s3-libsmb: Generalise cli_state in smb2 read calls
[Samba.git] / testsuite / smbd / se_access_check_printer.c
blobe2645c68549460286dcdf9f933e743d26ba84f2f
1 /*
2 Unix SMB/Netbios implementation.
3 Version 1.9.
4 Security context tests
5 Copyright (C) Tim Potter 2000
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "includes.h"
22 #include "se_access_check_utils.h"
24 /* Globals */
26 BOOL failed;
27 SEC_DESC *sd;
29 struct ace_entry acl_printer[] = {
31 /* Everyone is allowed to print */
33 { SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_ACE_FLAG_CONTAINER_INHERIT,
34 PRINTER_ACE_PRINT, "S-1-1-0" },
36 /* Except for user0 who uses too much paper */
38 { SEC_ACE_TYPE_ACCESS_DENIED, SEC_ACE_FLAG_CONTAINER_INHERIT,
39 PRINTER_ACE_FULL_CONTROL, "user0" },
41 /* Users 1 and 2 can manage documents */
43 { SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_ACE_FLAG_CONTAINER_INHERIT,
44 PRINTER_ACE_MANAGE_DOCUMENTS, "user1" },
46 { SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_ACE_FLAG_CONTAINER_INHERIT,
47 PRINTER_ACE_MANAGE_DOCUMENTS, "user2" },
49 /* Domain Admins can also manage documents */
51 { SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_ACE_FLAG_CONTAINER_INHERIT,
52 PRINTER_ACE_MANAGE_DOCUMENTS, "Domain Admins" },
54 /* User 3 is da man */
56 { SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_ACE_FLAG_CONTAINER_INHERIT,
57 PRINTER_ACE_FULL_CONTROL, "user3" },
59 { 0, 0, 0, NULL}
62 BOOL test_user(char *username, uint32 acc_desired, uint32 *acc_granted)
64 struct passwd *pw;
65 uint32 status;
67 if (!(pw = getpwnam(username))) {
68 printf("FAIL: could not lookup user info for %s\n",
69 username);
70 exit(1);
73 return se_access_check(sd, pw->pw_uid, pw->pw_gid, 0, NULL,
74 acc_desired, acc_granted, &status);
77 static char *pace_str(uint32 ace_flags)
79 if ((ace_flags & PRINTER_ACE_FULL_CONTROL) ==
80 PRINTER_ACE_FULL_CONTROL) return "full control";
82 if ((ace_flags & PRINTER_ACE_MANAGE_DOCUMENTS) ==
83 PRINTER_ACE_MANAGE_DOCUMENTS) return "manage documents";
85 if ((ace_flags & PRINTER_ACE_PRINT) == PRINTER_ACE_PRINT)
86 return "print";
88 return "UNKNOWN";
91 uint32 perms[] = {
92 PRINTER_ACE_PRINT,
93 PRINTER_ACE_FULL_CONTROL,
94 PRINTER_ACE_MANAGE_DOCUMENTS,
98 void runtest(void)
100 uint32 acc_granted;
101 BOOL result;
102 int i, j;
104 for (i = 0; perms[i]; i++) {
106 /* Test 10 users */
108 for (j = 0; j < 10; j++) {
109 fstring name;
111 /* Test user against ACL */
113 snprintf(name, sizeof(fstring), "%s/user%d",
114 getenv("TEST_WORKGROUP"), j);
116 result = test_user(name, perms[i], &acc_granted);
118 printf("%s: %s %s 0x%08x\n", name,
119 pace_str(perms[i]),
120 result ? "TRUE " : "FALSE", acc_granted);
122 /* Check results */
124 switch (perms[i]) {
126 case PRINTER_ACE_PRINT: {
127 if (!result || acc_granted !=
128 PRINTER_ACE_PRINT) {
129 printf("FAIL: user %s can't print\n",
130 name);
131 failed = True;
133 break;
136 case PRINTER_ACE_FULL_CONTROL: {
137 if (j == 3) {
138 if (!result || acc_granted !=
139 PRINTER_ACE_FULL_CONTROL) {
140 printf("FAIL: user %s doesn't "
141 "have full control\n",
142 name);
143 failed = True;
145 } else {
146 if (result || acc_granted != 0) {
147 printf("FAIL: user %s has full "
148 "control\n", name);
149 failed = True;
152 break;
154 case PRINTER_ACE_MANAGE_DOCUMENTS: {
155 if (j == 1 || j == 2) {
156 if (!result || acc_granted !=
157 PRINTER_ACE_MANAGE_DOCUMENTS) {
158 printf("FAIL: user %s can't "
159 "manage documents\n",
160 name);
161 failed = True;
163 } else {
164 if (result || acc_granted != 0) {
165 printf("FAIL: user %s can "
166 "manage documents\n",
167 name);
168 failed = True;
171 break;
174 default:
175 printf("FAIL: internal error\n");
176 exit(1);
182 /* Main function */
184 int main(int argc, char **argv)
186 /* Initialisation */
188 generate_wellknown_sids();
190 /* Create security descriptor */
192 sd = build_sec_desc(acl_printer, NULL, NULL_SID, NULL_SID);
194 if (!sd) {
195 printf("FAIL: could not build security descriptor\n");
196 return 1;
199 /* Run test */
201 runtest();
203 /* Return */
205 if (!failed) {
206 printf("PASS\n");
207 return 0;
210 return 1;