3 # Test sharesec command.
5 # Verify that changing and querying the security descriptor works. Also
6 # ensure that the output format for ACL entries does not change.
8 # The test uses well-known SIDs to not require looking up names and SIDs
10 # Copyright (C) 2015 Christof Schmitt
13 echo Usage
: test_sharesec.sh SERVERCONFFILE SHARESEC SHARE
21 CMD
="$SHARESEC $CONF $SHARE"
23 incdir
=$
(dirname $0)/..
/..
/..
/testprogs
/blackbox
28 testit
"Set new ACL" $CMD --replace S-1-1-0
:ALLOWED
/0x0/READ || \
29 failed
=$
(expr $failed + 1)
30 testit
"Query new ACL" $CMD --view || failed
=$
(expr $failed + 1)
31 COUNT
=$
($CMD --view |
grep ACL
: |
sed -e 's/^ACL://' |
wc -l)
32 testit
"Verify new ACL count" test $COUNT -eq 1 || failed
=$
(expr $failed + 1)
33 ACL
=$
($CMD --view |
grep ACL
: |
sed -e 's/^ACL://')
34 testit
"Verify new ACL" test $ACL = S-1-1-0
:ALLOWED
/0x0/READ
36 OWNER
=$
($CMD --view |
grep OWNER
:)
37 testit
"Verify empty OWNER" test "$OWNER" = "OWNER:" || \
38 failed
=$
(expr $failed + 1)
39 GROUP
=$
($CMD --view |
grep GROUP
:)
40 testit
"Verify empty GROUP" test "$GROUP" = "GROUP:" || \
41 failed
=$
(expr $failed + 1)
42 CONTROL
=$
($CMD --view |
grep CONTROL
: |
sed -e 's/^CONTROL://')
43 testit
"Verify control flags" test "$CONTROL" = "SR|DP" || \
44 failed
=$
(expr $failed + 1)
46 testit
"Add second ACL entry" $CMD --add S-1-5-32-544
:ALLOWED
/0x0/FULL || \
47 failed
=$
(expr $failed + 1)
48 testit
"Query ACL with two entries" $CMD --view || \
49 failed
=$
(expr $failed + 1)
50 COUNT
=$
($CMD --view |
grep ACL
: |
sed -e 's/^ACL://' |
wc -l)
51 testit
"Verify ACL count with two entries" test $COUNT -eq 2 || \
52 failed
=$
(expr $failed + 1)
53 ACL
=$
($CMD --view |
grep S-1-5-32-544 |
sed -e 's/^ACL://')
54 testit
"Verify second ACL entry" test $ACL = S-1-5-32-544
:ALLOWED
/0x0/FULL || \
55 failed
=$
(expr $failed + 1)
57 testit
"Modify ACL entry" $CMD --modify S-1-5-32-544
:ALLOWED
/0x0/CHANGE || \
58 failed
=$
(expr $failed + 1)
59 testit
"Verify ACL with two entries after modify" $CMD --view || \
60 failed
=$
(expr $failed + 1)
61 COUNT
=$
($CMD --view |
grep ACL
: |
sed -e 's/^ACL://' |
wc -l)
62 testit
"Verify ACL count with two entries after modify" test $COUNT -eq 2 || \
63 failed
=$
(expr $failed + 1)
64 ACL
=$
($CMD --view |
grep S-1-5-32-544 |
sed -e 's/^ACL://')
65 testit
"Verify modified entry" test $ACL = S-1-5-32-544
:ALLOWED
/0x0/CHANGE || \
66 failed
=$
(expr $failed + 1)
68 testit
"Add deny ACL entry" $CMD --add S-1-5-32-545
:DENIED
/0x0/CHANGE || \
69 failed
=$
(expr $failed + 1)
70 testit
"Query ACL with three entries" $CMD --view || \
71 failed
=$
(expr $failed + 1)
72 COUNT
=$
($CMD --view |
grep ACL
: |
sed -e 's/^ACL://' |
wc -l)
73 testit
"Verify ACL count with three entries" test $COUNT -eq 3 || \
74 failed
=$
(expr $failed + 1)
75 ACL
=$
($CMD --view |
grep S-1-5-32-545 |
sed -e 's/^ACL://')
76 testit
"Verify DENIED ACL entry" test $ACL = S-1-5-32-545
:DENIED
/0x0/CHANGE || \
77 failed
=$
(expr $failed + 1)
79 testit
"Add special ACL entry" $CMD --add S-1-5-32-546
:ALLOWED
/0x0/RWXDP || \
80 failed
=$
(expr $failed + 1)
81 testit
"Query ACL with four entries" $CMD --view || \
82 failed
=$
(expr $failed + 1)
83 COUNT
=$
($CMD --view |
grep ACL
: |
sed -e 's/^ACL://' |
wc -l)
84 testit
"Verify ACL count with four entries" test $COUNT -eq 4 || \
85 failed
=$
(expr $failed + 1)
86 ACL
=$
($CMD --view |
grep S-1-5-32-546 |
sed -e 's/^ACL://')
87 testit
"Verify special entry" test $ACL = S-1-5-32-546
:ALLOWED
/0x0/RWXDP || \
88 failed
=$
(expr $failed + 1)
90 testit
"Remove ACL entry" $CMD --remove S-1-5-32-546
:ALLOWED
/0x0/RWXDP || \
91 failed
=$
(expr $failed + 1)
92 testit
"Query ACL with three entries after removal" $CMD --view || \
93 failed
=$
(expr $failed + 1)
94 COUNT
=$
($CMD --view |
grep ACL
: |
sed -e 's/^ACL://' |
wc -l)
95 testit
"Verify ACL count after removal" test $COUNT -eq 3 || \
96 failed
=$
(expr $failed + 1)
97 ACL
="$($CMD --view | grep S-1-5-32-546)"
98 testit
"Verify removal" test -e "$ACL" || failed
=$
(expr $failed + 1)
100 testit
"Set ACL as hex value" $CMD --add S-1-5-32-547
:0x1/0x0/0x001F01FF || \
101 failed
=$
(expr $failed + 1)
102 ACL
="$($CMD --view | grep S-1-5-32-547 | sed -e 's/^ACL://')"
103 testit
"Verify numerically set entry" \
104 test "$ACL" = S-1-5-32-547
:DENIED
/0x0/FULL || \
105 failed
=$
(expr $failed + 1)
107 testit
"Set ACL as dec value" $CMD --add S-1-5-32-548
:1/0/0x001F01FF || \
108 failed
=$
(expr $failed + 1)
109 ACL
="$($CMD --view | grep S-1-5-32-548 | sed -e 's/^ACL://')"
110 testit
"Verify numerically set entry" \
111 test "$ACL" = S-1-5-32-548
:DENIED
/0x0/FULL || \
112 failed
=$
(expr $failed + 1)
114 testit
"Set back to default ACL " $CMD --replace S-1-1-0
:ALLOWED
/0x0/FULL || \
115 failed
=$
(expr $failed + 1)
116 testit
"Query standard ACL" $CMD --view || \
117 failed
=$
(expr $failed + 1)
118 COUNT
=$
($CMD --view |
grep ACL
: |
sed -e 's/^ACL://' |
wc -l)
119 testit
"Verify standard ACL count" test $COUNT -eq 1 || \
120 failed
=$
(expr $failed + 1)
121 ACL
=$
($CMD --view |
grep ACL
: |
sed -e 's/^ACL://')
122 testit
"Verify standard ACL" test $ACL = S-1-1-0
:ALLOWED
/0x0/FULL || \
123 failed
=$
(expr $failed + 1)