diff options
author | Stefan Metzmacher <metze@samba.org> | 2006-06-29 07:03:09 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:09:37 -0500 |
commit | 1ce7b027e6ab7e713b36daed516ab90c1d80d61d (patch) | |
tree | a49973d42cd709391e0ec597f6997241a553420b | |
parent | 332f5b19a101115ce920b9291d10e78fbea8db62 (diff) | |
download | samba-1ce7b027e6ab7e713b36daed516ab90c1d80d61d.tar.gz samba-1ce7b027e6ab7e713b36daed516ab90c1d80d61d.tar.bz2 samba-1ce7b027e6ab7e713b36daed516ab90c1d80d61d.zip |
r16668: test setting of security descriptors vis smb2 setinfo
metze
(This used to be commit 377562e891ccb6ff9104bbefca71a8e2c18a34de)
-rw-r--r-- | source4/torture/smb2/setinfo.c | 66 |
1 files changed, 64 insertions, 2 deletions
diff --git a/source4/torture/smb2/setinfo.c b/source4/torture/smb2/setinfo.c index 18cf841f15..fb913e5ef2 100644 --- a/source4/torture/smb2/setinfo.c +++ b/source4/torture/smb2/setinfo.c @@ -28,6 +28,9 @@ #include "torture/torture.h" #include "torture/smb2/proto.h" +#include "libcli/security/security.h" +#include "librpc/gen_ndr/ndr_security.h" + #define BASEDIR "" /* basic testing of all SMB2 setinfo calls @@ -44,6 +47,9 @@ BOOL torture_smb2_setinfo(struct torture_context *torture) char *fname_new; union smb_fileinfo finfo2; union smb_setfileinfo sfinfo; + struct security_ace ace; + struct security_descriptor *sd; + struct dom_sid *test_sid; NTSTATUS status, status2; const char *call_name; time_t basetime = (time(NULL) - 86400) & ~1; @@ -92,7 +98,7 @@ BOOL torture_smb2_setinfo(struct torture_context *torture) finfo2.generic.in.file.handle = handle; \ status2 = smb2_getinfo_file(tree, mem_ctx, &finfo2); \ if (!NT_STATUS_IS_OK(status2)) { \ - printf("%s - %s\n", #call, nt_errstr(status2)); \ + printf("(%s) %s - %s\n", __location__, #call, nt_errstr(status2)); \ } \ }} while (0) @@ -135,7 +141,6 @@ BOOL torture_smb2_setinfo(struct torture_context *torture) goto done; \ }} while (0) - torture_smb2_all_info(tree, handle); printf("test basic_information level\n"); @@ -230,6 +235,63 @@ BOOL torture_smb2_setinfo(struct torture_context *torture) CHECK_CALL(MODE_INFORMATION, NT_STATUS_OK); CHECK_VALUE(MODE_INFORMATION, mode_information, mode, 0); + printf("test sec_desc level\n"); + test_sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1234-5432"); + ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED; + ace.flags = 0; + ace.access_mask = SEC_STD_ALL; + ace.trustee = *test_sid; + ZERO_STRUCT(finfo2); + finfo2.query_secdesc.in.secinfo_flags = + SECINFO_OWNER | + SECINFO_GROUP | + SECINFO_DACL; + CHECK1(SEC_DESC); + sd = finfo2.query_secdesc.out.sd; + + test_sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1234-5432"); + ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED; + ace.flags = 0; + ace.access_mask = SEC_STD_ALL; + ace.trustee = *test_sid; + status = security_descriptor_dacl_add(sd, &ace); + CHECK_STATUS(status, NT_STATUS_OK); + + printf("add a new ACE to the DACL\n"); + + sfinfo.set_secdesc.in.secinfo_flags = finfo2.query_secdesc.in.secinfo_flags; + sfinfo.set_secdesc.in.sd = sd; + CHECK_CALL(SEC_DESC, NT_STATUS_OK); + CHECK1(SEC_DESC); + + if (!security_acl_equal(finfo2.query_secdesc.out.sd->dacl, sd->dacl)) { + printf("%s: security descriptors don't match!\n", __location__); + printf("got:\n"); + NDR_PRINT_DEBUG(security_descriptor, finfo2.query_secdesc.out.sd); + printf("expected:\n"); + NDR_PRINT_DEBUG(security_descriptor, sd); + ret = False; + } + + printf("remove it again\n"); + + status = security_descriptor_dacl_del(sd, test_sid); + CHECK_STATUS(status, NT_STATUS_OK); + + sfinfo.set_secdesc.in.secinfo_flags = finfo2.query_secdesc.in.secinfo_flags; + sfinfo.set_secdesc.in.sd = sd; + CHECK_CALL(SEC_DESC, NT_STATUS_OK); + CHECK1(SEC_DESC); + + if (!security_acl_equal(finfo2.query_secdesc.out.sd->dacl, sd->dacl)) { + printf("%s: security descriptors don't match!\n", __location__); + printf("got:\n"); + NDR_PRINT_DEBUG(security_descriptor, finfo2.query_secdesc.out.sd); + printf("expected:\n"); + NDR_PRINT_DEBUG(security_descriptor, sd); + ret = False; + } + done: status = smb2_util_close(tree, handle); if (NT_STATUS_IS_ERR(status)) { |