diff options
Diffstat (limited to 'source3/script/tests/test_acl_xattr.sh')
| -rwxr-xr-x | source3/script/tests/test_acl_xattr.sh | 156 |
1 files changed, 156 insertions, 0 deletions
diff --git a/source3/script/tests/test_acl_xattr.sh b/source3/script/tests/test_acl_xattr.sh new file mode 100755 index 0000000..d0eec66 --- /dev/null +++ b/source3/script/tests/test_acl_xattr.sh @@ -0,0 +1,156 @@ +#!/bin/sh + +# this tests acl_xattr config parameter "ignore system acl" + +if [ $# -lt 6 ]; then + cat <<EOF +Usage: $0 SERVER USERNAME PASSWORD PREFIX SMBCLIENT SMBCACLS +EOF + exit 1 +fi + +SERVER="$1" +USERNAME="$2" +PASSWORD="$3" +PREFIX="$4" +SMBCLIENT="$5" +SMBCACLS="$6" +shift 6 +ADDARGS="$*" +SMBCLIENT="$VALGRIND ${SMBCLIENT} ${ADDARGS}" +SMBCACLS="$VALGRIND ${SMBCACLS} ${ADDARGS}" + +incdir=$(dirname $0)/../../../testprogs/blackbox +. $incdir/subunit.sh + +setup_remote_file() +{ + local share=$1 + local fname="$share.$$" + local local_fname=$PREFIX/$fname + touch $local_fname + $SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "rm $fname" + $SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "ls" | grep "$fname" && exit 1 + $SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "lcd $PREFIX; put $fname" || exit 1 +} + +smbcacls_x() +{ + local share=$1 + local fname="$share.$$" + + # skip with SMB1 + echo "$ADDARGS" | grep mNT1 && exit 0 + + $SMBCACLS //$SERVER/$share $fname -U $USERNAME%$PASSWORD "$fname" -x || exit 1 + mxac=$($SMBCACLS //$SERVER/$share $fname -U $USERNAME%$PASSWORD "$fname" -x | awk '/Maximum access/ {print $3}') + + echo "mxac: $mxac" + if test "$mxac" != "0x1f01ff"; then + exit 1 + fi +} + +nt_affects_posix() +{ + local share=$1 + local expected=$2 + local b4 + local af + local fname="$share.$$" + b4=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "posix; getfacl $fname" 2>/dev/null) || exit 1 + $SMBCACLS //$SERVER/$share $fname -U $USERNAME%$PASSWORD -a "ACL:$SERVER\force_user:ALLOWED/0x0/READ" 2>/dev/null || exit 1 + af=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "posix; getfacl $fname" 2>/dev/null) || exit 1 + echo "before: $b4" + echo "after: $af" + echo "${b4}" | grep -q "^# owner:" || exit 1 + echo "${af}" | grep -q "^# owner:" || exit 1 + if test "$expected" = "true"; then + test "$b4" != "$af" + else + test "$b4" = "$af" + fi +} + +nt_affects_chown() +{ + local share=$1 + local b4_expected + local af_expected + local b4_actual + local af_actual + local fname="$share.$$" + + echo -n "determining uid of $USERNAME..." + b4_expected=$(getent passwd $USERNAME) || exit 1 + b4_expected=$(echo "$b4_expected" | awk -F: '{print $3}') + echo "$b4_expected" + + echo -n "determining uid of force_user..." + af_expected=$(getent passwd force_user) || exit 1 + af_expected=$(echo "$af_expected" | awk -F: '{print $3}') + echo "$af_expected" + + #basic sanity... + test "$b4_expected != $af_expected" || exit 1 + + b4_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "posix; getfacl $fname" 2>/dev/null) || exit 1 + echo "${b4_actual}" | grep -q "^# owner:" || exit 1 + b4_actual=$(echo "$b4_actual" | sed -rn 's/^# owner: (.*)/\1/p') + $SMBCACLS //$SERVER/$share $fname -U $USERNAME%$PASSWORD -a "ACL:$SERVER\force_user:ALLOWED/0x0/FULL" || exit 1 + $SMBCACLS //$SERVER/$share $fname -U force_user%$PASSWORD -C force_user 2>/dev/null || exit 1 + af_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "posix; getfacl $fname" 2>/dev/null) || exit 1 + echo "${af_actual}" | grep -q "^# owner:" || exit 1 + af_actual=$(echo "$af_actual" | sed -rn 's/^# owner: (.*)/\1/p') + echo "before: $b4_actual" + echo "after: $af_actual" + test "$b4_expected" = "$b4_actual" && test "$af_expected" = "$af_actual" +} + +nt_affects_chgrp() +{ + local share=$1 + local b4_expected + local af_expected + local b4_actual + local af_actual + local fname="$share.$$" + + echo -n "determining gid of domusers..." + b4_expected=$(getent group domusers) || exit 1 + b4_expected=$(echo "$b4_expected" | awk -F: '{print $3}') + echo "$b4_expected" + + echo -n "determining gid of domadmins..." + af_expected=$(getent group domadmins) || exit 1 + af_expected=$(echo "$af_expected" | awk -F: '{print $3}') + echo "$af_expected" + + #basic sanity... + test "$b4_expected" != "$af_expected" || exit 1 + + b4_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "posix; getfacl $fname" 2>/dev/null) || exit 1 + echo "${b4_actual}" | grep -q "^# group:" || exit 1 + b4_actual=$(echo "$b4_actual" | sed -rn 's/^# group: (.*)/\1/p') + $SMBCACLS //$SERVER/$share $fname -U $USERNAME%$PASSWORD -G domadmins 2>/dev/null || exit 1 + af_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "posix; getfacl $fname" 2>/dev/null) || exit 1 + echo "${af_actual}" | grep -q "^# group:" || exit 1 + af_actual=$(echo "$af_actual" | sed -rn 's/^# group: (.*)/\1/p') + echo "before: $b4_actual" + echo "after: $af_actual" + test "$af_expected" != "$b4_actual" && test "$af_expected" = "$af_actual" +} + +testit "setup remote file tmp" setup_remote_file tmp +testit "setup remote file ign_sysacls" setup_remote_file ign_sysacls +testit "smbcacls -x" smbcacls_x tmp +testit "nt_affects_posix tmp" nt_affects_posix tmp "true" +testit "nt_affects_posix ign_sysacls" nt_affects_posix ign_sysacls "false" +testit "setup remote file tmp" setup_remote_file tmp +testit "setup remote file ign_sysacls" setup_remote_file ign_sysacls +testit "nt_affects_chown tmp" nt_affects_chown tmp +testit "nt_affects_chown ign_sysacls" nt_affects_chown ign_sysacls +testit "setup remote file tmp" setup_remote_file tmp +testit "setup remote file ign_sysacls" setup_remote_file ign_sysacls +testit "nt_affects_chgrp tmp" nt_affects_chgrp tmp +testit "nt_affects_chgrp ign_sysacls" nt_affects_chgrp ign_sysacls |