LCOV - code coverage report
Current view: top level - source4/torture/smb2 - delete-on-close.c (source / functions) Hit Total Coverage
Test: coverage report for master 6248eab5 Lines: 381 383 99.5 %
Date: 2021-08-25 13:27:56 Functions: 12 12 100.0 %

          Line data    Source code
       1             : /*
       2             :    Unix SMB/CIFS implementation.
       3             : 
       4             :    test delete-on-close in more detail
       5             : 
       6             :    Copyright (C) Richard Sharpe, 2013
       7             : 
       8             :    This program is free software; you can redistribute it and/or modify
       9             :    it under the terms of the GNU General Public License as published by
      10             :    the Free Software Foundation; either version 3 of the License, or
      11             :    (at your option) any later version.
      12             : 
      13             :    This program is distributed in the hope that it will be useful,
      14             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      15             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      16             :    GNU General Public License for more details.
      17             : 
      18             :    You should have received a copy of the GNU General Public License
      19             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      20             : */
      21             : 
      22             : #include "includes.h"
      23             : #include "libcli/smb2/smb2.h"
      24             : #include "libcli/smb2/smb2_calls.h"
      25             : #include "torture/torture.h"
      26             : #include "torture/util.h"
      27             : #include "torture/smb2/proto.h"
      28             : #include "libcli/security/security.h"
      29             : #include "librpc/gen_ndr/ndr_security.h"
      30             : 
      31             : #define DNAME "test_dir"
      32             : #define FNAME DNAME "\\test_create.dat"
      33             : 
      34             : #define CHECK_STATUS(status, correct) do { \
      35             :         if (!NT_STATUS_EQUAL(status, correct)) { \
      36             :                 torture_result(tctx, TORTURE_FAIL, \
      37             :                         "(%s) Incorrect status %s - should be %s\n", \
      38             :                          __location__, nt_errstr(status), nt_errstr(correct)); \
      39             :                 return false; \
      40             :         }} while (0)
      41             : 
      42          49 : static bool create_dir(struct torture_context *tctx, struct smb2_tree *tree)
      43             : {
      44             :         NTSTATUS status;
      45             :         struct smb2_create io;
      46             :         struct smb2_handle handle;
      47             :         union smb_fileinfo q;
      48             :         union smb_setfileinfo set;
      49             :         struct security_descriptor *sd, *sd_orig;
      50             :         const char *owner_sid;
      51          49 :         uint32_t perms = 0;
      52             : 
      53          49 :         torture_comment(tctx, "Creating Directory for testing: %s\n", DNAME);
      54             : 
      55          49 :         ZERO_STRUCT(io);
      56          49 :         io.level = RAW_OPEN_SMB2;
      57          49 :         io.in.create_flags = 0;
      58          49 :         io.in.desired_access =
      59             :                 SEC_STD_READ_CONTROL |
      60             :                 SEC_STD_WRITE_DAC |
      61             :                 SEC_STD_WRITE_OWNER;
      62          49 :         io.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
      63          49 :         io.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
      64          49 :         io.in.share_access =
      65             :                 NTCREATEX_SHARE_ACCESS_READ |
      66             :                 NTCREATEX_SHARE_ACCESS_WRITE;
      67          49 :         io.in.alloc_size = 0;
      68          49 :         io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
      69          49 :         io.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS;
      70          49 :         io.in.security_flags = 0;
      71          49 :         io.in.fname = DNAME;
      72          49 :         status = smb2_create(tree, tctx, &io);
      73          49 :         CHECK_STATUS(status, NT_STATUS_OK);
      74          49 :         handle = io.out.file.handle;
      75             : 
      76          49 :         torture_comment(tctx, "get the original sd\n");
      77          49 :         q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
      78          49 :         q.query_secdesc.in.file.handle = handle;
      79          49 :         q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
      80          49 :         status = smb2_getinfo_file(tree, tctx, &q);
      81          49 :         CHECK_STATUS(status, NT_STATUS_OK);
      82          49 :         sd_orig = q.query_secdesc.out.sd;
      83             : 
      84          49 :         owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
      85             : 
      86             :         /*
      87             :          * We create an SD that allows us to do most things but we do not
      88             :          * get DELETE and DELETE CHILD access!
