diff options
Diffstat (limited to 'source3')
| -rwxr-xr-x | source3/script/tests/test_sharesec.sh | 111 | ||||
| -rwxr-xr-x | source3/selftest/tests.py | 3 |
2 files changed, 114 insertions, 0 deletions
diff --git a/source3/script/tests/test_sharesec.sh b/source3/script/tests/test_sharesec.sh new file mode 100755 index 00000000000..ef207ff9b55 --- /dev/null +++ b/source3/script/tests/test_sharesec.sh @@ -0,0 +1,111 @@ +#!/bin/sh +# +# Test sharesec command. +# +# Verify that changing and querying the security descriptor works. Also +# ensure that the output format for ACL entries does not change. +# +# The test uses well-known SIDs to not require looking up names and SIDs +# +# Copyright (C) 2015 Christof Schmitt + +if [ $# -lt 3 ]; then +Usage: test_sharesec.sh SERVERCONFFILE SHARESEC SHARE +exit 1 +fi + +CONF=$1 +SHARESEC=$2 +SHARE=$3 + +CMD="$SHARESEC $CONF $SHARE" + +incdir=$(dirname $0)/../../../testprogs/blackbox +. $incdir/subunit.sh + +failed=0 + +testit "Set new ACL" $CMD --replace S-1-1-0:ALLOWED/0x0/READ || \ + failed=$(expr $failed + 1) +testit "Query new ACL" $CMD --view || failed=$(expr $failed + 1) +COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l) +testit "Verify new ACL count" test $COUNT -eq 1 || failed=$(expr $failed + 1) +ACL=$($CMD --view | grep ACL: | sed -e 's/^ACL://') +testit "Verify new ACL" test $ACL = S-1-1-0:ALLOWED/0x0/READ + +OWNER=$($CMD --view | grep OWNER:) +testit "Verify empty OWNER" test "$OWNER" = "OWNER:" || \ + failed=$(expr $failed + 1) +GROUP=$($CMD --view | grep GROUP:) +testit "Verify empty GROUP" test "$GROUP" = "GROUP:" || \ + failed=$(expr $failed + 1) +CONTROL=$($CMD --view | grep CONTROL: | sed -e 's/^CONTROL://') +testit "Verify control flags" test "$CONTROL" = "SR|DP" || \ + failed=$(expr $failed + 1) + +testit "Add second ACL entry" $CMD --add S-1-5-32-544:ALLOWED/0x0/FULL || \ + failed=$(expr $failed + 1) +testit "Query ACL with two entries" $CMD --view || \ + failed=$(expr $failed + 1) +COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l) +testit "Verify ACL count with two entries" test $COUNT -eq 2 || \ + failed=$(expr $failed + 1) +ACL=$($CMD --view | grep S-1-5-32-544 | sed -e 's/^ACL://') +testit "Verify second ACL entry" test $ACL = S-1-5-32-544:ALLOWED/0x0/FULL || \ + failed=$(expr $failed + 1) + +testit "Modify ACL entry" $CMD --modify S-1-5-32-544:ALLOWED/0x0/CHANGE || \ + failed=$(expr $failed + 1) +testit "Verify ACL with two entries after modify" $CMD --view || \ + failed=$(expr $failed + 1) +COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l) +testit "Verify ACL count with two entries after modify" test $COUNT -eq 2 || \ + failed=$(expr $failed + 1) +ACL=$($CMD --view | grep S-1-5-32-544 | sed -e 's/^ACL://') +testit "Verify modified entry" test $ACL = S-1-5-32-544:ALLOWED/0x0/CHANGE || \ + failed=$(expr $failed + 1) + +testit "Add deny ACL entry" $CMD --add S-1-5-32-545:DENIED/0x0/CHANGE || \ + failed=$(expr $failed + 1) +testit "Query ACL with three entries" $CMD --view || \ + failed=$(expr $failed + 1) +COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l) +testit "Verify ACL count with three entries" test $COUNT -eq 3 || \ + failed=$(expr $failed + 1) +ACL=$($CMD --view | grep S-1-5-32-545 | sed -e 's/^ACL://') +testit "Verify DENIED ACL entry" test $ACL = S-1-5-32-545:DENIED/0x0/CHANGE || \ + failed=$(expr $failed + 1) + +testit "Add special ACL entry" $CMD --add S-1-5-32-546:ALLOWED/0x0/RWXDP || \ + failed=$(expr $failed + 1) +testit "Query ACL with four entries" $CMD --view || \ + failed=$(expr $failed + 1) +COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l) +testit "Verify ACL count with four entries" test $COUNT -eq 4 || \ + failed=$(expr $failed + 1) +ACL=$($CMD --view | grep S-1-5-32-546 | sed -e 's/^ACL://') +testit "Verify special entry" test $ACL = S-1-5-32-546:ALLOWED/0x0/RWXDP || \ + failed=$(expr $failed + 1) + +testit "Remove ACL entry" $CMD --remove S-1-5-32-546:ALLOWED/0x0/RWXDP || \ + failed=$(expr $failed + 1) +testit "Query ACL with three entries after removal" $CMD --view || \ + failed=$(expr $failed + 1) +COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l) +testit "Verify ACL count after removal" test $COUNT -eq 3 || \ + failed=$(expr $failed + 1) +ACL="$($CMD --view | grep S-1-5-32-546')" +testit "Verify removal" test -e "$ACL" || failed=$(expr $failed + 1) + +testit "Set back to default ACL " $CMD --replace S-1-1-0:ALLOWED/0x0/FULL || \ + failed=$(expr $failed + 1) +testit "Query standard ACL" $CMD --view || \ + failed=$(expr $failed + 1) +COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l) +testit "Verify standard ACL count" test $COUNT -eq 1 || \ + failed=$(expr $failed + 1) +ACL=$($CMD --view | grep ACL: | sed -e 's/^ACL://') +testit "Verify standard ACL" test $ACL = S-1-1-0:ALLOWED/0x0/FULL || \ + failed=$(expr $failed + 1) + +testok $0 $failed diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index d6e6869d165..0c49b022b3e 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -424,6 +424,9 @@ for s in signseal_options: plantestsuite("samba3.blackbox.rpcclient_samlogon", "ad_member:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"), "$DC_USERNAME", "$DC_PASSWORD", "ncacn_np:$DC_SERVER", configuration]) +plantestsuite("samba3.blackbox.sharesec", "simpleserver:local", + [os.path.join(samba3srcdir, "script/tests/test_sharesec.sh"), + configuration, os.path.join(bindir(), "sharesec"), "tmp"]) plantestsuite("samba3.blackbox.net_dom_join_fail_dc", "nt4_dc", [os.path.join(samba3srcdir, "script/tests/test_net_dom_join_fail_dc.sh"), |