source3/script/tests/test_sharesec.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

#!/bin/sh
#
# Test sharesec command.
#
# Verify that changing and querying the security descriptor works. Also
# ensure that the output format for ACL entries does not change.
#
# The test uses well-known SIDs to not require looking up names and SIDs
#
# Copyright (C) 2015, 2019 Christof Schmitt

if [ $# -lt 4 ]; then
	echo Usage: test_sharesec.sh SERVERCONFFILE SHARESEC NET SHARE
	exit 1
fi

CONF=$1
SHARESEC=$2
NET=$3
SHARE=$4

CMD="$SHARESEC $CONF $SHARE"
NET_CMD="$NET $CONF"

incdir=$(dirname $0)/../../../testprogs/blackbox
. $incdir/subunit.sh

failed=0

testit "Set new ACL" $CMD --replace S-1-1-0:ALLOWED/0x0/READ ||
	failed=$(expr $failed + 1)
testit "Query new ACL" $CMD --view || failed=$(expr $failed + 1)
COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
testit "Verify new ACL count" test $COUNT -eq 1 || failed=$(expr $failed + 1)
ACL=$($CMD --view | grep ACL: | sed -e 's/^ACL://')
testit "Verify new ACL" test $ACL = S-1-1-0:ALLOWED/0x0/READ

OWNER=$($CMD --view | grep OWNER:)
testit "Verify empty OWNER" test "$OWNER" = "OWNER:" ||
	failed=$(expr $failed + 1)
GROUP=$($CMD --view | grep GROUP:)
testit "Verify empty GROUP" test "$GROUP" = "GROUP:" ||
	failed=$(expr $failed + 1)
CONTROL=$($CMD --view | grep CONTROL: | sed -e 's/^CONTROL://')
testit "Verify control flags" test "$CONTROL" = "SR|DP" ||
	failed=$(expr $failed + 1)

testit "Add second ACL entry" $CMD --add S-1-5-32-544:ALLOWED/0x0/FULL ||
	failed=$(expr $failed + 1)
testit "Query ACL with two entries" $CMD --view ||
	failed=$(expr $failed + 1)
COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
testit "Verify ACL count with two entries" test $COUNT -eq 2 ||
	failed=$(expr $failed + 1)
ACL=$($CMD --view | grep S-1-5-32-544 | sed -e 's/^ACL://')
testit "Verify second ACL entry" test $ACL = S-1-5-32-544:ALLOWED/0x0/FULL ||
	failed=$(expr $failed + 1)

testit "Modify ACL entry" $CMD --modify S-1-5-32-544:ALLOWED/0x0/CHANGE ||
	failed=$(expr $failed + 1)
testit "Verify ACL with two entries after modify" $CMD --view ||
	failed=$(expr $failed + 1)
COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
testit "Verify ACL count with two entries after modify" test $COUNT -eq 2 ||
	failed=$(expr $failed + 1)
ACL=$($CMD --view | grep S-1-5-32-544 | sed -e 's/^ACL://')
testit "Verify modified entry" test $ACL = S-1-5-32-544:ALLOWED/0x0/CHANGE ||
	failed=$(expr $failed + 1)

testit "Add deny ACL entry" $CMD --add S-1-5-32-545:DENIED/0x0/CHANGE ||
	failed=$(expr $failed + 1)
testit "Query ACL with three entries" $CMD --view ||
	failed=$(expr $failed + 1)
COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
testit "Verify ACL count with three entries" test $COUNT -eq 3 ||
	failed=$(expr $failed + 1)
ACL=$($CMD --view | grep S-1-5-32-545 | sed -e 's/^ACL://')
testit "Verify DENIED ACL entry" test $ACL = S-1-5-32-545:DENIED/0x0/CHANGE ||
	failed=$(expr $failed + 1)

testit "Add special ACL entry" $CMD --add S-1-5-32-546:ALLOWED/0x0/RWXDP ||
	failed=$(expr $failed + 1)
testit "Query ACL with four entries" $CMD --view ||
	failed=$(expr $failed + 1)
COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
testit "Verify ACL count with four entries" test $COUNT -eq 4 ||
	failed=$(expr $failed + 1)
ACL=$($CMD --view | grep S-1-5-32-546 | sed -e 's/^ACL://')
testit "Verify special entry" test $ACL = S-1-5-32-546:ALLOWED/0x0/RWXDP ||
	failed=$(expr $failed + 1)

testit "Remove ACL entry" $CMD --remove S-1-5-32-546:ALLOWED/0x0/RWXDP ||
	failed=$(expr $failed + 1)
testit "Query ACL with three entries after removal" $CMD --view ||
	failed=$(expr $failed + 1)
COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
testit "Verify ACL count after removal" test $COUNT -eq 3 ||
	failed=$(expr $failed + 1)
ACL="$($CMD --view | grep S-1-5-32-546)"
testit "Verify removal" test -e "$ACL" || failed=$(expr $failed + 1)

testit "Set ACL as hex value" $CMD --add S-1-5-32-547:0x1/0x0/0x001F01FF ||
	failed=$(expr $failed + 1)
ACL="$($CMD --view | grep S-1-5-32-547 | sed -e 's/^ACL://')"
testit "Verify numerically set entry" \
	test "$ACL" = S-1-5-32-547:DENIED/0x0/FULL ||
	failed=$(expr $failed + 1)

testit "Set ACL as dec value" $CMD --add S-1-5-32-548:1/0/0x001F01FF ||
	failed=$(expr $failed + 1)
ACL="$($CMD --view | grep S-1-5-32-548 | sed -e 's/^ACL://')"
testit "Verify numerically set entry" \
	test "$ACL" = S-1-5-32-548:DENIED/0x0/FULL ||
	failed=$(expr $failed + 1)

testit "Set back to default ACL " $CMD --replace S-1-1-0:ALLOWED/0x0/FULL ||
	failed=$(expr $failed + 1)
testit "Query standard ACL" $CMD --view ||
	failed=$(expr $failed + 1)
COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
testit "Verify standard ACL count" test $COUNT -eq 1 ||
	failed=$(expr $failed + 1)
ACL=$($CMD --view | grep ACL: | sed -e 's/^ACL://')
testit "Verify standard ACL" test $ACL = S-1-1-0:ALLOWED/0x0/FULL ||
	failed=$(expr $failed + 1)

testit "Create new share" $NET_CMD conf addshare tmp_share /tmp ||
	failed=$(expr $failed + 1)
testit "Change ACL" $SHARESEC $CONF --replace S-1-1-0:DENIED/0x0/FULL tmp_share ||
	failed=$(expr $failed + 1)
testit "Delete share" $NET_CMD conf delshare tmp_share ||
	failed=$(expr $failed + 1)
testit "Create share again" $NET_CMD conf addshare tmp_share /tmp ||
	failed=$(expr $failed + 1)
ACL=$($SHARESEC $CONF --view tmp_share | grep 'ACL:')
testit "Check for default ACL" \
	test "$ACL" = "ACL:S-1-1-0:ALLOWED/0x0/FULL" ||
	failed=$(expr $failed + 1)

testok $0 $failed