      89             :          */
      90             : 
      91          49 :         perms = SEC_STD_SYNCHRONIZE | SEC_STD_WRITE_OWNER |
      92             :                 SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | 
      93             :                 SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE | 
      94             :                 SEC_DIR_TRAVERSE | SEC_DIR_WRITE_EA | 
      95             :                 SEC_FILE_READ_EA | SEC_FILE_APPEND_DATA |
      96             :                 SEC_FILE_WRITE_DATA | SEC_FILE_READ_DATA;
      97             : 
      98          49 :         torture_comment(tctx, "Setting permissions on dir to 0x1e01bf\n");
      99          49 :         sd = security_descriptor_dacl_create(tctx,
     100             :                                         0, owner_sid, NULL,
     101             :                                         owner_sid,
     102             :                                         SEC_ACE_TYPE_ACCESS_ALLOWED,
     103             :                                         perms,
     104             :                                         SEC_ACE_FLAG_OBJECT_INHERIT,
     105             :                                         NULL);
     106             : 
     107          49 :         set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
     108          49 :         set.set_secdesc.in.file.handle = handle;
     109          49 :         set.set_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
     110          49 :         set.set_secdesc.in.sd = sd;
     111             : 
     112          49 :         status = smb2_setinfo_file(tree, &set);
     113          49 :         CHECK_STATUS(status, NT_STATUS_OK);
     114             : 
     115          49 :         status = smb2_util_close(tree, handle);
     116             : 
     117          49 :         return true;
     118             : }
     119             : 
     120          49 : static bool set_dir_delete_perms(struct torture_context *tctx, struct smb2_tree *tree)
     121             : {
     122             :         NTSTATUS status;
     123             :         struct smb2_create io;
     124             :         struct smb2_handle handle;
     125             :         union smb_fileinfo q;
     126             :         union smb_setfileinfo set;
     127             :         struct security_descriptor *sd, *sd_orig;
     128             :         const char *owner_sid;
     129          49 :         uint32_t perms = 0;
     130             : 
     131          49 :         torture_comment(tctx, "Opening Directory for setting new SD: %s\n", DNAME);
     132             : 
     133          49 :         ZERO_STRUCT(io);
     134          49 :         io.level = RAW_OPEN_SMB2;
     135          49 :         io.in.create_flags = 0;
     136          49 :         io.in.desired_access =
     137             :                 SEC_STD_READ_CONTROL |
     138             :                 SEC_STD_WRITE_DAC |
     139             :                 SEC_STD_WRITE_OWNER;
     140          49 :         io.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
     141          49 :         io.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
     142          49 :         io.in.share_access =
     143             :                 NTCREATEX_SHARE_ACCESS_READ |
     144             :                 NTCREATEX_SHARE_ACCESS_WRITE;
     145          49 :         io.in.alloc_size = 0;
     146          49 :         io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
     147          49 :         io.in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS;
     148          49 :         io.in.security_flags = 0;
     149          49 :         io.in.fname = DNAME;
     150          49 :         status = smb2_create(tree, tctx, &io);
     151          49 :         CHECK_STATUS(status, NT_STATUS_OK);
     152          49 :         handle = io.out.file.handle;
     153             : 
     154          49 :         torture_comment(tctx, "get the original sd\n");
     155          49 :         q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
     156          49 :         q.query_secdesc.in.file.handle = handle;
     157          49 :         q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
     158          49 :         status = smb2_getinfo_file(tree, tctx, &q);
     159          49 :         CHECK_STATUS(status, NT_STATUS_OK);
     160          49 :         sd_orig = q.query_secdesc.out.sd;
     161             : 
     162          49 :         owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
     163             : 
     164             :         /*
     165             :          * We create an SD that allows us to do most things including
     166             :          * get DELETE and DELETE CHILD access!
     167             :          */
     168             : 
     169          49 :         perms = SEC_STD_SYNCHRONIZE | SEC_STD_WRITE_OWNER |
     170             :                 SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | 
     171             :                 SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE | 
     172             :                 SEC_DIR_TRAVERSE | SEC_DIR_WRITE_EA | 
     173             :                 SEC_FILE_READ_EA | SEC_FILE_APPEND_DATA |
     174             :                 SEC_DIR_DELETE_CHILD | SEC_STD_DELETE |
     175             :                 SEC_FILE_WRITE_DATA | SEC_FILE_READ_DATA;
     176             : 
     177          49 :         torture_comment(tctx, "Setting permissions on dir to 0x%0x\n", perms);
     178          49 :         sd = security_descriptor_dacl_create(tctx,
     179             :                                         0, owner_sid, NULL,
     180             :                                         owner_sid,
     181             :                                         SEC_ACE_TYPE_ACCESS_ALLOWED,
     182             :                                         perms,
     183             :                                         0,
     184             :                                         NULL);
