test: ACLS
TESTING SETFILEINFO EA_SET
add a new ACE to the DACL
remove it again
testing nttrans create with sec_desc
creating normal file
querying ACL
adding a new ACE
creating a file with an initial ACL
TESTING SEC_DESC WITH A NULL DACL
creating a file with a empty sd
get the original sd
set NULL DACL
get the sd
try open for read control
try open for write
try open for read
try open for generic write
try open for generic read
set DACL with 0 aces
get the sd
try open for read control
try open for write => access_denied
try open for read => access_denied
try open for generic write => access_denied
try open for generic read => access_denied
set empty sd
get the sd
TESTING SID_CREATOR_OWNER
get the original sd
set a sec desc allowing no write by CREATOR_OWNER
try open for write
try open for read
try open for generic write
try open for generic read
set a sec desc allowing no write by owner
check that sd has been mapped correctly
try open for write
try open for read
try open for generic write
try open for generic read
set a sec desc allowing generic read by owner
check that generic read has been mapped correctly
try open for write
try open for read
try open for generic write
try open for generic read
put back original sd
TESTING FILE GENERIC BITS
get the original sd
SEC_PRIV_RESTORE - Yes
SEC_PRIV_TAKE_OWNERSHIP - Yes
testing generic bits 0x00000000
testing generic bits 0x00000000 (anonymous)
testing generic bits 0x80000000
testing generic bits 0x80000000 (anonymous)
testing generic bits 0x40000000
testing generic bits 0x40000000 (anonymous)
testing generic bits 0x20000000
testing generic bits 0x20000000 (anonymous)
testing generic bits 0x10000000
testing generic bits 0x10000000 (anonymous)
testing generic bits 0x00000001
testing generic bits 0x00000001 (anonymous)
testing generic bits 0x00000080
testing generic bits 0x00000080 (anonymous)
put back original sd
TESTING DIR GENERIC BITS
get the original sd
SEC_PRIV_RESTORE - Yes
SEC_PRIV_TAKE_OWNERSHIP - Yes
testing generic bits 0x00000000
testing generic bits 0x00000000 (anonymous)
testing generic bits 0x80000000
testing generic bits 0x80000000 (anonymous)
testing generic bits 0x40000000
testing generic bits 0x40000000 (anonymous)
testing generic bits 0x20000000
testing generic bits 0x20000000 (anonymous)
testing generic bits 0x10000000
testing generic bits 0x10000000 (anonymous)
put back original sd
TESTING FILE OWNER BITS
get the original sd
SEC_PRIV_RESTORE - Yes
SEC_PRIV_TAKE_OWNERSHIP - Yes
put back original sd
TESTING ACL INHERITANCE
get the original sd
owner_sid is S-1-5-32-544
testing access checks on inherited create with \testsd\inheritance\testfile
failed: w2k3 ACL bug (allowed open when ACL should deny)
trying without execute
and with full permissions again
put back original sd
TESTING DYNAMIC ACL INHERITANCE
get the original sd
owner_sid is S-1-5-32-544
create a file with an inherited acl
try and access file with base rights - should be OK
try and access file with extra rights - should be denied
update parent sd
try and access file with base rights - should be OK
try and access now - should be OK if dynamic inheritance works
Server does not have dynamic inheritance
put back original sd
TESTING ACCESS MASKS FOR SD GET/SET
error: ACLS [
Unknown error/failure
]