/* Unix SMB/CIFS implementation. openattr tester Copyright (C) Andrew Tridgell 2003 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include "includes.h" #include "libcli/libcli.h" #include "torture/util.h" #include "system/filesys.h" #include "libcli/security/secace.h" #include "torture/basic/proto.h" extern int torture_failures; #define CHECK_MAX_FAILURES(label) do { if (++failures >= torture_failures) goto label; } while (0) static const uint32_t open_attrs_table[] = { FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_READONLY, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_HIDDEN,FILE_ATTRIBUTE_SYSTEM, }; struct trunc_open_results { unsigned int num; uint32_t init_attr; uint32_t trunc_attr; uint32_t result_attr; }; static const struct trunc_open_results attr_results[] = { { 0, FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_ARCHIVE }, { 1, FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_ARCHIVE }, { 2, FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_READONLY, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY }, { 16, FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_ARCHIVE }, { 17, FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_ARCHIVE }, { 18, FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_READONLY, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY }, { 51, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN }, { 54, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN }, { 56, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN }, { 68, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM }, { 71, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM }, { 73, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM }, { 99, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_HIDDEN,FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN }, { 102, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN }, { 104, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN }, { 116, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM }, { 119, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM }, { 121, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM }, { 170, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN }, { 173, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM }, { 227, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN }, { 230, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_HIDDEN }, { 232, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN }, { 244, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM }, { 247, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_SYSTEM }, { 249, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM } }; bool torture_openattrtest(struct torture_context *tctx, struct smbcli_state *cli1) { const char *fname = "\\openattr.file"; int fnum1; uint16_t attr; unsigned int i, j, k, l; int failures = 0; for (k = 0, i = 0; i < sizeof(open_attrs_table)/sizeof(uint32_t); i++) { smbcli_setatr(cli1->tree, fname, 0, 0); smbcli_unlink(cli1->tree, fname); fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_FILE_WRITE_DATA, open_attrs_table[i], NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0); torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open %d (1) of %s failed (%s)", i, fname, smbcli_errstr(cli1->tree))); torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1), talloc_asprintf(tctx, "close %d (1) of %s failed (%s)", i, fname, smbcli_errstr(cli1->tree))); for (j = 0; j < ARRAY_SIZE(open_attrs_table); j++) { fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_FILE_READ_DATA| SEC_FILE_WRITE_DATA, open_attrs_table[j], NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE, 0, 0); if (fnum1 == -1) { for (l = 0; l < ARRAY_SIZE(attr_results); l++) { if (attr_results[l].num == k) { torture_result(tctx, TORTURE_FAIL, "[%d] trunc open 0x%x -> 0x%x of %s failed - should have succeeded !