     185             : 
     186          49 :         set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
     187          49 :         set.set_secdesc.in.file.handle = handle;
     188          49 :         set.set_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
     189          49 :         set.set_secdesc.in.sd = sd;
     190             : 
     191          49 :         status = smb2_setinfo_file(tree, &set);
     192          49 :         CHECK_STATUS(status, NT_STATUS_OK);
     193             : 
     194          49 :         status = smb2_util_close(tree, handle);
     195             : 
     196          49 :         return true;
     197             : }
     198             : 
     199           7 : static bool test_doc_overwrite_if(struct torture_context *tctx, struct smb2_tree *tree)
     200             : {
     201             :         struct smb2_create io;
     202             :         NTSTATUS status;
     203           7 :         uint32_t perms = 0;
     204             : 
     205             :         /* File should not exist for this first test, so make sure */
     206           7 :         set_dir_delete_perms(tctx, tree);
     207             : 
     208           7 :         smb2_deltree(tree, DNAME);
     209             : 
     210           7 :         create_dir(tctx, tree);
     211             : 
     212           7 :         torture_comment(tctx, "Create file with DeleteOnClose on non-existent file (OVERWRITE_IF)\n");
     213           7 :         torture_comment(tctx, "We expect NT_STATUS_OK\n");
     214             : 
     215           7 :         perms = SEC_STD_SYNCHRONIZE | SEC_STD_READ_CONTROL | SEC_STD_DELETE | 
     216             :                 SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE | 
     217             :                 SEC_DIR_WRITE_EA | SEC_FILE_APPEND_DATA |
     218             :                 SEC_FILE_WRITE_DATA;
     219             : 
     220           7 :         ZERO_STRUCT(io);
     221           7 :         io.in.desired_access     = perms;
     222           7 :         io.in.file_attributes    = 0;
     223           7 :         io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
     224           7 :         io.in.share_access       = NTCREATEX_SHARE_ACCESS_DELETE;
     225           7 :         io.in.create_options     = NTCREATEX_OPTIONS_DELETE_ON_CLOSE | 
     226             :                                    NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
     227           7 :         io.in.fname              = FNAME;
     228             : 
     229           7 :         status = smb2_create(tree, tctx, &io);
     230           7 :         CHECK_STATUS(status, NT_STATUS_OK);
     231             : 
     232           7 :         status = smb2_util_close(tree, io.out.file.handle);
     233             : 
     234             :         /* Check it was deleted */
     235           7 :         ZERO_STRUCT(io);
     236           7 :         io.in.desired_access     = perms;
     237           7 :         io.in.file_attributes    = 0;
     238           7 :         io.in.create_disposition = NTCREATEX_DISP_OPEN;
     239           7 :         io.in.share_access       = NTCREATEX_SHARE_ACCESS_DELETE;
     240           7 :         io.in.create_options     = 0;
     241           7 :         io.in.fname              = FNAME;
     242             : 
     243           7 :         torture_comment(tctx, "Testing if the file was deleted when closed\n");
     244           7 :         torture_comment(tctx, "We expect NT_STATUS_OBJECT_NAME_NOT_FOUND\n");
     245             : 
     246           7 :         status = smb2_create(tree, tctx, &io);
     247           7 :         CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
     248             : 
     249           7 :         return true;
     250             : }
     251             : 
     252           7 : static bool test_doc_overwrite_if_exist(struct torture_context *tctx, struct smb2_tree *tree)
     253             : {
     254             :         struct smb2_create io;
     255             :         NTSTATUS status;
     256           7 :         uint32_t perms = 0;
     257             : 
     258             :         /* File should not exist for this first test, so make sure */
     259             :         /* And set the SEC Descriptor appropriately */
     260           7 :         set_dir_delete_perms(tctx, tree);
     261             : 
     262           7 :         smb2_deltree(tree, DNAME);
     263             : 
     264           7 :         create_dir(tctx, tree);
     265             : 
     266           7 :         torture_comment(tctx, "Create file with DeleteOnClose on existing file (OVERWRITE_IF)\n");
     267           7 :         torture_comment(tctx, "We expect NT_STATUS_ACCESS_DENIED\n");
     268             : 
     269           7 :         perms = SEC_STD_SYNCHRONIZE | SEC_STD_READ_CONTROL | SEC_STD_DELETE | 
     270             :                 SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE | 
     271             :                 SEC_DIR_WRITE_EA | SEC_FILE_APPEND_DATA |
     272             :                 SEC_FILE_WRITE_DATA;
     273             : 
     274             :         /* First, create this file ... */
     275           7 :         ZERO_STRUCT(io);
     276           7 :         io.in.desired_access     = perms;
     277           7 :         io.in.file_attributes    = 0;
     278           7 :         io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
     279           7 :         io.in.share_access       = NTCREATEX_SHARE_ACCESS_DELETE;
     280           7 :         io.in.create_options     = 0x0;
     281           7 :         io.in.fname              = FNAME;
     282             : 
     283           7 :         status = smb2_create(tree, tctx, &io);
     284           7 :         CHECK_STATUS(status, NT_STATUS_OK);
     285             : 
     286           7 :         status = smb2_util_close(tree, io.out.file.handle);
     287             : 
     288             :         /* Next, try to open it for Delete On Close */
