Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 140 insertions, 0 deletions

diff --git a/source3/script/tests/test_sharesec.sh b/source3/script/tests/test_sharesec.sh
new file mode 100755
index 0000000..a083a56
--- /dev/null
+++ b/source3/script/tests/test_sharesec.sh
@@ -0,0 +1,140 @@
+#!/bin/sh
+#
+# Test sharesec command.
+#
+# Verify that changing and querying the security descriptor works. Also
+# ensure that the output format for ACL entries does not change.
+#
+# The test uses well-known SIDs to not require looking up names and SIDs
+#
+# Copyright (C) 2015, 2019 Christof Schmitt
+
+if [ $# -lt 4 ]; then
+	echo Usage: test_sharesec.sh SERVERCONFFILE SHARESEC NET SHARE
+	exit 1
+fi
+
+CONF=$1
+SHARESEC=$2
+NET=$3
+SHARE=$4
+
+CMD="$SHARESEC $CONF $SHARE"
+NET_CMD="$NET $CONF"
+
+incdir=$(dirname $0)/../../../testprogs/blackbox
+. $incdir/subunit.sh
+
+failed=0
+
+testit "Set new ACL" $CMD --replace S-1-1-0:ALLOWED/0x0/READ ||
+	failed=$(expr $failed + 1)
+testit "Query new ACL" $CMD --view || failed=$(expr $failed + 1)
+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
+testit "Verify new ACL count" test $COUNT -eq 1 || failed=$(expr $failed + 1)
+ACL=$($CMD --view | grep ACL: | sed -e 's/^ACL://')
+testit "Verify new ACL" test $ACL = S-1-1-0:ALLOWED/0x0/READ
+
+OWNER=$($CMD --view | grep OWNER:)
+testit "Verify empty OWNER" test "$OWNER" = "OWNER:" ||
+	failed=$(expr $failed + 1)
+GROUP=$($CMD --view | grep GROUP:)
+testit "Verify empty GROUP" test "$GROUP" = "GROUP:" ||
+	failed=$(expr $failed + 1)
+CONTROL=$($CMD --view | grep CONTROL: | sed -e 's/^CONTROL://')
+testit "Verify control flags" test "$CONTROL" = "SR|DP" ||
+	failed=$(expr $failed + 1)
+
+testit "Add second ACL entry" $CMD --add S-1-5-32-544:ALLOWED/0x0/FULL ||
+	failed=$(expr $failed + 1)
+testit "Query ACL with two entries" $CMD --view ||
+	failed=$(expr $failed + 1)
+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
+testit "Verify ACL count with two entries" test $COUNT -eq 2 ||
+	failed=$(expr $failed + 1)
+ACL=$($CMD --view | grep S-1-5-32-544 | sed -e 's/^ACL://')
+testit "Verify second ACL entry" test $ACL = S-1-5-32-544:ALLOWED/0x0/FULL ||
+	failed=$(expr $failed + 1)
+
+testit "Modify ACL entry" $CMD --modify S-1-5-32-544:ALLOWED/0x0/CHANGE ||
+	failed=$(expr $failed + 1)
+testit "Verify ACL with two entries after modify" $CMD --view ||
+	failed=$(expr $failed + 1)
+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
+testit "Verify ACL count with two entries after modify" test $COUNT -eq 2 ||
+	failed=$(expr $failed + 1)
+ACL=$($CMD --view | grep S-1-5-32-544 | sed -e 's/^ACL://')
+testit "Verify modified entry" test $ACL = S-1-5-32-544:ALLOWED/0x0/CHANGE ||
+	failed=$(expr $failed + 1)
+
+testit "Add deny ACL entry" $CMD --add S-1-5-32-545:DENIED/0x0/CHANGE ||
+	failed=$(expr $failed + 1)
+testit "Query ACL with three entries" $CMD --view ||
+	failed=$(expr $failed + 1)
