svn commit: samba r4463 - in branches/SAMBA_4_0/source/torture/raw: .

tridge at samba.org tridge at samba.org
Sat Jan 1 03:46:56 GMT 2005 

Author: tridge
Date: 2005-01-01 03:46:55 +0000 (Sat, 01 Jan 2005)
New Revision: 4463

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4463

Log:
added testing of the special SID_CREATOR_OWNER inheritance rules

Modified:
   branches/SAMBA_4_0/source/torture/raw/acls.c


Changeset:
Modified: branches/SAMBA_4_0/source/torture/raw/acls.c
===================================================================
--- branches/SAMBA_4_0/source/torture/raw/acls.c	2005-01-01 01:40:45 UTC (rev 4462)
+++ branches/SAMBA_4_0/source/torture/raw/acls.c	2005-01-01 03:46:55 UTC (rev 4463)
@@ -764,6 +764,7 @@
 	union smb_setfileinfo set;
 	struct security_descriptor *sd, *sd_orig, *sd_def;
 	const char *owner_sid;
+	const struct dom_sid *creator_owner;
 	const struct {
 		uint32_t parent_flags;
 		uint32_t file_flags;
@@ -901,6 +902,8 @@
 
 	owner_sid = dom_sid_string(mem_ctx, sd_orig->owner_sid);
 
+	printf("owner_sid is %s\n", owner_sid);
+
 	sd_def = security_descriptor_create(mem_ctx,
 					    owner_sid, NULL,
 					    owner_sid,
@@ -913,10 +916,12 @@
 					    0,
 					    NULL);
 
+	creator_owner = dom_sid_parse_talloc(mem_ctx, SID_CREATOR_OWNER);
+
 	for (i=0;i<ARRAY_SIZE(test_flags);i++) {
 		sd = security_descriptor_create(mem_ctx,
 						NULL, NULL,
-						owner_sid,
+						SID_CREATOR_OWNER,
 						SEC_ACE_TYPE_ACCESS_ALLOWED,
 						SEC_FILE_WRITE_DATA,
 						test_flags[i].parent_flags,
@@ -998,27 +1003,52 @@
 			continue;
 		}
 
-		if (q.query_secdesc.out.sd->dacl == NULL ||
-		    q.query_secdesc.out.sd->dacl->num_aces != 1 ||
-		    q.query_secdesc.out.sd->dacl->aces[0].access_mask != SEC_FILE_WRITE_DATA ||
-		    !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee,
-				   sd_orig->owner_sid)) {
-			printf("Bad sd in child dir at %d (parent 0x%x)\n", 
-			       i, test_flags[i].parent_flags);
-			NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
-			ret = False;
-			continue;
+		if ((test_flags[i].parent_flags & SEC_ACE_FLAG_CONTAINER_INHERIT) && 
+		    (test_flags[i].parent_flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)) {
+			if (q.query_secdesc.out.sd->dacl == NULL ||
+			    q.query_secdesc.out.sd->dacl->num_aces != 1 ||
+			    q.query_secdesc.out.sd->dacl->aces[0].access_mask != SEC_FILE_WRITE_DATA ||
+			    !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee,
+					   sd_orig->owner_sid) ||
+			    q.query_secdesc.out.sd->dacl->aces[0].flags != test_flags[i].dir_flags) {
+				printf("Bad sd in child dir at %d (parent 0x%x)\n", 
+				       i, test_flags[i].parent_flags);
+				NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
+				ret = False;
+				continue;
+			}
+		} else if (test_flags[i].parent_flags & SEC_ACE_FLAG_CONTAINER_INHERIT) {
+			if (q.query_secdesc.out.sd->dacl == NULL ||
+			    q.query_secdesc.out.sd->dacl->num_aces != 2 ||
+			    q.query_secdesc.out.sd->dacl->aces[0].access_mask != SEC_FILE_WRITE_DATA ||
+			    !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee,
+					   sd_orig->owner_sid) ||
+			    q.query_secdesc.out.sd->dacl->aces[1].access_mask != SEC_FILE_WRITE_DATA ||
+			    !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[1].trustee,
+					   creator_owner) ||
+			    q.query_secdesc.out.sd->dacl->aces[0].flags != 0 ||
+			    q.query_secdesc.out.sd->dacl->aces[1].flags != 
+			    (test_flags[i].dir_flags | SEC_ACE_FLAG_INHERIT_ONLY)) {
+				printf("Bad sd in child dir at %d (parent 0x%x)\n", 
+				       i, test_flags[i].parent_flags);
+				NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
+				ret = False;
+				continue;
+			}
+		} else {
+			if (q.query_secdesc.out.sd->dacl == NULL ||
+			    q.query_secdesc.out.sd->dacl->num_aces != 1 ||
+			    q.query_secdesc.out.sd->dacl->aces[0].access_mask != SEC_FILE_WRITE_DATA ||
+			    !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee,
+					   creator_owner) ||
+			    q.query_secdesc.out.sd->dacl->aces[0].flags != test_flags[i].dir_flags) {
+				printf("Bad sd in child dir at %d (parent 0x%x)\n", 
+				       i, test_flags[i].parent_flags);
+				NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
+				ret = False;
+				continue;
+			}
 		}
-
-		if (q.query_secdesc.out.sd->dacl->aces[0].flags != 
-		    test_flags[i].dir_flags) {
-			printf("incorrect dir_flags 0x%x - expected 0x%x for parent 0x%x with (i=%d)\n",
-			       q.query_secdesc.out.sd->dacl->aces[0].flags,
-			       test_flags[i].dir_flags,
-			       test_flags[i].parent_flags,
-			       i);
-			ret = False;
-		}
 	}
 
 	printf("put back original sd\n");
@@ -1064,6 +1094,11 @@
 	ret &= test_generic_bits(cli, mem_ctx);
 	ret &= test_inheritance(cli, mem_ctx);
 
+	printf("\n *** NOTE! need to add dynamic inheritance test **\n");
+#if 0
+	ret &= test_inheritance_dynamic(cli, mem_ctx);
+#endif
+
 	smb_raw_exit(cli->session);
 	smbcli_deltree(cli->tree, BASEDIR);

More information about the samba-cvs mailing list