/*
   Unix SMB/CIFS implementation.
   Basic test for share secdescs vs nttrans_create
   Copyright (C) Volker Lendecke 2011

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

#include "includes.h"
#include "torture/proto.h"
#include "libsmb/libsmb.h"
#include "libcli/security/dom_sid.h"
#include "libcli/security/secdesc.h"
#include "libcli/security/security.h"

bool run_nttrans_create(int dummy)
{
	struct cli_state *cli = NULL;
	NTSTATUS status, status2;
	bool ret = false;
	struct security_ace ace;
	struct security_acl acl;
	struct security_descriptor *sd;
	const char *fname = "transtest";
	uint16_t fnum, fnum2;
	struct dom_sid owner;

	printf("Starting NTTRANS_CREATE\n");

	if (!torture_open_connection(&cli, 0)) {
		printf("torture_open_connection failed\n");
		goto fail;
	}

	ZERO_STRUCT(ace);
	ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
	ace.access_mask = SEC_RIGHTS_FILE_ALL & ~SEC_STD_WRITE_DAC;
	sid_copy(&ace.trustee, &global_sid_World);

	acl.revision = SECURITY_ACL_REVISION_NT4;
	acl.size = 0;
	acl.num_aces = 1;
	acl.aces = &ace;

	dom_sid_parse("S-1-22-1-1000", &owner);

	sd = make_sec_desc(talloc_tos(),
			   SECURITY_DESCRIPTOR_REVISION_1,
			   SEC_DESC_SELF_RELATIVE|
			   SEC_DESC_DACL_PRESENT|SEC_DESC_OWNER_DEFAULTED|
			   SEC_DESC_GROUP_DEFAULTED,
			   NULL, NULL, NULL, &acl, NULL);
	if (sd == NULL) {
		d_fprintf(stderr, "make_sec_desc failed\n");
		goto fail;
	}

	status = cli_nttrans_create(
		cli, fname, 0, FILE_READ_DATA|FILE_WRITE_DATA|DELETE_ACCESS|
		READ_CONTROL_ACCESS,
		FILE_ATTRIBUTE_NORMAL,
		FILE_SHARE_READ|FILE_SHARE_WRITE| FILE_SHARE_DELETE,
		FILE_CREATE, 0, 0, sd, NULL, 0, &fnum);
	if (!NT_STATUS_IS_OK(status)) {
		d_fprintf(stderr, "cli_nttrans_create returned %s\n",
			  nt_errstr(status));
		goto fail;
	}

	cli_query_secdesc(cli, fnum, talloc_tos(), NULL);

	status2 = cli_ntcreate(cli, fname, 0, WRITE_DAC_ACCESS,
			       FILE_ATTRIBUTE_NORMAL,
			       FILE_SHARE_READ|FILE_SHARE_WRITE|
			       FILE_SHARE_DELETE,
			       FILE_OPEN, 0, 0, &fnum2);

	status = cli_nt_delete_on_close(cli, fnum, true);
	if (!NT_STATUS_IS_OK(status)) {
		d_fprintf(stderr, "cli_nt_delete_on_close returned %s\n",
			  nt_errstr(status));
		goto fail;
	}

	if (!NT_STATUS_EQUAL(status2, NT_STATUS_ACCESS_DENIED)) {
		d_fprintf(stderr, "cli_ntcreate returned %s\n",
			  nt_errstr(status));
		goto fail;
	}

	ret = true;
fail:
	if (cli != NULL) {
		torture_close_connection(cli);
	}
	return ret;
}