search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
WHATSNEW: Add release notes for Samba 4.19.5.
[Samba.git] / testprogs / blackbox / test_samba-tool_ntacl.sh
blob1571b1a72c5de4d2f1a892e161c30fe73b48f5b1
1 #!/bin/sh
2 # Blackbox tests for samba-tool ntacl get/set on member server
3 # Copyright (C) 2018 Björn Baumbach <bb@sernet.de>
4
5 if [ $# -ne 3 ]; then
6 echo "Usage: test_samba-tool_ntacl.sh PREFIX DOMSID CONFIGURATION"
7 exit 1
8 fi
9
10 set -u
11 set -e
12
13 PREFIX=$1
14 domain_sid=$2
15 CONFIGURATION=$3
16
17 failed=0
18
19 samba4bindir="$BINDIR"
20 samba_tool="$samba4bindir/samba-tool"
21
22 testdirtop="$PREFIX/ntacl_testdirtop"
23 testfile="$testdirtop/testfile"
24 testdir1="$testdirtop/dir1"
25 testdir1f="$testdirtop/dir1/file"
26 testdir1l="$testdirtop/dir1/symlink"
27
28 # acl from samba_tool/ntacl.py tests
29 acl="O:DAG:DUD:P(A;OICI;FA;;;DA)(A;OICI;FA;;;EA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;DA)(A;OICI;FA;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
30 new_acl="O:S-1-5-21-2212615479-2695158682-2101375468-512G:S-1-5-21-2212615479-2695158682-2101375468-513D:P(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-519)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;FA;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
31 new_domain_sid="S-1-5-21-2212615479-2695158682-2101375468"
32
33 acl_without_padding=$(echo -n "$acl" | perl -p -e 's/0x00/0x/g')
34 new_acl_without_padding=$(echo -n "$new_acl" | perl -p -e 's/0x00/0x/g')
35
36 . $(dirname $0)/subunit.sh
37
38 test_get_acl()
39 {
40 testfile="$1"
41 exptextedacl="$2"
42 shift 2
43
44 retacl=$($PYTHON $samba_tool ntacl get "$testfile" --as-sddl "$@") || return $?
45
46 test "$retacl" = "$exptextedacl"
47 }
48
49 test_set_acl()
50 {
51 testfile="$1"
52 acl="$2"
53 shift 2
54
55 $PYTHON $samba_tool ntacl set "$acl" "$testfile" "$@"
56 }
57
58 test_get_acl_ntvfs()
59 {
60 testfile="$1"
61 exptextedacl="$2"
62
63 retacl=$($PYTHON $samba_tool ntacl get "$testfile" --as-sddl --use-ntvfs --xattr-backend=tdb $CONFIGURATION) || return $?
64
65 test "$retacl" = "$exptextedacl"
66 }
67
68 test_set_acl_ntvfs()
69 {
70 testfile="$1"
71 acl="$2"
72
73 $PYTHON $samba_tool ntacl set "$acl" "$testfile" --use-ntvfs --xattr-backend=tdb $CONFIGURATION
74 }
75
76 test_changedomsid()
77 {
78 testfile="$1"
79 shift 1
80
81 $PYTHON $samba_tool ntacl changedomsid \
82 "$domain_sid" "$new_domain_sid" "$testfile" \
83 --service=tmp \
84 $CONFIGURATION "$@"
85 }
86
87 test_changedomsid_ntvfs()
88 {
89 testfile="$1"
90
91 $PYTHON $samba_tool ntacl changedomsid \
92 "$domain_sid" "$new_domain_sid" "$testfile" \
93 --use-ntvfs \
94 --xattr-backend=tdb \
95 $CONFIGURATION
96
97 retacl=$($PYTHON $samba_tool ntacl get \
98 "$testfile" \
99 --as-sddl \
100 --xattr-backend=tdb \
101 --use-ntvfs \
102 $CONFIGURATION) || return $?
