3 # Test sharesec command.
5 # Verify that changing and querying the security descriptor works. Also
6 # ensure that the output format for ACL entries does not change.
8 # The test uses well-known SIDs to not require looking up names and SIDs
10 # Copyright (C) 2015, 2019 Christof Schmitt
13 echo Usage
: test_sharesec.sh SERVERCONFFILE SHARESEC NET SHARE
22 CMD
="$SHARESEC $CONF $SHARE"
25 incdir
=$
(dirname $0)/..
/..
/..
/testprogs
/blackbox
30 testit
"Set new ACL" $CMD --replace S-1-1-0
:ALLOWED
/0x0/READ ||
31 failed
=$
(expr $failed + 1)
32 testit
"Query new ACL" $CMD --view || failed
=$
(expr $failed + 1)
33 COUNT
=$
($CMD --view |
grep ACL
: |
sed -e 's/^ACL://' |
wc -l)
34 testit
"Verify new ACL count" test $COUNT -eq 1 || failed
=$
(expr $failed + 1)
35 ACL
=$
($CMD --view |
grep ACL
: |
sed -e 's/^ACL://')
36 testit
"Verify new ACL" test $ACL = S-1-1-0
:ALLOWED
/0x0/READ
38 OWNER
=$
($CMD --view |
grep OWNER
:)
39 testit
"Verify empty OWNER" test "$OWNER" = "OWNER:" ||
40 failed
=$
(expr $failed + 1)
41 GROUP
=$
($CMD --view |
grep GROUP
:)
42 testit
"Verify empty GROUP" test "$GROUP" = "GROUP:" ||
43 failed
=$
(expr $failed + 1)
44 CONTROL
=$
($CMD --view |
grep CONTROL
: |
sed -e 's/^CONTROL://')
45 testit
"Verify control flags" test "$CONTROL" = "SR|DP" ||
46 failed
=$
(expr $failed + 1)
48 testit
"Add second ACL entry" $CMD --add S-1-5-32-544
:ALLOWED
/0x0/FULL ||
49 failed
=$
(expr $failed + 1)
50 testit
"Query ACL with two entries" $CMD --view ||
51 failed
=$
(expr $failed + 1)
52 COUNT
=$
($CMD --view |
grep ACL
: |
sed -e 's/^ACL://' |
wc -l)
53 testit
"Verify ACL count with two entries" test $COUNT -eq 2 ||
54 failed
=$
(expr $failed + 1)
55 ACL
=$
($CMD --view |
grep S-1-5-32-544 |
sed -e 's/^ACL://')
56 testit
"Verify second ACL entry" test $ACL = S-1-5-32-544
:ALLOWED
/0x0/FULL ||
57 failed
=$
(expr $failed + 1)
59 testit
"Modify ACL entry" $CMD --modify S-1-5-32-544
:ALLOWED
/0x0/CHANGE ||
60 failed
=$
(expr $failed + 1)
61 testit
"Verify ACL with two entries after modify" $CMD --view ||
62 failed
=$
(expr $failed + 1)
63 COUNT
=$
($CMD --view |
grep ACL
: |
sed -e 's/^ACL://' |
wc -l)
64 testit
"Verify ACL count with two entries after modify" test $COUNT -eq 2 ||
65 failed
=$
(expr $failed + 1)
66 ACL
=$
($CMD --view |
grep S-1-5-32-544 |
sed -e 's/^ACL://')
67 testit
"Verify modified entry" test $ACL = S-1-5-32-544
:ALLOWED
/0x0/CHANGE ||
68 failed
=$
(expr $failed + 1)
70 testit
"Add deny ACL entry" $CMD --add S-1-5-32-545
:DENIED
/0x0/CHANGE ||
71 failed
=$
(expr $failed + 1)
72 testit
"Query ACL with three entries" $CMD --view ||
73 failed
=$
(expr $failed + 1)
74 COUNT
=$
($CMD --view |
grep ACL
: |
sed -e 's/^ACL://' |
wc -l)
75 testit
"Verify ACL count with three entries" test $COUNT -eq 3 ||
76 failed
=$
(expr $failed + 1)
77 ACL
=$
($CMD --view |
grep S-1-5-32-545 |
sed -e 's/^ACL://')
78 testit
