search

samba-in-kubernetes / sit-test-cases

SIT (Samba Integration Tests) Automated Test Cases
0 stars 4 forks source link

Failure in running smb2.maximum_allowed.read_only #66

Closed anoopcs9 closed 8 months ago

anoopcs9 commented 9 months ago

With ignore system acls = yes set for various shares _smb2.maximum_allowed.readonly started to fail as follows:

smbtorture 4.21.0pre1-UNKNOWN
Using seed 1707477138
time: 2024-02-09 11:12:18.649044Z
progress: 2
test: samba3.smb2.maximum_allowed.maximum_allowed
time: 2024-02-09 11:12:18.649763Z
Checked SEC_PRIV_RESTORE for S-1-5-21-1343336543-625089901-2941723812-1000 - No
Checked SEC_PRIV_BACKUP for S-1-5-21-1343336543-625089901-2941723812-1000 - No
Checked SEC_PRIV_SECURITY for S-1-5-21-1343336543-625089901-2941723812-1000 - No
time: 2024-02-09 11:12:18.676989Z
xfail: samba3.smb2.maximum_allowed.maximum_allowed [
Exception: ../../source4/torture/smb2/max_allowed.c:161: status was NT_STATUS_ACCESS_DENIED, expected NT_STATUS_OK: Incorrect status NT_STATUS_ACCESS_DENIED - should be NT_STATUS_OK

]
test: samba3.smb2.maximum_allowed.read_only
time: 2024-02-09 11:12:18.677000Z
time: 2024-02-09 11:12:18.693316Z
failure: samba3.smb2.maximum_allowed.read_only [
Exception: ../../source4/torture/smb2/max_allowed.c:212: status was NT_STATUS_OBJECT_NAME_COLLISION, expected NT_STATUS_OK: smb2_create failed

]

First subtest(_smb2.maximum_allowed.maximumallowed) failure is expected(and is a knownfail). Please note that _smb2.maximum_allowed.readonly used to(even now) pass without ignore system acls = yes set. More details to follow.

anoopcs9 commented 9 months ago

When ignore system acls is set, the restrictive SD(Security Descriptor) with which the test file is created doesn't have DELETE permission(only SEC_RIGHTS_FILE_READ) and thus the unlink attempt from _smb2.maximum_allowed.maximumallowed during cleanup and/or initial unlink attempt from _smb2.maximum_allowed.readonly fails with NT_STATUS_ACCESS_DENIED. Returned NT_STATUS from unlink operation is not validated before proceeding with further steps causing the subsequent creation of same file to fail with NT_STATUS_OBJECT_NAME_COLLISION.

anoopcs9 commented 9 months ago

Possible fix !3518.

anoopcs9 commented 8 months ago

Possible fix !3518.

Above fix got merged upstream and all tests are running successfully since then.