     289           7 :         ZERO_STRUCT(io);
     290           7 :         io.in.desired_access     = perms;
     291           7 :         io.in.file_attributes    = 0;
     292           7 :         io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
     293           7 :         io.in.share_access       = NTCREATEX_SHARE_ACCESS_DELETE;
     294           7 :         io.in.create_options     = NTCREATEX_OPTIONS_DELETE_ON_CLOSE | 
     295             :                                    NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
     296           7 :         io.in.fname              = FNAME;
     297             : 
     298           7 :         status = smb2_create(tree, tctx, &io);
     299           7 :         CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
     300             : 
     301           7 :         status = smb2_util_close(tree, io.out.file.handle);
     302             : 
     303           7 :         return true;
     304             : }
     305             : 
     306           7 : static bool test_doc_create(struct torture_context *tctx, struct smb2_tree *tree)
     307             : {
     308             :         struct smb2_create io;
     309             :         NTSTATUS status;
     310           7 :         uint32_t perms = 0;
     311             : 
     312             :         /* File should not exist for this first test, so make sure */
     313           7 :         set_dir_delete_perms(tctx, tree);
     314             : 
     315           7 :         smb2_deltree(tree, DNAME);
     316             : 
     317           7 :         create_dir(tctx, tree);
     318             : 
     319           7 :         torture_comment(tctx, "Create file with DeleteOnClose on non-existent file (CREATE) \n");
     320           7 :         torture_comment(tctx, "We expect NT_STATUS_OK\n");
     321             : 
     322           7 :         perms = SEC_STD_SYNCHRONIZE | SEC_STD_READ_CONTROL | SEC_STD_DELETE | 
     323             :                 SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE | 
     324             :                 SEC_DIR_WRITE_EA | SEC_FILE_APPEND_DATA |
     325             :                 SEC_FILE_WRITE_DATA;
     326             : 
     327           7 :         ZERO_STRUCT(io);
     328           7 :         io.in.desired_access     = perms;
     329           7 :         io.in.file_attributes    = 0;
     330           7 :         io.in.create_disposition = NTCREATEX_DISP_CREATE;
     331           7 :         io.in.share_access       = NTCREATEX_SHARE_ACCESS_DELETE;
     332           7 :         io.in.create_options     = NTCREATEX_OPTIONS_DELETE_ON_CLOSE | 
     333             :                                    NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
     334           7 :         io.in.fname              = FNAME;
     335             : 
     336           7 :         status = smb2_create(tree, tctx, &io);
     337           7 :         CHECK_STATUS(status, NT_STATUS_OK);
     338             : 
     339           7 :         status = smb2_util_close(tree, io.out.file.handle);
     340             : 
     341             :         /* Check it was deleted */
     342           7 :         ZERO_STRUCT(io);
     343           7 :         io.in.desired_access     = perms;
     344           7 :         io.in.file_attributes    = 0;
     345           7 :         io.in.create_disposition = NTCREATEX_DISP_OPEN;
     346           7 :         io.in.share_access       = NTCREATEX_SHARE_ACCESS_DELETE;
     347           7 :         io.in.create_options     = 0;
     348           7 :         io.in.fname              = FNAME;
     349             : 
     350           7 :         torture_comment(tctx, "Testing if the file was deleted when closed\n");
     351           7 :         torture_comment(tctx, "We expect NT_STATUS_OBJECT_NAME_NOT_FOUND\n");
     352             : 
     353           7 :         status = smb2_create(tree, tctx, &io);
     354           7 :         CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
     355             : 
     356           7 :         return true;
     357             : }
     358             : 
     359           7 : static bool test_doc_create_exist(struct torture_context *tctx, struct smb2_tree *tree)
     360             : {
     361             :         struct smb2_create io;
     362             :         NTSTATUS status;
     363           7 :         uint32_t perms = 0;
     364             : 
     365             :         /* File should not exist for this first test, so make sure */
     366           7 :         set_dir_delete_perms(tctx, tree);
     367             : 
     368           7 :         smb2_deltree(tree, DNAME);
     369             : 
     370           7 :         create_dir(tctx, tree);
     371             : 
     372           7 :         torture_comment(tctx, "Create file with DeleteOnClose on non-existent file (CREATE) \n");
     373           7 :         torture_comment(tctx, "We expect NT_STATUS_OBJECT_NAME_COLLISION\n");
     374             : 
     375           7 :         perms = SEC_STD_SYNCHRONIZE | SEC_STD_READ_CONTROL | SEC_STD_DELETE | 
     376             :                 SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE | 
     377             :                 SEC_DIR_WRITE_EA | SEC_FILE_APPEND_DATA |
     378             :                 SEC_FILE_WRITE_DATA;
     379             : 
     380             :         /* First, create the file */
     381           7 :         ZERO_STRUCT(io);
     382           7 :         io.in.desired_access     = perms;
     383           7 :         io.in.file_attributes    = 0;
     384           7 :         io.in.create_disposition = NTCREATEX_DISP_CREATE;
     385           7 :         io.in.share_access       = NTCREATEX_SHARE_ACCESS_DELETE;
     386           7 :         io.in.create_options     = 0x0;
     387           7 :         io.in.fname              = FNAME;
     388             : 
     389           7 :         status = smb2_create(tree, tctx, &io);
     390           7 :         CHECK_STATUS(status, NT_STATUS_OK);
