search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
torture: Fix uninitialized variables
[Samba.git] / source4 / torture / vfs / acl_xattr.c
blob676d01221b0d07aaa75f3b86764368cf6b68a8fd
1 /*
2 Unix SMB/CIFS implementation.
3
4 Copyright (C) Ralph Boehme 2016
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "lib/cmdline/popt_common.h"
22 #include "libcli/smb2/smb2.h"
23 #include "libcli/smb2/smb2_calls.h"
24 #include "libcli/smb/smbXcli_base.h"
25 #include "torture/torture.h"
26 #include "torture/vfs/proto.h"
27 #include "libcli/resolve/resolve.h"
28 #include "torture/util.h"
29 #include "torture/smb2/proto.h"
30 #include "libcli/security/security.h"
31 #include "librpc/gen_ndr/ndr_security.h"
32 #include "lib/param/param.h"
33
34 #define BASEDIR "smb2-testsd"
35
36 #define CHECK_SECURITY_DESCRIPTOR(_sd1, _sd2) do { \
37 if (!security_descriptor_equal(_sd1, _sd2)) { \
38 torture_warning(tctx, "security descriptors don't match!\n"); \
39 torture_warning(tctx, "got:\n"); \
40 NDR_PRINT_DEBUG(security_descriptor, _sd1); \
41 torture_warning(tctx, "expected:\n"); \
42 NDR_PRINT_DEBUG(security_descriptor, _sd2); \
43 torture_result(tctx, TORTURE_FAIL, \
44 "%s: security descriptors don't match!\n", \
45 __location__); \
46 ret = false; \
47 } \
48 } while (0)
49
50 /**
51 * SMB2 connect with explicit share
52 **/
53 static bool torture_smb2_con_share(struct torture_context *tctx,
54 const char *share,
55 struct smb2_tree **tree)
56 {
57 struct smbcli_options options;
58 NTSTATUS status;
59 const char *host = torture_setting_string(tctx, "host", NULL);
60 struct cli_credentials *credentials = cmdline_credentials;
61
62 lpcfg_smbcli_options(tctx->lp_ctx, &options);
63
64 status = smb2_connect_ext(tctx,
65 host,
66 lpcfg_smb_ports(tctx->lp_ctx),
67 share,
68 lpcfg_resolve_context(tctx->lp_ctx),
69 credentials,
70 0,
71 tree,
72 tctx->ev,
73 &options,
74 lpcfg_socket_options(tctx->lp_ctx),
75 lpcfg_gensec_settings(tctx, tctx->lp_ctx)
76 );
77 if (!NT_STATUS_IS_OK(status)) {
78 printf("Failed to connect to SMB2 share \\\\%s\\%s - %s\n",
79 host, share, nt_errstr(status));
80 return false;
81 }
82 return true;
83 }
84
85 static bool test_default_acl_posix(struct torture_context *tctx,
86 struct smb2_tree *tree_unused)
87 {
88 struct smb2_tree *tree = NULL;
89 NTSTATUS status;
90 bool ok;
91 bool ret = true;
92 const char *dname = BASEDIR "\\testdir";
93 const char *fname = BASEDIR "\\testdir\\testfile";
94 struct smb2_handle fhandle = {{0}};
95 struct smb2_handle dhandle = {{0}};
96 union smb_fileinfo q;
97 union smb_setfileinfo set;
98 struct security_descriptor *sd = NULL;
99 struct security_descriptor *exp_sd = NULL;
100 char *owner_sid = NULL;
101 char *group_sid = NULL;
102
103 ok = torture_smb2_con_share(tctx, "acl_xattr_ign_sysacl_posix", &tree);
104 torture_assert_goto(tctx, ok == true, ret, done,
105 "Unable to connect to 'acl_xattr_ign_sysacl_posix'\n");
106
107 ok = smb2_util_setup_dir(tctx, tree, BASEDIR);
108 torture_assert_goto(tctx, ok == true, ret, done, "Unable to setup testdir\n");
109
110 ZERO_STRUCT(dhandle);
111 status = torture_smb2_testdir(tree, dname, &dhandle);
112 torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "torture_smb2_testdir\n");
113
114 torture_comment(tctx, "Get the original sd\n");
115
116 ZERO_STRUCT(q);
117 q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
118 q.query_secdesc.in.file.handle = dhandle;
