummy)
+{
+	struct cli_state *cli = NULL;
+	NTSTATUS status, status2;
+	bool ret = false;
+	struct security_ace ace;
+	struct security_acl acl;
+	struct security_descriptor *sd;
+	const char *fname = "transtest";
+	uint16_t fnum, fnum2;
+	struct dom_sid owner;
+
+	printf("Starting NTTRANS_CREATE\n");
+
+	if (!torture_open_connection(&cli, 0)) {
+		printf("torture_open_connection failed\n");
+		goto fail;
+	}
+
+	ZERO_STRUCT(ace);
+	ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+	ace.access_mask = SEC_RIGHTS_FILE_ALL & ~SEC_STD_WRITE_DAC;
+	sid_copy(&ace.trustee, &global_sid_World);
+
+	acl.revision = SECURITY_ACL_REVISION_NT4;
+	acl.size = 0;
+	acl.num_aces = 1;
+	acl.aces = &ace;
+
+	dom_sid_parse("S-1-22-1-1000", &owner);
+
+	sd = make_sec_desc(talloc_tos(),
+			   SECURITY_DESCRIPTOR_REVISION_1,
+			   SEC_DESC_SELF_RELATIVE|
+			   SEC_DESC_DACL_PRESENT|SEC_DESC_OWNER_DEFAULTED|
+			   SEC_DESC_GROUP_DEFAULTED,
+			   NULL, NULL, NULL, &acl, NULL);
+	if (sd == NULL) {
+		d_fprintf(stderr, "make_sec_desc failed\n");
+		goto fail;
+	}
+
+	status = cli_nttrans_create(
+		cli, fname, 0, FILE_READ_DATA|FILE_WRITE_DATA|DELETE_ACCESS|
+		READ_CONTROL_ACCESS,
+		FILE_ATTRIBUTE_NORMAL,
+		FILE_SHARE_READ|FILE_SHARE_WRITE| FILE_SHARE_DELETE,
+		FILE_CREATE, 0, 0, sd, NULL, 0, &fnum);
+	if (!NT_STATUS_IS_OK(status)) {
+		d_fprintf(stderr, "cli_nttrans_create returned %s\n",
+			  nt_errstr(status));
+		goto fail;
+	}
+
+	cli_query_secdesc(cli, fnum, talloc_tos());
+
+	status2 = cli_ntcreate(cli, fname, 0, WRITE_DAC_ACCESS,
+			       FILE_ATTRIBUTE_NORMAL,
+			       FILE_SHARE_READ|FILE_SHARE_WRITE|
+			       FILE_SHARE_DELETE,
+			       FILE_OPEN, 0, 0, &fnum2);
+
+	status = cli_nt_delete_on_close(cli, fnum, true);
+	if (!NT_STATUS_IS_OK(status)) {
+		d_fprintf(stderr, "cli_nt_delete_on_close returned %s\n",
+			  nt_errstr(status));
+		goto fail;
+	}
+
+	if (!NT_STATUS_EQUAL(status2, NT_STATUS_ACCESS_DENIED)) {
+		d_fprintf(stderr, "cli_ntcreate returned %s\n",
+			  nt_errstr(status));
+		goto fail;
+	}
+
+	ret = true;
+fail:
+	if (cli != NULL) {
+		torture_close_connection(cli);
+	}
+	return ret;
+}
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 8512a0e47b..0731326cf9 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -8636,6 +8636,7 @@ static struct {
 	{ "CHAIN1", run_chain1, 0},
 	{ "CHAIN2", run_chain2, 0},
 	{ "WINDOWS-WRITE", run_windows_write, 0},
+	{ "NTTRANS-CREATE", run_nttrans_create, 0},
 	{ "CLI_ECHO", run_cli_echo, 0},
 	{ "GETADDRINFO", run_getaddrinfo_send, 0},
 	{ "TLDAP", run_tldap },
diff --git a/source3/wscript_build b/source3/wscript_build
index 901721573c..99e8d95a32 100755
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -563,6 +563,7 @@ SMBTORTURE_SRC1 = '''torture/torture.c torture/nbio.c torture/scanner.c torture/
                 torture/test_async_echo.c
                 torture/test_addrchange.c
                 torture/test_posix_append.c
+		torture/test_nttrans_create.c
 		torture/test_case_insensitive.c
 		torture/test_notify_online.c
                 torture/test_smbsock_any_connect.c'''
-- 
cgit