     391             : 
     392           7 :         status = smb2_util_close(tree, io.out.file.handle);
     393             : 
     394             :         /* Next, try to open it for Delete on Close */
     395           7 :         status = smb2_util_close(tree, io.out.file.handle);
     396           7 :         ZERO_STRUCT(io);
     397           7 :         io.in.desired_access     = perms;
     398           7 :         io.in.file_attributes    = 0;
     399           7 :         io.in.create_disposition = NTCREATEX_DISP_CREATE;
     400           7 :         io.in.share_access       = NTCREATEX_SHARE_ACCESS_DELETE;
     401           7 :         io.in.create_options     = NTCREATEX_OPTIONS_DELETE_ON_CLOSE | 
     402             :                                    NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
     403           7 :         io.in.fname              = FNAME;
     404             : 
     405           7 :         status = smb2_create(tree, tctx, &io);
     406           7 :         CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_COLLISION);
     407             : 
     408           7 :         status = smb2_util_close(tree, io.out.file.handle);
     409             : 
     410           7 :         return true;
     411             : }
     412             : 
     413           7 : static bool test_doc_create_if(struct torture_context *tctx, struct smb2_tree *tree)
     414             : {
     415             :         struct smb2_create io;
     416             :         NTSTATUS status;
     417           7 :         uint32_t perms = 0;
     418             : 
     419             :         /* File should not exist for this first test, so make sure */
     420           7 :         set_dir_delete_perms(tctx, tree);
     421             : 
     422           7 :         smb2_deltree(tree, DNAME);
     423             : 
     424           7 :         create_dir(tctx, tree);
     425             : 
     426           7 :         torture_comment(tctx, "Create file with DeleteOnClose on non-existent file (OPEN_IF)\n");
     427           7 :         torture_comment(tctx, "We expect NT_STATUS_OK\n");
     428             : 
     429           7 :         perms = SEC_STD_SYNCHRONIZE | SEC_STD_READ_CONTROL | SEC_STD_DELETE | 
     430             :                 SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE | 
     431             :                 SEC_DIR_WRITE_EA | SEC_FILE_APPEND_DATA |
     432             :                 SEC_FILE_WRITE_DATA;
     433             : 
     434           7 :         ZERO_STRUCT(io);
     435           7 :         io.in.desired_access     = perms;
     436           7 :         io.in.file_attributes    = 0;
     437           7 :         io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
     438           7 :         io.in.share_access       = NTCREATEX_SHARE_ACCESS_DELETE;
     439           7 :         io.in.create_options     = NTCREATEX_OPTIONS_DELETE_ON_CLOSE | 
     440             :                                    NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
     441           7 :         io.in.fname              = FNAME;
     442             : 
     443           7 :         status = smb2_create(tree, tctx, &io);
     444           7 :         CHECK_STATUS(status, NT_STATUS_OK);
     445             : 
     446           7 :         status = smb2_util_close(tree, io.out.file.handle);
     447             : 
     448             :         /* Check it was deleted */
     449           7 :         ZERO_STRUCT(io);
     450           7 :         io.in.desired_access     = perms;
     451           7 :         io.in.file_attributes    = 0;
     452           7 :         io.in.create_disposition = NTCREATEX_DISP_OPEN;
     453           7 :         io.in.share_access       = NTCREATEX_SHARE_ACCESS_DELETE;
     454           7 :         io.in.create_options     = 0;
     455           7 :         io.in.fname              = FNAME;
     456             : 
     457           7 :         torture_comment(tctx, "Testing if the file was deleted when closed\n");
     458           7 :         torture_comment(tctx, "We expect NT_STATUS_OBJECT_NAME_NOT_FOUND\n");
     459             : 
     460           7 :         status = smb2_create(tree, tctx, &io);
     461           7 :         CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
     462             : 
     463           7 :         return true;
     464             : }
     465             : 
     466           7 : static bool test_doc_create_if_exist(struct torture_context *tctx, struct smb2_tree *tree)
     467             : {
     468             :         struct smb2_create io;
     469             :         NTSTATUS status;
     470           7 :         uint32_t perms = 0;
     471             : 
     472             :         /* File should not exist for this first test, so make sure */
     473           7 :         set_dir_delete_perms(tctx, tree);
     474             : 
     475           7 :         smb2_deltree(tree, DNAME);
     476             : 
     477           7 :         create_dir(tctx, tree);
     478             : 
     479           7 :         torture_comment(tctx, "Create file with DeleteOnClose on existing file (OPEN_IF)\n");
     480           7 :         torture_comment(tctx, "We expect NT_STATUS_ACCESS_DENIED\n");
     481             : 
     482           7 :         perms = SEC_STD_SYNCHRONIZE | SEC_STD_READ_CONTROL | SEC_STD_DELETE | 
     483             :                 SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE | 
     484             :                 SEC_DIR_WRITE_EA | SEC_FILE_APPEND_DATA |
     485             :                 SEC_FILE_WRITE_DATA;
     486             : 
     487             :         /* Create the file first */
     488           7 :         ZERO_STRUCT(io);
     489           7 :         io.in.desired_access     = perms;
     490           7 :         io.in.file_attributes    = 0;
     491           7 :         io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
     492           7 :         io.in.share_access       = NTCREATEX_SHARE_ACCESS_DELETE;
