[PATCH 3/3] Make smb2.acls test match the raw.acls test when running against -Tsamba4 in that it expects the default Samba4 ACL, not the Windows one.
Jeremy Allison
jra at samba.org
Wed Nov 14 15:40:52 MST 2012
Signed-off-by: Jeremy Allison <jra at samba.org>
---
source4/torture/smb2/acls.c | 41 +++++++++++++++++++++++++++++++++++------
1 files changed, 35 insertions(+), 6 deletions(-)
diff --git a/source4/torture/smb2/acls.c b/source4/torture/smb2/acls.c
index 37052c6..50f9145 100644
--- a/source4/torture/smb2/acls.c
+++ b/source4/torture/smb2/acls.c
@@ -805,6 +805,7 @@ static bool test_inheritance(struct torture_context *tctx, struct smb2_tree *tre
union smb_setfileinfo set;
struct security_descriptor *sd, *sd2, *sd_orig=NULL, *sd_def1, *sd_def2;
const char *owner_sid;
+ const char *group_sid;
const struct dom_sid *creator_owner;
const struct {
uint32_t parent_flags;
@@ -939,20 +940,47 @@ static bool test_inheritance(struct torture_context *tctx, struct smb2_tree *tre
torture_comment(tctx, "get the original sd\n");
q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
q.query_secdesc.in.file.handle = handle;
- q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+ q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER | SECINFO_GROUP;
status = smb2_getinfo_file(tree, tctx, &q);
CHECK_STATUS(status, NT_STATUS_OK);
sd_orig = q.query_secdesc.out.sd;
owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+ group_sid = dom_sid_string(tctx, sd_orig->group_sid);
torture_comment(tctx, "owner_sid is %s\n", owner_sid);
+ torture_comment(tctx, "group_sid is %s\n", group_sid);
- /*
- * The Windows Default ACL for a new file, when there is no ACL to be
- * inherited: FullControl for the owner and SYSTEM.
- */
- sd_def1 = security_descriptor_dacl_create(tctx,
+ q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+
+ if (torture_setting_bool(tctx, "samba4", false)) {
+ /* the default ACL in Samba4 includes the group and
+ other permissions */
+ sd_def1 = security_descriptor_dacl_create(tctx,
+ 0, owner_sid, NULL,
+ owner_sid,
+ SEC_ACE_TYPE_ACCESS_ALLOWED,
+ SEC_RIGHTS_FILE_ALL,
+ 0,
+ group_sid,
+ SEC_ACE_TYPE_ACCESS_ALLOWED,
+ SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE,
+ 0,
+ SID_WORLD,
+ SEC_ACE_TYPE_ACCESS_ALLOWED,
+ SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE,
+ 0,
+ SID_NT_SYSTEM,
+ SEC_ACE_TYPE_ACCESS_ALLOWED,
+ SEC_RIGHTS_FILE_ALL,
+ 0,
+ NULL);
+ } else {
+ /*
+ * The Windows Default ACL for a new file, when there is no ACL to be
+ * inherited: FullControl for the owner and SYSTEM.
+ */
+ sd_def1 = security_descriptor_dacl_create(tctx,
0, owner_sid, NULL,
owner_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -963,6 +991,7 @@ static bool test_inheritance(struct torture_context *tctx, struct smb2_tree *tre
SEC_RIGHTS_FILE_ALL,
0,
NULL);
+ }
/*
* Use this in the case the system being tested does not add an ACE for
--
1.7.7.3
More information about the samba-technical
mailing list