s4/torture: Add server target of OneFS

I've added a "--target=onefs" which lists expected deviation in the
OneFS SMB server implementation compared to a Windows machine.

I've added this in a generic way using a list of module specific
parameters.  This list currently only contains the absence of
SACL support but will be added to as additional server differences
are defined.

I'd liked to use this abstraction for defining the differences between
a WinXP and Win7 server as well.

3 files changed, 51 insertions, 2 deletions

diff --git a/source4/torture/basic/denytest.c b/source4/torture/basic/denytest.c
index b19f92239a..0802896d7a 100644
--- a/source4/torture/basic/denytest.c
+++ b/source4/torture/basic/denytest.c
@@ -2302,6 +2302,12 @@ static bool torture_createx_specific(struct torture_context *tctx, struct
 		destroy_func = smbcli_unlink;
 	}
 
+	/* Skip all SACL related tests. */
+	if ((!torture_setting_bool(tctx, "sacl_support", true)) &&
+	    ((cxd->cxd_access1 & SEC_FLAG_SYSTEM_SECURITY) ||
+	     (cxd->cxd_access2 & SEC_FLAG_SYSTEM_SECURITY)))
+		goto done;
+
 	if (cxd->cxd_flags & CXD_FLAGS_MAKE_BEFORE_CREATEX) {
 		ret = make_func(tctx, cli->tree, mem_ctx, fname);
 		if (!ret) {
@@ -2451,6 +2457,9 @@ bool torture_createx_sharemodes(struct torture_context *tctx,
 	if (!mem_ctx)
 		return false;
 
+	if (!torture_setting_bool(tctx, "sacl_support", true))
+		torture_warning(tctx, "Skipping SACL related tests!\n");
+
 	cxd.cxd_test = extended ? CXD_TEST_CREATEX_SHAREMODE_EXTENDED :
 	    CXD_TEST_CREATEX_SHAREMODE;
 	cxd.cxd_flags = dir ? CXD_FLAGS_DIRECTORY: 0;
@@ -2541,6 +2550,9 @@ bool torture_createx_access(struct torture_context *tctx,
 	if (!mem_ctx)
 		return false;
 
+	if (!torture_setting_bool(tctx, "sacl_support", true))
+		torture_warning(tctx, "Skipping SACL related tests!\n");
+
 	cxd.cxd_test = CXD_TEST_CREATEX_ACCESS;
 
 	/* HACK for progress bar: figure out estimated count. */
@@ -2606,6 +2618,9 @@ bool torture_createx_access_exhaustive(struct torture_context *tctx,
 	if (!mem_ctx)
 		return false;
 
+	if (!torture_setting_bool(tctx, "sacl_support", true))
+		torture_warning(tctx, "Skipping SACL related tests!\n");
+
 	data_file = getenv("CREATEX_DATA");
 	if (data_file) {
 		data_file_fd = open(data_file, O_WRONLY|O_CREAT|O_TRUNC, 0666);
@@ -2657,6 +2672,9 @@ bool torture_maximum_allowed(struct torture_context *tctx,
 
 	mem_ctx = talloc_init("torture_maximum_allowed");
 
+	if (!torture_setting_bool(tctx, "sacl_support", true))
+		torture_warning(tctx, "Skipping SACL related tests!\n");
+
 	sd = security_descriptor_dacl_create(mem_ctx,
 	    0, NULL, NULL,
 	    SID_NT_AUTHENTICATED_USERS,
@@ -2685,6 +2703,11 @@ bool torture_maximum_allowed(struct torture_context *tctx,
 	for (i = 0; i < 32; i++) {
 		uint32_t mask = SEC_FLAG_MAXIMUM_ALLOWED | (1u << i);
 
+		/* Skip all SACL related tests. */
+		if ((!torture_setting_bool(tctx, "sacl_support", true)) &&
+		    (mask & SEC_FLAG_SYSTEM_SECURITY))
+			continue;
+
 		memset(&io, 0, sizeof(io));
 		io.generic.level = RAW_OPEN_NTTRANS_CREATE;
 		io.ntcreatex.in.access_mask = mask;
diff --git a/source4/torture/smbtorture.c b/source4/torture/smbtorture.c
index ce8c704584..dbd45bf8af 100644
--- a/source4/torture/smbtorture.c
+++ b/source4/torture/smbtorture.c
@@ -436,8 +436,9 @@ int main(int argc,char *argv[])
 	static int list_tests = 0;
 	int num_extra_users = 0;
 	enum {OPT_LOADFILE=1000,OPT_UNCLIST,OPT_TIMELIMIT,OPT_DNS, OPT_LIST,
-	      OPT_DANGEROUS,OPT_SMB_PORTS,OPT_ASYNC,OPT_NUMPROGS,OPT_EXTRA_USER};
-	
+	      OPT_DANGEROUS,OPT_SMB_PORTS,OPT_ASYNC,OPT_NUMPROGS,
+	      OPT_EXTRA_USER,};
+
 	struct poptOption long_options[] = {
 		POPT_AUTOHELP
 		{"format", 0, POPT_ARG_STRING, &ui_ops_name, 0, "Output format (one of: simple, subunit)", NULL },
@@ -529,6 +530,8 @@ int main(int argc,char *argv[])
 		lp_set_cmdline(cmdline_lp_ctx, "torture:w2k8", "true");
 	} else if (strcmp(target, "win7") == 0) {
 		lp_set_cmdline(cmdline_lp_ctx, "torture:win7", "true");
+	} else if (strcmp(target, "onefs") == 0) {
+		lp_set_cmdline(cmdline_lp_ctx, "torture:sacl_support", "false");
 	}
 
 	if (max_runtime) {
diff --git a/source4/torture/smbtorture.h b/source4/torture/smbtorture.h
index c1363fd4c1..ff371e50be 100644
--- a/source4/torture/smbtorture.h
+++ b/source4/torture/smbtorture.h
@@ -37,4 +37,27 @@ struct torture_test;
 int torture_init(void);
 bool torture_register_suite(struct torture_suite *suite);
 
+/* Server Functionality Support */
+
+/* Not all SMB server implementations support every aspect of the protocol.
+ * To allow smbtorture to provide useful data when run against these servers we
+ * define support parameters here, that will cause some tests to be skipped or
+ * the correctness checking of some tests to be conditional.
+ *
+ * The idea is that different server implementations can be specified on the
+ * command line such as "--target=win7" which will define the list of server
+ * parameters that are not supported.  This is mostly a black list of
+ * unsupported features with the default expectation being that all features are
+ * supported.
+ *
+ * Because we use parametric options we do not need to define these parameters
+ * anywhere, we just define the meaning of each here.*/
+
+/* torture:sacl_support
+ *
+ * This parameter specifies whether the server supports the setting and
+ * retrieval of System Access Control Lists.  This includes whether the server
+ * supports the use of the SEC_FLAG_SYSTEM_SECURITY bit in the open access
+ * mask.*/
+
 #endif /* __SMBTORTURE_H__ */