svn commit: samba r16668 - in branches/SAMBA_4_0/source/torture/smb2: .

Thu Jun 29 07:03:09 GMT 2006

Author: metze
Date: 2006-06-29 07:03:09 +0000 (Thu, 29 Jun 2006)
New Revision: 16668

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16668

Log:
test setting of security descriptors vis smb2 setinfo

metze
Modified:
   branches/SAMBA_4_0/source/torture/smb2/setinfo.c


Changeset:
Modified: branches/SAMBA_4_0/source/torture/smb2/setinfo.c
===================================================================

--- branches/SAMBA_4_0/source/torture/smb2/setinfo.c	2006-06-29 07:02:14 UTC (rev 16667)
+++ branches/SAMBA_4_0/source/torture/smb2/setinfo.c	2006-06-29 07:03:09 UTC (rev 16668)
@@ -28,6 +28,9 @@
 #include "torture/torture.h"
 #include "torture/smb2/proto.h"
 
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_security.h"
+
 #define BASEDIR ""
 
 /* basic testing of all SMB2 setinfo calls 
@@ -44,6 +47,9 @@
 	char *fname_new;
 	union smb_fileinfo finfo2;
 	union smb_setfileinfo sfinfo;
+	struct security_ace ace;
+	struct security_descriptor *sd;
+	struct dom_sid *test_sid;
 	NTSTATUS status, status2;
 	const char *call_name;
 	time_t basetime = (time(NULL) - 86400) & ~1;
@@ -92,7 +98,7 @@
 		finfo2.generic.in.file.handle = handle; \
 		status2 = smb2_getinfo_file(tree, mem_ctx, &finfo2); \
 		if (!NT_STATUS_IS_OK(status2)) { \
-			printf("%s - %s\n", #call, nt_errstr(status2)); \
+			printf("(%s) %s - %s\n", __location__, #call, nt_errstr(status2)); \
 		} \
 	}} while (0)
 
@@ -135,7 +141,6 @@
 		goto done; \
 	}} while (0)
 
-
 	torture_smb2_all_info(tree, handle);
 	
 	printf("test basic_information level\n");
@@ -230,6 +235,63 @@
 	CHECK_CALL(MODE_INFORMATION, NT_STATUS_OK);
 	CHECK_VALUE(MODE_INFORMATION, mode_information, mode, 0);
 
+	printf("test sec_desc level\n");
+	test_sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1234-5432");
+	ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+	ace.flags = 0;
+	ace.access_mask = SEC_STD_ALL;
+	ace.trustee = *test_sid;
+	ZERO_STRUCT(finfo2);
+	finfo2.query_secdesc.in.secinfo_flags =
+		SECINFO_OWNER |
+		SECINFO_GROUP |
+		SECINFO_DACL;
+ 	CHECK1(SEC_DESC);
+	sd = finfo2.query_secdesc.out.sd;
+
+	test_sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1234-5432");
+	ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+	ace.flags = 0;
+	ace.access_mask = SEC_STD_ALL;
+	ace.trustee = *test_sid;
+	status = security_descriptor_dacl_add(sd, &ace);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	printf("add a new ACE to the DACL\n");
+
+	sfinfo.set_secdesc.in.secinfo_flags = finfo2.query_secdesc.in.secinfo_flags;
+	sfinfo.set_secdesc.in.sd = sd;
+	CHECK_CALL(SEC_DESC, NT_STATUS_OK);
+ 	CHECK1(SEC_DESC);
+
+	if (!security_acl_equal(finfo2.query_secdesc.out.sd->dacl, sd->dacl)) {
+		printf("%s: security descriptors don't match!\n", __location__);
+		printf("got:\n");
+		NDR_PRINT_DEBUG(security_descriptor, finfo2.query_secdesc.out.sd);
+		printf("expected:\n");
+		NDR_PRINT_DEBUG(security_descriptor, sd);
+		ret = False;
+	}
+
+	printf("remove it again\n");
+
+	status = security_descriptor_dacl_del(sd, test_sid);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	sfinfo.set_secdesc.in.secinfo_flags = finfo2.query_secdesc.in.secinfo_flags;
+	sfinfo.set_secdesc.in.sd = sd;
+	CHECK_CALL(SEC_DESC, NT_STATUS_OK);
+ 	CHECK1(SEC_DESC);
+
+	if (!security_acl_equal(finfo2.query_secdesc.out.sd->dacl, sd->dacl)) {
+		printf("%s: security descriptors don't match!\n", __location__);
+		printf("got:\n");
+		NDR_PRINT_DEBUG(security_descriptor, finfo2.query_secdesc.out.sd);
+		printf("expected:\n");
+		NDR_PRINT_DEBUG(security_descriptor, sd);
+		ret = False;
+	}
+
 done:
 	status = smb2_util_close(tree, handle);
 	if (NT_STATUS_IS_ERR(status)) {