"Verify DENIED ACL entry" test $ACL = S-1-5-32-545
:DENIED
/0x0/CHANGE ||
79 failed
=$
(expr $failed + 1)
81 testit
"Add special ACL entry" $CMD --add S-1-5-32-546
:ALLOWED
/0x0/RWXDP ||
82 failed
=$
(expr $failed + 1)
83 testit
"Query ACL with four entries" $CMD --view ||
84 failed
=$
(expr $failed + 1)
85 COUNT
=$
($CMD --view |
grep ACL
: |
sed -e 's/^ACL://' |
wc -l)
86 testit
"Verify ACL count with four entries" test $COUNT -eq 4 ||
87 failed
=$
(expr $failed + 1)
88 ACL
=$
($CMD --view |
grep S-1-5-32-546 |
sed -e 's/^ACL://')
89 testit
"Verify special entry" test $ACL = S-1-5-32-546
:ALLOWED
/0x0/RWXDP ||
90 failed
=$
(expr $failed + 1)
92 testit
"Remove ACL entry" $CMD --remove S-1-5-32-546
:ALLOWED
/0x0/RWXDP ||
93 failed
=$
(expr $failed + 1)
94 testit
"Query ACL with three entries after removal" $CMD --view ||
95 failed
=$
(expr $failed + 1)
96 COUNT
=$
($CMD --view |
grep ACL
: |
sed -e 's/^ACL://' |
wc -l)
97 testit
"Verify ACL count after removal" test $COUNT -eq 3 ||
98 failed
=$
(expr $failed + 1)
99 ACL
="$($CMD --view | grep S-1-5-32-546)"
100 testit
"Verify removal" test -e "$ACL" || failed
=$
(expr $failed + 1)
102 testit
"Set ACL as hex value" $CMD --add S-1-5-32-547
:0x1/0x0/0x001F01FF ||
103 failed
=$
(expr $failed + 1)
104 ACL
="$($CMD --view | grep S-1-5-32-547 | sed -e 's/^ACL://')"
105 testit
"Verify numerically set entry" \
106 test "$ACL" = S-1-5-32-547
:DENIED
/0x0/FULL ||
107 failed
=$
(expr $failed + 1)
109 testit
"Set ACL as dec value" $CMD --add S-1-5-32-548
:1/0/0x001F01FF ||
110 failed
=$
(expr $failed + 1)
111 ACL
="$($CMD --view | grep S-1-5-32-548 | sed -e 's/^ACL://')"
112 testit
"Verify numerically set entry" \
113 test "$ACL" = S-1-5-32-548
:DENIED
/0x0/FULL ||
114 failed
=$
(expr $failed + 1)
116 testit
"Set back to default ACL " $CMD --replace S-1-1-0
:ALLOWED
/0x0/FULL ||
117 failed
=$
(expr $failed + 1)
118 testit
"Query standard ACL" $CMD --view ||
119 failed
=$
(expr $failed + 1)
120 COUNT
=$
($CMD --view |
grep ACL
: |
sed -e 's/^ACL://' |
wc -l)
121 testit
"Verify standard ACL count" test $COUNT -eq 1 ||
122 failed
=$
(expr $failed + 1)
123 ACL
=$
($CMD --view |
grep ACL
: |
sed -e 's/^ACL://')
124 testit
"Verify standard ACL" test $ACL = S-1-1-0
:ALLOWED
/0x0/FULL ||
125 failed
=$
(expr $failed + 1)
127 testit
"Create new share" $NET_CMD conf addshare tmp_share
/tmp ||
128 failed
=$
(expr $failed + 1)
129 testit
"Change ACL" $SHARESEC $CONF --replace S-1-1-0
:DENIED
/0x0/FULL tmp_share ||
130 failed
=$
(expr $failed + 1)
131 testit
"Delete share" $NET_CMD conf delshare tmp_share ||
132 failed
=$
(expr $failed + 1)
133 testit
"Create share again" $NET_CMD conf addshare tmp_share
/tmp ||
134 failed
=$
(expr $failed + 1)
135 ACL
=$
($SHARESEC $CONF --view tmp_share |
grep 'ACL:')
136 testit
"Check for default ACL" \
137 test "$ACL" = "ACL:S-1-1-0:ALLOWED/0x0/FULL" ||
138 failed
=$
(expr $failed + 1)