103 test "$retacl" = "$new_acl_without_padding"
104 }
105
106 # work around include error - s4-loadparm does not allow missing include files
107 #
108 # Unable to load file /home/bbaumba/src/git/samba/st/ad_member/lib/server.conf
109 # File "bin/python/samba/netcmd/__init__.py", line 183, in _run
110 # return self.run(*args, **kwargs)
111 # File "bin/python/samba/netcmd/ntacl.py", line 175, in run
112 # lp = sambaopts.get_loadparm()
113 # File "bin/python/samba/getopt.py", line 92, in get_loadparm
114 # self._lp.load(os.getenv("SMB_CONF_PATH"))
115 # Processing section "[global]"
116 touch "$(dirname $SMB_CONF_PATH)/error_inject.conf"
117 touch "$(dirname $SMB_CONF_PATH)/delay_inject.conf"
118
119 mkdir "$testdirtop"
120 touch "$testfile"
121 mkdir "$testdir1"
122 touch "$testdir1f"
123 ln -s "$testfile" "$testdir1l"
124
125 testit "set_ntacl" test_set_acl "$testfile" "$acl" || failed=$(expr $failed + 1)
126
127 testit "get_ntacl" test_get_acl "$testfile" "$acl_without_padding" || failed=$(expr $failed + 1)
128
129 testit "changedomsid" test_changedomsid "$testfile" || failed=$(expr $failed + 1)
130 testit "get_ntacl_after_changedomsid" \
131 test_get_acl "$testfile" "$new_acl_without_padding" \
132 --service=tmp \
133 $CONFIGURATION \
134 || failed=$(expr $failed + 1)
135
136 testit "set_ntacl_ntvfs" test_set_acl_ntvfs "$testfile" "$acl" || failed=$(expr $failed + 1)
137 testit "get_ntacl_ntvfs" test_get_acl_ntvfs "$testfile" "$acl_without_padding" || \
138 failed=$(expr $failed + 1)
139
140 testit "changedomsid_ntvfs" test_changedomsid_ntvfs "$testfile" || failed=$(expr $failed + 1)
141
142 testit_grep "set_ntacl_recursive1 testdirtop" \
143 "ignored symlink: $testdirtop" \
144 test_set_acl "$testdirtop" "$acl" --recursive || failed=$(expr $failed + 1)
145 testit "get_ntacl_after_set_recursive1 testdirtop" \
146 test_get_acl "$testdirtop" "$acl_without_padding" \
147 --service=tmp \
148 $CONFIGURATION \
149 || failed=$(expr $failed + 1)
150 testit "get_ntacl_after_set_recursive1 testfile" \
151 test_get_acl "$testfile" "$acl_without_padding" \
152 --service=tmp \
153 $CONFIGURATION \
154 || failed=$(expr $failed + 1)
155 testit "get_ntacl_after_set_recursive1 testdir1" \
156 test_get_acl "$testdir1" "$acl_without_padding" \
157 --service=tmp \
158 $CONFIGURATION \
159 || failed=$(expr $failed + 1)
160 testit "get_ntacl_after_set_recursive1 testdir1f" \
161 test_get_acl "$testdir1f" "$acl_without_padding" \
162 --service=tmp \
163 $CONFIGURATION \
164 || failed=$(expr $failed + 1)
165
166 testit_grep "changedomsid_recursive1 testdir1" \
167 "ignored symlink: $testdir1l" \
168 test_changedomsid "$testdir1" --recursive || failed=$(expr $failed + 1)
169 testit "get_ntacl_after_changedomsid_recursive1 testdirtop" \
170 test_get_acl "$testdirtop" "$acl_without_padding" \
171 --service=tmp \
172 $CONFIGURATION \
173 || failed=$(expr $failed + 1)
174 testit "get_ntacl_after_changedomsid_recursive1 testfile" \
175 test_get_acl "$testfile" "$acl_without_padding" \
176 --service=tmp \
177 $CONFIGURATION \
178 || failed=$(expr $failed + 1)
179 testit "get_ntacl_after_changedomsid_recursive1 testdir1" \
180 test_get_acl "$testdir1" "$new_acl_without_padding" \