119 q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER | SECINFO_GROUP;
120 status = smb2_getinfo_file(tree, tctx, &q);
121 torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_getinfo_file\n");
122
123 sd = q.query_secdesc.out.sd;
124 owner_sid = dom_sid_string(tctx, sd->owner_sid);
125 group_sid = dom_sid_string(tctx, sd->group_sid);
126 torture_comment(tctx, "owner [%s] group [%s]\n", owner_sid, group_sid);
127
128 torture_comment(tctx, "Set ACL with no inheritable ACE\n");
129
130 sd = security_descriptor_dacl_create(tctx,
131 0, NULL, NULL,
132 owner_sid,
133 SEC_ACE_TYPE_ACCESS_ALLOWED,
134 SEC_RIGHTS_DIR_ALL,
135 0,
136 NULL);
137
138 ZERO_STRUCT(set);
139 set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
140 set.set_secdesc.in.file.handle = dhandle;
141 set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
142 set.set_secdesc.in.sd = sd;
143 status = smb2_setinfo_file(tree, &set);
144 torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_setinfo_file\n");
145
146 TALLOC_FREE(sd);
147 smb2_util_close(tree, dhandle);
148
149 torture_comment(tctx, "Create file\n");
150
151 ZERO_STRUCT(fhandle);
152 status = torture_smb2_testfile(tree, fname, &fhandle);
153 torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create_complex_file\n");
154
155 torture_comment(tctx, "Query file SD\n");
156
157 ZERO_STRUCT(q);
158 q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
159 q.query_secdesc.in.file.handle = fhandle;
160 q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER | SECINFO_GROUP;
161 status = smb2_getinfo_file(tree, tctx, &q);
162 torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_getinfo_file\n");
163 sd = q.query_secdesc.out.sd;
164
165 smb2_util_close(tree, fhandle);
166 ZERO_STRUCT(fhandle);
167
168 torture_comment(tctx, "Checking actual file SD against expected SD\n");
169
170 exp_sd = security_descriptor_dacl_create(
171 tctx, 0, owner_sid, group_sid,
172 owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_RIGHTS_FILE_ALL, 0,
173 group_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, FILE_GENERIC_READ|FILE_GENERIC_WRITE|FILE_GENERIC_EXECUTE, 0,
174 SID_WORLD, SEC_ACE_TYPE_ACCESS_ALLOWED, FILE_GENERIC_READ|FILE_GENERIC_WRITE|FILE_GENERIC_EXECUTE, 0,
175 SID_NT_SYSTEM, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_RIGHTS_FILE_ALL, 0,
176 NULL);
177
178 CHECK_SECURITY_DESCRIPTOR(sd, exp_sd);
179
180 done:
181 if (!smb2_util_handle_empty(fhandle)) {
182 smb2_util_close(tree, fhandle);
183 }
184 if (!smb2_util_handle_empty(dhandle)) {
185 smb2_util_close(tree, dhandle);
186 }
187 if (tree != NULL) {
188 smb2_deltree(tree, BASEDIR);
189 smb2_tdis(tree);
190 }
191
192 return ret;
193 }
194
195 static bool test_default_acl_win(struct torture_context *tctx,
196 struct smb2_tree *tree_unused)
197 {
198 struct smb2_tree *tree = NULL;
199 NTSTATUS status;
200 bool ok;
201 bool ret = true;
202 const char *dname = BASEDIR "\\testdir";
203 const char *fname = BASEDIR "\\testdir\\testfile";
204 struct smb2_handle fhandle = {{0}};
205 struct smb2_handle dhandle = {{0}};
206 union smb_fileinfo q;
207 union smb_setfileinfo set;
208 struct security_descriptor *sd = NULL;
209 struct security_descriptor *exp_sd = NULL;
210 char *owner_sid = NULL;
211 char *group_sid = NULL;
212
213 ok = torture_smb2_con_share(tctx, "acl_xattr_ign_sysacl_windows", &tree);
214 torture_assert_goto(tctx, ok == true, ret, done,
215 "Unable to connect to 'acl_xattr_ign_sysacl_windows'\n");
216
