[SCM] Samba Shared Repository - branch master updated
Volker Lendecke
vlendec at samba.org
Wed Jun 17 05:37:03 MDT 2015
The branch, master has been updated
via 8406d4d docs-xml: Update sharesec manpage to reflect current output
via a6650d7 selftest: Add test for sharesec command
via 0b9fa28 sharesec: Use non-numerical output for sharesec
from 12079b4 heimdal: fix endless loop for specific KDC error code
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8406d4dd1593b4a4d7bcbdc7b7c7893339f8e814
Author: Christof Schmitt <cs at samba.org>
Date: Tue Jun 9 10:29:21 2015 -0700
docs-xml: Update sharesec manpage to reflect current output
Update the sharesec man page to reflect the output currently used, and
also add a note that the OWNER and GROUP fields are not used for share
ACLs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11324
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Jun 17 13:36:23 CEST 2015 on sn-devel-104
commit a6650d74d1b7cc051637c1a19daff5a8009f405b
Author: Christof Schmitt <cs at samba.org>
Date: Tue Jun 9 10:28:17 2015 -0700
selftest: Add test for sharesec command
Add a test for the sharesec command to ensure that it works, and to also
verify that the output does not change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11324
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 0b9fa2849dc8b7c61467a6517c40e6e15c104d4a
Author: Christof Schmitt <cs at samba.org>
Date: Tue Jun 9 09:50:18 2015 -0700
sharesec: Use non-numerical output for sharesec
This is an easy change to get the sharesec output back to the format
used before. It is also easier to understand than the output of the
flags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11324
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/sharesec.1.xml | 16 ++---
source3/script/tests/test_sharesec.sh | 111 ++++++++++++++++++++++++++++++++++
source3/selftest/tests.py | 3 +
source3/utils/sharesec.c | 4 +-
4 files changed, 124 insertions(+), 10 deletions(-)
create mode 100755 source3/script/tests/test_sharesec.sh
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/sharesec.1.xml b/docs-xml/manpages/sharesec.1.xml
index 6a201cc..7e13d49 100644
--- a/docs-xml/manpages/sharesec.1.xml
+++ b/docs-xml/manpages/sharesec.1.xml
@@ -154,10 +154,9 @@
If not specified it defaults to 1. Using values other than 1 may
cause strange behaviour.</para>
- <para>The owner and group specify the owner and group SIDs for the
- object. If a SID in the format S-1-x-y-z is specified this is used,
- otherwise the name specified is resolved using the server on which
- the file or directory resides.</para>
+ <para>The owner and group specify the owner and group SIDs for
+ the object. Share ACLs do not specify an owner or a group, so
+ these fields are empty.</para>
<para>ACLs specify permissions granted to the SID. This SID
can be specified in S-1-x-y-z format or as a name in which case
@@ -227,10 +226,11 @@
<programlisting>
host:~ # sharesec share -v
REVISION:1
- OWNER:(NULL SID)
- GROUP:(NULL SID)
- ACL:S-1-1-0:ALLOWED/0/0x101f01ff
- ACL:S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0/FULL
+ CONTROL:SR|DP
+ OWNER:
+ GROUP:
+ ACL:S-1-1-0:ALLOWED/0x0/FULL
+ ACL:S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0x0/FULL
</programlisting>
</refsect1>
diff --git a/source3/script/tests/test_sharesec.sh b/source3/script/tests/test_sharesec.sh
new file mode 100755
index 0000000..ef207ff
--- /dev/null
+++ b/source3/script/tests/test_sharesec.sh
@@ -0,0 +1,111 @@
+#!/bin/sh
+#
+# Test sharesec command.
+#
+# Verify that changing and querying the security descriptor works. Also
+# ensure that the output format for ACL entries does not change.
+#
+# The test uses well-known SIDs to not require looking up names and SIDs
+#
+# Copyright (C) 2015 Christof Schmitt
+
+if [ $# -lt 3 ]; then
+Usage: test_sharesec.sh SERVERCONFFILE SHARESEC SHARE
+exit 1
+fi
+
+CONF=$1
+SHARESEC=$2
+SHARE=$3
+
+CMD="$SHARESEC $CONF $SHARE"
+
+incdir=$(dirname $0)/../../../testprogs/blackbox
+. $incdir/subunit.sh
+
+failed=0
+
+testit "Set new ACL" $CMD --replace S-1-1-0:ALLOWED/0x0/READ || \
+ failed=$(expr $failed + 1)
+testit "Query new ACL" $CMD --view || failed=$(expr $failed + 1)
+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
+testit "Verify new ACL count" test $COUNT -eq 1 || failed=$(expr $failed + 1)
+ACL=$($CMD --view | grep ACL: | sed -e 's/^ACL://')
+testit "Verify new ACL" test $ACL = S-1-1-0:ALLOWED/0x0/READ
+
+OWNER=$($CMD --view | grep OWNER:)
+testit "Verify empty OWNER" test "$OWNER" = "OWNER:" || \
+ failed=$(expr $failed + 1)
+GROUP=$($CMD --view | grep GROUP:)
+testit "Verify empty GROUP" test "$GROUP" = "GROUP:" || \
+ failed=$(expr $failed + 1)
