blob: d0eec66252b1a616cfac179aa33b27c179f42909 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
|
#!/bin/sh
# this tests acl_xattr config parameter "ignore system acl"
if [ $# -lt 6 ]; then
cat <<EOF
Usage: $0 SERVER USERNAME PASSWORD PREFIX SMBCLIENT SMBCACLS
EOF
exit 1
fi
SERVER="$1"
USERNAME="$2"
PASSWORD="$3"
PREFIX="$4"
SMBCLIENT="$5"
SMBCACLS="$6"
shift 6
ADDARGS="$*"
SMBCLIENT="$VALGRIND ${SMBCLIENT} ${ADDARGS}"
SMBCACLS="$VALGRIND ${SMBCACLS} ${ADDARGS}"
incdir=$(dirname $0)/../../../testprogs/blackbox
. $incdir/subunit.sh
setup_remote_file()
{
local share=$1
local fname="$share.$$"
local local_fname=$PREFIX/$fname
touch $local_fname
$SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "rm $fname"
$SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "ls" | grep "$fname" && exit 1
$SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "lcd $PREFIX; put $fname" || exit 1
}
smbcacls_x()
{
local share=$1
local fname="$share.$$"
# skip with SMB1
echo "$ADDARGS" | grep mNT1 && exit 0
$SMBCACLS //$SERVER/$share $fname -U $USERNAME%$PASSWORD "$fname" -x || exit 1
mxac=$($SMBCACLS //$SERVER/$share $fname -U $USERNAME%$PASSWORD "$fname" -x | awk '/Maximum access/ {print $3}')
echo "mxac: $mxac"
if test "$mxac" != "0x1f01ff"; then
exit 1
fi
}
nt_affects_posix()
{
local share=$1
local expected=$2
local b4
local af
local fname="$share.$$"
b4=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "posix; getfacl $fname" 2>/dev/null) || exit 1
$SMBCACLS //$SERVER/$share $fname -U $USERNAME%$PASSWORD -a "ACL:$SERVER\force_user:ALLOWED/0x0/READ" 2>/dev/null || exit 1
af=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "posix; getfacl $fname" 2>/dev/null) || exit 1
echo "before: $b4"
echo "after: $af"
echo "${b4}" | grep -q "^# owner:" || exit 1
echo "${af}" | grep -q "^# owner:" || exit 1
if test "$expected" = "true"; then
test "$b4" != "$af"
else
test "$b4" = "$af"
fi
}
nt_affects_chown()
{
local share=$1
local b4_expected
local af_expected
local b4_actual
local af_actual
local fname="$share.$$"
echo -n "determining uid of $USERNAME..."
b4_expected=$(getent passwd $USERNAME) || exit 1
b4_expected=$(echo "$b4_expected" | awk -F: '{print $3}')
echo "$b4_expected"
echo -n "determining uid of force_user..."
af_expected=$(getent passwd force_user) || exit 1
af_expected=$(echo "$af_expected" | awk -F: '{print $3}')
echo "$af_expected"
#basic sanity...
test "$b4_expected != $af_expected" || exit 1
b4_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "posix; getfacl $fname" 2>/dev/null) || exit 1
echo "${b4_actual}" | grep -q "^# owner:" || exit 1
b4_actual=$(echo "$b4_actual" | sed -rn 's/^# owner: (.*)/\1/p')
$SMBCACLS //$SERVER/$share $fname -U $USERNAME%$PASSWORD -a "ACL:$SERVER\force_user:ALLOWED/0x0/FULL" || exit 1
$SMBCACLS //$SERVER/$share $fname -U force_user%$PASSWORD -C force_user 2>/dev/null || exit 1
af_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "posix; getfacl $fname" 2>/dev/null) || exit 1
echo "${af_actual}" | grep -q "^# owner:" || exit 1
af_actual=$(echo "$af_actual" | sed -rn 's/^# owner: (.*)/\1/p')
echo "before: $b4_actual"
echo "after: $af_actual"
test "$b4_expected" = "$b4_actual" && test "$af_expected" = "$af_actual"
}
nt_affects_chgrp()
{
local share=$1
local b4_expected
local af_expected
local b4_actual
local af_actual
local fname="$share.$$"
echo -n "determining gid of domusers..."
b4_expected=$(getent group domusers) || exit 1
b4_expected=$(echo "$b4_expected" | awk -F: '{print $3}')
echo "$b4_expected"
echo -n "determining gid of domadmins..."
af_expected=$(getent group domadmins) || exit 1
af_expected=$(echo "$af_expected" | awk -F: '{print $3}')
echo "$af_expected"
#basic sanity...
test "$b4_expected" != "$af_expected" || exit 1
b4_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "posix; getfacl $fname" 2>/dev/null) || exit 1
echo "${b4_actual}" | grep -q "^# group:" || exit 1
b4_actual=$(echo "$b4_actual" | sed -rn 's/^# group: (.*)/\1/p')
$SMBCACLS //$SERVER/$share $fname -U $USERNAME%$PASSWORD -G domadmins 2>/dev/null || exit 1
af_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "posix; getfacl $fname" 2>/dev/null) || exit 1
echo "${af_actual}" | grep -q "^# group:" || exit 1
af_actual=$(echo "$af_actual" | sed -rn 's/^# group: (.*)/\1/p')
echo "before: $b4_actual"
echo "after: $af_actual"
test "$af_expected" != "$b4_actual" && test "$af_expected" = "$af_actual"
}
testit "setup remote file tmp" setup_remote_file tmp
testit "setup remote file ign_sysacls" setup_remote_file ign_sysacls
testit "smbcacls -x" smbcacls_x tmp
testit "nt_affects_posix tmp" nt_affects_posix tmp "true"
testit "nt_affects_posix ign_sysacls" nt_affects_posix ign_sysacls "false"
testit "setup remote file tmp" setup_remote_file tmp
testit "setup remote file ign_sysacls" setup_remote_file ign_sysacls
testit "nt_affects_chown tmp" nt_affects_chown tmp
testit "nt_affects_chown ign_sysacls" nt_affects_chown ign_sysacls
testit "setup remote file tmp" setup_remote_file tmp
testit "setup remote file ign_sysacls" setup_remote_file ign_sysacls
testit "nt_affects_chgrp tmp" nt_affects_chgrp tmp
testit "nt_affects_chgrp ign_sysacls" nt_affects_chgrp ign_sysacls
|
