--- /dev/null
+#!/bin/sh
+#
+# Test sharesec command.
+#
+# Verify that changing and querying the security descriptor works. Also
+# ensure that the output format for ACL entries does not change.
+#
+# The test uses well-known SIDs to not require looking up names and SIDs
+#
+# Copyright (C) 2015 Christof Schmitt
+
+if [ $# -lt 3 ]; then
+Usage: test_sharesec.sh SERVERCONFFILE SHARESEC SHARE
+exit 1
+fi
+
+CONF=$1
+SHARESEC=$2
+SHARE=$3
+
+CMD="$SHARESEC $CONF $SHARE"
+
+incdir=$(dirname $0)/../../../testprogs/blackbox
+. $incdir/subunit.sh
+
+failed=0
+
+testit "Set new ACL" $CMD --replace S-1-1-0:ALLOWED/0x0/READ || \
+ failed=$(expr $failed + 1)
+testit "Query new ACL" $CMD --view || failed=$(expr $failed + 1)
+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
+testit "Verify new ACL count" test $COUNT -eq 1 || failed=$(expr $failed + 1)
+ACL=$($CMD --view | grep ACL: | sed -e 's/^ACL://')
+testit "Verify new ACL" test $ACL = S-1-1-0:ALLOWED/0x0/READ
+
+OWNER=$($CMD --view | grep OWNER:)
+testit "Verify empty OWNER" test "$OWNER" = "OWNER:" || \
+ failed=$(expr $failed + 1)
+GROUP=$($CMD --view | grep GROUP:)
+testit "Verify empty GROUP" test "$GROUP" = "GROUP:" || \
+ failed=$(expr $failed + 1)
+CONTROL=$($CMD --view | grep CONTROL: | sed -e 's/^CONTROL://')
+testit "Verify control flags" test "$CONTROL" = "SR|DP" || \
+ failed=$(expr $failed + 1)
+
+testit "Add second ACL entry" $CMD --add S-1-5-32-544:ALLOWED/0x0/FULL || \
+ failed=$(expr $failed + 1)
+testit "Query ACL with two entries" $CMD --view || \
+ failed=$(expr $failed + 1)
+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
+testit "Verify ACL count with two entries" test $COUNT -eq 2 || \
+ failed=$(expr $failed + 1)
+ACL=$($CMD --view | grep S-1-5-32-544 | sed -e 's/^ACL://')
+testit "Verify second ACL entry" test $ACL = S-1-5-32-544:ALLOWED/0x0/FULL || \
+ failed=$(expr $failed + 1)
+
+testit "Modify ACL entry" $CMD --modify S-1-5-32-544:ALLOWED/0x0/CHANGE || \
+ failed=$(expr $failed + 1)
+testit "Verify ACL with two entries after modify" $CMD --view || \
+ failed=$(expr $failed + 1)
+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
+testit "Verify ACL count with two entries after modify" test $COUNT -eq 2 || \
+ failed=$(expr $failed + 1)
+ACL=$($CMD --view | grep S-1-5-32-544 | sed -e 's/^ACL://')
+testit "Verify modified entry" test $ACL = S-1-5-32-544:ALLOWED/0x0/CHANGE || \
+ failed=$(expr $failed + 1)
+
+testit "Add deny ACL entry" $CMD --add S-1-5-32-545:DENIED/0x0/CHANGE || \
+ failed=$(expr $failed + 1)
+testit "Query ACL with three entries" $CMD --view || \
+ failed=$(expr $failed + 1)
+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
+testit "Verify ACL count with three entries" test $COUNT -eq 3 || \
+ failed=$(expr $failed + 1)
+ACL=$($CMD --view | grep S-1-5-32-545 | sed -e 's/^ACL://')
+testit "Verify DENIED ACL entry" test $ACL = S-1-5-32-545:DENIED/0x0/CHANGE || \
+ failed=$(expr $failed + 1)
+
+testit "Add special ACL entry" $CMD --add S-1-5-32-546:ALLOWED/0x0/RWXDP || \
+ failed=$(expr $failed + 1)
+testit "Query ACL with four entries" $CMD --view || \
+ failed=$(expr $failed + 1)
+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
+testit "Verify ACL count with four entries" test $COUNT -eq 4 || \
+ failed=$(expr $failed + 1)
+ACL=$($CMD --view | grep S-1-5-32-546 | sed -e 's/^ACL://')
+testit "Verify special entry" test $ACL = S-1-5-32-546:ALLOWED/0x0/RWXDP || \
+ failed=$(expr $failed + 1)
+
+testit "Remove ACL entry" $CMD --remove S-1-5-32-546:ALLOWED/0x0/RWXDP || \
+ failed=$(expr $failed + 1)
+testit "Query ACL with three entries after removal" $CMD --view || \
+ failed=$(expr $failed + 1)
+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
+testit "Verify ACL count after removal" test $COUNT -eq 3 || \
+ failed=$(expr $failed + 1)
+ACL="$($CMD --view | grep S-1-5-32-546')"
+testit "Verify removal" test -e "$ACL" || failed=$(expr $failed + 1)
+
+testit "Set back to default ACL " $CMD --replace S-1-1-0:ALLOWED/0x0/FULL || \
+ failed=$(expr $failed + 1)
+testit "Query standard ACL" $CMD --view || \
+ failed=$(expr $failed + 1)
+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
+testit "Verify standard ACL count" test $COUNT -eq 1 || \
+ failed=$(expr $failed + 1)
+ACL=$($CMD --view | grep ACL: | sed -e 's/^ACL://')
+testit "Verify standard ACL" test $ACL = S-1-1-0:ALLOWED/0x0/FULL || \
+ failed=$(expr $failed + 1)
+
+testok $0 $failed