     493           7 :         io.in.create_options     = 0x0;
     494           7 :         io.in.fname              = FNAME;
     495             : 
     496           7 :         status = smb2_create(tree, tctx, &io);
     497           7 :         CHECK_STATUS(status, NT_STATUS_OK);
     498             : 
     499           7 :         status = smb2_util_close(tree, io.out.file.handle);
     500             : 
     501             :         /* Now try to create it for delete on close */
     502           7 :         ZERO_STRUCT(io);
     503           7 :         io.in.desired_access     = 0x130196;
     504           7 :         io.in.file_attributes    = 0;
     505           7 :         io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
     506           7 :         io.in.share_access       = NTCREATEX_SHARE_ACCESS_DELETE;
     507           7 :         io.in.create_options     = NTCREATEX_OPTIONS_DELETE_ON_CLOSE | 
     508             :                                    NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
     509           7 :         io.in.fname              = FNAME;
     510             : 
     511           7 :         status = smb2_create(tree, tctx, &io);
     512           7 :         CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
     513             : 
     514           7 :         status = smb2_util_close(tree, io.out.file.handle);
     515             : 
     516           7 :         return true;
     517             : }
     518             : 
     519           7 : static bool test_doc_find_and_set_doc(struct torture_context *tctx, struct smb2_tree *tree)
     520             : {
     521             :         struct smb2_create io;
     522             :         struct smb2_find find;
     523             :         NTSTATUS status;
     524             :         union smb_search_data *d;
     525             :         union smb_setfileinfo sfinfo;
     526             :         unsigned int count;
     527           7 :         uint32_t perms = 0;
     528             : 
     529           7 :         perms = SEC_STD_SYNCHRONIZE | SEC_STD_READ_CONTROL | SEC_STD_DELETE |
     530             :                 SEC_DIR_WRITE_ATTRIBUTE | SEC_DIR_READ_ATTRIBUTE |
     531             :                 SEC_DIR_WRITE_EA | SEC_FILE_APPEND_DATA |
     532             :                 SEC_FILE_WRITE_DATA | SEC_DIR_LIST;
     533             : 
     534             :         /* File should not exist for this first test, so make sure */
     535           7 :         set_dir_delete_perms(tctx, tree);
     536             : 
     537           7 :         smb2_deltree(tree, DNAME);
     538             : 
     539           7 :         create_dir(tctx, tree);
     540             : 
     541           7 :         torture_comment(tctx, "FIND and delete directory\n");
     542           7 :         torture_comment(tctx, "We expect NT_STATUS_OK\n");
     543             : 
     544             :         /* open the directory first */
     545           7 :         ZERO_STRUCT(io);
     546           7 :         io.in.desired_access     = perms;
     547           7 :         io.in.file_attributes    = FILE_ATTRIBUTE_DIRECTORY;
     548           7 :         io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
     549           7 :         io.in.share_access       = NTCREATEX_SHARE_ACCESS_READ |
     550             :                                    NTCREATEX_SHARE_ACCESS_DELETE;
     551           7 :         io.in.create_options     = NTCREATEX_OPTIONS_DIRECTORY;
     552           7 :         io.in.fname              = DNAME;
     553             : 
     554           7 :         status = smb2_create(tree, tctx, &io);
     555           7 :         CHECK_STATUS(status, NT_STATUS_OK);
     556             : 
     557             :         /* list directory */
     558           7 :         ZERO_STRUCT(find);
     559           7 :         find.in.file.handle        = io.out.file.handle;
     560           7 :         find.in.pattern            = "*";
     561           7 :         find.in.continue_flags     = SMB2_CONTINUE_FLAG_SINGLE;
     562           7 :         find.in.max_response_size  = 0x100;
     563           7 :         find.in.level              = SMB2_FIND_BOTH_DIRECTORY_INFO;
     564             : 
     565             :         /* start enumeration on directory */
     566           7 :         status = smb2_find_level(tree, tree, &find, &count, &d);
     567           7 :         CHECK_STATUS(status, NT_STATUS_OK);
     568             : 
     569             :         /* set delete-on-close */
     570           7 :         ZERO_STRUCT(sfinfo);
     571           7 :         sfinfo.generic.level = RAW_SFILEINFO_DISPOSITION_INFORMATION;
     572           7 :         sfinfo.disposition_info.in.delete_on_close = 1;
     573           7 :         sfinfo.generic.in.file.handle = io.out.file.handle;
     574           7 :         status = smb2_setinfo_file(tree, &sfinfo);
     575           7 :         CHECK_STATUS(status, NT_STATUS_OK);
     576             : 
     577             :         /* close directory */
     578           7 :         status = smb2_util_close(tree, io.out.file.handle);
     579           7 :         CHECK_STATUS(status, NT_STATUS_OK);
     580           7 :         return true;
     581             : }
     582             : 
     583           7 : static bool test_doc_read_only(struct torture_context *tctx,
     584             :                                struct smb2_tree *tree)
     585             : {
     586             :         struct smb2_handle dir_handle;
     587           7 :         union smb_setfileinfo sfinfo = {{0}};
     588           7 :         struct smb2_create create = {0};
     589           7 :         struct smb2_close close = {0};
     590             :         NTSTATUS status, expected_status;
     591           7 :         bool ret = true, delete_readonly;
     592             : 
     593             :         /*
     594             :          * Allow testing of the Samba 'delete readonly' option.
