s3:idmap_autorid: add an allocation range to autorid

[Samba/gebeck_regimport.git] / source3 / torture / test_nttrans_create.c

/*
   Unix SMB/CIFS implementation.
   Basic test for share secdescs vs nttrans_create
   Copyright (C) Volker Lendecke 2011

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

#include "includes.h"
#include "torture/proto.h"
#include "libsmb/libsmb.h"
#include "libcli/security/dom_sid.h"
#include "libcli/security/secdesc.h"
#include "libcli/security/security.h"

bool run_nttrans_create(int dummy)
{
        struct cli_state *cli = NULL;
        NTSTATUS status, status2;
        bool ret = false;
        struct security_ace ace;
        struct security_acl acl;
        struct security_descriptor *sd;
        const char *fname = "transtest";
        uint16_t fnum, fnum2;
        struct dom_sid owner;

        printf("Starting NTTRANS_CREATE\n");

        if (!torture_open_connection(&cli, 0)) {
                printf("torture_open_connection failed\n");
                goto fail;
        }

        ZERO_STRUCT(ace);
        ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
        ace.access_mask = SEC_RIGHTS_FILE_ALL & ~SEC_STD_WRITE_DAC;
        sid_copy(&ace.trustee, &global_sid_World);

        acl.revision = SECURITY_ACL_REVISION_NT4;
        acl.size = 0;
        acl.num_aces = 1;
        acl.aces = &ace;

        dom_sid_parse("S-1-22-1-1000", &owner);

        sd = make_sec_desc(talloc_tos(),
                           SECURITY_DESCRIPTOR_REVISION_1,
                           SEC_DESC_SELF_RELATIVE|
                           SEC_DESC_DACL_PRESENT|SEC_DESC_OWNER_DEFAULTED|
                           SEC_DESC_GROUP_DEFAULTED,
                           NULL, NULL, NULL, &acl, NULL);
        if (sd == NULL) {
                d_fprintf(stderr, "make_sec_desc failed\n");
                goto fail;
        }

        status = cli_nttrans_create(
                cli, fname, 0, FILE_READ_DATA|FILE_WRITE_DATA|DELETE_ACCESS|
                READ_CONTROL_ACCESS,
                FILE_ATTRIBUTE_NORMAL,
                FILE_SHARE_READ|FILE_SHARE_WRITE| FILE_SHARE_DELETE,
                FILE_CREATE, 0, 0, sd, NULL, 0, &fnum);
        if (!NT_STATUS_IS_OK(status)) {
                d_fprintf(stderr, "cli_nttrans_create returned %s\n",
                          nt_errstr(status));
                goto fail;
        }

        cli_query_secdesc(cli, fnum, talloc_tos(), NULL);

        status2 = cli_ntcreate(cli, fname, 0, WRITE_DAC_ACCESS,
                               FILE_ATTRIBUTE_NORMAL,
                               FILE_SHARE_READ|FILE_SHARE_WRITE|
                               FILE_SHARE_DELETE,
                               FILE_OPEN, 0, 0, &fnum2);

        status = cli_nt_delete_on_close(cli, fnum, true);
        if (!NT_STATUS_IS_OK(status)) {
                d_fprintf(stderr, "cli_nt_delete_on_close returned %s\n",
                          nt_errstr(status));
                goto fail;
        }

        if (!NT_STATUS_EQUAL(status2, NT_STATUS_ACCESS_DENIED)) {
                d_fprintf(stderr, "cli_ntcreate returned %s\n",
                          nt_errstr(status));
                goto fail;
        }

        ret = true;
fail:
        if (cli != NULL) {
                torture_close_connection(cli);
        }
        return ret;
}