From 4aff51453920213d57e19b3b57b13b553e237cdd Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Thu, 23 Jun 2016 12:23:33 +0200 Subject: [PATCH 1/6] s3/smbd: add helper func dos_mode_from_name() This just moves the computation of "hide dot files" files to a helper functions without changing overall behaviour. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit c8c67c9a2a6347e36f4628e2d0260bd6c58d8c65) --- source3/smbd/dosmode.c | 42 ++++++++++++++++++++++++++---------------- 1 file changed, 26 insertions(+), 16 deletions(-) diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c index ecc211c..92b953d 100644 --- a/source3/smbd/dosmode.c +++ b/source3/smbd/dosmode.c @@ -552,6 +552,31 @@ err_out: return status; } +static uint32_t dos_mode_from_name(connection_struct *conn, + const struct smb_filename *smb_fname) +{ + const char *p = NULL; + uint32_t result = 0; + + if (lp_hide_dot_files(SNUM(conn))) { + p = strrchr_m(smb_fname->base_name, '/'); + if (p) { + p++; + } else { + p = smb_fname->base_name; + } + + /* Only . and .. are not hidden. */ + if ((p[0] == '.') && + !((p[1] == '\0') || (p[1] == '.' && p[2] == '\0'))) + { + result |= FILE_ATTRIBUTE_HIDDEN; + } + } + + return result; +} + /**************************************************************************** Change a unix mode to a dos mode. May also read the create timespec into the stat struct in smb_fname @@ -569,22 +594,7 @@ uint32_t dos_mode(connection_struct *conn, struct smb_filename *smb_fname) return 0; } - /* First do any modifications that depend on the path name. */ - /* hide files with a name starting with a . */ - if (lp_hide_dot_files(SNUM(conn))) { - const char *p = strrchr_m(smb_fname->base_name,'/'); - if (p) { - p++; - } else { - p = smb_fname->base_name; - } - - /* Only . and .. are not hidden. */ - if (p[0] == '.' && !((p[1] == '\0') || - (p[1] == '.' && p[2] == '\0'))) { - result |= FILE_ATTRIBUTE_HIDDEN; - } - } + result |= dos_mode_from_name(conn, smb_fname); /* Get the DOS attributes from an EA by preference. */ if (!get_ea_dos_attribute(conn, smb_fname, &result)) { -- 2.5.0 From bb4cf691015d3ccf4b727c3eaa57b575f388b885 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Thu, 23 Jun 2016 16:40:15 +0200 Subject: [PATCH 2/6] s3/smbd: call dos_mode_from_name after get_ea_dos_attribute() This doesn't change overall behaviour in any way, it just prepares for the next step where the IS_HIDDEN_PATH() stuff will be moved to the function dos_mode_from_name(). It allows an optimisation by not checking "hide to files" patch if FILE_ATTRIBUTE_HIDDEN was already set in the DOS xattr. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (backported from commit 1be877038c53c88802bc19c00a49c1974f17c4eb) --- source3/smbd/dosmode.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c index 92b953d..f614729 100644 --- a/source3/smbd/dosmode.c +++ b/source3/smbd/dosmode.c @@ -553,12 +553,15 @@ err_out: } static uint32_t dos_mode_from_name(connection_struct *conn, - const struct smb_filename *smb_fname) + const struct smb_filename *smb_fname, + uint32_t dosmode) { const char *p = NULL; - uint32_t result = 0; + uint32_t result = dosmode; - if (lp_hide_dot_files(SNUM(conn))) { + if (!(result & FILE_ATTRIBUTE_HIDDEN) && + lp_hide_dot_files(SNUM(conn))) + { p = strrchr_m(smb_fname->base_name, '/'); if (p) { p++; @@ -594,8 +597,6 @@ uint32_t dos_mode(connection_struct *conn, struct smb_filename *smb_fname) return 0; } - result |= dos_mode_from_name(conn, smb_fname); - /* Get the DOS attributes from an EA by preference. */ if (!get_ea_dos_attribute(conn, smb_fname, &result)) { result |= dos_mode_from_sbuf(conn, smb_fname); @@ -615,6 +616,8 @@ uint32_t dos_mode(connection_struct *conn, struct smb_filename *smb_fname) } } + result |= dos_mode_from_name(conn, smb_fname, result); + /* Optimization : Only call is_hidden_path if it's not already hidden. */ if (!(result & FILE_ATTRIBUTE_HIDDEN) && -- 2.5.0 From af2a9ddd4ff4526b5e32715a1b4e80a0b08bfe84 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Thu, 23 Jun 2016 17:14:55 +0200 Subject: [PATCH 3/6] s3/smbd: move check for "hide files" to dos_mode_from_name() Consolidate the "hide dot files" and "hide files" handling stuff in one function. No change in overall behaviour. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit f2a53efb1aab0986d6a7d9621b1efff2127df4e6) --- source3/smbd/dosmode.