diff options
| -rw-r--r-- | source4/torture/basic/denytest.c | 23 | ||||
| -rw-r--r-- | source4/torture/smbtorture.c | 7 | ||||
| -rw-r--r-- | source4/torture/smbtorture.h | 23 |
3 files changed, 51 insertions, 2 deletions
diff --git a/source4/torture/basic/denytest.c b/source4/torture/basic/denytest.c index b19f92239a..0802896d7a 100644 --- a/source4/torture/basic/denytest.c +++ b/source4/torture/basic/denytest.c @@ -2302,6 +2302,12 @@ static bool torture_createx_specific(struct torture_context *tctx, struct destroy_func = smbcli_unlink; } + /* Skip all SACL related tests. */ + if ((!torture_setting_bool(tctx, "sacl_support", true)) && + ((cxd->cxd_access1 & SEC_FLAG_SYSTEM_SECURITY) || + (cxd->cxd_access2 & SEC_FLAG_SYSTEM_SECURITY))) + goto done; + if (cxd->cxd_flags & CXD_FLAGS_MAKE_BEFORE_CREATEX) { ret = make_func(tctx, cli->tree, mem_ctx, fname); if (!ret) { @@ -2451,6 +2457,9 @@ bool torture_createx_sharemodes(struct torture_context *tctx, if (!mem_ctx) return false; + if (!torture_setting_bool(tctx, "sacl_support", true)) + torture_warning(tctx, "Skipping SACL related tests!\n"); + cxd.cxd_test = extended ? CXD_TEST_CREATEX_SHAREMODE_EXTENDED : CXD_TEST_CREATEX_SHAREMODE; cxd.cxd_flags = dir ? CXD_FLAGS_DIRECTORY: 0; @@ -2541,6 +2550,9 @@ bool torture_createx_access(struct torture_context *tctx, if (!mem_ctx) return false; + if (!torture_setting_bool(tctx, "sacl_support", true)) + torture_warning(tctx, "Skipping SACL related tests!\n"); + cxd.cxd_test = CXD_TEST_CREATEX_ACCESS; /* HACK for progress bar: figure out estimated count. */ @@ -2606,6 +2618,9 @@ bool torture_createx_access_exhaustive(struct torture_context *tctx, if (!mem_ctx) return false; + if (!torture_setting_bool(tctx, "sacl_support", true)) + torture_warning(tctx, "Skipping SACL related tests!\n"); + data_file = getenv("CREATEX_DATA"); if (data_file) { data_file_fd = open(data_file, O_WRONLY|O_CREAT|O_TRUNC, 0666); @@ -2657,6 +2672,9 @@ bool torture_maximum_allowed(struct torture_context *tctx, mem_ctx = talloc_init("torture_maximum_allowed"); + if (!torture_setting_bool(tctx, "sacl_support", true)) + torture_warning(tctx, "Skipping SACL related tests!\n"); + sd = security_descriptor_dacl_create(mem_ctx, 0, NULL, NULL, SID_NT_AUTHENTICATED_USERS, @@ -2685,6 +2703,11 @@ bool torture_maximum_allowed(struct torture_context *tctx, for (i = 0; i < 32; i++) { uint32_t mask = SEC_FLAG_MAXIMUM_ALLOWED | (1u << i); + /* Skip all SACL related tests. */ + if ((!torture_setting_bool(tctx, "sacl_support", true)) && + (mask & SEC_FLAG_SYSTEM_SECURITY)) + continue; + memset(&io, 0, sizeof(io)); io.generic.level = RAW_OPEN_NTTRANS_CREATE; io.ntcreatex.in.access_mask = mask; diff --git a/source4/torture/smbtorture.c b/source4/torture/smbtorture.c index ce8c704584..dbd45bf8af 100644 --- a/source4/torture/smbtorture.c +++ b/source4/torture/smbtorture.c @@ -436,8 +436,9 @@ int main(int argc,char *argv[]) static int list_tests = 0; int num_extra_users = 0; enum {OPT_LOADFILE=1000,OPT_UNCLIST,OPT_TIMELIMIT,OPT_DNS, OPT_LIST, - OPT_DANGEROUS,OPT_SMB_PORTS,OPT_ASYNC,OPT_NUMPROGS,OPT_EXTRA_USER}; - + OPT_DANGEROUS,OPT_SMB_PORTS,OPT_ASYNC,OPT_NUMPROGS, + OPT_EXTRA_USER,}; + struct poptOption long_options[] = { POPT_AUTOHELP {"format", 0, POPT_ARG_STRING, &ui_ops_name, 0, "Output format (one of: simple, subunit)", NULL }, @@ -529,6 +530,8 @@ int main(int argc,char *argv[]) lp_set_cmdline(cmdline_lp_ctx, "torture:w2k8", "true"); } else if (strcmp(target, "win7") == 0) { lp_set_cmdline(cmdline_lp_ctx, "torture:win7", "true"); + } else if (strcmp(target, "onefs") == 0) { + lp_set_cmdline(cmdline_lp_ctx, "torture:sacl_support", "false"); } if (max_runtime) { diff --git a/source4/torture/smbtorture.h b/source4/torture/smbtorture.h index c1363fd4c1..ff371e50be 100644 --- a/source4/torture/smbtorture.h +++ b/source4/torture/smbtorture.h @@ -37,4 +37,27 @@ struct torture_test; int torture_init(void); bool torture_register_suite(struct torture_suite *suite); +/* Server Functionality Support */ + +/* Not all SMB server implementations support every aspect of the protocol. + * To allow smbtorture to provide useful data when run against these servers we + * define support parameters here, that will cause some tests to be skipped or + * the correctness checking of some tests to be conditional. + * + * The idea is that different server implementations can be specified on the + * command line such as "--target=win7" which will define the list of server + * parameters that are not supported. This is mostly a black list of + * unsupported features with the default expectation being that all features are + * supported. + * + * Because we use parametric options we do not need to define these parameters + * anywhere, we just define the meaning of each here.*/ + +/* torture:sacl_support + * + * This parameter specifies whether the server supports the setting and + * retrieval of System Access Control Lists. This includes whether the server + * supports the use of the SEC_FLAG_SYSTEM_SECURITY bit in the open access + * mask.*/ + #endif /* __SMBTORTURE_H__ */ |