(%s)", k, open_attrs_table[i], open_attrs_table[j], fname, smbcli_errstr(cli1->tree)); CHECK_MAX_FAILURES(error_exit); } } torture_assert_ntstatus_equal(tctx, smbcli_nt_error(cli1->tree), NT_STATUS_ACCESS_DENIED, talloc_asprintf(tctx, "[%d] trunc open 0x%x -> 0x%x failed with wrong error code %s", k, open_attrs_table[i], open_attrs_table[j], smbcli_errstr(cli1->tree))); CHECK_MAX_FAILURES(error_exit); #if 0 torture_comment(tctx, "[%d] trunc open 0x%x -> 0x%x failed\n", k, open_attrs_table[i], open_attrs_table[j]); #endif k++; continue; } torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1), talloc_asprintf(tctx, "close %d (2) of %s failed (%s)", j, fname, smbcli_errstr(cli1->tree))); torture_assert_ntstatus_ok(tctx, smbcli_getatr(cli1->tree, fname, &attr, NULL, NULL), talloc_asprintf(tctx, "getatr(2) failed (%s)", smbcli_errstr(cli1->tree))); #if 0 torture_comment(tctx, "[%d] getatr check [0x%x] trunc [0x%x] got attr 0x%x\n", k, open_attrs_table[i], open_attrs_table[j], attr ); #endif for (l = 0; l < ARRAY_SIZE(attr_results); l++) { if (attr_results[l].num == k) { if (attr != attr_results[l].result_attr || open_attrs_table[i] != attr_results[l].init_attr || open_attrs_table[j] != attr_results[l].trunc_attr) { torture_result(tctx, TORTURE_FAIL, "[%d] getatr check failed. [0x%x] trunc [0x%x] got attr 0x%x, should be 0x%x", k, open_attrs_table[i], open_attrs_table[j], (unsigned int)attr, attr_results[l].result_attr); CHECK_MAX_FAILURES(error_exit); } break; } } k++; } } error_exit: smbcli_setatr(cli1->tree, fname, 0, 0); smbcli_unlink(cli1->tree, fname); return true; } bool torture_winattrtest(struct torture_context *tctx, struct smbcli_state *cli1) { const char *fname = "\\winattr1.file"; const char *dname = "\\winattr1.dir"; int fnum1; uint16_t attr; uint16_t j; uint32_t aceno; int failures = 0; union smb_fileinfo query, query_org; NTSTATUS status; struct security_descriptor *sd1, *sd2; /* Test winattrs for file */ smbcli_unlink(cli1->tree, fname); /* Open a file*/ fnum1 = smbcli_open(cli1->tree, fname, O_RDWR | O_CREAT | O_TRUNC, DENY_NONE); torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open(1) of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree))); /* Get security descriptor and store it*/ query_org.generic.level = RAW_FILEINFO_SEC_DESC; query_org.generic.in.file.fnum = fnum1; status = smb_raw_fileinfo(cli1->tree, tctx, &query_org); if(!NT_STATUS_IS_OK(status)){ torture_comment(tctx, "smb_raw_fileinfo(1) of %s failed (%s)\n", fname, nt_errstr(status)); torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1), talloc_asprintf(tctx, "close(1) of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree))); CHECK_MAX_FAILURES(error_exit_file); } sd1 = query_org.query_secdesc.out.sd; torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1), talloc_asprintf(tctx, "close(1) of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree))); /*Set and get attributes*/ for (j = 0; j < ARRAY_SIZE(open_attrs_table); j++) { torture_assert_ntstatus_ok(tctx, smbcli_setatr(cli1->tree, fname, open_attrs_table[j],0), talloc_asprintf(tctx, "setatr(2) failed (%s)", smbcli_errstr(cli1->tree))); torture_assert_ntstatus_ok(tctx, smbcli_getatr(cli1->tree, fname, &attr, NULL, NULL), talloc_asprintf(tctx, "getatr(2) failed (%s)", smbcli_errstr(cli1->tree))); /* Check the result */ if((j == 0)&&(attr != FILE_ATTRIBUTE_ARCHIVE)){ torture_comment(tctx, "getatr check failed. \ Attr applied [0x%x], got attr [0x%x], \ should be [0x%x]", open_attrs_table[j], (uint16_t)attr,open_attrs_table[j +1]); CHECK_MAX_FAILURES(error_exit_file); }else{ if((j != 0) &&(attr != open_attrs_table[j])){ torture_comment(tctx, "getatr check failed. \ Attr applied [0x%x],got attr 0x%x, \ should be 0x%x ", open_attrs_table[j], (uint16_t)attr, open_attrs_table[j]); CHECK_MAX_FAILURES(error_exit_file); } } fnum1 = smbcli_open(cli1->tree, fname, O_RDONLY | O_CREAT, DENY_NONE); torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open(2) of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree))); /*Get security descriptor */ query.query_secdesc.level = RAW_FILEINFO_SEC_DESC; query.query_secdesc.in.file.fnum = fnum1; status = smb_raw_fileinfo(cli1->tree, tctx, &query); if(!NT_STATUS_IS_OK(status)){ torture_comment(tctx, "smb_raw_fileinfo(2) of %s failed (%s)\n", fname, nt_errstr(status)); torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1), talloc_asprintf(tctx, "close(2) of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree))); CHECK_MAX_FAILURES(error_exit_file); } sd2 = query.query_secdesc.out.sd; torture_assert_ntstatus_ok(tctx,smbcli_close(cli1->tree,fnum1), talloc_asprintf(tctx, "close(2) of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree))); /*Compare security descriptors -- Must be same*/ for (aceno=0;(sd1->dacl&&aceno < sd1->dacl->num_aces);aceno++){ struct security_ace *ace1 = &sd1->dacl->aces[aceno]; struct security_ace *ace2 = &sd2->dacl->aces[aceno]; if(!sec_ace_equal(ace1,ace2)){ torture_comment(tctx, "ACLs changed! Not expected!