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c index f614729..1574166 100644 --- a/source3/smbd/dosmode.c +++ b/source3/smbd/dosmode.c @@ -577,6 +577,12 @@ static uint32_t dos_mode_from_name(connection_struct *conn, } } + if (!(result & FILE_ATTRIBUTE_HIDDEN) && + IS_HIDDEN_PATH(conn, smb_fname->base_name)) + { + result |= FILE_ATTRIBUTE_HIDDEN; + } + return result; } @@ -618,13 +624,6 @@ uint32_t dos_mode(connection_struct *conn, struct smb_filename *smb_fname) result |= dos_mode_from_name(conn, smb_fname, result); - /* Optimization : Only call is_hidden_path if it's not already - hidden. */ - if (!(result & FILE_ATTRIBUTE_HIDDEN) && - IS_HIDDEN_PATH(conn, smb_fname->base_name)) { - result |= FILE_ATTRIBUTE_HIDDEN; - } - if (result == 0) { result = FILE_ATTRIBUTE_NORMAL; } -- 2.5.0 From 9366326336d4a71187872dae99c193035aa214f4 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Mon, 27 Jun 2016 11:39:47 +0200 Subject: [PATCH 4/6] s3/smbd: make get_ea_dos_attribute() public Needed in a subsequent commit to read the stored dosmode for a file. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992 Signed-off-by: Ralph Boehme --- source3/smbd/dosmode.c | 6 +++--- source3/smbd/proto.h | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c index 1574166..42b869c 100644 --- a/source3/smbd/dosmode.c +++ b/source3/smbd/dosmode.c @@ -257,9 +257,9 @@ static uint32_t dos_mode_from_sbuf(connection_struct *conn, This can also pull the create time into the stat struct inside smb_fname. ****************************************************************************/ -static bool get_ea_dos_attribute(connection_struct *conn, - struct smb_filename *smb_fname, - uint32_t *pattr) +bool get_ea_dos_attribute(connection_struct *conn, + struct smb_filename *smb_fname, + uint32_t *pattr) { struct xattr_DOSATTRIB dosattrib; enum ndr_err_code ndr_err; diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index 324cf46..914951e 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -259,6 +259,9 @@ int dos_attributes_to_stat_dos_flags(uint32_t dosmode); uint32_t dos_mode(connection_struct *conn, struct smb_filename *smb_fname); int file_set_dosmode(connection_struct *conn, struct smb_filename *smb_fname, uint32_t dosmode, const char *parent_dir, bool newfile); +bool get_ea_dos_attribute(connection_struct *conn, + struct smb_filename *smb_fname, + uint32_t *pattr); NTSTATUS file_set_sparse(connection_struct *conn, struct files_struct *fsp, bool sparse); -- 2.5.0 From c57b33de93428da81d02974f4b53554daab7c2b3 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Thu, 23 Jun 2016 12:24:33 +0200 Subject: [PATCH 5/6] s3/smbd: only use stored dos attributes for open_match_attributes() check This changes the way we check for old vs new DOS attributes on open with overwrite: only check against the DOS attributes actually set by a client and stored in the DOS attributes xattr. With this change "hide dot files" and "hide files" continue to work with "store dos attributes = yes". Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 36b7cff3188bbc21048c12ec971d9c2ac3666226) --- source3/smbd/open.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 61b7145..2d5f8d7 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2517,7 +2517,19 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn, if (!posix_open) { new_dos_attributes &= SAMBA_ATTRIBUTES_MASK; if (file_existed) { - existing_dos_attributes = dos_mode(conn, smb_fname); + /* + * Only use strored DOS attributes for checks + * against requested attributes (below via + * open_match_attributes()), cf bug #11992 + * for details. -slow + */ + bool ok; + uint32_t attr = 0; + + ok = get_ea_dos_attribute(conn, smb_fname, &attr); + if (ok) { + existing_dos_attributes = attr; + } } } -- 2.5.0 From 3bc80b0629044675b1e0c1b84def3eda0163aa6d Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Thu, 23 Jun 2016 19:13:05 +0200 Subject: [PATCH 6/6] s4/torture: add a test for dosmode and hidden files Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 2db5c10ac59d5362e81c50d9a854071477de9c12) --- selftest/target/Samba3.pm | 7 ++ source3/selftest/tests.py | 2 + source4/selftest/tests.py | 5 +- source4/torture/smb2/dosmode.c | 183 +++++++++++++++++++++++++++++++++++++ source4/torture/smb2/smb2.c | 1 + source4/torture/smb2/wscript_build | 2 +- 6 files changed, 197 insertions(+), 3 