source4/torture/smb2/ea.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    SMB2 EA tests
   4
   5    Copyright (C) Ralph Boehme 2022
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 3 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19 */
  20
  21 #include "includes.h"
  22 #include "ntstatus_gen.h"
  23 #include "system/time.h"
  24 #include "libcli/smb2/smb2.h"
  25 #include "libcli/smb2/smb2_calls.h"
  26 #include "torture/torture.h"
  27 #include "torture/smb2/proto.h"
  28
  29 #define BASEDIR "test_ea"
  30
  31 static bool find_returned_ea(union smb_fileinfo *finfo2,
  32                              const char *eaname)
  33 {
  34         unsigned int i;
  35         unsigned int num_eas = finfo2->all_eas.out.num_eas;
  36         struct ea_struct *eas = finfo2->all_eas.out.eas;
  37
  38         for (i = 0; i < num_eas; i++) {
  39                 if (eas[i].name.s == NULL) {
  40                         continue;
  41                 }
  42                 /* Windows capitalizes returned EA names. */
  43                 if (strequal(eas[i].name.s, eaname)) {
  44                         return true;
  45                 }
  46         }
  47         return false;
  48 }
  49
  50 static bool torture_smb2_acl_xattr(struct torture_context *tctx,
  51                                    struct smb2_tree *tree)
  52 {
  53         const char *fname = BASEDIR "\\test_acl_xattr";
  54         const char *xattr_name = NULL;
  55         struct smb2_handle h1;
  56         struct ea_struct ea;
  57         union smb_fileinfo finfo;
  58         union smb_setfileinfo sfinfo;
  59         NTSTATUS status;
  60         bool ret = true;
  61
  62         torture_comment(tctx, "Verify NTACL xattr can't be accessed\n");
  63
  64         xattr_name = torture_setting_string(tctx, "acl_xattr_name", NULL);
  65         torture_assert_not_null(tctx, xattr_name, "Missing acl_xattr_name option\n");
  66
  67         smb2_deltree(tree, BASEDIR);
  68
  69         status = torture_smb2_testdir(tree, BASEDIR, &h1);
  70         torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
  71                                         "torture_smb2_testdir\n");
  72         smb2_util_close(tree, h1);
  73
  74         status = torture_smb2_testfile(tree, fname, &h1);
  75         torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
  76                                         "torture_smb2_testfile failed\n");
  77
  78         /*
  79          * 1. Set an EA, so we have something to list
  80          */
  81         ZERO_STRUCT(ea);
  82         ea.name.s = "void";
  83         ea.name.private_length = strlen("void") + 1;
  84         ea.value = data_blob_string_const("testme");
  85
  86         ZERO_STRUCT(sfinfo);
  87         sfinfo.generic.level = RAW_SFILEINFO_FULL_EA_INFORMATION;
  88         sfinfo.generic.in.file.handle = h1;
  89         sfinfo.full_ea_information.in.eas.num_eas = 1;
  90         sfinfo.full_ea_information.in.eas.eas = &ea;
  91
  92         status = smb2_setinfo_file(tree, &sfinfo);
  93         torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
  94                                         "Setting EA should fail\n");
  95
  96         /*
  97          * 2. Verify NT ACL EA is not listed
  98          */
  99         ZERO_STRUCT(finfo);
 100         finfo.generic.level = RAW_FILEINFO_SMB2_ALL_EAS;
 101         finfo.generic.in.file.handle = h1;
 102
 103         status = smb2_getinfo_file(tree, tctx, &finfo);
 104         torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
 105                                         "torture_smb2_testdir\n");
 106
 107         if (find_returned_ea(&finfo, xattr_name)) {
 108                 torture_result(tctx, TORTURE_FAIL,
 109                                "%s: NTACL EA leaked\n",
 110                                __location__);
 111                 ret = false;
 112                 goto done;
 113         }
 114
 115         /*
 116          * 3. Try to set EA, should fail
 117          */
 118         ZERO_STRUCT(ea);
 119         ea.name.s = xattr_name;
 120         ea.name.private_length = strlen(xattr_name) + 1;
 121         ea.value = data_blob_string_const("testme");
 122
 123         ZERO_STRUCT(sfinfo);
 124         sfinfo.generic.level = RAW_SFILEINFO_FULL_EA_INFORMATION;
 125         sfinfo.generic.in.file.handle = h1;
 126         sfinfo.full_ea_information.in.eas.num_eas = 1;
 127         sfinfo.full_ea_information.in.eas.eas = &ea;
 128
 129         status = smb2_setinfo_file(tree, &sfinfo);
 130         torture_assert_ntstatus_equal_goto(
 131                 tctx, status, NT_STATUS_ACCESS_DENIED,
 132                 ret, done, "Setting EA should fail\n");
 133
 134 done:
 135         if (!smb2_util_handle_empty(h1)) {
 136                 smb2_util_close(tree, h1);
 137         }
 138
 139         smb2_deltree(tree, BASEDIR);
 140
 141         return ret;
 142 }
 143
 144 struct torture_suite *torture_smb2_ea(TALLOC_CTX *ctx)
 145 {
 146         struct torture_suite *suite = torture_suite_create(ctx, "ea");
 147         suite->description = talloc_strdup(suite, "SMB2-EA tests");
 148
 149         torture_suite_add_1smb2_test(suite, "acl_xattr", torture_smb2_acl_xattr);
 150
 151         return suite;
 152 }