diff options
author | Jeremy Allison <jra@samba.org> | 2022-11-10 14:41:15 -0800 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2023-01-23 09:27:12 +0000 |
commit | cd3479c64a838417d4f3f1d8dfd8f180c819b6a3 (patch) | |
tree | 6ad5fdd356485abb70e3aebc45278a28d015e7de | |
parent | 961eda75a0ce31c00ec933e38835af6ff8011084 (diff) | |
download | samba-cd3479c64a838417d4f3f1d8dfd8f180c819b6a3.tar.gz |
s3: smbd: Add test to show smbd crashes when doing an FSCTL on a named stream handle.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15236
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit abc4495e4591964bb4625c2669a1f84213faab77)
-rw-r--r-- | selftest/knownfail | 1 | ||||
-rw-r--r-- | selftest/knownfail.d/smb2-ioctl-stream | 1 | ||||
-rwxr-xr-x | source3/selftest/tests.py | 2 | ||||
-rw-r--r-- | source4/torture/smb2/ioctl.c | 74 | ||||
-rw-r--r-- | source4/torture/smb2/smb2.c | 2 |
5 files changed, 80 insertions, 0 deletions
diff --git a/selftest/knownfail b/selftest/knownfail index 690690012aa..f9ca4984176 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -203,6 +203,7 @@ ^samba4.smb2.ioctl.copy_chunk_\w*\(ad_dc_ntvfs\) # not supported by s4 ntvfs server ^samba4.smb2.ioctl.copy-chunk streams\(ad_dc_ntvfs\) # not supported by s4 ntvfs server ^samba4.smb2.ioctl.bug14769\(ad_dc_ntvfs\) # not supported by s4 ntvfs server +^samba4.smb2.ioctl-on-stream.ioctl-on-stream\(ad_dc_ntvfs\) ^samba3.smb2.dir.one ^samba3.smb2.dir.modify ^samba3.smb2.oplock.batch20 diff --git a/selftest/knownfail.d/smb2-ioctl-stream b/selftest/knownfail.d/smb2-ioctl-stream new file mode 100644 index 00000000000..518726e8f19 --- /dev/null +++ b/selftest/knownfail.d/smb2-ioctl-stream @@ -0,0 +1 @@ +^samba3.smb2.ioctl-on-stream.ioctl-on-stream\(fileserver\) diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index ad0d4820449..c15f9741cb4 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -983,6 +983,8 @@ for t in tests: plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/fs_specific -U$USERNAME%$PASSWORD', 'fs_specific') plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD') + elif t == "smb2.ioctl-on-stream": + plansmbtorture4testsuite(t, "fileserver", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') elif t == "smb2.lock": plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/aio -U$USERNAME%$PASSWORD', 'aio') plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') diff --git a/source4/torture/smb2/ioctl.c b/source4/torture/smb2/ioctl.c index d5ebf93bd6a..6ceaccfc7ca 100644 --- a/source4/torture/smb2/ioctl.c +++ b/source4/torture/smb2/ioctl.c @@ -3838,6 +3838,80 @@ static bool test_ioctl_sparse_qar_malformed(struct torture_context *torture, return true; } +bool test_ioctl_alternate_data_stream(struct torture_context *tctx) +{ + bool ret = false; + const char *fname = DNAME "\\test_stream_ioctl_dir"; + const char *sname = DNAME "\\test_stream_ioctl_dir:stream"; + NTSTATUS status; + struct smb2_create create = {}; + struct smb2_tree *tree = NULL; + struct smb2_handle h1 = {{0}}; + union smb_ioctl ioctl; + + if (!torture_smb2_connection(tctx, &tree)) { + torture_comment(tctx, "Initializing smb2 connection failed.\n"); + return false; + } + + smb2_deltree(tree, DNAME); + + status = torture_smb2_testdir(tree, DNAME, &h1); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "torture_smb2_testdir failed\n"); + + status = smb2_util_close(tree, h1); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_util_close failed\n"); + create = (struct smb2_create) { + .in.desired_access = SEC_FILE_ALL, + .in.share_access = NTCREATEX_SHARE_ACCESS_MASK, + .in.file_attributes = FILE_ATTRIBUTE_HIDDEN, + .in.create_disposition = NTCREATEX_DISP_CREATE, + .in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION, + .in.fname = fname, + }; + + status = smb2_create(tree, tctx, &create); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_create failed\n"); + + h1 = create.out.file.handle; + status = smb2_util_close(tree, h1); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_util_close failed\n"); + + create = (struct smb2_create) { + .in.desired_access = SEC_FILE_ALL, + .in.share_access = NTCREATEX_SHARE_ACCESS_MASK, + .in.file_attributes = FILE_ATTRIBUTE_NORMAL, + .in.create_disposition = NTCREATEX_DISP_CREATE, + .in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION, + .in.fname = sname, + }; + status = smb2_create(tree, tctx, &create); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_create failed\n"); + h1 = create.out.file.handle; + + ZERO_STRUCT(ioctl); + ioctl.smb2.level = RAW_IOCTL_SMB2; + ioctl.smb2.in.file.handle = h1; + ioctl.smb2.in.function = FSCTL_CREATE_OR_GET_OBJECT_ID, + ioctl.smb2.in.max_output_response = 64; + ioctl.smb2.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL; + status = smb2_ioctl(tree, tctx, &ioctl.smb2); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_ioctl failed\n"); + ret = true; + +done: + + smb2_util_close(tree, h1); + smb2_deltree(tree, DNAME); + return ret; +} + /* * 2.3.57 FSCTL_SET_ZERO_DATA Request * diff --git a/source4/torture/smb2/smb2.c b/source4/torture/smb2/smb2.c index 0ca5078a941..c717db50b70 100644 --- a/source4/torture/smb2/smb2.c +++ b/source4/torture/smb2/smb2.c @@ -183,6 +183,8 @@ NTSTATUS torture_smb2_init(TALLOC_CTX *ctx) test_ioctl_set_sparse); torture_suite_add_simple_test(suite, "zero-data-ioctl", test_ioctl_zero_data); + torture_suite_add_simple_test(suite, "ioctl-on-stream", + test_ioctl_alternate_data_stream); torture_suite_add_suite(suite, torture_smb2_rename_init(suite)); torture_suite_add_suite(suite, torture_smb2_sharemode_init(suite)); torture_suite_add_1smb2_test(suite, "hold-oplock", test_smb2_hold_oplock); |