deletions(-) create mode 100644 source4/torture/smb2/dosmode.c diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 8ff1e7c..b278dfa 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -550,6 +550,13 @@ sub setup_simpleserver($$) vfs objects = aio_fork read only = no vfs_aio_fork:erratic_testing_mode=yes + +[dosmode] + path = $prefix_abs/share + vfs objects = + store dos attributes = yes + hide files = /hidefile/ + hide dot files = yes "; my $vars = $self->provision($path, diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 753cff6..d35a2a3 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -405,6 +405,8 @@ for t in tests: elif t == "smb2.notify": plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD --signing=required') plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD --signing=required') + elif t == "smb2.dosmode": + plansmbtorture4testsuite(t, "simpleserver", '//$SERVER/dosmode -U$USERNAME%$PASSWORD') else: plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD') diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index 9c0a0ef..66c8509 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -300,8 +300,9 @@ for t in nbt_tests: # Tests against the NTVFS POSIX backend ntvfsargs = ["--option=torture:sharedelay=100000", "--option=torture:oplocktimeout=3", "--option=torture:writetimeupdatedelay=500000"] -# smb2.change_notify_disabled must only run against env fileserver-notify-disabled -smb2 = filter(lambda x: "smb2.change_notify_disabled" not in x, smbtorture4_testsuites("smb2.")) +# Filter smb2 tests that should not run against ad_dc_ntvfs +smb2_s3only = ["smb2.change_notify_disabled", "smb2.dosmode"] +smb2 = [x for x in smbtorture4_testsuites("smb2.") if x not in smb2_s3only] #The QFILEINFO-IPC test needs to be on ipc$ raw = filter(lambda x: "raw.qfileinfo.ipc" not in x, smbtorture4_testsuites("raw.")) diff --git a/source4/torture/smb2/dosmode.c b/source4/torture/smb2/dosmode.c new file mode 100644 index 0000000..7808ca6 --- /dev/null +++ b/source4/torture/smb2/dosmode.c @@ -0,0 +1,183 @@ +/* + Unix SMB/CIFS implementation. + + SMB2 setinfo individual test suite + + Copyright (C) Ralph Boehme 2016 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "system/time.h" +#include "libcli/smb2/smb2.h" +#include "libcli/smb2/smb2_calls.h" + +#include "torture/torture.h" +#include "torture/smb2/proto.h" + +/* + test dosmode and hidden files +*/ +bool torture_smb2_dosmode(struct torture_context *tctx) +{ + bool ret = true; + NTSTATUS status; + struct smb2_tree *tree = NULL; + const char *dname = "torture_dosmode"; + const char *fname = "torture_dosmode\\file"; + const char *hidefile = "torture_dosmode\\hidefile"; + const char *dotfile = "torture_dosmode\\.dotfile"; + struct smb2_handle h1 = {{0}}; + struct smb2_create io; + union smb_setfileinfo sfinfo; + union smb_fileinfo finfo2; + + torture_comment(tctx, "Checking dosmode with \"hide files\" " + "and \"hide dot files\"\n"); + + if (!torture_smb2_connection(tctx, &tree)) { + return false; + } + + smb2_deltree(tree, dname); + + status = torture_smb2_testdir(tree, dname, &h1); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "torture_smb2_testdir failed"); + + ZERO_STRUCT(io); + io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED; + io.in.file_attributes = FILE_ATTRIBUTE_NORMAL; + io.in.create_disposition = NTCREATEX_DISP_CREATE; + io.in.create_options = 0; + io.in.fname = fname; + + status = smb2_create(tree, tctx, &io); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_create failed"); + + ZERO_STRUCT(sfinfo); + sfinfo.basic_info.in.attrib = FILE_ATTRIBUTE_HIDDEN; + sfinfo.generic.level = RAW_SFILEINFO_BASIC_INFORMATION; + sfinfo.generic.in.file.handle = io.out.file.handle; + status = smb2_setinfo_file(tree, &sfinfo); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_setinfo_filefailed"); + + ZERO_STRUCT(finfo2); + finfo2.generic.level = RAW_FILEINFO_BASIC_INFORMATION; + finfo2.generic.in.file.handle = io.out.file.handle; + status = smb2_getinfo_file(tree, tctx, &finfo2); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_getinfo_file failed"); + torture_assert_int_equal_goto(tctx, finfo2.all_info2.out.attrib & FILE_ATTRIBUTE_HIDDEN, + FILE_ATTRIBUTE_HIDDEN, ret, done, + "FILE_ATTRIBUTE_HIDDEN is not set"); + + smb2_util_close(tree, io.out.file.handle); + + /* This must fail with attribute mismatch */ + ZERO_STRUCT(io); + io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED; + io.in.file_attributes = FILE_ATTRIBUTE_NORMAL; + io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF; + io.in.create_options = 0; + io.in.fname = fname; + + status = smb2_create(tree, tctx, &io); + torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_ACCESS_DENIED, + ret, done,"smb2_create failed"); + + /* Create a file in "hide files" */ + ZERO_STRUCT(io); + io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED; + io.in.file_attributes = FILE_ATTRIBUTE_NORMAL; + io.in.create_disposition = NTCREATEX_DISP_CREATE; + io.in.create_options = 0; + io.in.fname = hidefile; + + status = smb2_create(tree, tctx, &io); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_create failed"); + + ZERO_STRUCT(finfo2); + finfo2.generic.level = RAW_FILEINFO_BASIC_INFORMATION; + finfo2.generic.in.file.handle = io.out.file.handle; + status = smb2_getinfo_file(tree, tctx, &finfo2); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_getinfo_file failed"); + torture_assert_int_equal_goto(tctx, finfo2.all_info2.out.attrib & FILE_ATTRIBUTE_HIDDEN, + FILE_ATTRIBUTE_HIDDEN, ret, done, + "FILE_ATTRIBUTE_HIDDEN is not set"); + + smb2_util_close(tree, io.out.file.handle); + + /* Overwrite a file in "hide files", should pass */ + ZERO_STRUCT(io); + io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED; + io.in.file_attributes = FILE_ATTRIBUTE_NORMAL; + io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF; + io.in.create_options = 0; + io.in.fname = hidefile; + + status = smb2_create(tree, tctx, &io); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_create failed"); + smb2_util_close(tree, io.out.file.handle); + + /* Create a "hide dot files" */ + ZERO_STRUCT(io); + io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED; + io.in.file_attributes = FILE_ATTRIBUTE_NORMAL; + io.in.create_disposition = NTCREATEX_DISP_CREATE; + io.in.create_options = 0; + io.in.fname = dotfile; + + status = smb2_create(tree, tctx, &io); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_create failed"); + + ZERO_STRUCT(finfo2); + finfo2.generic.level = RAW_FILEINFO_BASIC_INFORMATION; + finfo2.generic.in.file.handle = io.out.file.handle; + status = smb2_getinfo_file(tree, tctx, &finfo2); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_getinfo_file failed"); + torture_assert_int_equal_goto(tctx, finfo2.all_info2.out.attrib & FILE_ATTRIBUTE_HIDDEN, + FILE_ATTRIBUTE_HIDDEN, ret, done, + "FILE_ATTRIBUTE_HIDDEN is not set"); + + smb2_util_close(tree, io.out.file.handle); + + /* Overwrite a "hide dot files", should pass */ + ZERO_STRUCT(io); + io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED; + io.in.file_attributes = FILE_ATTRIBUTE_NORMAL; + io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF; + io.in.create_options = 0; + io.in.fname = dotfile; + + status = smb2_create(tree, tctx, &io); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_create failed"); + smb2_util_close(tree, io.out.file.handle); + +done: + if (!smb2_util_handle_empty(h1)) { + smb2_util_close(tree, h1); + } + smb2_deltree(tree, dname); + return ret; +} diff --git a/source4/torture/smb2/smb2.c b/source4/torture/smb2/smb2.c index 90029c7..be632cc 100644 --- a/source4/torture/smb2/smb2.c +++ b/source4/torture/smb2/smb2.c @@ -170,6 +170,7 @@ NTSTATUS torture_smb2_init(void) torture_suite_add_1smb2_test(suite, "hold-oplock", test_smb2_hold_oplock); torture_suite_add_suite(suite, torture_smb2_session_init()); torture_suite_add_suite(suite, torture_smb2_replay_init()); + torture_suite_add_simple_test(suite, "dosmode", torture_smb2_dosmode); torture_suite_add_suite(suite, torture_smb2_doc_init()); diff --git a/source4/torture/smb2/wscript_build b/source4/torture/smb2/wscript_build index 1c593ef..f404356 100644 --- a/source4/torture/smb2/wscript_build +++ b/source4/torture/smb2/wscript_build @@ -4,7 +4,7 @@ bld.SAMBA_MODULE('TORTURE_SMB2', source='''connect.c scan.c util.c getinfo.c setinfo.c lock.c notify.c smb2.c durable_open.c durable_v2_open.c oplock.c dir.c lease.c create.c acls.c read.c compound.c streams.c ioctl.c rename.c - session.c delete-on-close.c replay.c notify_disabled.c''', + session.c delete-on-close.c replay.c notify_disabled.c dosmode.c''', subsystem='smbtorture', deps='LIBCLI_SMB2 POPT_CREDENTIALS torture NDR_IOCTL', internal_module=True, -- 2.5.0