search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix samba3.raw.samba3hide test - ensure we set up POSIX capabilities
[Samba.git] / source4 / torture / raw / samba3hide.c
blobc3a572c21cf7608af0d7ad201b914b2fffe64768
1 /*
2 Unix SMB/CIFS implementation.
3 Test samba3 hide unreadable/unwriteable
4 Copyright (C) Volker Lendecke 2006
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "system/time.h"
22 #include "system/filesys.h"
23 #include "libcli/libcli.h"
24 #include "torture/util.h"
25 #include "torture/raw/proto.h"
26
27 static void init_unixinfo_nochange(union smb_setfileinfo *info)
28 {
29 ZERO_STRUCTP(info);
30 info->unix_basic.level = RAW_SFILEINFO_UNIX_BASIC;
31 info->unix_basic.in.mode = SMB_MODE_NO_CHANGE;
32
33 info->unix_basic.in.end_of_file = SMB_SIZE_NO_CHANGE_HI;
34 info->unix_basic.in.end_of_file <<= 32;
35 info->unix_basic.in.end_of_file |= SMB_SIZE_NO_CHANGE_LO;
36
37 info->unix_basic.in.num_bytes = SMB_SIZE_NO_CHANGE_HI;
38 info->unix_basic.in.num_bytes <<= 32;
39 info->unix_basic.in.num_bytes |= SMB_SIZE_NO_CHANGE_LO;
40
41 info->unix_basic.in.status_change_time = SMB_TIME_NO_CHANGE_HI;
42 info->unix_basic.in.status_change_time <<= 32;
43 info->unix_basic.in.status_change_time |= SMB_TIME_NO_CHANGE_LO;
44
45 info->unix_basic.in.access_time = SMB_TIME_NO_CHANGE_HI;
46 info->unix_basic.in.access_time <<= 32;
47 info->unix_basic.in.access_time |= SMB_TIME_NO_CHANGE_LO;
48
49 info->unix_basic.in.change_time = SMB_TIME_NO_CHANGE_HI;
50 info->unix_basic.in.change_time <<= 32;
51 info->unix_basic.in.change_time |= SMB_TIME_NO_CHANGE_LO;
52
53 info->unix_basic.in.uid = SMB_UID_NO_CHANGE;
54 info->unix_basic.in.gid = SMB_GID_NO_CHANGE;
55 }
56
57 struct list_state {
58 const char *fname;
59 bool visible;
60 };
61
62 static void set_visible(struct clilist_file_info *i, const char *mask,
63 void *priv)
64 {
65 struct list_state *state = (struct list_state *)priv;
66
67 if (strcasecmp_m(state->fname, i->name) == 0)
68 state->visible = true;
69 }
70
71 static bool is_visible(struct smbcli_tree *tree, const char *fname)
72 {
73 struct list_state state;
74
75 state.visible = false;
76 state.fname = fname;
77
78 if (smbcli_list(tree, "*.*", 0, set_visible, &state) < 0) {
79 return false;
80 }
81 return state.visible;
82 }
83
84 static bool is_readable(struct smbcli_tree *tree, const char *fname)
85 {
86 int fnum;
87 fnum = smbcli_open(tree, fname, O_RDONLY, DENY_NONE);
88 if (fnum < 0) {
89 return false;
90 }
91 smbcli_close(tree, fnum);
92 return true;
93 }
94
95 static bool is_writeable(TALLOC_CTX *mem_ctx, struct smbcli_tree *tree,
96 const char *fname)
97 {
98 int fnum;
99 fnum = smbcli_open(tree, fname, O_WRONLY, DENY_NONE);
100 if (fnum < 0) {
101 return false;
102 }
103 smbcli_close(tree, fnum);
104 return true;
105 }
106
107 /*
108 * This is not an exact method because there's a ton of reasons why a getatr
109 * might fail. But for our purposes it's sufficient.
