From a4677aa770339f1384f2bf38388b8cd890554adc Mon Sep 17 00:00:00 2001 From: =?utf8?q?G=C3=BCnther=20Deschner?= Date: Tue, 28 Apr 2009 01:10:37 +0200 Subject: [PATCH] s4-smbtorture: add RAW-SAMBA3-PROFILEACLS test to check "profile acls" behaviour. Karolin, please check. Guenther --- source4/torture/raw/acls.c | 102 +++++++++++++++++++++++++++++++++++++ source4/torture/raw/raw.c | 2 + 2 files changed, 104 insertions(+) diff --git a/source4/torture/raw/acls.c b/source4/torture/raw/acls.c index 8fde373dce8..bef08b47a98 100644 --- a/source4/torture/raw/acls.c +++ b/source4/torture/raw/acls.c @@ -2037,3 +2037,105 @@ bool torture_raw_acls(struct torture_context *tctx, struct smbcli_state *cli) return ret; } + +static bool test_profile_acls(struct torture_context *tctx, + struct smbcli_state *cli) +{ + NTSTATUS status; + union smb_open io; + const char *fname = BASEDIR "\\acl3.txt"; + bool ret = true; + int fnum = -1; + union smb_fileinfo q; + union smb_setfileinfo s; + struct security_descriptor *sd = security_descriptor_initialise(tctx); + struct security_acl dacl; + const char *owner_sid, *group_sid; + + printf("TESTING PROFILE_ACLS\n"); + + io.generic.level = RAW_OPEN_NTTRANS_CREATE; + io.ntcreatex.in.root_fid = 0; + io.ntcreatex.in.flags = 0; + io.ntcreatex.in.access_mask = SEC_STD_READ_CONTROL | SEC_STD_WRITE_DAC + | SEC_STD_WRITE_OWNER; + io.ntcreatex.in.create_options = 0; + io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL; + io.ntcreatex.in.share_access = + NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE; + io.ntcreatex.in.alloc_size = 0; + io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF; + io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS; + io.ntcreatex.in.security_flags = 0; + io.ntcreatex.in.fname = fname; + io.ntcreatex.in.sec_desc = NULL; //sd; + io.ntcreatex.in.ea_list = NULL; + + printf("creating a file in profiles share\n"); + status = smb_raw_open(cli->tree, tctx, &io); + CHECK_STATUS(status, NT_STATUS_OK); + fnum = io.ntcreatex.out.file.fnum; + + + printf("get the sd\n"); + q.query_secdesc.level = RAW_FILEINFO_SEC_DESC; + q.query_secdesc.in.file.fnum = fnum; + q.query_secdesc.in.secinfo_flags = + SECINFO_OWNER | + SECINFO_GROUP | + SECINFO_DACL; + status = smb_raw_fileinfo(cli->tree, tctx, &q); + CHECK_STATUS(status, NT_STATUS_OK); + + if (!(q.query_secdesc.out.sd->type & SEC_DESC_DACL_PRESENT)) { + printf("DACL_PRESENT flag not set by the server!\n"); + ret = false; + goto done; + } + if (q.query_secdesc.out.sd->dacl == NULL) { + printf("no DACL has been created on the server!\n"); + ret = false; + goto done; + } + + printf("verify owner and group SID\n"); + + owner_sid = dom_sid_string(tctx, q.query_secdesc.out.sd->owner_sid); + + if (!dom_sid_equal(q.query_secdesc.out.sd->owner_sid, + dom_sid_parse_talloc(tctx, SID_BUILTIN_ADMINISTRATORS))) { + printf("owner_sid not BUILTIN\\Administrators: %s\n", owner_sid); + ret = false; + goto done; + } + + group_sid = dom_sid_string(tctx, q.query_secdesc.out.sd->group_sid); + + if (!dom_sid_equal(q.query_secdesc.out.sd->group_sid, + dom_sid_parse_talloc(tctx, SID_BUILTIN_USERS))) { + printf("group_sid not BUILTIN\\Users: %s\n", group_sid); + ret = false; + goto done; + } + + done: + smbcli_close(cli->tree, fnum); + return ret; +} + +bool torture_samba3_profile_acls(struct torture_context *tctx, + struct smbcli_state *cli) +{ + bool ret = true; + + if (!torture_setup_dir(cli, BASEDIR)) { + return false; + } + + ret &= test_profile_acls(tctx, cli); + + smb_raw_exit(cli->session); + smbcli_deltree(cli->tree, BASEDIR); + + return ret; +} diff --git a/source4/torture/raw/raw.c b/source4/torture/raw/raw.c index 138f2631068..40660871839 100644 --- a/source4/torture/raw/raw.c +++ b/source4/torture/raw/raw.c @@ -77,6 +77,8 @@ NTSTATUS torture_raw_init(void) torture_samba3_caseinsensitive); torture_suite_add_simple_test(suite, "SAMBA3POSIXTIMEDLOCK", torture_samba3_posixtimedlock); + torture_suite_add_1smb_test(suite, "SAMBA3-PROFILEACLS", + torture_samba3_profile_acls); torture_suite_add_simple_test(suite, "SCAN-EAMAX", torture_max_eas); suite->description = talloc_strdup(suite, "Tests for the raw SMB interface"); -- 2.34.1