181 --service=tmp \
182 $CONFIGURATION \
183 || failed=$(expr $failed + 1)
184 testit "get_ntacl_after_changedomsid_recursive1 testdir1f" \
185 test_get_acl "$testdir1f" "$new_acl_without_padding" \
186 --service=tmp \
187 $CONFIGURATION \
188 || failed=$(expr $failed + 1)
189
190 testit_grep "changedomsid_recursive2 testdirtop" \
191 "ignored symlink: $testdir1l" \
192 test_changedomsid "$testdirtop" --recursive || failed=$(expr $failed + 1)
193 testit "get_ntacl_after_changedomsid_recursive2 testdirtop" \
194 test_get_acl "$testdirtop" "$new_acl_without_padding" \
195 --service=tmp \
196 $CONFIGURATION \
197 || failed=$(expr $failed + 1)
198 testit "get_ntacl_after_changedomsid_recursive2 testfile" \
199 test_get_acl "$testfile" "$new_acl_without_padding" \
200 --service=tmp \
201 $CONFIGURATION \
202 || failed=$(expr $failed + 1)
203 testit "get_ntacl_after_changedomsid_recursive2 testdir1" \
204 test_get_acl "$testdir1" "$new_acl_without_padding" \
205 --service=tmp \
206 $CONFIGURATION \
207 || failed=$(expr $failed + 1)
208 testit "get_ntacl_after_changedomsid_recursive2 testdir1f" \
209 test_get_acl "$testdir1f" "$new_acl_without_padding" \
210 --service=tmp \
211 $CONFIGURATION \
212 || failed=$(expr $failed + 1)
213
214 testit_grep "set_ntacl_recursive2 testdir1" \
215 "ignored symlink: $testdir1l" \
216 test_set_acl "$testdir1" "$acl" --recursive || failed=$(expr $failed + 1)
217 testit "get_ntacl_after_set_recursive2 testdirtop" \
218 test_get_acl "$testdirtop" "$new_acl_without_padding" \
219 --service=tmp \
220 $CONFIGURATION \
221 || failed=$(expr $failed + 1)
222 testit "get_ntacl_after_set_recursive2 testfile" \
223 test_get_acl "$testfile" "$new_acl_without_padding" \
224 --service=tmp \
225 $CONFIGURATION \
226 || failed=$(expr $failed + 1)
227 testit "get_ntacl_after_set_recursive2 testdir1" \
228 test_get_acl "$testdir1" "$acl_without_padding" \
229 --service=tmp \
230 $CONFIGURATION \
231 || failed=$(expr $failed + 1)
232 testit "get_ntacl_after_set_recursive2 testdir1f" \
233 test_get_acl "$testdir1f" "$acl_without_padding" \
234 --service=tmp \
235 $CONFIGURATION \
236 || failed=$(expr $failed + 1)
237
238 testit_grep "set_ntacl_recursive3 testdir1" \
239 "symlink: $testdir1l" \
240 test_set_acl "$testdir1" "$acl" --recursive --follow-symlinks --verbose || failed=$(expr $failed + 1)
241 testit "get_ntacl_after_set_recursive3 testdirtop" \
242 test_get_acl "$testdirtop" "$new_acl_without_padding" \
243 --service=tmp \
244 $CONFIGURATION \
245 || failed=$(expr $failed + 1)
246 testit "get_ntacl_after_set_recursive3 testfile" \
247 test_get_acl "$testfile" "$acl_without_padding" \
248 --service=tmp \
249 $CONFIGURATION \
250 || failed=$(expr $failed + 1)
251 testit "get_ntacl_after_set_recursive3 testdir1" \
252 test_get_acl "$testdir1" "$acl_without_padding" \
253 --service=tmp \
254 $CONFIGURATION \
255 || failed=$(expr $failed + 1)
256 testit "get_ntacl_after_set_recursive3 testdir1f" \
257 test_get_acl "$testdir1f" "$acl_without_padding" \
258 --service=tmp \
259 $CONFIGURATION \
260 || failed=$(expr $failed + 1)
261
262 rm -rf "$testdirtop"
263
264 exit $failed
Samba GIT mirror