Blob Blame History Raw
From 83499424ab011da66ded2df441277c2b89844c7b Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 21 Oct 2021 15:06:20 -0700
Subject: [PATCH 1/2] s3: smbd: Add two tests showing recursive directory
 delete of a directory containing veto file and msdfs links over SMB2.

Add knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14878

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit ad0082d79a681b981154747dcde5713e1933b88f)
---
 selftest/knownfail.d/veto_rmdir         |   1 +
 selftest/target/Samba3.pm               |  16 ++
 source3/script/tests/test_veto_rmdir.sh | 217 ++++++++++++++++++++++++
 source3/selftest/tests.py               |   3 +
 4 files changed, 237 insertions(+)
 create mode 100644 selftest/knownfail.d/veto_rmdir
 create mode 100755 source3/script/tests/test_veto_rmdir.sh

diff --git a/selftest/knownfail.d/veto_rmdir b/selftest/knownfail.d/veto_rmdir
new file mode 100644
index 00000000000..ecced55d794
--- /dev/null
+++ b/selftest/knownfail.d/veto_rmdir
@@ -0,0 +1 @@
+^samba3.blackbox.test_veto_rmdir.rmdir can delete directory containing a veto file\(fileserver\)
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index fdbba8411bc..2fdab781fda 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1614,6 +1614,9 @@ sub setup_fileserver
 	my $bad_iconv_sharedir="$share_dir/bad_iconv";
 	push(@dirs, $bad_iconv_sharedir);
 
+	my $veto_sharedir="$share_dir/veto";
+	push(@dirs,$veto_sharedir);
+
 	my $ip4 = Samba::get_ipv4_addr("FILESERVER");
 	my $fileserver_options = "
 	kernel change notify = yes
@@ -1722,6 +1725,19 @@ sub setup_fileserver
 	comment = smb username is [%U]
 	vfs objects =
 
