diff options
| -rwxr-xr-x | selftest/selftest.pl | 10 | ||||
| -rw-r--r-- | selftest/target/Samba3.pm | 18 |
2 files changed, 13 insertions, 15 deletions
diff --git a/selftest/selftest.pl b/selftest/selftest.pl index 5077a17901..6f8cbe1fe8 100755 --- a/selftest/selftest.pl +++ b/selftest/selftest.pl @@ -399,8 +399,14 @@ $prefix =~ s+/$++; die("using an empty prefix isn't allowed") unless $prefix ne ""; -#Ensure we have the test prefix around -mkdir($prefix, 0777) unless -d $prefix; +# Ensure we have the test prefix around. +# +# We need restrictive +# permissions on this as some subdirectories in this tree will have +# wider permissions (ie 0777) and this would allow other users on the +# host to subvert the test process. +mkdir($prefix, 0700) unless -d $prefix; +chmod 0700, $prefix; my $prefix_abs = abs_path($prefix); my $tmpdir_abs = abs_path("$prefix/tmp"); diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 6312d650a0..01158347b3 100644 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -247,24 +247,16 @@ sub setup_admember($$$$) return undef; } + # We need world access to this share, as otherwise the domain + # administrator from the AD domain provided by Samba4 can't + # access the share for tests. + chmod 0777, "$prefix/share"; + $self->check_or_start($ret, "yes", "yes", "yes"); $self->wait_for_start($ret); - my $smbcacls = Samba::bindir_path($self, "smbcacls"); - #Allow domain users to manipulate the share - $cmd = ""; - $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; - $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; - $cmd .= "$smbcacls $ret->{CONFIGURATION} //127.0.0.29/tmp / -U$ret->{USERNAME}%$ret->{PASSWORD} "; - $cmd .= "-S ACL:$dcvars->{DOMAIN}\\\\Domain\\ Users:ALLOWED/0x0/FULL"; - - if (system($cmd) != 0) { - warn("smbcacls failed, your filesystem may not support ACLs. Try mount $prefix_abs -oremount,acl\nThis support is required for S3 member in S4 tests\n$cmd"); - return undef; - } - $ret->{DC_SERVER} = $dcvars->{SERVER}; $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP}; $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; |