seltest: add test for "ignore system acls" in vfs_acl_xattr.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11806

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

selftest/selftesthelpers.py

@@ -186,3 +186,4 @@ vfstest = binpath('vfstest')
 smbcquotas = binpath('smbcquotas')
 smbget = binpath('smbget')
 rpcclient = binpath('rpcclient')
+smbcacls = binpath('smbcacls')

selftest/target/Samba3.pm

@@ -649,6 +649,10 @@ sub setup_fileserver($$)
 	path = $smbget_sharedir
 	comment = smb username is [%U]
 	guest ok = yes
+[ign_sysacls]
+	path = $share_dir
+	comment = ignore system acls
+	acl_xattr:ignore system acls = yes
 ";
 
 	my $vars = $self->provision($path,

source3/script/tests/test_acl_xattr.sh

@@ -0,0 +1,125 @@
+#!/bin/sh
+
+# this tests acl_xattr config parameter "ignore system acl"
+
+if [ $# -lt 6 ]; then
+cat <<EOF
+Usage: $0 SERVER USERNAME PASSWORD PREFIX SMBCLIENT SMBCACLS
+EOF
+exit 1;
+fi
+
+SERVER="$1"
+USERNAME="$2"
+PASSWORD="$3"
+PREFIX="$4"
+SMBCLIENT="$5"
+SMBCACLS="$6"
+SMBCLIENT="$VALGRIND ${SMBCLIENT}"
+SMBCACLS="$VALGRIND ${SMBCACLS}"
+
+incdir=`dirname $0`/../../../testprogs/blackbox
+. $incdir/subunit.sh
+
+setup_remote_file() {
+    local share=$1
+    local fname="$share.$$"
+    local local_fname=$PREFIX/$fname
+    touch $local_fname
+    $SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "rm $fname"
+    $SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "ls" | grep "$fname" && exit 1
+    $SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "lcd $PREFIX; put $fname" || exit 1
+}
+
+nt_affects_posix() {
+    local share=$1
+    local expected=$2
+    local b4
+    local af
+    local fname="$share.$$"
+    b4=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
+    $SMBCACLS //$SERVER/$share $fname -U $USERNAME%$PASSWORD -a "ACL:$SERVER\force_user:ALLOWED/0x0/READ" 2>/dev/null || exit 1
+    af=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
+    echo "before: $b4"
+    echo "after: $af"
+    if test "$expected" = "true" ; then
+        test "$b4" != "$af"
+    else
+        test "$b4" = "$af"
+    fi
+}
+
+nt_affects_chown() {
+    local share=$1
+    local b4_expected
+    local af_expected
+    local b4_actual
+    local af_actual
+    local fname="$share.$$"
+
+    echo -n "determining uid of $USERNAME..."
+    b4_expected=$(getent passwd $USERNAME) || exit 1
+    b4_expected=$(echo "$b4_expected" | awk -F: '{print $3}')
+    echo "$b4_expected"
+
+    echo -n "determining uid of force_user..."
+    af_expected=$(getent passwd force_user) || exit 1
+    af_expected=$(echo "$af_expected" | awk -F: '{print $3}')
+    echo "$af_expected"
+
+    #basic sanity...
+    test "$b4_expected != $af_expected" || exit 1
+
+    b4_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
+    b4_actual=$(echo "$b4_actual" | sed -rn 's/^# owner: (.*)/\1/p')
+    $SMBCACLS //$SERVER/$share $fname -U $USERNAME%$PASSWORD -C force_user 2>/dev/null || exit 1
+    af_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
+    af_actual=$(echo "$af_actual" | sed -rn 's/^# owner: (.*)/\1/p')
+    echo "before: $b4_actual"
+    echo "after: $af_actual"
+    test "$b4_expected" = "$b4_actual" && test "$af_expected" = "$af_actual"
+}
+
+nt_affects_chgrp() {
+    local share=$1
+    local b4_expected
+    local af_expected
+    local b4_actual
+    local af_actual
+    local fname="$share.$$"
+
+    echo -n "determining gid of domusers..."
+    b4_expected=$(getent group domusers) || exit 1
+    b4_expected=$(echo "$b4_expected" | awk -F: '{print $3}')
+    echo "$b4_expected"
+
+    echo -n "determining uid of domadmins..."
+    af_expected=$(getent passwd domadmins) || exit 1
+    af_expected=$(echo "$af_expected" | awk -F: '{print $3}')
+    echo "$af_expected"
+
+    #basic sanity...
+    test "$b4_expected != $af_expected" || exit 1
+
+    b4_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
+    b4_actual=$(echo "$b4_actual" | sed -rn 's/^# group: (.*)/\1/p')
+    $SMBCACLS //$SERVER/$share $fname -U $USERNAME%$PASSWORD -G domadmins 2>/dev/null || exit 1
+    af_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
+    af_actual=$(echo "$af_actual" | sed -rn 's/^# group: (.*)/\1/p')
+    echo "before: $b4_actual"
+    echo "after: $af_actual"
+    test "$b4_expected" = "$b4_actual" && test "$af_expected" = "$af_actual"
+}
+
+testit "setup remote file tmp" setup_remote_file tmp
+testit "setup remote file ign_sysacls" setup_remote_file ign_sysacls
+testit "nt_affects_posix tmp" nt_affects_posix tmp "true"
+testit "nt_affects_posix ign_sysacls" nt_affects_posix ign_sysacls "false"
+testit "setup remote file tmp" setup_remote_file tmp
+testit "setup remote file ign_sysacls" setup_remote_file ign_sysacls
+testit "nt_affects_chown tmp" nt_affects_chown tmp
+testit "nt_affects_chown ign_sysacls" nt_affects_chown ign_sysacls
+testit "setup remote file tmp" setup_remote_file tmp
+testit "setup remote file ign_sysacls" setup_remote_file ign_sysacls
+testit "nt_affects_chgrp tmp" nt_affects_chown tmp
+testit "nt_affects_chgrp ign_sysacls" nt_affects_chown ign_sysacls

source3/selftest/tests.py

@@ -187,6 +187,7 @@ for env in ["fileserver"]:
     plantestsuite("samba3.blackbox.smbclient.forceuser_validusers (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_forceuser_validusers.sh"), '$SERVER', '$DOMAIN', '$USERNAME', '$PASSWORD', '$LOCAL_PATH', smbclient3])
     plantestsuite("samba3.blackbox.smbget (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbget.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', 'smbget_user', '$PASSWORD', '$LOCAL_PATH/smbget', smbget])
     plantestsuite("samba3.blackbox.netshareenum (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_shareenum.sh"), '$SERVER', '$USERNAME', '$PASSWORD', rpcclient])
+    plantestsuite("samba3.blackbox.acl_xattr (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_acl_xattr.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3, smbcacls])
 
     #
     # tar command tests