summaryrefslogtreecommitdiff
path: root/source4/torture/raw/acls.c
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-11-18 01:02:27 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:05:57 -0500
commitbbf009b46f75f292a625b853b9331b5d5e0da7c2 (patch)
tree679baa8ec6a1fb4724870983e294573188f5c3c6 /source4/torture/raw/acls.c
parentcae123912c15ad7d7ecd44a6d468f368aaeab95c (diff)
downloadsamba-bbf009b46f75f292a625b853b9331b5d5e0da7c2.tar.gz
samba-bbf009b46f75f292a625b853b9331b5d5e0da7c2.tar.bz2
samba-bbf009b46f75f292a625b853b9331b5d5e0da7c2.zip
r3829: added a RAW-ACLS test suite that tests query/set of ACLs on a file
(This used to be commit 2ff9816ae0ae41e0e63e4276a70d292888346dc7)
Diffstat (limited to 'source4/torture/raw/acls.c')
-rw-r--r--source4/torture/raw/acls.c162
1 files changed, 162 insertions, 0 deletions
diff --git a/source4/torture/raw/acls.c b/source4/torture/raw/acls.c
new file mode 100644
index 0000000000..1562af55ca
--- /dev/null
+++ b/source4/torture/raw/acls.c
@@ -0,0 +1,162 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ test security descriptor operations
+
+ Copyright (C) Andrew Tridgell 2004
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "librpc/gen_ndr/ndr_security.h"
+
+#define BASEDIR "\\testsd"
+
+#define CHECK_STATUS(status, correct) do { \
+ if (!NT_STATUS_EQUAL(status, correct)) { \
+ printf("(%s) Incorrect status %s - should be %s\n", \
+ __location__, nt_errstr(status), nt_errstr(correct)); \
+ ret = False; \
+ goto done; \
+ }} while (0)
+
+
+static BOOL test_sd(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
+{
+ NTSTATUS status;
+ union smb_open io;
+ const char *fname = BASEDIR "\\sd.txt";
+ BOOL ret = True;
+ int fnum;
+ struct smb_query_secdesc q;
+ struct smb_set_secdesc set;
+ struct security_ace ace;
+ struct security_descriptor *sd;
+ struct dom_sid *test_sid;
+
+ printf("TESTING SETFILEINFO EA_SET\n");
+
+ io.generic.level = RAW_OPEN_NTCREATEX;
+ io.ntcreatex.in.root_fid = 0;
+ io.ntcreatex.in.flags = 0;
+ io.ntcreatex.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
+ io.ntcreatex.in.create_options = 0;
+ io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+ io.ntcreatex.in.share_access =
+ NTCREATEX_SHARE_ACCESS_READ |
+ NTCREATEX_SHARE_ACCESS_WRITE;
+ io.ntcreatex.in.alloc_size = 0;
+ io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+ io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+ io.ntcreatex.in.security_flags = 0;
+ io.ntcreatex.in.fname = fname;
+ status = smb_raw_open(cli->tree, mem_ctx, &io);
+ CHECK_STATUS(status, NT_STATUS_OK);
+ fnum = io.ntcreatex.out.fnum;
+
+ q.in.fnum = fnum;
+ q.in.secinfo_flags =
+ OWNER_SECURITY_INFORMATION |
+ GROUP_SECURITY_INFORMATION |
+ DACL_SECURITY_INFORMATION;
+ status = smb_raw_query_secdesc(cli->tree, mem_ctx, &q);
+ CHECK_STATUS(status, NT_STATUS_OK);
+ sd = q.out.sd;
+
+ printf("add a new ACE to the DACL\n");
+
+ test_sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1234-5432");
+
+ ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+ ace.flags = 0;
+ ace.access_mask = STD_RIGHT_ALL_ACCESS;
+ ace.trustee = *test_sid;
+
+ status = security_descriptor_dacl_add(sd, &ace);
+ CHECK_STATUS(status, NT_STATUS_OK);
+
+ set.in.fnum = fnum;
+ set.in.secinfo_flags = q.in.secinfo_flags;
+ set.in.sd = sd;
+
+ status = smb_raw_set_secdesc(cli->tree, &set);
+ CHECK_STATUS(status, NT_STATUS_OK);
+
+ status = smb_raw_query_secdesc(cli->tree, mem_ctx, &q);
+ CHECK_STATUS(status, NT_STATUS_OK);
+
+ if (!security_descriptor_equal(q.out.sd, sd)) {
+ printf("security descriptors don't match!\n");
+ printf("got:\n");
+ NDR_PRINT_DEBUG(security_descriptor, q.out.sd);
+ printf("expected:\n");
+ NDR_PRINT_DEBUG(security_descriptor, sd);
+ }
+
+ printf("remove it again\n");
+
+ status = security_descriptor_dacl_del(sd, test_sid);
+ CHECK_STATUS(status, NT_STATUS_OK);
+
+ status = smb_raw_set_secdesc(cli->tree, &set);
+ CHECK_STATUS(status, NT_STATUS_OK);
+
+ status = smb_raw_query_secdesc(cli->tree, mem_ctx, &q);
+ CHECK_STATUS(status, NT_STATUS_OK);
+
+ if (!security_descriptor_equal(q.out.sd, sd)) {
+ printf("security descriptors don't match!\n");
+ printf("got:\n");
+ NDR_PRINT_DEBUG(security_descriptor, q.out.sd);
+ printf("expected:\n");
+ NDR_PRINT_DEBUG(security_descriptor, sd);
+ }
+
+done:
+ smbcli_close(cli->tree, fnum);
+ return ret;
+}
+
+
+/*
+ basic testing of security descriptor calls
+*/
+BOOL torture_raw_acls(void)
+{
+ struct smbcli_state *cli;
+ BOOL ret = True;
+ TALLOC_CTX *mem_ctx;
+
+ if (!torture_open_connection(&cli)) {
+ return False;
+ }
+
+ mem_ctx = talloc_init("torture_raw_acls");
+
+ if (!torture_setup_dir(cli, BASEDIR)) {
+ return False;
+ }
+
+ ret &= test_sd(cli, mem_ctx);
+
+ smb_raw_exit(cli->session);
+ smbcli_deltree(cli->tree, BASEDIR);
+
+ torture_close_connection(cli);
+ talloc_destroy(mem_ctx);
+ return ret;
+}