From 6713ebfd6059fbad0cf0bceeccf8f5d5c83eb3a7 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Tue, 8 May 2012 16:45:10 +0200
Subject: s4:torture: add a new smb2.session.reauth5 test: rename after reauth
 to anon - fails

---
 source4/torture/smb2/session.c | 228 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 228 insertions(+)

(limited to 'source4/torture/smb2/session.c')

diff --git a/source4/torture/smb2/session.c b/source4/torture/smb2/session.c
index 85fbdfd81f..1f27222c9b 100644
--- a/source4/torture/smb2/session.c
+++ b/source4/torture/smb2/session.c
@@ -501,6 +501,233 @@ done:
 	return ret;
 }
 
+/**
+ * test renaming after reauth.
+ * compare security descriptors before and after rename/reauth
+ */
+bool test_session_reauth5(struct torture_context *tctx, struct smb2_tree *tree)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	char fname[256];
+	char fname2[256];
+	struct smb2_handle _h1;
+	struct smb2_handle *h1 = NULL;
+	struct smb2_create io1;
+	bool ret = true;
+	union smb_fileinfo qfinfo;
+	union smb_setfileinfo sfinfo;
+	struct cli_credentials *anon_creds = NULL;
+	uint32_t secinfo_flags = SECINFO_OWNER
+				| SECINFO_GROUP
+				| SECINFO_DACL
+				| SECINFO_PROTECTED_DACL
+				| SECINFO_UNPROTECTED_DACL;
+	struct security_descriptor *sd1, *sd2, sd3;
+	struct security_ace ace;
+	struct dom_sid *extra_sid;
+
+	/* Add some random component to the file name. */
+	snprintf(fname, 256, "session_reauth5_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname);
+
+	smb2_oplock_create_share(&io1, fname,
+				 smb2_util_share_access(""),
+				 smb2_util_oplock_level("b"));
+
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
+
+	/* get the security descriptor */
+
+	ZERO_STRUCT(qfinfo);
+
+	qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	qfinfo.query_secdesc.in.file.handle = _h1;
+	qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
+
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	sd1 = qfinfo.query_secdesc.out.sd;
+
+	/* re-authenticate as anonymous */
+
+	anon_creds = cli_credentials_init_anon(mem_ctx);
+	torture_assert(tctx, (anon_creds != NULL), "talloc error");
+
+	status = smb2_session_setup_spnego(tree->session,
+					   anon_creds,
+					   0 /* previous_session_id */);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* try to rename the file: fails */
+
+	snprintf(fname2, 256, "session_reauth5.2_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname2);
+
+	ZERO_STRUCT(sfinfo);
+	sfinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sfinfo.rename_information.in.file.handle = _h1;
+	sfinfo.rename_information.in.overwrite = true;
+	sfinfo.rename_information.in.new_name = fname2;
+
+	status = smb2_setinfo_file(tree, &sfinfo);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	/* re-authenticate as original user again */
+
+	status = smb2_session_setup_spnego(tree->session,
+					   cmdline_credentials,
+					   0 /* previous_session_id */);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* give full access on the file to anonymous */
+
+	extra_sid = dom_sid_parse_talloc(tctx, SID_NT_ANONYMOUS);
+
+	ZERO_STRUCT(ace);
+	ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+	ace.flags = 0;
+	ace.access_mask = SEC_STD_ALL | SEC_FILE_ALL;
+	ace.trustee = *extra_sid;
+
+	status = security_descriptor_dacl_add(sd1, &ace);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(sfinfo);
+	sfinfo.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+	sfinfo.set_secdesc.in.file.handle = _h1;
+	sfinfo.set_secdesc.in.secinfo_flags = secinfo_flags;
+	sfinfo.set_secdesc.in.sd = sd1;
+
+	status = smb2_setinfo_file(tree, &sfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* re-get the security descriptor */
+
+	ZERO_STRUCT(qfinfo);
+
+	qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	qfinfo.query_secdesc.in.file.handle = _h1;
+	qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
+
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* re-authenticate as anonymous - again */
+
+	anon_creds = cli_credentials_init_anon(mem_ctx);
+	torture_assert(tctx, (anon_creds != NULL), "talloc error");
+
+	status = smb2_session_setup_spnego(tree->session,
+					   anon_creds,
+					   0 /* previous_session_id */);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* try to rename the file: fails */
+
+	snprintf(fname2, 256, "session_reauth3.2_%s.dat",
+		 generate_random_str(tctx, 8));
+
+	smb2_util_unlink(tree, fname2);
+
+	ZERO_STRUCT(sfinfo);
+	sfinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sfinfo.rename_information.in.file.handle = _h1;
+	sfinfo.rename_information.in.overwrite = true;
+	sfinfo.rename_information.in.new_name = fname2;
+
+	status = smb2_setinfo_file(tree, &sfinfo);
+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+	/* re-authenticate as original user - again */
+
+	status = smb2_session_setup_spnego(tree->session,
+					   cmdline_credentials,
+					   0 /* previous_session_id */);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* rename the file - for verification that it works */
+
+	ZERO_STRUCT(sfinfo);
+	sfinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
+	sfinfo.rename_information.in.file.handle = _h1;
+	sfinfo.rename_information.in.overwrite = true;
+	sfinfo.rename_information.in.new_name = fname2;
+
+	status = smb2_setinfo_file(tree, &sfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	/* closs the file, check it is gone and reopen under the new name */
+
+	smb2_util_close(tree, _h1);
+
+	ZERO_STRUCT(io1);
+
+	smb2_generic_create_share(&io1,
+				  NULL /* lease */, false /* dir */,
+				  fname,
+				  NTCREATEX_DISP_OPEN,
+				  smb2_util_share_access(""),
+				  smb2_util_oplock_level("b"),
+				  0 /* leasekey */, 0 /* leasestate */);
+
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
+	ZERO_STRUCT(io1);
+
+	smb2_generic_create_share(&io1,
+				  NULL /* lease */, false /* dir */,
+				  fname2,
+				  NTCREATEX_DISP_OPEN,
+				  smb2_util_share_access(""),
+				  smb2_util_oplock_level("b"),
+				  0 /* leasekey */, 0 /* leasestate */);
+
+	status = smb2_create(tree, mem_ctx, &io1);
+	CHECK_STATUS(status, NT_STATUS_OK);
+	_h1 = io1.out.file.handle;
+	h1 = &_h1;
+	CHECK_CREATED(&io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
+	CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
+
+	/* try to access the file via the old handle */
+
+	ZERO_STRUCT(qfinfo);
+
+	qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	qfinfo.query_secdesc.in.file.handle = _h1;
+	qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
+
+	status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	sd2 = qfinfo.query_secdesc.out.sd;
+
+done:
+	if (h1 != NULL) {
+		smb2_util_close(tree, *h1);
+	}
+
+	smb2_util_unlink(tree, fname);
+
+	talloc_free(tree);
+
+	talloc_free(mem_ctx);
+
+	return ret;
+}
+
 struct torture_suite *torture_smb2_session_init(void)
 {
 	struct torture_suite *suite =
@@ -511,6 +738,7 @@ struct torture_suite *torture_smb2_session_init(void)
 	torture_suite_add_1smb2_test(suite, "reauth2", test_session_reauth2);
 	torture_suite_add_1smb2_test(suite, "reauth3", test_session_reauth3);
 	torture_suite_add_1smb2_test(suite, "reauth4", test_session_reauth4);
+	torture_suite_add_1smb2_test(suite, "reauth5", test_session_reauth5);
 
 	suite->description = talloc_strdup(suite, "SMB2-SESSION tests");
 
-- 
cgit