+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
+testit "Verify ACL count with three entries" test $COUNT -eq 3 ||
+	failed=$(expr $failed + 1)
+ACL=$($CMD --view | grep S-1-5-32-545 | sed -e 's/^ACL://')
+testit "Verify DENIED ACL entry" test $ACL = S-1-5-32-545:DENIED/0x0/CHANGE ||
+	failed=$(expr $failed + 1)
+
+testit "Add special ACL entry" $CMD --add S-1-5-32-546:ALLOWED/0x0/RWXDP ||
+	failed=$(expr $failed + 1)
+testit "Query ACL with four entries" $CMD --view ||
+	failed=$(expr $failed + 1)
+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
+testit "Verify ACL count with four entries" test $COUNT -eq 4 ||
+	failed=$(expr $failed + 1)
+ACL=$($CMD --view | grep S-1-5-32-546 | sed -e 's/^ACL://')
+testit "Verify special entry" test $ACL = S-1-5-32-546:ALLOWED/0x0/RWXDP ||
+	failed=$(expr $failed + 1)
+
+testit "Remove ACL entry" $CMD --remove S-1-5-32-546:ALLOWED/0x0/RWXDP ||
+	failed=$(expr $failed + 1)
+testit "Query ACL with three entries after removal" $CMD --view ||
+	failed=$(expr $failed + 1)
+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
+testit "Verify ACL count after removal" test $COUNT -eq 3 ||
+	failed=$(expr $failed + 1)
+ACL="$($CMD --view | grep S-1-5-32-546)"
+testit "Verify removal" test -e "$ACL" || failed=$(expr $failed + 1)
+
+testit "Set ACL as hex value" $CMD --add S-1-5-32-547:0x1/0x0/0x001F01FF ||
+	failed=$(expr $failed + 1)
+ACL="$($CMD --view | grep S-1-5-32-547 | sed -e 's/^ACL://')"
+testit "Verify numerically set entry" \
+	test "$ACL" = S-1-5-32-547:DENIED/0x0/FULL ||
+	failed=$(expr $failed + 1)
+
+testit "Set ACL as dec value" $CMD --add S-1-5-32-548:1/0/0x001F01FF ||
+	failed=$(expr $failed + 1)
+ACL="$($CMD --view | grep S-1-5-32-548 | sed -e 's/^ACL://')"
+testit "Verify numerically set entry" \
+	test "$ACL" = S-1-5-32-548:DENIED/0x0/FULL ||
+	failed=$(expr $failed + 1)
+
+testit "Set back to default ACL " $CMD --replace S-1-1-0:ALLOWED/0x0/FULL ||
+	failed=$(expr $failed + 1)
+testit "Query standard ACL" $CMD --view ||
+	failed=$(expr $failed + 1)
+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
+testit "Verify standard ACL count" test $COUNT -eq 1 ||
+	failed=$(expr $failed + 1)
+ACL=$($CMD --view | grep ACL: | sed -e 's/^ACL://')
+testit "Verify standard ACL" test $ACL = S-1-1-0:ALLOWED/0x0/FULL ||
+	failed=$(expr $failed + 1)
+
+testit "Create new share" $NET_CMD conf addshare tmp_share /tmp ||
+	failed=$(expr $failed + 1)
+testit "Change ACL" $SHARESEC $CONF --replace S-1-1-0:DENIED/0x0/FULL tmp_share ||
+	failed=$(expr $failed + 1)
+testit "Delete share" $NET_CMD conf delshare tmp_share ||
+	failed=$(expr $failed + 1)
+testit "Create share again" $NET_CMD conf addshare tmp_share /tmp ||
+	failed=$(expr $failed + 1)
+ACL=$($SHARESEC $CONF --view tmp_share | grep 'ACL:')
+testit "Check for default ACL" \
+	test "$ACL" = "ACL:S-1-1-0:ALLOWED/0x0/FULL" ||
+	failed=$(expr $failed + 1)
+
+testok $0 $failed