+[veto_files_nodelete]
+	path = $veto_sharedir
+	read only = no
+	msdfs root = yes
+	veto files = /veto_name*/
+	delete veto files = no
+
+[veto_files_delete]
+	path = $veto_sharedir
+	msdfs root = yes
+	veto files = /veto_name*/
+	delete veto files = yes
+
 [homes]
 	comment = Home directories
 	browseable = No
diff --git a/source3/script/tests/test_veto_rmdir.sh b/source3/script/tests/test_veto_rmdir.sh
new file mode 100755
index 00000000000..d3df8f1bba0
--- /dev/null
+++ b/source3/script/tests/test_veto_rmdir.sh
@@ -0,0 +1,217 @@
+#!/bin/sh
+#
+# Check smbclient can (or cannot) delete a directory containing veto files.
+# BUG: https://bugzilla.samba.org/show_bug.cgi?id=14878
+#
+
+if [ $# -lt 6 ]; then
+cat <<EOF
+Usage: $0 SERVER SERVER_IP USERNAME PASSWORD SHAREPATH SMBCLIENT
+EOF
+exit 1;
+fi
+
+SERVER=${1}
+SERVER_IP=${2}
+USERNAME=${3}
+PASSWORD=${4}
+SHAREPATH=${5}
+SMBCLIENT=${6}
+shift 6
+SMBCLIENT="$VALGRIND ${SMBCLIENT}"
+ADDARGS="$@"
+
+incdir=$(dirname "$0")/../../../testprogs/blackbox
+. "$incdir"/subunit.sh
+
+failed=0
+
+rmdir_path="$SHAREPATH/dir"
+
+test_veto_nodelete_rmdir()
+{
+    local veto_path="$rmdir_path/veto_name1"
+    local msdfs_link_path="$rmdir_path/dfs_link"
+    local tmpfile=$PREFIX/smbclient.in.$$
+
+    # Create rmdir directory.
+    mkdir -p "$rmdir_path"
+    # Create veto file underneath.
+    touch "$veto_path"
+    # Create msdfs link underneath.
+    ln -s "msdfs:$SERVER_IP\\ro-tmp" "$msdfs_link_path"
+
+    cat > "$tmpfile" <<EOF
+cd dir
+ls
+quit
+EOF
+
+    local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_nodelete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+    eval echo "$cmd"
+    out=$(eval "$cmd")
+    ret=$?
+
+    # Check for smbclient error.
+    if [ $ret != 0 ] ; then
+        echo "Failed accessing share veto_files_nodelete - $ret"
+        echo "$out"
+        return 1
+    fi
+
+    # We should only see the dfs_link file.
+    echo "$out" | grep dfs_link
+    ret=$?
+    if [ $ret -ne 0 ] ; then
+       echo "Failed to see dfs_link in share veto_files_nodelete"
+       echo "$out"
+       return 1
+    fi
+
+    # Now remove the dfs_link file.
+    rm -rf "$msdfs_link_path"
+
+    # Try and remove the directory, should fail with NT_STATUS_DIRECTORY_NOT_EMPTY.
+    cat > "$tmpfile" <<EOF
+rd dir
+quit
+EOF
+
+    local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_nodelete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+    eval echo "$cmd"
+    out=$(eval "$cmd")
+    ret=$?
+
+    # Check for smbclient error.
+    if [ $ret != 0 ] ; then
+        echo "Failed accessing share veto_files_nodelete - $ret"
+        echo "$out"
+        return 1
+    fi
+
+    # We should get NT_STATUS_DIRECTORY_NOT_EMPTY.
+    echo "$out" | grep NT_STATUS_DIRECTORY_NOT_EMPTY
+    ret=$?
+    if [ $ret -ne 0 ] ; then
+       echo "Failed to get error NT_STATUS_DIRECTORY_NOT_EMPTY in share veto_files_nodelete"
+       echo "$out"
+       return 1
+    fi
+
+    # remove the veto file - directory should now be empty.
+    rm -rf "$veto_path"
+
+    # Try and remove the directory, should now succeed.
+    cat > "$tmpfile" <<EOF
+rd dir
+quit
+EOF
+
+    local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_nodelete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+    eval echo "$cmd"
+    out=$(eval "$cmd")
+    ret=$?
+
+    # Check for smbclient error.
+    if [ $ret != 0 ] ; then
+        echo "Failed accessing share veto_files_nodelete - $ret"
+        echo "$out"
+        return 1
+    fi
+
+    # We should get no NT_STATUS_ errors.
+    echo "$out" | grep NT_STATUS_
+    ret=$?
+    if [ $ret -eq 0 ] ; then
+       echo "Got error NT_STATUS_ in share veto_files_nodelete"
+       echo "$out"
+       return 1
+    fi
+
+    return 0
+}
+
+test_veto_delete_rmdir()
+{
+    local veto_path="$rmdir_path/veto_name1"
+    local msdfs_link_path="$rmdir_path/dfs_link"
+    local tmpfile=$PREFIX/smbclient.in.$$
+
+    # Create rmdir directory.
+    mkdir -p "$rmdir_path"
+    # Create veto file underneath.
+    touch "$veto_path"
+    # Create msdfs link underneath.
+    ln -s "msdfs:$SERVER_IP\\ro-tmp" "$msdfs_link_path"
+
+    cat > "$tmpfile" <<EOF
+cd dir
+ls
+quit
+EOF
+
+    local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_delete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+    eval echo "$cmd"
+    out=$(eval "$cmd")
+    ret=$?
+
+    # Check for smbclient error.
+    if [ $ret != 0 ] ; then
+        echo "Failed accessing share veto_files_delete - $ret"
+        echo "$out"
+        return 1
+    fi
+
+    # We should only see the dfs_link file.
+    echo "$out" | grep dfs_link
+    ret=$?
+    if [ $ret -ne 0 ] ; then
+       echo "Failed to see dfs_link in share veto_files_delete"
+       echo "$out"
+       return 1
+    fi
+
+    # Now remove the dfs_link file.
+    rm -rf "$msdfs_link_path"
+
+    # Try and remove the directory, should now succeed.
+    cat > "$tmpfile" <<EOF
+rd dir
+quit
+EOF
+
+    local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_delete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+    eval echo "$cmd"
+    out=$(eval "$cmd")
+    ret=$?
+
+    # Check for smbclient error.
+    if [ $ret != 0 ] ; then
+        echo "Failed accessing share veto_files_delete - $ret"
+        echo "$out"
+        return 1
+    fi
+
+    # We should get no NT_STATUS_ errors.
+    echo "$out" | grep NT_STATUS_
+    ret=$?
+    if [ $ret -eq 0 ] ; then
+       echo "Got error NT_STATUS_ in share veto_files_delete"
+       echo "$out"
+       return 1
+    fi
+
+    return 0
+}
+
+testit "rmdir cannot delete directory containing a veto file" \
+   test_veto_nodelete_rmdir || failed=$(expr "$failed" + 1)
+
+rm -rf "$rmdir_path"
+
+testit "rmdir can delete directory containing a veto file" \
+   test_veto_delete_rmdir || failed=$(expr "$failed" + 1)
+
+rm -rf "$rmdir_path"
+
+exit "$failed"
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index d8f0db69b8c..24c8e0a1960 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -539,6 +539,9 @@ for env in ["fileserver"]:
     plantestsuite("samba3.blackbox.smbclient_iconv.CORE", env + "_smb1_done",
                   [os.path.join(samba3srcdir, "script/tests/test_smbclient_iconv.sh"),
                    '$SERVER', '$SERVER_IP', 'bad_iconv', '$USERNAME', '$PASSWORD', smbclient3, '-mCORE'])
+    plantestsuite("samba3.blackbox.test_veto_rmdir", env,
+                  [os.path.join(samba3srcdir, "script/tests/test_veto_rmdir.sh"),
+                  '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$LOCAL_PATH/veto', smbclient3])
 
     #
     # tar command tests
-- 
2.30.2


From d2d8a5b8df68a8adc0d7deb27f14f63e0ec7ae85 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 21 Oct 2021 16:18:24 -0700
Subject: [PATCH 2/2] s3: smbd: Fix recursive directory delete of a directory
 containing veto file and msdfs links.

Remove knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14878

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 73de1194c3c429ab93d722a852aa4f54213b112a)
---
 selftest/knownfail.d/veto_rmdir | 1 -
 source3/smbd/close.c            | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)
 delete mode 100644 selftest/knownfail.d/veto_rmdir

diff --git a/selftest/knownfail.d/veto_rmdir b/selftest/knownfail.d/veto_rmdir
deleted file mode 100644
index ecced55d794..00000000000
--- a/selftest/knownfail.d/veto_rmdir
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.blackbox.test_veto_rmdir.rmdir can delete directory containing a veto file\(fileserver\)
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 191626557dc..470ca7f1b6d 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -1267,7 +1267,7 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp)
 
 	/* Retry the rmdir */
 	ret = SMB_VFS_UNLINKAT(conn,
-			       dirfsp,
+			       parent_fname->fsp,
 			       at_fname,
 			       AT_REMOVEDIR);
 
-- 
2.30.2