diff options
author | Jeremy Allison <jra@samba.org> | 2019-02-28 13:55:31 -0800 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2019-03-04 18:11:16 +0000 |
commit | 2e181e34c48c879235c5dc64bd7ab2b59781810c (patch) | |
tree | 4919a65f01a32233e77ee4c73bb93b5680a40761 /source4/torture/smb2/acls.c | |
parent | 9fc1a09baee4e1339c0fe20e47e24b6ea6c293ae (diff) | |
download | samba-2e181e34c48c879235c5dc64bd7ab2b59781810c.tar.gz |
s4:torture: Fix the test_owner_rights() test to show permissions are additive.
Tested against Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Diffstat (limited to 'source4/torture/smb2/acls.c')
-rw-r--r-- | source4/torture/smb2/acls.c | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/source4/torture/smb2/acls.c b/source4/torture/smb2/acls.c index b02d74367e3..c45125b30dc 100644 --- a/source4/torture/smb2/acls.c +++ b/source4/torture/smb2/acls.c @@ -2419,6 +2419,14 @@ static bool test_owner_rights(struct torture_context *tctx, sd_orig = gi.query_secdesc.out.sd; owner_sid = dom_sid_string(tctx, sd_orig->owner_sid); + /* + * Add a 2 element ACL + * SEC_RIGHTS_FILE_READ for the owner, + * SEC_FILE_WRITE_DATA for SID_OWNER_RIGHTS. + * + * Proves that the owner and SID_OWNER_RIGHTS + * ACE entries are additive. + */ sd = security_descriptor_dacl_create(tctx, 0, NULL, NULL, owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, @@ -2426,7 +2434,7 @@ static bool test_owner_rights(struct torture_context *tctx, 0, SID_OWNER_RIGHTS, SEC_ACE_TYPE_ACCESS_ALLOWED, - SEC_RIGHTS_FILE_READ, + SEC_FILE_WRITE_DATA, 0, NULL); torture_assert_not_null_goto(tctx, sd, ret, done, @@ -2467,10 +2475,14 @@ static bool test_owner_rights(struct torture_context *tctx, torture_assert_ntstatus_ok_goto(tctx, mxac_status, ret, done, "smb2_setinfo_file failed\n"); - /* SEC_STD_DELETE comes from the parent directory */ + /* + * For some reasons Windows 2016 doesn't set SEC_STD_DELETE but we + * do. Mask it out so the test passes against Samba and Windows. + */ torture_assert_int_equal_goto(tctx, - cr.out.maximal_access, - SEC_RIGHTS_FILE_READ|SEC_STD_DELETE, + cr.out.maximal_access & ~SEC_STD_DELETE, + SEC_RIGHTS_FILE_READ | + SEC_FILE_WRITE_DATA, ret, done, "Wrong maximum access\n"); |