s4-smbtorture: pin copychunk exec right behavior

Add tests that show copychunk behavior when the
source and dest handles have execute right instead
of read-data right.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit 5bf11f6f5b4dab4cba4b00674bcb76138fb55974)

2 files changed, 75 insertions, 25 deletions

diff --git a/selftest/knownfail b/selftest/knownfail
index 09b10a7a02d..2f9d0182e49 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -328,3 +328,7 @@
 #new read tests fail
 ^samba4.smb2.read.access
 ^samba3.smb2.read.access
+#new copychunk tests fail
+^samba4.smb2.ioctl.copy_chunk_bad_access
+^samba3.smb2.ioctl.copy_chunk_bad_access
+^samba3.smb2.ioctl fs_specific.copy_chunk_bad_access
diff --git a/source4/torture/smb2/ioctl.c b/source4/torture/smb2/ioctl.c
index 0aadca29b07..0aa37141526 100644
--- a/source4/torture/smb2/ioctl.c
+++ b/source4/torture/smb2/ioctl.c
@@ -1255,16 +1255,66 @@ static bool test_ioctl_copy_chunk_bad_access(struct torture_context *torture,
 	struct srv_copychunk_copy cc_copy;
 	enum ndr_err_code ndr_ret;
 	bool ok;
+	/* read permission on src */
+	ok = test_setup_copy_chunk(torture, tree, tmp_ctx, 1, /* 1 chunk */
+				   &src_h, 4096, /* fill 4096 byte src file */
+				   SEC_FILE_READ_DATA | SEC_FILE_READ_ATTRIBUTE,
+				   &dest_h, 0, /* 0 byte dest file */
+				   SEC_RIGHTS_FILE_ALL, &cc_copy, &ioctl);
+	if (!ok) {
+		torture_fail(torture, "setup copy chunk error");
+	}
 
-	/* no read permission on src */
-	ok = test_setup_copy_chunk(torture, tree, tmp_ctx,
-				   1, /* 1 chunk */
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 4096;
+
+	ndr_ret = ndr_push_struct_blob(
+	    &ioctl.smb2.in.out, tmp_ctx, &cc_copy,
+	    (ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
+				      "FSCTL_SRV_COPYCHUNK");
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+
+	/* execute permission on src */
+	ok = test_setup_copy_chunk(torture, tree, tmp_ctx, 1, /* 1 chunk */
 				   &src_h, 4096, /* fill 4096 byte src file */
-				   SEC_RIGHTS_FILE_WRITE,
-				   &dest_h, 0,	/* 0 byte dest file */
-				   SEC_RIGHTS_FILE_ALL,
-				   &cc_copy,
-				   &ioctl);
+				   SEC_FILE_EXECUTE | SEC_FILE_READ_ATTRIBUTE,
+				   &dest_h, 0, /* 0 byte dest file */
+				   SEC_RIGHTS_FILE_ALL, &cc_copy, &ioctl);
+	if (!ok) {
+		torture_fail(torture, "setup copy chunk error");
+	}
+
+	cc_copy.chunks[0].source_off = 0;
+	cc_copy.chunks[0].target_off = 0;
+	cc_copy.chunks[0].length = 4096;
+
+	ndr_ret = ndr_push_struct_blob(
+	    &ioctl.smb2.in.out, tmp_ctx, &cc_copy,
+	    (ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+	torture_assert_ndr_success(torture, ndr_ret,
+				   "ndr_push_srv_copychunk_copy");
+
+	status = smb2_ioctl(tree, tmp_ctx, &ioctl.smb2);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
+				      "FSCTL_SRV_COPYCHUNK");
+
+	smb2_util_close(tree, src_h);
+	smb2_util_close(tree, dest_h);
+
+	/* neither read nor execute permission on src */
+	ok = test_setup_copy_chunk(torture, tree, tmp_ctx, 1, /* 1 chunk */
+				   &src_h, 4096, /* fill 4096 byte src file */
+				   SEC_FILE_READ_ATTRIBUTE, &dest_h,
+				   0, /* 0 byte dest file */
+				   SEC_RIGHTS_FILE_ALL, &cc_copy, &ioctl);
 	if (!ok) {
 		torture_fail(torture, "setup copy chunk error");
 	}
@@ -1288,15 +1338,14 @@ static bool test_ioctl_copy_chunk_bad_access(struct torture_context *torture,
 	smb2_util_close(tree, dest_h);
 
 	/* no write permission on dest */
-	ok = test_setup_copy_chunk(torture, tree, tmp_ctx,
-				   1, /* 1 chunk */
-				   &src_h, 4096, /* fill 4096 byte src file */
-				   SEC_RIGHTS_FILE_ALL,
-				   &dest_h, 0,	/* 0 byte dest file */
-				   (SEC_RIGHTS_FILE_READ
-				    | SEC_RIGHTS_FILE_EXECUTE),
-				   &cc_copy,
-				   &ioctl);
+	ok = test_setup_copy_chunk(
+	    torture, tree, tmp_ctx, 1, /* 1 chunk */
+	    &src_h, 4096,	      /* fill 4096 byte src file */
+	    SEC_FILE_READ_DATA | SEC_FILE_READ_ATTRIBUTE, &dest_h,
+	    0, /* 0 byte dest file */
+	    (SEC_RIGHTS_FILE_ALL &
+	     ~(SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)),
+	    &cc_copy, &ioctl);
 	if (!ok) {
 		torture_fail(torture, "setup copy chunk error");
 	}
@@ -1320,15 +1369,12 @@ static bool test_ioctl_copy_chunk_bad_access(struct torture_context *torture,
 	smb2_util_close(tree, dest_h);
 
 	/* no read permission on dest */
-	ok = test_setup_copy_chunk(torture, tree, tmp_ctx,
-				   1, /* 1 chunk */
+	ok = test_setup_copy_chunk(torture, tree, tmp_ctx, 1, /* 1 chunk */
 				   &src_h, 4096, /* fill 4096 byte src file */
-				   SEC_RIGHTS_FILE_ALL,
-				   &dest_h, 0,	/* 0 byte dest file */
-				   (SEC_RIGHTS_FILE_WRITE
-				    | SEC_RIGHTS_FILE_EXECUTE),
-				   &cc_copy,
-				   &ioctl);
+				   SEC_FILE_READ_DATA | SEC_FILE_READ_ATTRIBUTE,
+				   &dest_h, 0, /* 0 byte dest file */
+				   (SEC_RIGHTS_FILE_ALL & ~SEC_FILE_READ_DATA),
+				   &cc_copy, &ioctl);
 	if (!ok) {
 		torture_fail(torture, "setup copy chunk error");
 	}