The Samba-Bugzilla – Attachment 14605 Details for
Bug 13673
File with READ_ONLY attribute can be incorrectly opened with DELETE_ON_CLOSE
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches for 4.8
patches-for-4.8 (text/plain), 11.78 KB, created by
Christof Schmitt
on 2018-11-06 18:55:21 UTC
(
hide
)
Description:
Patches for 4.8
Filename:
MIME Type:
Creator:
Christof Schmitt
Created:
2018-11-06 18:55:21 UTC
Size:
11.78 KB
patch
obsolete
>From b867343b0c889a1f2eda1858fcb27e828f43ede2 Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Fri, 2 Nov 2018 10:49:53 -0700 >Subject: [PATCH 1/4] smbtorture: Add test for DELETE_ON_CLOSE on files with > READ_ONLY attribute > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13673 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit dc9bbbe4141d8425e66fe9290ff611845f4bd1ce) >--- > selftest/knownfail | 2 + > source4/torture/smb2/delete-on-close.c | 119 +++++++++++++++++++++++++ > 2 files changed, 121 insertions(+) > >diff --git a/selftest/knownfail b/selftest/knownfail >index 84776d4f35d..781c14551fe 100644 >--- a/selftest/knownfail >+++ b/selftest/knownfail >@@ -348,3 +348,5 @@ > # Disabling NTLM means you can't use samr to change the password > ^samba.tests.ntlmdisabled.python\(ktest\).ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ktest\) > ^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\) >+^samba3.smb2.delete-on-close-perms.READONLY\(nt4_dc\) >+^samba3.smb2.delete-on-close-perms.READONLY\(ad_dc\) >diff --git a/source4/torture/smb2/delete-on-close.c b/source4/torture/smb2/delete-on-close.c >index 2312df285a3..12cdb8540b8 100644 >--- a/source4/torture/smb2/delete-on-close.c >+++ b/source4/torture/smb2/delete-on-close.c >@@ -580,6 +580,124 @@ static bool test_doc_find_and_set_doc(struct torture_context *tctx, struct smb2_ > return true; > } > >+static bool test_doc_read_only(struct torture_context *tctx, >+ struct smb2_tree *tree) >+{ >+ struct smb2_handle dir_handle; >+ union smb_setfileinfo sfinfo = { }; >+ struct smb2_create create = { }; >+ struct smb2_close close = { }; >+ NTSTATUS status, expected_status; >+ bool ret = true, delete_readonly; >+ >+ /* >+ * Allow testing of the Samba 'delete readonly' option. >+ */ >+ delete_readonly = torture_setting_bool(tctx, "delete_readonly", false); >+ expected_status = delete_readonly ? >+ NT_STATUS_OK : NT_STATUS_CANNOT_DELETE; >+ >+ smb2_deltree(tree, DNAME); >+ >+ status = torture_smb2_testdir(tree, DNAME, &dir_handle); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "CREATE directory failed\n"); >+ >+ create = (struct smb2_create) { }; >+ create.in.desired_access = SEC_RIGHTS_DIR_ALL; >+ create.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE | >+ NTCREATEX_OPTIONS_DELETE_ON_CLOSE; >+ create.in.file_attributes = FILE_ATTRIBUTE_READONLY; >+ create.in.share_access = NTCREATEX_SHARE_ACCESS_READ | >+ NTCREATEX_SHARE_ACCESS_WRITE | >+ NTCREATEX_SHARE_ACCESS_DELETE; >+ create.in.create_disposition = NTCREATEX_DISP_CREATE; >+ create.in.fname = FNAME; >+ status = smb2_create(tree, tctx, &create); >+ torture_assert_ntstatus_equal_goto(tctx, status, expected_status, ret, >+ done, "Unexpected status for CREATE " >+ "of new file.\n"); >+ >+ if (delete_readonly) { >+ close.in.file.handle = create.out.file.handle; >+ status = smb2_close(tree, &close); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "CLOSE of READONLY file " >+ "failed.\n"); >+ } >+ >+ torture_comment(tctx, "Creating file with READ_ONLY attribute.\n"); >+ >+ create = (struct smb2_create) { }; >+ create.in.desired_access = SEC_RIGHTS_DIR_ALL; >+ create.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE; >+ create.in.file_attributes = FILE_ATTRIBUTE_READONLY; >+ create.in.share_access = NTCREATEX_SHARE_ACCESS_READ | >+ NTCREATEX_SHARE_ACCESS_WRITE | >+ NTCREATEX_SHARE_ACCESS_DELETE; >+ create.in.create_disposition = NTCREATEX_DISP_CREATE; >+ create.in.fname = FNAME; >+ status = smb2_create(tree, tctx, &create); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "CREATE of READONLY file failed.