return ret;
}
+
+static bool test_profile_acls(struct torture_context *tctx,
+ struct smbcli_state *cli)
+{
+ NTSTATUS status;
+ union smb_open io;
+ const char *fname = BASEDIR "\\acl3.txt";
+ bool ret = true;
+ int fnum = -1;
+ union smb_fileinfo q;
+ union smb_setfileinfo s;
+ struct security_descriptor *sd = security_descriptor_initialise(tctx);
+ struct security_acl dacl;
+ const char *owner_sid, *group_sid;
+
+ printf("TESTING PROFILE_ACLS\n");
+
+ io.generic.level = RAW_OPEN_NTTRANS_CREATE;
+ io.ntcreatex.in.root_fid = 0;
+ io.ntcreatex.in.flags = 0;
+ io.ntcreatex.in.access_mask = SEC_STD_READ_CONTROL | SEC_STD_WRITE_DAC
+ | SEC_STD_WRITE_OWNER;
+ io.ntcreatex.in.create_options = 0;
+ io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+ io.ntcreatex.in.share_access =
+ NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+ io.ntcreatex.in.alloc_size = 0;
+ io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF;
+ io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+ io.ntcreatex.in.security_flags = 0;
+ io.ntcreatex.in.fname = fname;
+ io.ntcreatex.in.sec_desc = NULL; //sd;
+ io.ntcreatex.in.ea_list = NULL;
+
+ printf("creating a file in profiles share\n");
+ status = smb_raw_open(cli->tree, tctx, &io);
+ CHECK_STATUS(status, NT_STATUS_OK);
+ fnum = io.ntcreatex.out.file.fnum;
+
+
+ printf("get the sd\n");
+ q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+ q.query_secdesc.in.file.fnum = fnum;
+ q.query_secdesc.in.secinfo_flags =
+ SECINFO_OWNER |
+ SECINFO_GROUP |
+ SECINFO_DACL;
+ status = smb_raw_fileinfo(cli->tree, tctx, &q);
+ CHECK_STATUS(status, NT_STATUS_OK);
+
+ if (!(q.query_secdesc.out.sd->type & SEC_DESC_DACL_PRESENT)) {
+ printf("DACL_PRESENT flag not set by the server!\n");
+ ret = false;
+ goto done;
+ }
+ if (q.query_secdesc.out.sd->dacl == NULL) {
+ printf("no DACL has been created on the server!\n");
+ ret = false;
+ goto done;
+ }
+
+ printf("verify owner and group SID\n");
+
+ owner_sid = dom_sid_string(tctx, q.query_secdesc.out.sd->owner_sid);
+
+ if (!dom_sid_equal(q.query_secdesc.out.sd->owner_sid,
+ dom_sid_parse_talloc(tctx, SID_BUILTIN_ADMINISTRATORS))) {
+ printf("owner_sid not BUILTIN\\Administrators: %s\n", owner_sid);
+ ret = false;
+ goto done;
+ }
+
+ group_sid = dom_sid_string(tctx, q.query_secdesc.out.sd->group_sid);
+
+ if (!dom_sid_equal(q.query_secdesc.out.sd->group_sid,
+ dom_sid_parse_talloc(tctx, SID_BUILTIN_USERS))) {
+ printf("group_sid not BUILTIN\\Users: %s\n", group_sid);
+ ret = false;
+ goto done;
+ }
+
+ done:
+ smbcli_close(cli->tree, fnum);
+ return ret;
+}
+
+bool torture_samba3_profile_acls(struct torture_context *tctx,
+ struct smbcli_state *cli)
+{
+ bool ret = true;
+
+ if (!torture_setup_dir(cli, BASEDIR)) {
+ return false;
+ }
+
+ ret &= test_profile_acls(tctx, cli);
+
+ smb_raw_exit(cli->session);
+ smbcli_deltree(cli->tree, BASEDIR);
+
+ return ret;
+}