+CONTROL=$($CMD --view | grep CONTROL: | sed -e 's/^CONTROL://')
+testit "Verify control flags" test "$CONTROL" = "SR|DP" || \
+ failed=$(expr $failed + 1)
+
+testit "Add second ACL entry" $CMD --add S-1-5-32-544:ALLOWED/0x0/FULL || \
+ failed=$(expr $failed + 1)
+testit "Query ACL with two entries" $CMD --view || \
+ failed=$(expr $failed + 1)
+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
+testit "Verify ACL count with two entries" test $COUNT -eq 2 || \
+ failed=$(expr $failed + 1)
+ACL=$($CMD --view | grep S-1-5-32-544 | sed -e 's/^ACL://')
+testit "Verify second ACL entry" test $ACL = S-1-5-32-544:ALLOWED/0x0/FULL || \
+ failed=$(expr $failed + 1)
+
+testit "Modify ACL entry" $CMD --modify S-1-5-32-544:ALLOWED/0x0/CHANGE || \
+ failed=$(expr $failed + 1)
+testit "Verify ACL with two entries after modify" $CMD --view || \
+ failed=$(expr $failed + 1)
+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
+testit "Verify ACL count with two entries after modify" test $COUNT -eq 2 || \
+ failed=$(expr $failed + 1)
+ACL=$($CMD --view | grep S-1-5-32-544 | sed -e 's/^ACL://')
+testit "Verify modified entry" test $ACL = S-1-5-32-544:ALLOWED/0x0/CHANGE || \
+ failed=$(expr $failed + 1)
+
+testit "Add deny ACL entry" $CMD --add S-1-5-32-545:DENIED/0x0/CHANGE || \
+ failed=$(expr $failed + 1)
+testit "Query ACL with three entries" $CMD --view || \
+ failed=$(expr $failed + 1)
+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
+testit "Verify ACL count with three entries" test $COUNT -eq 3 || \
+ failed=$(expr $failed + 1)
+ACL=$($CMD --view | grep S-1-5-32-545 | sed -e 's/^ACL://')
+testit "Verify DENIED ACL entry" test $ACL = S-1-5-32-545:DENIED/0x0/CHANGE || \
+ failed=$(expr $failed + 1)
+
+testit "Add special ACL entry" $CMD --add S-1-5-32-546:ALLOWED/0x0/RWXDP || \
+ failed=$(expr $failed + 1)
+testit "Query ACL with four entries" $CMD --view || \
+ failed=$(expr $failed + 1)
+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
+testit "Verify ACL count with four entries" test $COUNT -eq 4 || \
+ failed=$(expr $failed + 1)
+ACL=$($CMD --view | grep S-1-5-32-546 | sed -e 's/^ACL://')
+testit "Verify special entry" test $ACL = S-1-5-32-546:ALLOWED/0x0/RWXDP || \
+ failed=$(expr $failed + 1)
+
+testit "Remove ACL entry" $CMD --remove S-1-5-32-546:ALLOWED/0x0/RWXDP || \
+ failed=$(expr $failed + 1)
+testit "Query ACL with three entries after removal" $CMD --view || \
+ failed=$(expr $failed + 1)
+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
+testit "Verify ACL count after removal" test $COUNT -eq 3 || \
+ failed=$(expr $failed + 1)
+ACL="$($CMD --view | grep S-1-5-32-546')"
+testit "Verify removal" test -e "$ACL" || failed=$(expr $failed + 1)
+
+testit "Set back to default ACL " $CMD --replace S-1-1-0:ALLOWED/0x0/FULL || \
+ failed=$(expr $failed + 1)
+testit "Query standard ACL" $CMD --view || \
+ failed=$(expr $failed + 1)
+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
+testit "Verify standard ACL count" test $COUNT -eq 1 || \
+ failed=$(expr $failed + 1)
+ACL=$($CMD --view | grep ACL: | sed -e 's/^ACL://')
+testit "Verify standard ACL" test $ACL = S-1-1-0:ALLOWED/0x0/FULL || \
+ failed=$(expr $failed + 1)
+
+testok $0 $failed
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index d6e6869..0c49b02 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -424,6 +424,9 @@ for s in signseal_options:
plantestsuite("samba3.blackbox.rpcclient_samlogon", "ad_member:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"),
"$DC_USERNAME", "$DC_PASSWORD", "ncacn_np:$DC_SERVER", configuration])
+plantestsuite("samba3.blackbox.sharesec", "simpleserver:local",
+ [os.path.join(samba3srcdir, "script/tests/test_sharesec.sh"),
+ configuration, os.path.join(bindir(), "sharesec"), "tmp"])
plantestsuite("samba3.blackbox.net_dom_join_fail_dc", "nt4_dc",
[os.path.join(samba3srcdir, "script/tests/test_net_dom_join_fail_dc.sh"),
diff --git a/source3/utils/sharesec.c b/source3/utils/sharesec.c
index 941b3a4..d9f8158 100644
--- a/source3/utils/sharesec.c
+++ b/source3/utils/sharesec.c
@@ -182,7 +182,7 @@ static int change_share_sec(TALLOC_CTX *mem_ctx, const char *sharename, char *th
/* should not happen */
return 0;
case SMB_ACL_VIEW:
- sec_desc_print(NULL, stdout, old, true);
+ sec_desc_print(NULL, stdout, old, false);
return 0;
case SMB_ACL_DELETE:
for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
@@ -203,7 +203,7 @@ static int change_share_sec(TALLOC_CTX *mem_ctx, const char *sharename, char *th
if (!found) {
printf("ACL for ACE:");
- print_ace(NULL, stdout, &sd->dacl->aces[i], true);
+ print_ace(NULL, stdout, &sd->dacl->aces[i], false);
printf(" not found\n");
}
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list