diff options
author | Jeremy Allison <jra@samba.org> | 2008-11-08 22:57:57 -0800 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2008-11-08 22:57:57 -0800 |
commit | 813bf8b4f463199b7c2d3cddab7056b8a68a0b70 (patch) | |
tree | 885592519c4e174f744e0dba3d9c4c9a1340c74e /source4/torture/raw | |
parent | 5a33e906f651ea84ec909fd6453e13a9489bd391 (diff) | |
download | samba-813bf8b4f463199b7c2d3cddab7056b8a68a0b70.tar.gz samba-813bf8b4f463199b7c2d3cddab7056b8a68a0b70.tar.bz2 samba-813bf8b4f463199b7c2d3cddab7056b8a68a0b70.zip |
Fix a subtle logic bug in the adaption of se_create_child_secdesc(), pass RAW-ACL inheritance tests. Only access masks for SD get/set left to fix.
Jeremy.
Diffstat (limited to 'source4/torture/raw')
-rw-r--r-- | source4/torture/raw/acls.c | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/source4/torture/raw/acls.c b/source4/torture/raw/acls.c index d76454d1ff..f6c690bb56 100644 --- a/source4/torture/raw/acls.c +++ b/source4/torture/raw/acls.c @@ -1457,7 +1457,9 @@ static bool test_inheritance(struct torture_context *tctx, (!(test_flags[i].parent_flags & SEC_ACE_FLAG_OBJECT_INHERIT) || (test_flags[i].parent_flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT))) { if (!security_descriptor_equal(q.query_secdesc.out.sd, sd_def)) { - printf("Expected default sd for dir at %d - got:\n", i); + printf("Expected default sd for dir at %d:\n", i); + NDR_PRINT_DEBUG(security_descriptor, sd_def); + printf("got:\n"); NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd); } continue; @@ -1471,7 +1473,7 @@ static bool test_inheritance(struct torture_context *tctx, !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee, sd_orig->owner_sid) || q.query_secdesc.out.sd->dacl->aces[0].flags != test_flags[i].dir_flags) { - printf("Bad sd in child dir at %d (parent 0x%x)\n", + printf("(CI & NP) Bad sd in child dir at %d (parent 0x%x)\n", i, test_flags[i].parent_flags); NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd); ret = false; @@ -1489,7 +1491,7 @@ static bool test_inheritance(struct torture_context *tctx, q.query_secdesc.out.sd->dacl->aces[0].flags != 0 || q.query_secdesc.out.sd->dacl->aces[1].flags != (test_flags[i].dir_flags | SEC_ACE_FLAG_INHERIT_ONLY)) { - printf("Bad sd in child dir at %d (parent 0x%x)\n", + printf("(CI) Bad sd in child dir at %d (parent 0x%x)\n", i, test_flags[i].parent_flags); NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd); ret = false; @@ -1502,8 +1504,19 @@ static bool test_inheritance(struct torture_context *tctx, !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee, creator_owner) || q.query_secdesc.out.sd->dacl->aces[0].flags != test_flags[i].dir_flags) { - printf("Bad sd in child dir at %d (parent 0x%x)\n", - i, test_flags[i].parent_flags); + printf("FAIL. t1 = %d, t2 = %d, t3 = %d, t4 = %d, t5 = %d\n", + q.query_secdesc.out.sd->dacl == NULL, + q.query_secdesc.out.sd->dacl->num_aces != 1, + q.query_secdesc.out.sd->dacl->aces[0].access_mask != SEC_FILE_WRITE_DATA, + !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee, + creator_owner), + q.query_secdesc.out.sd->dacl->aces[0].flags != test_flags[i].dir_flags); + + printf("(0) Bad sd in child dir at %d (parent 0x%x) flags = 0x%x dir_flags=0x%x\n", + i, + test_flags[i].parent_flags, + q.query_secdesc.out.sd->dacl->aces[0].flags, + test_flags[i].dir_flags); NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd); ret = false; continue; |