From 813bf8b4f463199b7c2d3cddab7056b8a68a0b70 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Sat, 8 Nov 2008 22:57:57 -0800
Subject: Fix a subtle logic bug in the adaption of se_create_child_secdesc(),
 pass RAW-ACL inheritance tests. Only access masks for SD get/set left to fix.
 Jeremy.

---
 source4/torture/raw/acls.c | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

(limited to 'source4/torture/raw/acls.c')

diff --git a/source4/torture/raw/acls.c b/source4/torture/raw/acls.c
index d76454d1ff..f6c690bb56 100644
--- a/source4/torture/raw/acls.c
+++ b/source4/torture/raw/acls.c
@@ -1457,7 +1457,9 @@ static bool test_inheritance(struct torture_context *tctx,
 		    (!(test_flags[i].parent_flags & SEC_ACE_FLAG_OBJECT_INHERIT) ||
 		     (test_flags[i].parent_flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT))) {
 			if (!security_descriptor_equal(q.query_secdesc.out.sd, sd_def)) {
-				printf("Expected default sd for dir at %d - got:\n", i);
+				printf("Expected default sd for dir at %d:\n", i);
+				NDR_PRINT_DEBUG(security_descriptor, sd_def);
+				printf("got:\n");
 				NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
 			}
 			continue;
@@ -1471,7 +1473,7 @@ static bool test_inheritance(struct torture_context *tctx,
 			    !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee,
 					   sd_orig->owner_sid) ||
 			    q.query_secdesc.out.sd->dacl->aces[0].flags != test_flags[i].dir_flags) {
-				printf("Bad sd in child dir at %d (parent 0x%x)\n", 
+				printf("(CI & NP) Bad sd in child dir at %d (parent 0x%x)\n", 
 				       i, test_flags[i].parent_flags);
 				NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
 				ret = false;
@@ -1489,7 +1491,7 @@ static bool test_inheritance(struct torture_context *tctx,
 			    q.query_secdesc.out.sd->dacl->aces[0].flags != 0 ||
 			    q.query_secdesc.out.sd->dacl->aces[1].flags != 
 			    (test_flags[i].dir_flags | SEC_ACE_FLAG_INHERIT_ONLY)) {
-				printf("Bad sd in child dir at %d (parent 0x%x)\n", 
+				printf("(CI) Bad sd in child dir at %d (parent 0x%x)\n", 
 				       i, test_flags[i].parent_flags);
 				NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
 				ret = false;
@@ -1502,8 +1504,19 @@ static bool test_inheritance(struct torture_context *tctx,
 			    !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee,
 					   creator_owner) ||
 			    q.query_secdesc.out.sd->dacl->aces[0].flags != test_flags[i].dir_flags) {
-				printf("Bad sd in child dir at %d (parent 0x%x)\n", 
-				       i, test_flags[i].parent_flags);
+				printf("FAIL. t1 = %d, t2 = %d, t3 = %d, t4 = %d, t5 = %d\n",
+					q.query_secdesc.out.sd->dacl == NULL,
+					q.query_secdesc.out.sd->dacl->num_aces != 1,
+					q.query_secdesc.out.sd->dacl->aces[0].access_mask != SEC_FILE_WRITE_DATA,
+					!dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee,
+						creator_owner),
+					q.query_secdesc.out.sd->dacl->aces[0].flags != test_flags[i].dir_flags);
+
+				printf("(0) Bad sd in child dir at %d (parent 0x%x) flags = 0x%x dir_flags=0x%x\n", 
+					i,
+					test_flags[i].parent_flags,
+					q.query_secdesc.out.sd->dacl->aces[0].flags,
+					test_flags[i].dir_flags);
 				NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
 				ret = false;
 				continue;
-- 
cgit