diff options
author | Jeremy Allison <jra@samba.org> | 2020-04-15 12:07:57 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2020-04-16 20:42:58 +0000 |
commit | 72a57d377e451599fb19d51e08feb0facbf77409 (patch) | |
tree | fbdbb901c4c2c84b494bbf5d34b9dec2f4c3c4d3 /source4 | |
parent | 3dd78d2d407d88b797f8fdb0a9bfedfa830df206 (diff) | |
download | samba-72a57d377e451599fb19d51e08feb0facbf77409.tar.gz |
s4: torture: SMB2. Fix smb2.winattr to actually read the SD from the server and check it.
We need READ_CONTROL, and actually have to ask for
the OWNER|GROUP|DACL bits if we're going to properly
check the SD.
Tested against Windows 10.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 16 20:42:58 UTC 2020 on sn-devel-184
Diffstat (limited to 'source4')
-rw-r--r-- | source4/torture/smb2/attr.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/source4/torture/smb2/attr.c b/source4/torture/smb2/attr.c index 58d77f1cb6d..60068971d4b 100644 --- a/source4/torture/smb2/attr.c +++ b/source4/torture/smb2/attr.c @@ -255,7 +255,8 @@ bool torture_smb2_winattrtest(struct torture_context *tctx, /* Open a file*/ create_io.in.create_flags = 0; - create_io.in.desired_access = SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA; + create_io.in.desired_access = SEC_FILE_READ_DATA | SEC_FILE_WRITE_DATA | + SEC_STD_READ_CONTROL; create_io.in.file_attributes = 0; create_io.in.share_access = NTCREATEX_SHARE_ACCESS_NONE; create_io.in.create_disposition = FILE_SUPERSEDE; @@ -270,7 +271,10 @@ bool torture_smb2_winattrtest(struct torture_context *tctx, /* Get security descriptor and store it*/ query_org.generic.level = RAW_FILEINFO_SEC_DESC; query_org.generic.in.file.handle = create_io.out.file.handle; - status = smb2_getinfo_file(tree, NULL, &query_org); + query_org.query_secdesc.in.secinfo_flags = SECINFO_OWNER| + SECINFO_GROUP| + SECINFO_DACL; + status = smb2_getinfo_file(tree, tctx, &query_org); if(!NT_STATUS_IS_OK(status)){ NTSTATUS s = smb2_util_close(tree, create_io.out.file.handle); torture_assert_ntstatus_ok_goto(tctx, s, ret, error_exit, @@ -313,7 +317,8 @@ bool torture_smb2_winattrtest(struct torture_context *tctx, create_io = (struct smb2_create){0}; create_io.in.create_flags = 0; - create_io.in.desired_access = SEC_FILE_READ_ATTRIBUTE; + create_io.in.desired_access = SEC_FILE_READ_ATTRIBUTE| + SEC_STD_READ_CONTROL; create_io.in.file_attributes = 0; create_io.in.share_access = NTCREATEX_SHARE_ACCESS_NONE; create_io.in.create_disposition = FILE_OPEN_IF; @@ -328,6 +333,9 @@ bool torture_smb2_winattrtest(struct torture_context *tctx, /*Get security descriptor */ query.query_secdesc.level = RAW_FILEINFO_SEC_DESC; query.query_secdesc.in.file.handle = create_io.out.file.handle; + query.query_secdesc.in.secinfo_flags = SECINFO_OWNER| + SECINFO_GROUP| + SECINFO_DACL; status = smb2_getinfo_file(tree, tctx, &query); if(!NT_STATUS_IS_OK(status)){ NTSTATUS s = smb2_util_close(tree, create_io.out.file.handle); |