110 */
111
112 static bool smbcli_file_exists(struct smbcli_tree *tree, const char *fname)
113 {
114 return NT_STATUS_IS_OK(smbcli_getatr(tree, fname, NULL, NULL, NULL));
115 }
116
117 static NTSTATUS smbcli_setup_unix(struct smbcli_tree *tree)
118 {
119 union smb_fsinfo fsinfo;
120 union smb_setfsinfo set_fsinfo;
121 NTSTATUS status;
122
123 ZERO_STRUCT(fsinfo);
124 ZERO_STRUCT(set_fsinfo);
125
126 fsinfo.generic.level = RAW_QFS_UNIX_INFO;
127 status = smb_raw_fsinfo(tree, NULL, &fsinfo);
128 if (!NT_STATUS_IS_OK(status)) {
129 printf("smb_raw_fsinfo failed %s\n",
130 nt_errstr(status));
131 return status;
132 }
133
134 set_fsinfo.generic.level = RAW_SETFS_UNIX_INFO;
135 set_fsinfo.unix_info.in.major_version = fsinfo.unix_info.out.major_version;
136 set_fsinfo.unix_info.in.minor_version = fsinfo.unix_info.out.minor_version;
137 set_fsinfo.unix_info.in.capability = fsinfo.unix_info.out.capability;
138
139 status = smb_raw_setfsinfo(tree, NULL, &set_fsinfo);
140 if (!NT_STATUS_IS_OK(status)) {
141 printf("smb_raw_setfsinfo failed %s\n",
142 nt_errstr(status));
143 }
144 return status;
145 }
146
147 static NTSTATUS smbcli_chmod(struct smbcli_tree *tree, const char *fname,
148 uint64_t permissions)
149 {
150 union smb_setfileinfo sfinfo;
151 init_unixinfo_nochange(&sfinfo);
152 sfinfo.unix_basic.in.file.path = fname;
153 sfinfo.unix_basic.in.permissions = permissions;
154 return smb_raw_setpathinfo(tree, &sfinfo);
155 }
156
157 bool torture_samba3_hide(struct torture_context *torture)
158 {
159 struct smbcli_state *cli;
160 const char *fname = "test.txt";
161 int fnum;
162 NTSTATUS status;
163 struct smbcli_tree *hideunread;
164 struct smbcli_tree *hideunwrite;
165
166 if (!torture_open_connection_share(
167 torture, &cli, torture, torture_setting_string(torture, "host", NULL),
168 torture_setting_string(torture, "share", NULL), torture->ev)) {
169 torture_fail(torture, "torture_open_connection_share failed\n");
170 }
171
172 status = smbcli_setup_unix(cli->tree);
173 if (!NT_STATUS_IS_OK(status)) {
174 torture_fail(torture,
175 talloc_asprintf(torture, "smbcli_setup_unix failed %s\n",
176 nt_errstr(status)));
177 }
178
179 status = torture_second_tcon(torture, cli->session, "hideunread",
180 &hideunread);
181 torture_assert_ntstatus_ok(torture, status, "second_tcon(hideunread) failed\n");
182
183 status = torture_second_tcon(torture, cli->session, "hideunwrite",
184 &hideunwrite);
185 torture_assert_ntstatus_ok(torture, status, "second_tcon(hideunwrite) failed\n");
186
187 status = smbcli_unlink(cli->tree, fname);
188 if (NT_STATUS_EQUAL(status, NT_STATUS_CANNOT_DELETE)) {
189 smbcli_setatr(cli->tree, fname, 0, -1);
190 smbcli_unlink(cli->tree, fname);
191 }
192
193 fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
194 if (fnum == -1) {
195 torture_fail(torture,
196 talloc_asprintf(torture, "Failed to create %s - %s\n", fname, smbcli_errstr(cli->tree)));
197 }
198
199 smbcli_close(cli->tree, fnum);
200
201 if (!smbcli_file_exists(cli->tree, fname)) {
202 torture_fail(torture, talloc_asprintf(torture, "%s does not exist\n", fname));
203 }
204
205 /* R/W file should be visible everywhere */
206
207 status = smbcli_chmod(cli->tree, fname, UNIX_R_USR|UNIX_W_USR);
208 torture_assert_ntstatus_ok(torture, status, "smbcli_chmod failed\n");
209
210 if (!is_writeable(torture, cli->tree, fname)) {
211 torture_fail(torture, "File not writable\n");
212 }
213 if (!is_readable(cli->tree, fname)) {
214 torture_fail(torture, "File not readable\n");
215 }
216 if (!is_visible(cli->tree, fname)) {
217 torture_fail(torture, "r/w file not visible via normal share\n");
218 }
219 if (!is_visible(hideunread, fname)) {
220 torture_fail(torture, "r/w file not visible via hide unreadable\n");
221 }
222 if (!is_visible(hideunwrite, fname)) {
