summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-12-29 07:28:03 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:07:41 -0500
commitd39ae5434185b6e54d029b1868ec610f0d638d6f (patch)
treefecb3c47adcbe5681515d49d98e021193a738f85 /source4
parent66b8ff22e0a37e217333799a3b42e06c594d3976 (diff)
downloadsamba-d39ae5434185b6e54d029b1868ec610f0d638d6f.tar.gz
samba-d39ae5434185b6e54d029b1868ec610f0d638d6f.tar.bz2
samba-d39ae5434185b6e54d029b1868ec610f0d638d6f.zip
r4389: added checking for the default inherited ACL, which is used when no ACEs
are inheritable (This used to be commit e30b8d5783e073a31f738a36400fe866c970464b)
Diffstat (limited to 'source4')
-rw-r--r--source4/torture/raw/acls.c45
1 files changed, 39 insertions, 6 deletions
diff --git a/source4/torture/raw/acls.c b/source4/torture/raw/acls.c
index 75a5b31693..82e04ffcc7 100644
--- a/source4/torture/raw/acls.c
+++ b/source4/torture/raw/acls.c
@@ -762,7 +762,7 @@ static BOOL test_inheritance(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
int fnum, fnum2, i;
union smb_fileinfo q;
union smb_setfileinfo set;
- struct security_descriptor *sd, *sd_orig;
+ struct security_descriptor *sd, *sd_orig, *sd_def;
const char *owner_sid;
const struct {
uint32_t parent_flags;
@@ -901,12 +901,24 @@ static BOOL test_inheritance(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
owner_sid = dom_sid_string(mem_ctx, sd_orig->owner_sid);
+ sd_def = security_descriptor_create(mem_ctx,
+ owner_sid, NULL,
+ owner_sid,
+ SEC_ACE_TYPE_ACCESS_ALLOWED,
+ SEC_RIGHTS_FILE_ALL,
+ 0,
+ SID_NT_SYSTEM,
+ SEC_ACE_TYPE_ACCESS_ALLOWED,
+ SEC_RIGHTS_FILE_ALL,
+ 0,
+ NULL);
+
for (i=0;i<ARRAY_SIZE(test_flags);i++) {
sd = security_descriptor_create(mem_ctx,
NULL, NULL,
owner_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED,
- SEC_FILE_ALL | SEC_STD_ALL,
+ SEC_FILE_WRITE_DATA,
test_flags[i].parent_flags,
SID_WORLD,
SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -933,15 +945,23 @@ static BOOL test_inheritance(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
smbcli_close(cli->tree, fnum2);
smbcli_unlink(cli->tree, fname1);
+ if (!(test_flags[i].parent_flags & SEC_ACE_FLAG_OBJECT_INHERIT)) {
+ if (!security_descriptor_equal(q.query_secdesc.out.sd, sd_def)) {
+ printf("Expected default sd at %d - got:\n", i);
+ NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
+ }
+ goto check_dir;
+ }
if (q.query_secdesc.out.sd->dacl == NULL ||
q.query_secdesc.out.sd->dacl->num_aces < 1 ||
+ q.query_secdesc.out.sd->dacl->aces[0].access_mask != SEC_FILE_WRITE_DATA ||
!dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee,
sd_orig->owner_sid)) {
- printf("Bad sd in child at %d\n", i);
+ printf("Bad sd in child file at %d\n", i);
NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
ret = False;
- goto done;
+ goto check_dir;
}
if (q.query_secdesc.out.sd->dacl->aces[0].flags !=
@@ -954,6 +974,7 @@ static BOOL test_inheritance(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
ret = False;
}
+ check_dir:
io.ntcreatex.in.fname = fname2;
io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
status = smb_raw_open(cli->tree, mem_ctx, &io);
@@ -967,14 +988,26 @@ static BOOL test_inheritance(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
smbcli_close(cli->tree, fnum2);
smbcli_rmdir(cli->tree, fname2);
+ if (!(test_flags[i].parent_flags & SEC_ACE_FLAG_CONTAINER_INHERIT) &&
+ (!(test_flags[i].parent_flags & SEC_ACE_FLAG_OBJECT_INHERIT) ||
+ (test_flags[i].parent_flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT))) {
+ if (!security_descriptor_equal(q.query_secdesc.out.sd, sd_def)) {
+ printf("Expected default sd for dir at %d - got:\n", i);
+ NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
+ }
+ continue;
+ }
+
if (q.query_secdesc.out.sd->dacl == NULL ||
q.query_secdesc.out.sd->dacl->num_aces < 1 ||
+ q.query_secdesc.out.sd->dacl->aces[0].access_mask != SEC_FILE_WRITE_DATA ||
!dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee,
sd_orig->owner_sid)) {
- printf("Bad sd in child at %d\n", i);
+ printf("Bad sd in child dir at %d (parent 0x%x)\n",
+ i, test_flags[i].parent_flags);
NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
ret = False;
- goto done;
+ continue;
}
if (q.query_secdesc.out.sd->dacl->aces[0].flags !=