     595             :          */
     596           7 :         delete_readonly = torture_setting_bool(tctx, "delete_readonly", false);
     597           7 :         expected_status = delete_readonly ?
     598             :                 NT_STATUS_OK : NT_STATUS_CANNOT_DELETE;
     599             : 
     600           7 :         smb2_deltree(tree, DNAME);
     601             : 
     602           7 :         status = torture_smb2_testdir(tree, DNAME, &dir_handle);
     603           7 :         torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
     604             :                                         "CREATE directory failed\n");
     605             : 
     606           7 :         create = (struct smb2_create) {0};
     607           7 :         create.in.desired_access = SEC_RIGHTS_DIR_ALL;
     608           7 :         create.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE |
     609             :                 NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
     610           7 :         create.in.file_attributes = FILE_ATTRIBUTE_READONLY;
     611           7 :         create.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
     612             :                 NTCREATEX_SHARE_ACCESS_WRITE |
     613             :                 NTCREATEX_SHARE_ACCESS_DELETE;
     614           7 :         create.in.create_disposition = NTCREATEX_DISP_CREATE;
     615           7 :         create.in.fname = FNAME;
     616           7 :         status = smb2_create(tree, tctx, &create);
     617           7 :         torture_assert_ntstatus_equal_goto(tctx, status, expected_status, ret,
     618             :                                            done, "Unexpected status for CREATE "
     619             :                                            "of new file.\n");
     620             : 
     621           7 :         if (delete_readonly) {
     622           2 :                 close.in.file.handle = create.out.file.handle;
     623           2 :                 status = smb2_close(tree, &close);
     624           2 :                 torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
     625             :                                                 "CLOSE of READONLY file "
     626             :                                                 "failed.\n");
     627             :         }
     628             : 
     629           7 :         torture_comment(tctx, "Creating file with READ_ONLY attribute.\n");
     630             : 
     631           7 :         create = (struct smb2_create) {0};
     632           7 :         create.in.desired_access = SEC_RIGHTS_DIR_ALL;
     633           7 :         create.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
     634           7 :         create.in.file_attributes = FILE_ATTRIBUTE_READONLY;
     635           7 :         create.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
     636             :                 NTCREATEX_SHARE_ACCESS_WRITE |
     637             :                 NTCREATEX_SHARE_ACCESS_DELETE;
     638           7 :         create.in.create_disposition = NTCREATEX_DISP_CREATE;
     639           7 :         create.in.fname = FNAME;
     640           7 :         status = smb2_create(tree, tctx, &create);
     641           7 :         torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
     642             :                                         "CREATE of READONLY file failed.\n");
     643             : 
     644           7 :         close.in.file.handle = create.out.file.handle;
     645           7 :         status = smb2_close(tree, &close);
     646           7 :         torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
     647             :                                         "CLOSE of READONLY file failed.\n");
     648             : 
     649           7 :         torture_comment(tctx, "Testing CREATE with DELETE_ON_CLOSE on "
     650             :                         "READ_ONLY attribute file.\n");
     651             : 
     652           7 :         create = (struct smb2_create) {0};
     653           7 :         create.in.desired_access = SEC_RIGHTS_FILE_READ | SEC_STD_DELETE;
     654           7 :         create.in.create_options = NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
     655           7 :         create.in.file_attributes = 0;
     656           7 :         create.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
     657             :                 NTCREATEX_SHARE_ACCESS_WRITE |
     658             :                 NTCREATEX_SHARE_ACCESS_DELETE;
     659           7 :         create.in.create_disposition = NTCREATEX_DISP_OPEN;
     660           7 :         create.in.fname = FNAME;
     661           7 :         status = smb2_create(tree, tctx, &create);
     662           7 :         torture_assert_ntstatus_equal_goto(tctx, status,
     663             :                                            expected_status, ret, done,
     664             :                                            "CREATE returned unexpected "
     665             :                                            "status.\n");
     666             : 
     667           7 :         torture_comment(tctx, "Testing setting DELETE_ON_CLOSE disposition on "
     668             :                         " file with READONLY attribute.\n");
     669             : 
     670           7 :         create = (struct smb2_create) {0};
     671           7 :         create.in.desired_access = SEC_RIGHTS_FILE_READ | SEC_STD_DELETE;;
     672           7 :         create.in.create_options = 0;