217 ok = smb2_util_setup_dir(tctx, tree, BASEDIR);
218 torture_assert_goto(tctx, ok == true, ret, done, "Unable to setup testdir\n");
219
220 ZERO_STRUCT(dhandle);
221 status = torture_smb2_testdir(tree, dname, &dhandle);
222 torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "torture_smb2_testdir\n");
223
224 torture_comment(tctx, "Get the original sd\n");
225
226 ZERO_STRUCT(q);
227 q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
228 q.query_secdesc.in.file.handle = dhandle;
229 q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER | SECINFO_GROUP;
230 status = smb2_getinfo_file(tree, tctx, &q);
231 torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_getinfo_file\n");
232
233 sd = q.query_secdesc.out.sd;
234 owner_sid = dom_sid_string(tctx, sd->owner_sid);
235 group_sid = dom_sid_string(tctx, sd->group_sid);
236 torture_comment(tctx, "owner [%s] group [%s]\n", owner_sid, group_sid);
237
238 torture_comment(tctx, "Set ACL with no inheritable ACE\n");
239
240 sd = security_descriptor_dacl_create(tctx,
241 0, NULL, NULL,
242 owner_sid,
243 SEC_ACE_TYPE_ACCESS_ALLOWED,
244 SEC_RIGHTS_DIR_ALL,
245 0,
246 NULL);
247
248 ZERO_STRUCT(set);
249 set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
250 set.set_secdesc.in.file.handle = dhandle;
251 set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
252 set.set_secdesc.in.sd = sd;
253 status = smb2_setinfo_file(tree, &set);
254 torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_setinfo_file\n");
255
256 TALLOC_FREE(sd);
257 smb2_util_close(tree, dhandle);
258
259 torture_comment(tctx, "Create file\n");
260
261 ZERO_STRUCT(fhandle);
262 status = torture_smb2_testfile(tree, fname, &fhandle);
263 torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_create_complex_file\n");
264
265 torture_comment(tctx, "Query file SD\n");
266
267 ZERO_STRUCT(q);
268 q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
269 q.query_secdesc.in.file.handle = fhandle;
270 q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER | SECINFO_GROUP;
271 status = smb2_getinfo_file(tree, tctx, &q);
272 torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_getinfo_file\n");
273 sd = q.query_secdesc.out.sd;
274
275 smb2_util_close(tree, fhandle);
276 ZERO_STRUCT(fhandle);
277
278 torture_comment(tctx, "Checking actual file SD against expected SD\n");
279
280 exp_sd = security_descriptor_dacl_create(
281 tctx, 0, owner_sid, group_sid,
282 owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_RIGHTS_FILE_ALL, 0,
283 SID_NT_SYSTEM, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_RIGHTS_FILE_ALL, 0,
284 NULL);
285
286 CHECK_SECURITY_DESCRIPTOR(sd, exp_sd);
287
288 done:
289 if (!smb2_util_handle_empty(fhandle)) {
290 smb2_util_close(tree, fhandle);
291 }
292 if (!smb2_util_handle_empty(dhandle)) {
293 smb2_util_close(tree, dhandle);
294 }
295 if (tree != NULL) {
296 smb2_deltree(tree, BASEDIR);
297 smb2_tdis(tree);
298 }
299
300 return ret;
301 }
302
303 /*
304 basic testing of vfs_acl_xattr
305 */
306 struct torture_suite *torture_acl_xattr(void)
307 {
308 struct torture_suite *suite = torture_suite_create(talloc_autofree_context(), "acl_xattr");
309
310 torture_suite_add_1smb2_test(suite, "default-acl-style-posix", test_default_acl_posix);
311 torture_suite_add_1smb2_test(suite, "default-acl-style-windows", test_default_acl_win);
312
313 suite->description = talloc_strdup(suite, "vfs_acl_xattr tests");
314
315 return suite;
316 }
Samba GIT mirror