svn commit: samba r4074 - in branches/SAMBA_4_0/source/torture: . raw

tridge at samba.org tridge at samba.org
Mon Dec 6 07:13:50 GMT 2004 

Author: tridge
Date: 2004-12-06 07:13:50 +0000 (Mon, 06 Dec 2004)
New Revision: 4074

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4074

Log:
make the RAW-ACLS test use the new lsa helper functions to determine
the privileges of the user running the test. This allows the test to
work out what the expected access masks are.

Modified:
   branches/SAMBA_4_0/source/torture/config.mk
   branches/SAMBA_4_0/source/torture/raw/acls.c


Changeset:
Modified: branches/SAMBA_4_0/source/torture/config.mk
===================================================================
--- branches/SAMBA_4_0/source/torture/config.mk	2004-12-06 07:12:38 UTC (rev 4073)
+++ branches/SAMBA_4_0/source/torture/config.mk	2004-12-06 07:13:50 UTC (rev 4074)
@@ -52,7 +52,7 @@
 		torture/raw/acls.o \
 		torture/raw/seek.o
 REQUIRED_SUBSYSTEMS = \
-		LIBSMB
+		LIBSMB LIBCLI_LSA
 # End SUBSYSTEM TORTURE_RAW
 #################################
 

Modified: branches/SAMBA_4_0/source/torture/raw/acls.c
===================================================================
--- branches/SAMBA_4_0/source/torture/raw/acls.c	2004-12-06 07:12:38 UTC (rev 4073)
+++ branches/SAMBA_4_0/source/torture/raw/acls.c	2004-12-06 07:13:50 UTC (rev 4074)
@@ -481,6 +481,8 @@
 		{ SEC_GENERIC_EXECUTE, SEC_RIGHTS_DIR_EXECUTE },
 		{ SEC_GENERIC_ALL,     SEC_RIGHTS_DIR_ALL }
 	};
+	BOOL has_restore_privilege;
+	BOOL has_take_ownership_privilege;
 
 	printf("TESTING FILE GENERIC BITS\n");
 
@@ -515,9 +517,32 @@
 
 	owner_sid = dom_sid_string(mem_ctx, sd_orig->owner_sid);
 
+	status = smblsa_sid_check_privilege(cli, owner_sid, SEC_PRIV_RESTORE);
+	has_restore_privilege = NT_STATUS_IS_OK(status);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("smblsa_sid_check_privilege - %s\n", nt_errstr(status));
+	}
+	printf("SEC_PRIV_RESTORE - %s\n", has_restore_privilege?"Yes":"No");
 
+	status = smblsa_sid_check_privilege(cli, owner_sid, SEC_PRIV_TAKE_OWNERSHIP);
+	has_take_ownership_privilege = NT_STATUS_IS_OK(status);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("smblsa_sid_check_privilege - %s\n", nt_errstr(status));
+	}
+	printf("SEC_PRIV_TAKE_OWNERSHIP - %s\n", has_restore_privilege?"Yes":"No");
+
 	for (i=0;i<ARRAY_SIZE(file_mappings);i++) {
+		uint32_t expected_mask = 
+			SEC_STD_WRITE_DAC | 
+			SEC_STD_READ_CONTROL | 
+			SEC_FILE_READ_ATTRIBUTE |
+			SEC_STD_DELETE;
+		uint32_t expected_mask_anon = SEC_FILE_READ_ATTRIBUTE;
 
+		if (has_restore_privilege) {
+			expected_mask_anon |= SEC_STD_DELETE;
+		}
+
 		printf("testing generic bits 0x%08x\n", 
 		       file_mappings[i].gen_bits);
 		sd = security_descriptor_create(mem_ctx,
@@ -556,18 +581,17 @@
 		status = smb_raw_open(cli->tree, mem_ctx, &io);
 		CHECK_STATUS(status, NT_STATUS_OK);
 		CHECK_ACCESS_FLAGS(io.ntcreatex.out.fnum, 
-				   SEC_STD_READ_CONTROL | 
-				   SEC_STD_WRITE_DAC | 
-				   SEC_STD_DELETE | 
-				   SEC_FILE_READ_ATTRIBUTE |
-				   file_mappings[i].specific_bits);
+				   expected_mask | file_mappings[i].specific_bits);
 		smbcli_close(cli->tree, io.ntcreatex.out.fnum);
 
+		if (!has_take_ownership_privilege) {
+			continue;
+		}
 
 		printf("testing generic bits 0x%08x (anonymous)\n", 
 		       file_mappings[i].gen_bits);
 		sd = security_descriptor_create(mem_ctx,
-						SID_ANONYMOUS, NULL,
+						SID_NT_ANONYMOUS, NULL,
 						owner_sid,
 						SEC_ACE_TYPE_ACCESS_ALLOWED,
 						file_mappings[i].gen_bits,
@@ -582,7 +606,7 @@
 		CHECK_STATUS(status, NT_STATUS_OK);
 
 		sd2 = security_descriptor_create(mem_ctx,
-						 SID_ANONYMOUS, NULL,
+						 SID_NT_ANONYMOUS, NULL,
 						 owner_sid,
 						 SEC_ACE_TYPE_ACCESS_ALLOWED,
 						 file_mappings[i].specific_bits,
@@ -602,9 +626,7 @@
 		status = smb_raw_open(cli->tree, mem_ctx, &io);
 		CHECK_STATUS(status, NT_STATUS_OK);
 		CHECK_ACCESS_FLAGS(io.ntcreatex.out.fnum, 
-				   SEC_STD_DELETE | 
-				   SEC_FILE_READ_ATTRIBUTE |
-				   file_mappings[i].specific_bits);
+				   expected_mask_anon | file_mappings[i].specific_bits);
 		smbcli_close(cli->tree, io.ntcreatex.out.fnum);
 	}
 
@@ -649,6 +671,11 @@
 
 
 	for (i=0;i<ARRAY_SIZE(dir_mappings);i++) {
+		uint32_t expected_mask = 
+			SEC_STD_WRITE_DAC | 
+			SEC_STD_READ_CONTROL | 
+			SEC_FILE_READ_ATTRIBUTE |
+			SEC_STD_DELETE;
 
 		printf("testing generic bits 0x%08x\n", 
 		       file_mappings[i].gen_bits);
@@ -688,14 +715,10 @@
 		status = smb_raw_open(cli->tree, mem_ctx, &io);
 		CHECK_STATUS(status, NT_STATUS_OK);
 		CHECK_ACCESS_FLAGS(io.ntcreatex.out.fnum, 
-				   SEC_STD_WRITE_DAC | 
-				   SEC_STD_READ_CONTROL | 
-				   SEC_STD_DELETE | 
-				   SEC_FILE_READ_ATTRIBUTE |
-				   dir_mappings[i].specific_bits);
+				   expected_mask | dir_mappings[i].specific_bits);
 		smbcli_close(cli->tree, io.ntcreatex.out.fnum);
+	}
 
-	}
 	printf("put back original sd\n");
 	set.set_secdesc.in.sd = sd_orig;
 	status = smb_raw_setfileinfo(cli->tree, &set);

More information about the samba-cvs mailing list