From 505e48439364c4027aa11aeda467bbd2060b89f4 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 21 Oct 2021 15:06:20 -0700
Subject: [PATCH] s3: smbd: Add two tests showing recursive directory delete of
a directory containing veto file and msdfs links over SMB2.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14878
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit ad0082d79a681b981154747dcde5713e1933b88f)
(cherry picked from commit dab3fa1d8c27e696afa15e071331f646e06d9706)
---
selftest/target/Samba3.pm | 16 ++
source3/script/tests/test_veto_rmdir.sh | 217 ++++++++++++++++++++++++
source3/selftest/tests.py | 3 +
3 files changed, 236 insertions(+)
create mode 100755 source3/script/tests/test_veto_rmdir.sh
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 14a1f1223b1..bbff9d74817 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1460,6 +1460,9 @@ sub setup_fileserver
my $bad_iconv_sharedir="$share_dir/bad_iconv";
push(@dirs, $bad_iconv_sharedir);
+ my $veto_sharedir="$share_dir/veto";
+ push(@dirs,$veto_sharedir);
+
my $ip4 = Samba::get_ipv4_addr("FILESERVER");
my $fileserver_options = "
kernel change notify = yes
@@ -1568,6 +1571,19 @@ sub setup_fileserver
comment = smb username is [%U]
vfs objects =
+[veto_files_nodelete]
+ path = $veto_sharedir
+ read only = no
+ msdfs root = yes
+ veto files = /veto_name*/
+ delete veto files = no
+
+[veto_files_delete]
+ path = $veto_sharedir
+ msdfs root = yes
+ veto files = /veto_name*/
+ delete veto files = yes
+
[homes]
comment = Home directories
browseable = No
diff --git a/source3/script/tests/test_veto_rmdir.sh b/source3/script/tests/test_veto_rmdir.sh
new file mode 100755
index 00000000000..d3df8f1bba0
--- /dev/null
+++ b/source3/script/tests/test_veto_rmdir.sh
@@ -0,0 +1,217 @@
+#!/bin/sh
+#
+# Check smbclient can (or cannot) delete a directory containing veto files.
+# BUG: https://bugzilla.samba.org/show_bug.cgi?id=14878
+#
+
+if [ $# -lt 6 ]; then
+cat <<EOF
+Usage: $0 SERVER SERVER_IP USERNAME PASSWORD SHAREPATH SMBCLIENT
+EOF
+exit 1;
+fi
+
+SERVER=${1}
+SERVER_IP=${2}
+USERNAME=${3}
+PASSWORD=${4}
+SHAREPATH=${5}
+SMBCLIENT=${6}
+shift 6
+SMBCLIENT="$VALGRIND ${SMBCLIENT}"
+ADDARGS="$@"
+
+incdir=$(dirname "$0")/../../../testprogs/blackbox
+. "$incdir"/subunit.sh
+
+failed=0
+
+rmdir_path="$SHAREPATH/dir"
+
+test_veto_nodelete_rmdir()
+{
+ local veto_path="$rmdir_path/veto_name1"
+ local msdfs_link_path="$rmdir_path/dfs_link"
+ local tmpfile=$PREFIX/smbclient.in.$$
+
+ # Create rmdir directory.
+ mkdir -p "$rmdir_path"
+ # Create veto file underneath.
+ touch "$veto_path"
+ # Create msdfs link underneath.
+ ln -s "msdfs:$SERVER_IP\\ro-tmp" "$msdfs_link_path"
+
+ cat > "$tmpfile" <<EOF
+cd dir
+ls
+quit
+EOF
+
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_nodelete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=$(eval "$cmd")
+ ret=$?
+
+ # Check for smbclient error.
+ if [ $ret != 0 ] ; then
+ echo "Failed accessing share veto_files_nodelete - $ret"
+ echo "$out"
+ return 1
+ fi
+
+ # We should only see the dfs_link file.
+ echo "$out" | grep dfs_link
+ ret=$?
+ if [ $ret -ne 0 ] ; then
+ echo "Failed to see dfs_link in share veto_files_nodelete"
+ echo "$out"
+ return 1
+ fi
+
+ # Now remove the dfs_link file.
+ rm -rf "$msdfs_link_path"
+
+ # Try and remove the directory, should fail with NT_STATUS_DIRECTORY_NOT_EMPTY.
+ cat > "$tmpfile" <<EOF
+rd dir
+quit
+EOF
+
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_nodelete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=$(eval "$cmd")
+ ret=$?
+
+ # Check for smbclient error.
