diff options
| -rw-r--r-- | selftest/knownfail | 1 | ||||
| -rwxr-xr-x | source3/script/tests/vfstest-acl/run.sh | 52 | ||||
| -rw-r--r-- | source3/script/tests/vfstest-acl/vfstest.cmd | 6 | ||||
| -rwxr-xr-x | source3/selftest/tests.py | 2 | ||||
| -rw-r--r-- | source3/torture/cmd_vfs.c | 45 |
5 files changed, 95 insertions, 11 deletions
diff --git a/selftest/knownfail b/selftest/knownfail index dbd2616201..da3d93c908 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -46,6 +46,7 @@ # these show that we still have some differences between our system # with our internal iconv because it passes except when we bypass our # internal iconv modules +^samba.vfstest.acl.vfstest\(s3dc:local\) #until we get the fake_acls module into selftest ^samba4.local.convert_string_handle.system.iconv.gd_ascii ^samba4.local.convert_string_handle.system.iconv.gd_iso8859_cp850 ^samba4..*base.delete.*.deltest17 diff --git a/source3/script/tests/vfstest-acl/run.sh b/source3/script/tests/vfstest-acl/run.sh new file mode 100755 index 0000000000..ea7a4cbb28 --- /dev/null +++ b/source3/script/tests/vfstest-acl/run.sh @@ -0,0 +1,52 @@ +#!/bin/sh +if [ $# -lt 2 ]; then +cat <<EOF +Usage: run.sh VFSTEST PREFIX +EOF +exit 1; +fi + +TESTBASE=`dirname $0` +VFSTEST=$1 +PREFIX=$2 +shift 2 +ADDARGS="$*" + +VFSTEST_PREFIX=vfstest +VFSTEST_TMPDIR=$(mktemp -d ${PREFIX}/${VFSTEST_PREFIX}_XXXXXX) + +incdir=`dirname $0`/../../../../testprogs/blackbox +. $incdir/subunit.sh + +failed=0 + +cd $VFSTEST_TMPDIR || exit 1 + +test_vfstest() +{ + cmd='$VFSTEST -f $TESTBASE/vfstest.cmd $ADDARGS ' + out=`eval $cmd` + ret=$? + rm -f $tmpfile + + if [ $ret != 0 ] ; then + echo "$out" + echo "command failed" + false + return + fi + + echo "$out" | grep "NT_STATUS_ACCESS_DENIED" >/dev/null 2>&1 + + if [ $? = 0 ] ; then + # got ACCESS_DENIED .. fail + echo vfstest got NT_STATUS_ACCESS_DENIED + false + else + true + fi +} + +testit "vfstest" test_vfstest || failed=`expr $failed + 1` + +exit $failed diff --git a/source3/script/tests/vfstest-acl/vfstest.cmd b/source3/script/tests/vfstest-acl/vfstest.cmd new file mode 100644 index 0000000000..19f5fd6900 --- /dev/null +++ b/source3/script/tests/vfstest-acl/vfstest.cmd @@ -0,0 +1,6 @@ +connect +open x RC 0700 +get_nt_acl x +set_nt_acl x G:DAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU) +get_nt_acl x +sys_acl_get_file x 0 diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 84e8d1e93d..00ecd6c373 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -156,8 +156,8 @@ tests=["--ping", "--separator", "--allocate-gid"] plantestsuite("samba.vfstest.stream_depot", "s3dc:local", [os.path.join(samba3srcdir, "script/tests/stream-depot/run.sh"), binpath("vfstest"), "$PREFIX", configuration]) - plantestsuite("samba.vfstest.xattr-tdb-1", "s3dc:local", [os.path.join(samba3srcdir, "script/tests/xattr-tdb-1/run.sh"), binpath("vfstest"), "$PREFIX", configuration]) +plantestsuite("samba.vfstest.acl", "s3dc:local", [os.path.join(samba3srcdir, "script/tests/vfstest-acl/run.sh"), binpath("vfstest"), "$PREFIX", configuration]) for options in ["--option=clientusespnego=no", " --option=clientntlmv2auth=no --option=clientlanmanauth=yes --max-protocol=LANMAN2", ""]: env = "s3dc" diff --git a/source3/torture/cmd_vfs.c b/source3/torture/cmd_vfs.c index 86373b7464..9c19f2f6d2 100644 --- a/source3/torture/cmd_vfs.c +++ b/source3/torture/cmd_vfs.c @@ -1461,14 +1461,13 @@ static NTSTATUS cmd_set_nt_acl(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int a flags = O_RDWR; - fsp = SMB_MALLOC_P(struct files_struct); + fsp = talloc_zero(vfs, struct files_struct); if (fsp == NULL) { return NT_STATUS_NO_MEMORY; } - fsp->fh = SMB_MALLOC_P(struct fd_handle); + fsp->fh = talloc_zero(fsp, struct fd_handle); if (fsp->fh == NULL) { - SAFE_FREE(fsp->fsp_name); - SAFE_FREE(fsp); + TALLOC_FREE(fsp); return NT_STATUS_NO_MEMORY; } fsp->conn = vfs->conn; @@ -1476,7 +1475,7 @@ static NTSTATUS cmd_set_nt_acl(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int a status = create_synthetic_smb_fname_split(NULL, argv[1], NULL, &smb_fname); if (!NT_STATUS_IS_OK(status)) { - SAFE_FREE(fsp); + TALLOC_FREE(fsp); return status; } @@ -1485,12 +1484,40 @@ static NTSTATUS cmd_set_nt_acl(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int a fsp->fh->fd = SMB_VFS_OPEN(vfs->conn, smb_fname, fsp, flags, mode); if (fsp->fh->fd == -1) { printf("open: error=%d (%s)\n", errno, strerror(errno)); - SAFE_FREE(fsp->fh); - SAFE_FREE(fsp); + TALLOC_FREE(fsp); TALLOC_FREE(smb_fname); return NT_STATUS_UNSUCCESSFUL; } + ret = SMB_VFS_FSTAT(fsp, &smb_fname->st); + if (ret == -1) { + /* If we have an fd, this stat should succeed. */ + DEBUG(0,("Error doing fstat on open file %s " + "(%s)\n", + smb_fname_str_dbg(smb_fname), + strerror(errno) )); + status = map_nt_error_from_unix(errno); + } else if (S_ISDIR(smb_fname->st.st_ex_mode)) { + errno = EISDIR; + status = NT_STATUS_FILE_IS_A_DIRECTORY; + } + + if (!NT_STATUS_IS_OK(status)) { + goto out; + } + + fsp->file_id = vfs_file_id_from_sbuf(vfs->conn, &smb_fname->st); + fsp->vuid = UID_FIELD_INVALID; + fsp->file_pid = 0; + fsp->can_lock = True; + fsp->can_read = True; + fsp->can_write = True; + fsp->print_file = NULL; + fsp->modified = False; + fsp->sent_oplock_break = NO_BREAK_SENT; + fsp->is_directory = False; + + sd = sddl_decode(talloc_tos(), argv[2], get_global_sam_sid()); if (!sd) { printf("sddl_decode failed to parse %s as SDDL\n", argv[2]); @@ -1510,9 +1537,7 @@ out: if (ret == -1 ) printf("close: error=%d (%s)\n", errno, strerror(errno)); - TALLOC_FREE(fsp->fsp_name); - SAFE_FREE(fsp->fh); - SAFE_FREE(fsp); + TALLOC_FREE(fsp); return status; } |