\n"); >+ >+ close.in.file.handle = create.out.file.handle; >+ status = smb2_close(tree, &close); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "CLOSE of READONLY file failed.\n"); >+ >+ torture_comment(tctx, "Testing CREATE with DELETE_ON_CLOSE on " >+ "READ_ONLY attribute file.\n"); >+ >+ create = (struct smb2_create) { }; >+ create.in.desired_access = SEC_RIGHTS_FILE_READ | SEC_STD_DELETE; >+ create.in.create_options = NTCREATEX_OPTIONS_DELETE_ON_CLOSE; >+ create.in.file_attributes = 0; >+ create.in.share_access = NTCREATEX_SHARE_ACCESS_READ | >+ NTCREATEX_SHARE_ACCESS_WRITE | >+ NTCREATEX_SHARE_ACCESS_DELETE; >+ create.in.create_disposition = NTCREATEX_DISP_OPEN; >+ create.in.fname = FNAME; >+ status = smb2_create(tree, tctx, &create); >+ torture_assert_ntstatus_equal_goto(tctx, status, >+ expected_status, ret, done, >+ "CREATE returned unexpected " >+ "status.\n"); >+ >+ torture_comment(tctx, "Testing setting DELETE_ON_CLOSE disposition on " >+ " file with READONLY attribute.\n"); >+ >+ create = (struct smb2_create) { }; >+ create.in.desired_access = SEC_RIGHTS_FILE_READ | SEC_STD_DELETE;; >+ create.in.create_options = 0; >+ create.in.file_attributes = 0; >+ create.in.share_access = NTCREATEX_SHARE_ACCESS_READ | >+ NTCREATEX_SHARE_ACCESS_WRITE | >+ NTCREATEX_SHARE_ACCESS_DELETE; >+ create.in.create_disposition = NTCREATEX_DISP_OPEN; >+ create.in.fname = FNAME; >+ status = smb2_create(tree, tctx, &create); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "Opening file failed.\n"); >+ >+ sfinfo.disposition_info.in.delete_on_close = 1; >+ sfinfo.generic.level = RAW_SFILEINFO_DISPOSITION_INFORMATION; >+ sfinfo.generic.in.file.handle = create.out.file.handle; >+ >+ status = smb2_setinfo_file(tree, &sfinfo); >+ torture_assert_ntstatus_equal(tctx, status, expected_status, >+ "Set DELETE_ON_CLOSE disposition " >+ "returned un expected status.\n"); >+ >+ status = smb2_util_close(tree, create.out.file.handle); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "CLOSE failed\n"); >+ >+done: >+ smb2_deltree(tree, DNAME); >+ return ret; >+} >+ > > /* > * Extreme testing of Delete On Close and permissions >@@ -595,6 +713,7 @@ struct torture_suite *torture_smb2_doc_init(TALLOC_CTX *ctx) > torture_suite_add_1smb2_test(suite, "CREATE_IF", test_doc_create_if); > torture_suite_add_1smb2_test(suite, "CREATE_IF Existing", test_doc_create_if_exist); > torture_suite_add_1smb2_test(suite, "FIND_and_set_DOC", test_doc_find_and_set_doc); >+ torture_suite_add_1smb2_test(suite, "READONLY", test_doc_read_only); > > suite->description = talloc_strdup(suite, "SMB2-Delete-on-Close-Perms tests"); > >-- >2.17.0 > > >From 80a482a9890df81edde4c20fed6cb277c352be7f Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Fri, 2 Nov 2018 12:08:23 -0700 >Subject: [PATCH 2/4] smbd: Fix DELETE_ON_CLOSE behaviour on files with > READ_ONLY attribute > >MS-FSA states that a CREATE with FILE_DELETE_ON_CLOSE on an existing >file with READ_ONLY attribute has to return STATUS_CANNOT_DELETE. This >was missing in smbd as the check used the DOS attributes from the CREATE >instead of the DOS attributes on the existing file. > >We need to handle the new file and existing file cases separately. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13673 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 162a5257c48f20d3752f644e86c9e626b46436c0) >--- > selftest/knownfail | 2 -- > source3/smbd/open.c | 30 ++++++++++++++++++++++-------- > 2 files changed, 22 insertions(+), 10 deletions(-) > >diff --git a/selftest/knownfail b/selftest/knownfail >index 781c14551fe..84776d4f35d 100644 >--- a/selftest/knownfail >+++ b/selftest/knownfail >@@ -348,5 +348,3 @@ > # Disabling NTLM means you can't use samr to change the password > ^samba.tests.ntlmdisabled.python\(ktest\).ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ktest\) > ^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\) >-^samba3.smb2.delete-on-close-perms.READONLY\(nt4_dc\) >-^samba3.smb2.delete-on-close-perms.READONLY\(ad_dc\) >diff --git a/source3/smbd/open.c b/source3/smbd/open.c >index 8a9288dbdb4..97cf458a864 100644 >--- a/source3/smbd/open.c >+++ b/source3/smbd/open.c >@@ -3237,6 +3237,18 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn, > request_time = fsp->open_time; > } > >+ if ((create_options & FILE_DELETE_ON_CLOSE) && >+ (flags2 & O_CREAT) && >+ !file_existed) { >+ /* Delete on close semantics for new files. */ >+ status = can_set_delete_on_close(fsp, >+ new_dos_attributes); >+ if (!NT_STATUS_IS_OK(status)) { >+ fd_close(fsp); >+ return status; >+ } >+ } >+ > /* > * Ensure we pay attention to default ACLs on directories if required. > */ >@@ -3689,15 +3701,17 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn, > > /* Handle strange delete on close create semantics. */ > if (create_options & FILE_DELETE_ON_CLOSE) { >+ if (!new_file_created) { >+ status = can_set_delete_on_close(fsp, >+ existing_dos_attributes); > >- status = can_set_delete_on_close(fsp, new_dos_attributes); >- >- if (!NT_STATUS_IS_OK(status)) { >- /* Remember to delete the mode we just added. */ >- del_share_mode(lck, fsp); >- TALLOC_FREE(lck); >- fd_close(fsp); >- return status; >+ if (!NT_STATUS_IS_OK(status)) { >+ /* Remember to delete the mode we just added. */ >+ del_share_mode(lck, fsp); >+ TALLOC_FREE(lck); >+ fd_close(fsp); >+ return status; >+ } > } > /* Note that here we set the *inital* delete on close flag, > not the regular one. The magic gets handled in close. */ >-- >2.17.0 > > >From 84ff58f642dc40581db6603c6e55d64cb5e87385 Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Fri, 2 Nov 2018 12:03:51 -0700 >Subject: [PATCH 3/4] selftest: Add share to test "delete readonly" option > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13673 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit a8e79decbcfbae1b1a53ec81b942ee06db26bf8f) >--- > selftest/target/Samba3.pm | 4 ++++ > 1 file changed, 4 insertions(+) > >diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm >index 968c6aa7ba0..3747a1e087e 100755 >--- a/selftest/target/Samba3.pm >+++ b/selftest/target/Samba3.pm >@@ -2231,6 +2231,10 @@ sub provision($$$$$$$$$) > vfs objects = delay_inject > delay_inject:pread_send = 2000 > delay_inject:pwrite_send = 2000 >+ >+[delete_readonly] >+ path = $prefix_abs/share >+ delete readonly = yes > "; > close(CONF); > >-- >2.17.0 > > >From 2452cc8712b5539a695bcf9e04da2f27bddb7629 Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Fri, 2 Nov 2018 12:07:58 -0700 >Subject: [PATCH 4/4] selftest: Run smb2.delete-on-close-perms also with > "delete readonly = yes" > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13673 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> > >Autobuild-User(master): Christof Schmitt <cs@samba.org> >Autobuild-Date(master): Sat Nov 3 05:55:45 CET 2018 on sn-devel-144 > >(cherry picked from commit 7dd3585f9c3ae04df45d98bfdc62663c7a69d3e0) >--- > source3/selftest/tests.py | 4 ++++ > 1 file changed, 4 insertions(+) > >diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py >index 0407e368b7c..a6de080b1d3 100755 >--- a/source3/selftest/tests.py >+++ b/source3/selftest/tests.py >@@ -579,6 +579,10 @@ for t in tests: > plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/streams_xattr -U$USERNAME%$PASSWORD', 'streams_xattr') > elif t == "smb2.aio_delay": > plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/aio_delay_inject -U$USERNAME%$PASSWORD') >+ elif t == "smb2.delete-on-close-perms": >+ plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') >+ plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/delete_readonly -U$USERNAME%$PASSWORD --option=torture:delete_readonly=true') >+ plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD') > else: > plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') > plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD') >-- >2.17.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 13673
:
14604
|
14605