diff options
author | Andrew Tridgell <tridge@samba.org> | 2005-01-01 03:46:55 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:07:53 -0500 |
commit | 3b21422ae8d24b882db660e910b6ee71bcdb7032 (patch) | |
tree | 8839a17256e2e5dfb453e01081cabec2a9472f7a /source4 | |
parent | c8541d041fdae40d3d941bf7901e03876946d18d (diff) | |
download | samba-3b21422ae8d24b882db660e910b6ee71bcdb7032.tar.gz samba-3b21422ae8d24b882db660e910b6ee71bcdb7032.tar.bz2 samba-3b21422ae8d24b882db660e910b6ee71bcdb7032.zip |
r4463: added testing of the special SID_CREATOR_OWNER inheritance rules
(This used to be commit 5448c72ebe58e264ee772f8e1c4caee2250c328c)
Diffstat (limited to 'source4')
-rw-r--r-- | source4/torture/raw/acls.c | 77 |
1 files changed, 56 insertions, 21 deletions
diff --git a/source4/torture/raw/acls.c b/source4/torture/raw/acls.c index 993851c357..a4398b048f 100644 --- a/source4/torture/raw/acls.c +++ b/source4/torture/raw/acls.c @@ -764,6 +764,7 @@ static BOOL test_inheritance(struct smbcli_state *cli, TALLOC_CTX *mem_ctx) union smb_setfileinfo set; struct security_descriptor *sd, *sd_orig, *sd_def; const char *owner_sid; + const struct dom_sid *creator_owner; const struct { uint32_t parent_flags; uint32_t file_flags; @@ -901,6 +902,8 @@ static BOOL test_inheritance(struct smbcli_state *cli, TALLOC_CTX *mem_ctx) owner_sid = dom_sid_string(mem_ctx, sd_orig->owner_sid); + printf("owner_sid is %s\n", owner_sid); + sd_def = security_descriptor_create(mem_ctx, owner_sid, NULL, owner_sid, @@ -913,10 +916,12 @@ static BOOL test_inheritance(struct smbcli_state *cli, TALLOC_CTX *mem_ctx) 0, NULL); + creator_owner = dom_sid_parse_talloc(mem_ctx, SID_CREATOR_OWNER); + for (i=0;i<ARRAY_SIZE(test_flags);i++) { sd = security_descriptor_create(mem_ctx, NULL, NULL, - owner_sid, + SID_CREATOR_OWNER, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_FILE_WRITE_DATA, test_flags[i].parent_flags, @@ -998,26 +1003,51 @@ static BOOL test_inheritance(struct smbcli_state *cli, TALLOC_CTX *mem_ctx) continue; } - if (q.query_secdesc.out.sd->dacl == NULL || - q.query_secdesc.out.sd->dacl->num_aces != 1 || - q.query_secdesc.out.sd->dacl->aces[0].access_mask != SEC_FILE_WRITE_DATA || - !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee, - sd_orig->owner_sid)) { - printf("Bad sd in child dir at %d (parent 0x%x)\n", - i, test_flags[i].parent_flags); - NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd); - ret = False; - continue; - } - - if (q.query_secdesc.out.sd->dacl->aces[0].flags != - test_flags[i].dir_flags) { - printf("incorrect dir_flags 0x%x - expected 0x%x for parent 0x%x with (i=%d)\n", - q.query_secdesc.out.sd->dacl->aces[0].flags, - test_flags[i].dir_flags, - test_flags[i].parent_flags, - i); - ret = False; + if ((test_flags[i].parent_flags & SEC_ACE_FLAG_CONTAINER_INHERIT) && + (test_flags[i].parent_flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)) { + if (q.query_secdesc.out.sd->dacl == NULL || + q.query_secdesc.out.sd->dacl->num_aces != 1 || + q.query_secdesc.out.sd->dacl->aces[0].access_mask != SEC_FILE_WRITE_DATA || + !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee, + sd_orig->owner_sid) || + q.query_secdesc.out.sd->dacl->aces[0].flags != test_flags[i].dir_flags) { + printf("Bad sd in child dir at %d (parent 0x%x)\n", + i, test_flags[i].parent_flags); + NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd); + ret = False; + continue; + } + } else if (test_flags[i].parent_flags & SEC_ACE_FLAG_CONTAINER_INHERIT) { + if (q.query_secdesc.out.sd->dacl == NULL || + q.query_secdesc.out.sd->dacl->num_aces != 2 || + q.query_secdesc.out.sd->dacl->aces[0].access_mask != SEC_FILE_WRITE_DATA || + !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee, + sd_orig->owner_sid) || + q.query_secdesc.out.sd->dacl->aces[1].access_mask != SEC_FILE_WRITE_DATA || + !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[1].trustee, + creator_owner) || + q.query_secdesc.out.sd->dacl->aces[0].flags != 0 || + q.query_secdesc.out.sd->dacl->aces[1].flags != + (test_flags[i].dir_flags | SEC_ACE_FLAG_INHERIT_ONLY)) { + printf("Bad sd in child dir at %d (parent 0x%x)\n", + i, test_flags[i].parent_flags); + NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd); + ret = False; + continue; + } + } else { + if (q.query_secdesc.out.sd->dacl == NULL || + q.query_secdesc.out.sd->dacl->num_aces != 1 || + q.query_secdesc.out.sd->dacl->aces[0].access_mask != SEC_FILE_WRITE_DATA || + !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee, + creator_owner) || + q.query_secdesc.out.sd->dacl->aces[0].flags != test_flags[i].dir_flags) { + printf("Bad sd in child dir at %d (parent 0x%x)\n", + i, test_flags[i].parent_flags); + NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd); + ret = False; + continue; + } } } @@ -1064,6 +1094,11 @@ BOOL torture_raw_acls(void) ret &= test_generic_bits(cli, mem_ctx); ret &= test_inheritance(cli, mem_ctx); + printf("\n *** NOTE! need to add dynamic inheritance test **\n"); +#if 0 + ret &= test_inheritance_dynamic(cli, mem_ctx); +#endif + smb_raw_exit(cli->session); smbcli_deltree(cli->tree, BASEDIR); |