source3/script/tests/test_sharesec.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125

#!/bin/sh
#
# Test sharesec command.
#
# Verify that changing and querying the security descriptor works. Also
# ensure that the output format for ACL entries does not change.
#
# The test uses well-known SIDs to not require looking up names and SIDs
#
# Copyright (C) 2015 Christof Schmitt

if [ $# -lt 3 ]; then
	echo Usage: test_sharesec.sh SERVERCONFFILE SHARESEC SHARE
exit 1
fi

CONF=$1
SHARESEC=$2
SHARE=$3

CMD="$SHARESEC $CONF $SHARE"

incdir=$(dirname $0)/../../../testprogs/blackbox
. $incdir/subunit.sh

failed=0

testit "Set new ACL" $CMD --replace  S-1-1-0:ALLOWED/0x0/READ || \
	failed=$(expr $failed + 1)
testit "Query new ACL" $CMD --view || failed=$(expr $failed + 1)
COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
testit "Verify new ACL count" test $COUNT -eq 1 || failed=$(expr $failed + 1)
ACL=$($CMD --view | grep ACL: | sed -e 's/^ACL://')
testit "Verify new ACL" test $ACL = S-1-1-0:ALLOWED/0x0/READ

OWNER=$($CMD --view | grep OWNER:)
testit "Verify empty OWNER" test "$OWNER" = "OWNER:" || \
	failed=$(expr $failed + 1)
GROUP=$($CMD --view | grep GROUP:)
testit "Verify empty GROUP" test "$GROUP" = "GROUP:" || \
	failed=$(expr $failed + 1)
CONTROL=$($CMD --view | grep CONTROL: | sed -e 's/^CONTROL://')
testit "Verify control flags" test "$CONTROL" = "SR|DP" || \
	failed=$(expr $failed + 1)

testit "Add second ACL entry" $CMD --add S-1-5-32-544:ALLOWED/0x0/FULL || \
	failed=$(expr $failed + 1)
testit "Query ACL with two entries" $CMD --view || \
	failed=$(expr $failed + 1)
COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
testit "Verify ACL count with two entries" test $COUNT -eq 2 || \
	failed=$(expr $failed + 1)
ACL=$($CMD --view | grep S-1-5-32-544 | sed -e 's/^ACL://')
testit "Verify second ACL entry" test $ACL = S-1-5-32-544:ALLOWED/0x0/FULL || \
	failed=$(expr $failed + 1)

testit "Modify ACL entry" $CMD --modify S-1-5-32-544:ALLOWED/0x0/CHANGE || \
	failed=$(expr $failed + 1)
testit "Verify ACL with two entries after modify" $CMD --view || \
	failed=$(expr $failed + 1)
COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
testit "Verify ACL count with two entries after modify" test $COUNT -eq 2 || \
	failed=$(expr $failed + 1)
ACL=$($CMD --view | grep S-1-5-32-544 | sed -e 's/^ACL://')
testit "Verify modified entry" test $ACL = S-1-5-32-544:ALLOWED/0x0/CHANGE || \
	failed=$(expr $failed + 1)

testit "Add deny ACL entry" $CMD --add S-1-5-32-545:DENIED/0x0/CHANGE || \
	failed=$(expr $failed + 1)
testit "Query ACL with three entries" $CMD --view || \
	failed=$(expr $failed + 1)
COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
testit "Verify ACL count with three entries" test $COUNT -eq 3 || \
	failed=$(expr $failed + 1)
ACL=$($CMD --view | grep S-1-5-32-545 | sed -e 's/^ACL://')
testit "Verify DENIED ACL entry" test $ACL = S-1-5-32-545:DENIED/0x0/CHANGE || \
	failed=$(expr $failed + 1)

testit "Add special ACL entry" $CMD --add S-1-5-32-546:ALLOWED/0x0/RWXDP || \
	failed=$(expr $failed + 1)
testit "Query ACL with four entries" $CMD --view || \
	failed=$(expr $failed + 1)
COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
testit "Verify ACL count with four entries" test $COUNT -eq 4 || \
	failed=$(expr $failed + 1)
ACL=$($CMD --view | grep S-1-5-32-546 | sed -e 's/^ACL://')
testit "Verify special entry" test $ACL = S-1-5-32-546:ALLOWED/0x0/RWXDP || \
	failed=$(expr $failed + 1)

testit "Remove ACL entry" $CMD --remove S-1-5-32-546:ALLOWED/0x0/RWXDP || \
	failed=$(expr $failed + 1)
testit "Query ACL with three entries after removal" $CMD --view || \
	failed=$(expr $failed + 1)
COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
testit "Verify ACL count after removal" test $COUNT -eq 3 || \
	failed=$(expr $failed + 1)
ACL="$($CMD --view | grep S-1-5-32-546)"
testit "Verify removal" test -e "$ACL" || failed=$(expr $failed + 1)

testit "Set ACL as hex value" $CMD --add S-1-5-32-547:0x1/0x0/0x001F01FF || \
	failed=$(expr $failed + 1)
ACL="$($CMD --view | grep S-1-5-32-547 | sed -e 's/^ACL://')"
testit "Verify numerically set entry" \
	test "$ACL" = S-1-5-32-547:DENIED/0x0/FULL || \
	failed=$(expr $failed + 1)

testit "Set ACL as dec value" $CMD --add S-1-5-32-548:1/0/0x001F01FF || \
	failed=$(expr $failed + 1)
ACL="$($CMD --view | grep S-1-5-32-548 | sed -e 's/^ACL://')"
testit "Verify numerically set entry" \
	test "$ACL" = S-1-5-32-548:DENIED/0x0/FULL || \
	failed=$(expr $failed + 1)

testit "Set back to default ACL " $CMD --replace  S-1-1-0:ALLOWED/0x0/FULL || \
	failed=$(expr $failed + 1)
testit "Query standard ACL" $CMD --view || \
	failed=$(expr $failed + 1)
COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
testit "Verify standard ACL count" test $COUNT -eq 1 || \
	failed=$(expr $failed + 1)
ACL=$($CMD --view | grep ACL: | sed -e 's/^ACL://')
testit "Verify standard ACL" test $ACL = S-1-1-0:ALLOWED/0x0/FULL || \
	failed=$(expr $failed + 1)

testok $0 $failed