+ if [ $ret != 0 ] ; then
+ echo "Failed accessing share veto_files_nodelete - $ret"
+ echo "$out"
+ return 1
+ fi
+
+ # We should get NT_STATUS_DIRECTORY_NOT_EMPTY.
+ echo "$out" | grep NT_STATUS_DIRECTORY_NOT_EMPTY
+ ret=$?
+ if [ $ret -ne 0 ] ; then
+ echo "Failed to get error NT_STATUS_DIRECTORY_NOT_EMPTY in share veto_files_nodelete"
+ echo "$out"
+ return 1
+ fi
+
+ # remove the veto file - directory should now be empty.
+ rm -rf "$veto_path"
+
+ # Try and remove the directory, should now succeed.
+ cat > "$tmpfile" <<EOF
+rd dir
+quit
+EOF
+
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_nodelete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=$(eval "$cmd")
+ ret=$?
+
+ # Check for smbclient error.
+ if [ $ret != 0 ] ; then
+ echo "Failed accessing share veto_files_nodelete - $ret"
+ echo "$out"
+ return 1
+ fi
+
+ # We should get no NT_STATUS_ errors.
+ echo "$out" | grep NT_STATUS_
+ ret=$?
+ if [ $ret -eq 0 ] ; then
+ echo "Got error NT_STATUS_ in share veto_files_nodelete"
+ echo "$out"
+ return 1
+ fi
+
+ return 0
+}
+
+test_veto_delete_rmdir()
+{
+ local veto_path="$rmdir_path/veto_name1"
+ local msdfs_link_path="$rmdir_path/dfs_link"
+ local tmpfile=$PREFIX/smbclient.in.$$
+
+ # Create rmdir directory.
+ mkdir -p "$rmdir_path"
+ # Create veto file underneath.
+ touch "$veto_path"
+ # Create msdfs link underneath.
+ ln -s "msdfs:$SERVER_IP\\ro-tmp" "$msdfs_link_path"
+
+ cat > "$tmpfile" <<EOF
+cd dir
+ls
+quit
+EOF
+
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_delete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=$(eval "$cmd")
+ ret=$?
+
+ # Check for smbclient error.
+ if [ $ret != 0 ] ; then
+ echo "Failed accessing share veto_files_delete - $ret"
+ echo "$out"
+ return 1
+ fi
+
+ # We should only see the dfs_link file.
+ echo "$out" | grep dfs_link
+ ret=$?
+ if [ $ret -ne 0 ] ; then
+ echo "Failed to see dfs_link in share veto_files_delete"
+ echo "$out"
+ return 1
+ fi
+
+ # Now remove the dfs_link file.
+ rm -rf "$msdfs_link_path"
+
+ # Try and remove the directory, should now succeed.
+ cat > "$tmpfile" <<EOF
+rd dir
+quit
+EOF
+
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_delete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=$(eval "$cmd")
+ ret=$?
+
+ # Check for smbclient error.
+ if [ $ret != 0 ] ; then
+ echo "Failed accessing share veto_files_delete - $ret"
+ echo "$out"
+ return 1
+ fi
+
+ # We should get no NT_STATUS_ errors.
+ echo "$out" | grep NT_STATUS_
+ ret=$?
+ if [ $ret -eq 0 ] ; then
+ echo "Got error NT_STATUS_ in share veto_files_delete"
+ echo "$out"
+ return 1
+ fi
+
+ return 0
+}
+
+testit "rmdir cannot delete directory containing a veto file" \
+ test_veto_nodelete_rmdir || failed=$(expr "$failed" + 1)
+
+rm -rf "$rmdir_path"
+
+testit "rmdir can delete directory containing a veto file" \
+ test_veto_delete_rmdir || failed=$(expr "$failed" + 1)
+
+rm -rf "$rmdir_path"
+
+exit "$failed"
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 651be239825..82f32ec4232 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -498,6 +498,9 @@ for env in ["fileserver"]:
plantestsuite("samba3.blackbox.smbclient_iconv.CORE", env + "_smb1_done",
[os.path.join(samba3srcdir, "script/tests/test_smbclient_iconv.sh"),
'$SERVER', '$SERVER_IP', 'bad_iconv', '$USERNAME', '$PASSWORD', smbclient3, '-mCORE'])
+ plantestsuite("samba3.blackbox.test_veto_rmdir", env,
+ [os.path.join(samba3srcdir, "script/tests/test_veto_rmdir.sh"),
+ '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$LOCAL_PATH/veto', smbclient3])
#
# tar command tests
--
2.33.1