\n"); CHECK_MAX_FAILURES(error_exit_file); } } torture_comment(tctx, "[%d] setattr = [0x%x] got attr 0x%x\n", j, open_attrs_table[j], attr ); } error_exit_file: smbcli_setatr(cli1->tree, fname, 0, 0); smbcli_unlink(cli1->tree, fname); /* Check for Directory. */ smbcli_deltree(cli1->tree, dname); smbcli_rmdir(cli1->tree,dname); /* Open a directory */ fnum1 = smbcli_nt_create_full(cli1->tree, dname, 0, SEC_RIGHTS_DIR_ALL, FILE_ATTRIBUTE_DIRECTORY, NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OPEN_IF, NTCREATEX_OPTIONS_DIRECTORY, 0); /*smbcli_mkdir(cli1->tree,dname);*/ torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open (1) of %s failed (%s)", dname, smbcli_errstr(cli1->tree))); /* Get Security Descriptor */ query_org.generic.level = RAW_FILEINFO_SEC_DESC; query_org.generic.in.file.fnum = fnum1; status = smb_raw_fileinfo(cli1->tree, tctx, &query_org); if(!NT_STATUS_IS_OK(status)){ torture_comment(tctx, "smb_raw_fileinfo(1) of %s failed (%s)\n", dname, nt_errstr(status)); torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1), talloc_asprintf(tctx, "close(1) of %s failed (%s)\n", dname, smbcli_errstr(cli1->tree))); CHECK_MAX_FAILURES(error_exit_dir); } sd1 = query_org.query_secdesc.out.sd; torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1), talloc_asprintf(tctx, "close (1) of %s failed (%s)", dname, smbcli_errstr(cli1->tree))); /* Set and get win attributes*/ for (j = 1; j < ARRAY_SIZE(open_attrs_table); j++) { torture_assert_ntstatus_ok(tctx, smbcli_setatr(cli1->tree, dname, open_attrs_table[j], 0), talloc_asprintf(tctx, "setatr(2) failed (%s)", smbcli_errstr(cli1->tree))); torture_assert_ntstatus_ok(tctx, smbcli_getatr(cli1->tree, dname, &attr, NULL, NULL), talloc_asprintf(tctx, "getatr(2) failed (%s)", smbcli_errstr(cli1->tree))); torture_comment(tctx, "[%d] setatt = [0x%x] got attr 0x%x\n", j, open_attrs_table[j], attr ); /* Check the result */ if(attr != (open_attrs_table[j]|FILE_ATTRIBUTE_DIRECTORY)){ torture_comment(tctx, "getatr check failed. set attr \ [0x%x], got attr 0x%x, should be 0x%x\n", open_attrs_table[j], (uint16_t)attr, (unsigned int)(open_attrs_table[j]|FILE_ATTRIBUTE_DIRECTORY)); CHECK_MAX_FAILURES(error_exit_dir); } fnum1 = smbcli_nt_create_full(cli1->tree, dname, 0, SEC_RIGHTS_DIR_READ, FILE_ATTRIBUTE_DIRECTORY, NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OPEN, 0,0); torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "open (2) of %s failed (%s)", dname, smbcli_errstr(cli1->tree))); /* Get security descriptor */ query.generic.level = RAW_FILEINFO_SEC_DESC; query.generic.in.file.fnum = fnum1; status = smb_raw_fileinfo(cli1->tree, tctx, &query); if(!NT_STATUS_IS_OK(status)){ torture_comment(tctx, "smb_raw_fileinfo(2) of %s failed\ (%s)\n", dname, nt_errstr(status)); torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1), talloc_asprintf(tctx, "close (2) of %s failed (%s)", dname, smbcli_errstr(cli1->tree))); CHECK_MAX_FAILURES(error_exit_dir); } sd2 = query.query_secdesc.out.sd; torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1), talloc_asprintf(tctx, "close (2) of %s failed (%s)", dname, smbcli_errstr(cli1->tree))); /* Security descriptor must be same*/ for (aceno=0;(sd1->dacl&&aceno < sd1->dacl->num_aces);aceno++){ struct security_ace *ace1 = &sd1->dacl->aces[aceno]; struct security_ace *ace2 = &sd2->dacl->aces[aceno]; if(!sec_ace_equal(ace1,ace2)){ torture_comment(tctx, "ACLs changed! Not expected!\n"); CHECK_MAX_FAILURES(error_exit_dir); } } } error_exit_dir: smbcli_deltree(cli1->tree, dname); smbcli_rmdir(cli1->tree,dname); if(failures) return false; return true; }