s3: smbd: Ensure open for security descriptor access actually opens an fd.

Change test to check two things:
1) Open a symlink for SD read or write access should fail.
2) Request attribute open. Getsd/Setsd on this handle should
fail.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

1 files changed, 21 insertions, 1 deletions

diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 9a3e10fb32d..dbdc703d2cd 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -7527,7 +7527,7 @@ static bool run_acl_symlink_test(int dummy)
 		goto out;
 	}
 
-	/* Open a handle on the symlink. */
+	/* Open a handle on the symlink for SD set/get should fail. */
 	status = cli_ntcreate(cli,
 			sname,
 			0,
@@ -7540,6 +7540,26 @@ static bool run_acl_symlink_test(int dummy)
 			&fnum,
 			NULL);
 
+	if (NT_STATUS_IS_OK(status)) {
+		printf("Symlink open for getsd/setsd of %s "
+			"succeeded (should fail)\n",
+			sname);
+		goto out;
+	}
+
+	/* Open a handle on the symlink. */
+	status = cli_ntcreate(cli,
+			sname,
+			0,
+			FILE_READ_ATTRIBUTES|FILE_WRITE_ATTRIBUTES,
+			0,
+			FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
+			FILE_OPEN,
+			0x0,
+			0x0,
+			&fnum,
+			NULL);
+
 	if (!NT_STATUS_IS_OK(status)) {
 		printf("cli_posix_open of %s failed (%s)\n",
 			sname,