summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/torture/basic/denytest.c23
-rw-r--r--source4/torture/smbtorture.c7
-rw-r--r--source4/torture/smbtorture.h23
3 files changed, 51 insertions, 2 deletions
diff --git a/source4/torture/basic/denytest.c b/source4/torture/basic/denytest.c
index b19f92239a..0802896d7a 100644
--- a/source4/torture/basic/denytest.c
+++ b/source4/torture/basic/denytest.c
@@ -2302,6 +2302,12 @@ static bool torture_createx_specific(struct torture_context *tctx, struct
destroy_func = smbcli_unlink;
}
+ /* Skip all SACL related tests. */
+ if ((!torture_setting_bool(tctx, "sacl_support", true)) &&
+ ((cxd->cxd_access1 & SEC_FLAG_SYSTEM_SECURITY) ||
+ (cxd->cxd_access2 & SEC_FLAG_SYSTEM_SECURITY)))
+ goto done;
+
if (cxd->cxd_flags & CXD_FLAGS_MAKE_BEFORE_CREATEX) {
ret = make_func(tctx, cli->tree, mem_ctx, fname);
if (!ret) {
@@ -2451,6 +2457,9 @@ bool torture_createx_sharemodes(struct torture_context *tctx,
if (!mem_ctx)
return false;
+ if (!torture_setting_bool(tctx, "sacl_support", true))
+ torture_warning(tctx, "Skipping SACL related tests!\n");
+
cxd.cxd_test = extended ? CXD_TEST_CREATEX_SHAREMODE_EXTENDED :
CXD_TEST_CREATEX_SHAREMODE;
cxd.cxd_flags = dir ? CXD_FLAGS_DIRECTORY: 0;
@@ -2541,6 +2550,9 @@ bool torture_createx_access(struct torture_context *tctx,
if (!mem_ctx)
return false;
+ if (!torture_setting_bool(tctx, "sacl_support", true))
+ torture_warning(tctx, "Skipping SACL related tests!\n");
+
cxd.cxd_test = CXD_TEST_CREATEX_ACCESS;
/* HACK for progress bar: figure out estimated count. */
@@ -2606,6 +2618,9 @@ bool torture_createx_access_exhaustive(struct torture_context *tctx,
if (!mem_ctx)
return false;
+ if (!torture_setting_bool(tctx, "sacl_support", true))
+ torture_warning(tctx, "Skipping SACL related tests!\n");
+
data_file = getenv("CREATEX_DATA");
if (data_file) {
data_file_fd = open(data_file, O_WRONLY|O_CREAT|O_TRUNC, 0666);
@@ -2657,6 +2672,9 @@ bool torture_maximum_allowed(struct torture_context *tctx,
mem_ctx = talloc_init("torture_maximum_allowed");
+ if (!torture_setting_bool(tctx, "sacl_support", true))
+ torture_warning(tctx, "Skipping SACL related tests!\n");
+
sd = security_descriptor_dacl_create(mem_ctx,
0, NULL, NULL,
SID_NT_AUTHENTICATED_USERS,
@@ -2685,6 +2703,11 @@ bool torture_maximum_allowed(struct torture_context *tctx,
for (i = 0; i < 32; i++) {
uint32_t mask = SEC_FLAG_MAXIMUM_ALLOWED | (1u << i);
+ /* Skip all SACL related tests. */
+ if ((!torture_setting_bool(tctx, "sacl_support", true)) &&
+ (mask & SEC_FLAG_SYSTEM_SECURITY))
+ continue;
+
memset(&io, 0, sizeof(io));
io.generic.level = RAW_OPEN_NTTRANS_CREATE;
io.ntcreatex.in.access_mask = mask;
diff --git a/source4/torture/smbtorture.c b/source4/torture/smbtorture.c
index ce8c704584..dbd45bf8af 100644
--- a/source4/torture/smbtorture.c
+++ b/source4/torture/smbtorture.c
@@ -436,8 +436,9 @@ int main(int argc,char *argv[])
static int list_tests = 0;
int num_extra_users = 0;
enum {OPT_LOADFILE=1000,OPT_UNCLIST,OPT_TIMELIMIT,OPT_DNS, OPT_LIST,
- OPT_DANGEROUS,OPT_SMB_PORTS,OPT_ASYNC,OPT_NUMPROGS,OPT_EXTRA_USER};
-
+ OPT_DANGEROUS,OPT_SMB_PORTS,OPT_ASYNC,OPT_NUMPROGS,
+ OPT_EXTRA_USER,};
+
struct poptOption long_options[] = {
POPT_AUTOHELP
{"format", 0, POPT_ARG_STRING, &ui_ops_name, 0, "Output format (one of: simple, subunit)", NULL },
@@ -529,6 +530,8 @@ int main(int argc,char *argv[])
lp_set_cmdline(cmdline_lp_ctx, "torture:w2k8", "true");
} else if (strcmp(target, "win7") == 0) {
lp_set_cmdline(cmdline_lp_ctx, "torture:win7", "true");
+ } else if (strcmp(target, "onefs") == 0) {
+ lp_set_cmdline(cmdline_lp_ctx, "torture:sacl_support", "false");
}
if (max_runtime) {
diff --git a/source4/torture/smbtorture.h b/source4/torture/smbtorture.h
index c1363fd4c1..ff371e50be 100644
--- a/source4/torture/smbtorture.h
+++ b/source4/torture/smbtorture.h
@@ -37,4 +37,27 @@ struct torture_test;
int torture_init(void);
bool torture_register_suite(struct torture_suite *suite);
+/* Server Functionality Support */
+
+/* Not all SMB server implementations support every aspect of the protocol.
+ * To allow smbtorture to provide useful data when run against these servers we
+ * define support parameters here, that will cause some tests to be skipped or
+ * the correctness checking of some tests to be conditional.
+ *
+ * The idea is that different server implementations can be specified on the
+ * command line such as "--target=win7" which will define the list of server
+ * parameters that are not supported. This is mostly a black list of
+ * unsupported features with the default expectation being that all features are
+ * supported.
+ *
+ * Because we use parametric options we do not need to define these parameters
+ * anywhere, we just define the meaning of each here.*/
+
+/* torture:sacl_support
+ *
+ * This parameter specifies whether the server supports the setting and
+ * retrieval of System Access Control Lists. This includes whether the server
+ * supports the use of the SEC_FLAG_SYSTEM_SECURITY bit in the open access
+ * mask.*/
+
#endif /* __SMBTORTURE_H__ */