     673           7 :         create.in.file_attributes = 0;
     674           7 :         create.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
     675             :                 NTCREATEX_SHARE_ACCESS_WRITE |
     676             :                 NTCREATEX_SHARE_ACCESS_DELETE;
     677           7 :         create.in.create_disposition = NTCREATEX_DISP_OPEN;
     678           7 :         create.in.fname = FNAME;
     679           7 :         status = smb2_create(tree, tctx, &create);
     680           7 :         torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
     681             :                                         "Opening file failed.\n");
     682             : 
     683           7 :         sfinfo.disposition_info.in.delete_on_close = 1;
     684           7 :         sfinfo.generic.level = RAW_SFILEINFO_DISPOSITION_INFORMATION;
     685           7 :         sfinfo.generic.in.file.handle = create.out.file.handle;
     686             : 
     687           7 :         status = smb2_setinfo_file(tree, &sfinfo);
     688           7 :         torture_assert_ntstatus_equal(tctx, status, expected_status,
     689             :                                       "Set DELETE_ON_CLOSE disposition "
     690             :                                       "returned un expected status.\n");
     691             : 
     692           7 :         status = smb2_util_close(tree, create.out.file.handle);
     693           7 :         torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
     694             :                                         "CLOSE failed\n");
     695             : 
     696           7 : done:
     697           7 :         smb2_deltree(tree, DNAME);
     698           7 :         return ret;
     699             : }
     700             : 
     701             : /*
     702             :  * This is a regression test for
     703             :  * https://bugzilla.samba.org/show_bug.cgi?id=14427
     704             :  *
     705             :  * It's not really a delete-on-close specific test.
     706             :  */
     707           7 : static bool test_doc_bug14427(struct torture_context *tctx, struct smb2_tree *tree1)
     708             : {
     709           7 :         struct smb2_tree *tree2 = NULL;
     710             :         NTSTATUS status;
     711             :         char fname[256];
     712           7 :         bool ret = false;
     713             :         bool ok;
     714             : 
     715             :         /* Add some random component to the file name. */
     716           7 :         snprintf(fname, sizeof(fname), "doc_bug14427_%s.dat",
     717             :                  generate_random_str(tctx, 8));
     718             : 
     719           7 :         ok = torture_smb2_tree_connect(tctx, tree1->session, tctx, &tree2);
     720           7 :         torture_assert_goto(tctx, ok, ret, done,
     721             :                 "torture_smb2_tree_connect() failed.\n");
     722             : 
     723           7 :         status = torture_setup_simple_file(tctx, tree1, fname);
     724           7 :         torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
     725             :                 "torture_setup_simple_file() failed on tree1.\n");
     726             : 
     727           7 :         status = smb2_util_unlink(tree2, fname);
     728           7 :         torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
     729             :                 "smb2_util_unlink() failed on tree2.\n");
     730           7 :         TALLOC_FREE(tree2);
     731           7 :         ret = true;
     732           7 : done:
     733           7 :         if (tree2 != NULL) {
     734           0 :                 TALLOC_FREE(tree2);
     735           0 :                 smb2_util_unlink(tree1, fname);
     736             :         }
     737             : 
     738           7 :         TALLOC_FREE(tree1);
     739           7 :         return ret;
     740             : }
     741             : 
     742             : /*
     743             :  *  Extreme testing of Delete On Close and permissions
     744             :  */
     745        2353 : struct torture_suite *torture_smb2_doc_init(TALLOC_CTX *ctx)
     746             : {
     747        2353 :         struct torture_suite *suite = torture_suite_create(ctx, "delete-on-close-perms");
     748             : 
     749        2353 :         torture_suite_add_1smb2_test(suite, "OVERWRITE_IF", test_doc_overwrite_if);
     750        2353 :         torture_suite_add_1smb2_test(suite, "OVERWRITE_IF Existing", test_doc_overwrite_if_exist);
     751        2353 :         torture_suite_add_1smb2_test(suite, "CREATE", test_doc_create);
     752        2353 :         torture_suite_add_1smb2_test(suite, "CREATE Existing", test_doc_create_exist);
     753        2353 :         torture_suite_add_1smb2_test(suite, "CREATE_IF", test_doc_create_if);
     754        2353 :         torture_suite_add_1smb2_test(suite, "CREATE_IF Existing", test_doc_create_if_exist);
     755        2353 :         torture_suite_add_1smb2_test(suite, "FIND_and_set_DOC", test_doc_find_and_set_doc);
     756        2353 :         torture_suite_add_1smb2_test(suite, "READONLY", test_doc_read_only);
     757        2353 :         torture_suite_add_1smb2_test(suite, "BUG14427", test_doc_bug14427);
     758             : 
     759        2353 :         suite->description = talloc_strdup(suite, "SMB2-Delete-on-Close-Perms tests");
     760             : 
     761        2353 :         return suite;
     762             : }

Generated by: LCOV version 1.13