223 torture_fail(torture, "r/w file not visible via hide unwriteable\n");
224 }
225
226 /* R/O file should not be visible via hide unwriteable files */
227
228 status = smbcli_chmod(cli->tree, fname, UNIX_R_USR);
229 torture_assert_ntstatus_ok(torture, status, "smbcli_chmod failed\n");
230
231 if (is_writeable(torture, cli->tree, fname)) {
232 torture_fail(torture, "r/o is writable\n");
233 }
234 if (!is_readable(cli->tree, fname)) {
235 torture_fail(torture, "r/o not readable\n");
236 }
237 if (!is_visible(cli->tree, fname)) {
238 torture_fail(torture, "r/o file not visible via normal share\n");
239 }
240 if (!is_visible(hideunread, fname)) {
241 torture_fail(torture, "r/o file not visible via hide unreadable\n");
242 }
243 if (is_visible(hideunwrite, fname)) {
244 torture_fail(torture, "r/o file visible via hide unwriteable\n");
245 }
246
247 /* inaccessible file should be only visible on normal share */
248
249 status = smbcli_chmod(cli->tree, fname, 0);
250 torture_assert_ntstatus_ok(torture, status, "smbcli_chmod failed\n");
251
252 if (is_writeable(torture, cli->tree, fname)) {
253 torture_fail(torture, "inaccessible file is writable\n");
254 }
255 if (is_readable(cli->tree, fname)) {
256 torture_fail(torture, "inaccessible file is readable\n");
257 }
258 if (!is_visible(cli->tree, fname)) {
259 torture_fail(torture, "inaccessible file not visible via normal share\n");
260 }
261 if (is_visible(hideunread, fname)) {
262 torture_fail(torture, "inaccessible file visible via hide unreadable\n");
263 }
264 if (is_visible(hideunwrite, fname)) {
265 torture_fail(torture, "inaccessible file visible via hide unwriteable\n");
266 }
267
268 smbcli_chmod(cli->tree, fname, UNIX_R_USR|UNIX_W_USR);
269 smbcli_unlink(cli->tree, fname);
270
271 return true;
272 }
273
274 /*
275 * Try to force smb_close to return an error. The only way I can think of is
276 * to open a file with delete on close, chmod the parent dir to 000 and then
277 * close. smb_close should return NT_STATUS_ACCESS_DENIED.
278 */
279
280 bool torture_samba3_closeerr(struct torture_context *tctx)
281 {
282 struct smbcli_state *cli = NULL;
283 bool result = false;
284 NTSTATUS status;
285 const char *dname = "closeerr.dir";
286 const char *fname = "closeerr.dir\\closerr.txt";
287 int fnum;
288
289 if (!torture_open_connection(&cli, tctx, 0)) {
290 goto fail;
291 }
292
293 smbcli_deltree(cli->tree, dname);
294
295 torture_assert_ntstatus_ok(
296 tctx, smbcli_mkdir(cli->tree, dname),
297 talloc_asprintf(tctx, "smbcli_mdir failed: (%s)\n",
298 smbcli_errstr(cli->tree)));
299
300 fnum = smbcli_open(cli->tree, fname, O_CREAT|O_RDWR,
301 DENY_NONE);
302 torture_assert(tctx, fnum != -1,
303 talloc_asprintf(tctx, "smbcli_open failed: %s\n",
304 smbcli_errstr(cli->tree)));
305 smbcli_close(cli->tree, fnum);
306
307 fnum = smbcli_nt_create_full(cli->tree, fname, 0,
308 SEC_RIGHTS_FILE_ALL,
309 FILE_ATTRIBUTE_NORMAL,
310 NTCREATEX_SHARE_ACCESS_DELETE,
311 NTCREATEX_DISP_OPEN, 0, 0);
312
313 torture_assert(tctx, fnum != -1,
314 talloc_asprintf(tctx, "smbcli_open failed: %s\n",
315 smbcli_errstr(cli->tree)));
316
317 status = smbcli_nt_delete_on_close(cli->tree, fnum, true);
318
319 torture_assert_ntstatus_ok(tctx, status,
320 "setting delete_on_close on file failed !");
321
322 status = smbcli_chmod(cli->tree, dname, 0);
323
324 torture_assert_ntstatus_ok(tctx, status,
325 "smbcli_chmod on file failed !");
326
327 status = smbcli_close(cli->tree, fnum);
328
329 smbcli_chmod(cli->tree, dname, UNIX_R_USR|UNIX_W_USR|UNIX_X_USR);
330 smbcli_deltree(cli->tree, dname);
331
332 torture_assert_ntstatus_equal(tctx, status, NT_STATUS_ACCESS_DENIED,
333 "smbcli_close");
334
335 result = true;
336
337 fail:
338 if (cli) {
339 torture_close_connection(cli);
340 }
341 return result;
342 }
Samba GIT mirror