summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--source3/modules/test_nfs4_acls.c77
1 files changed, 77 insertions, 0 deletions
diff --git a/source3/modules/test_nfs4_acls.c b/source3/modules/test_nfs4_acls.c
index a0e7db41b70..42a69453f5a 100644
--- a/source3/modules/test_nfs4_acls.c
+++ b/source3/modules/test_nfs4_acls.c
@@ -440,6 +440,82 @@ static void test_ace_flags_dacl_to_nfs4(void **state)
TALLOC_FREE(frame);
}
+struct ace_perm_mapping {
+ uint32_t nfs4_perm;
+ uint32_t dacl_perm;
+} perm_table_nfs4_to_dacl[] = {
+ { SMB_ACE4_READ_DATA, SEC_FILE_READ_DATA },
+ { SMB_ACE4_LIST_DIRECTORY, SEC_DIR_LIST },
+ { SMB_ACE4_WRITE_DATA, SEC_FILE_WRITE_DATA },
+ { SMB_ACE4_ADD_FILE, SEC_DIR_ADD_FILE },
+ { SMB_ACE4_APPEND_DATA, SEC_FILE_APPEND_DATA },
+ { SMB_ACE4_ADD_SUBDIRECTORY, SEC_DIR_ADD_SUBDIR, },
+ { SMB_ACE4_READ_NAMED_ATTRS, SEC_FILE_READ_EA },
+ { SMB_ACE4_READ_NAMED_ATTRS, SEC_DIR_READ_EA },
+ { SMB_ACE4_WRITE_NAMED_ATTRS, SEC_FILE_WRITE_EA },
+ { SMB_ACE4_WRITE_NAMED_ATTRS, SEC_DIR_WRITE_EA },
+ { SMB_ACE4_EXECUTE, SEC_FILE_EXECUTE },
+ { SMB_ACE4_EXECUTE, SEC_DIR_TRAVERSE },
+ { SMB_ACE4_DELETE_CHILD, SEC_DIR_DELETE_CHILD },
+ { SMB_ACE4_READ_ATTRIBUTES, SEC_FILE_READ_ATTRIBUTE },
+ { SMB_ACE4_READ_ATTRIBUTES, SEC_DIR_READ_ATTRIBUTE },
+ { SMB_ACE4_WRITE_ATTRIBUTES, SEC_FILE_WRITE_ATTRIBUTE },
+ { SMB_ACE4_WRITE_ATTRIBUTES, SEC_DIR_WRITE_ATTRIBUTE },
+ { SMB_ACE4_DELETE, SEC_STD_DELETE },
+ { SMB_ACE4_READ_ACL, SEC_STD_READ_CONTROL },
+ { SMB_ACE4_WRITE_ACL, SEC_STD_WRITE_DAC, },
+ { SMB_ACE4_WRITE_OWNER, SEC_STD_WRITE_OWNER },
+ { SMB_ACE4_SYNCHRONIZE, SEC_STD_SYNCHRONIZE },
+};
+
+static void test_nfs4_permissions_to_dacl(void **state)
+{
+ struct dom_sid *sids = *state;
+ TALLOC_CTX *frame = talloc_stackframe();
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(perm_table_nfs4_to_dacl); i++) {
+ struct SMB4ACL_T *nfs4_acl;
+ SMB_ACE4PROP_T nfs4_ace;
+ struct security_ace *dacl_aces;
+ int good_aces;
+ struct smbacl4_vfs_params params = {
+ .mode = e_simple,
+ .do_chown = true,
+ .acedup = e_merge,
+ .map_full_control = true,
+ };
+
+ nfs4_acl = smb_create_smb4acl(frame);
+ assert_non_null(nfs4_acl);
+
+ nfs4_ace = (SMB_ACE4PROP_T) {
+ .flags = 0,
+ .who.uid = 1000,
+ .aceType = SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE,
+ .aceFlags = 0,
+ .aceMask = perm_table_nfs4_to_dacl[i].nfs4_perm,
+ };
+ assert_non_null(smb_add_ace4(nfs4_acl, &nfs4_ace));
+
+ assert_true(smbacl4_nfs42win(frame, &params, nfs4_acl,
+ &sids[0], &sids[1], false,
+ &dacl_aces, &good_aces));
+
+ assert_int_equal(good_aces, 1);
+ assert_non_null(dacl_aces);
+
+ assert_int_equal(dacl_aces[0].type,
+ SEC_ACE_TYPE_ACCESS_ALLOWED);
+ assert_int_equal(dacl_aces[0].flags, 0);
+ assert_int_equal(dacl_aces[0].access_mask,
+ perm_table_nfs4_to_dacl[i].dacl_perm);
+ assert_true(dom_sid_equal(&dacl_aces[0].trustee, &sids[0]));
+ }
+
+ TALLOC_FREE(frame);
+}
+
int main(int argc, char **argv)
{
const struct CMUnitTest tests[] = {
@@ -450,6 +526,7 @@ int main(int argc, char **argv)
cmocka_unit_test(test_acl_type_dacl_to_nfs4),
cmocka_unit_test(test_ace_flags_nfs4_to_dacl),
cmocka_unit_test(test_ace_flags_dacl_to_nfs4),
+ cmocka_unit_test(test_nfs4_permissions_to_dacl),
};
cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
View Lorry Controller Status