1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

selftest: Add test for sharesec command

Add a test for the sharesec command to ensure that it works, and to also
verify that the output does not change.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11324

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This commit is contained in:
Christof Schmitt 2015-06-09 10:28:17 -07:00 committed by Volker Lendecke
parent 0b9fa2849d
commit a6650d74d1
2 changed files with 114 additions and 0 deletions

View File

@ -0,0 +1,111 @@
#!/bin/sh
#
# Test sharesec command.
#
# Verify that changing and querying the security descriptor works. Also
# ensure that the output format for ACL entries does not change.
#
# The test uses well-known SIDs to not require looking up names and SIDs
#
# Copyright (C) 2015 Christof Schmitt
if [ $# -lt 3 ]; then
Usage: test_sharesec.sh SERVERCONFFILE SHARESEC SHARE
exit 1
fi
CONF=$1
SHARESEC=$2
SHARE=$3
CMD="$SHARESEC $CONF $SHARE"
incdir=$(dirname $0)/../../../testprogs/blackbox
. $incdir/subunit.sh
failed=0
testit "Set new ACL" $CMD --replace S-1-1-0:ALLOWED/0x0/READ || \
failed=$(expr $failed + 1)
testit "Query new ACL" $CMD --view || failed=$(expr $failed + 1)
COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
testit "Verify new ACL count" test $COUNT -eq 1 || failed=$(expr $failed + 1)
ACL=$($CMD --view | grep ACL: | sed -e 's/^ACL://')
testit "Verify new ACL" test $ACL = S-1-1-0:ALLOWED/0x0/READ
OWNER=$($CMD --view | grep OWNER:)
testit "Verify empty OWNER" test "$OWNER" = "OWNER:" || \
failed=$(expr $failed + 1)
GROUP=$($CMD --view | grep GROUP:)
testit "Verify empty GROUP" test "$GROUP" = "GROUP:" || \
failed=$(expr $failed + 1)
CONTROL=$($CMD --view | grep CONTROL: | sed -e 's/^CONTROL://')
testit "Verify control flags" test "$CONTROL" = "SR|DP" || \
failed=$(expr $failed + 1)
testit "Add second ACL entry" $CMD --add S-1-5-32-544:ALLOWED/0x0/FULL || \
failed=$(expr $failed + 1)
testit "Query ACL with two entries" $CMD --view || \
failed=$(expr $failed + 1)
COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
testit "Verify ACL count with two entries" test $COUNT -eq 2 || \
failed=$(expr $failed + 1)
ACL=$($CMD --view | grep S-1-5-32-544 | sed -e 's/^ACL://')
testit "Verify second ACL entry" test $ACL = S-1-5-32-544:ALLOWED/0x0/FULL || \
failed=$(expr $failed + 1)
testit "Modify ACL entry" $CMD --modify S-1-5-32-544:ALLOWED/0x0/CHANGE || \
failed=$(expr $failed + 1)
testit "Verify ACL with two entries after modify" $CMD --view || \
failed=$(expr $failed + 1)
COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
testit "Verify ACL count with two entries after modify" test $COUNT -eq 2 || \
failed=$(expr $failed + 1)
ACL=$($CMD --view | grep S-1-5-32-544 | sed -e 's/^ACL://')
testit "Verify modified entry" test $ACL = S-1-5-32-544:ALLOWED/0x0/CHANGE || \
failed=$(expr $failed + 1)
testit "Add deny ACL entry" $CMD --add S-1-5-32-545:DENIED/0x0/CHANGE || \
failed=$(expr $failed + 1)
testit "Query ACL with three entries" $CMD --view || \
failed=$(expr $failed + 1)
COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
testit "Verify ACL count with three entries" test $COUNT -eq 3 || \
failed=$(expr $failed + 1)
ACL=$($CMD --view | grep S-1-5-32-545 | sed -e 's/^ACL://')
testit "Verify DENIED ACL entry" test $ACL = S-1-5-32-545:DENIED/0x0/CHANGE || \
failed=$(expr $failed + 1)
testit "Add special ACL entry" $CMD --add S-1-5-32-546:ALLOWED/0x0/RWXDP || \
failed=$(expr $failed + 1)
testit "Query ACL with four entries" $CMD --view || \
failed=$(expr $failed + 1)
COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
testit "Verify ACL count with four entries" test $COUNT -eq 4 || \
failed=$(expr $failed + 1)
ACL=$($CMD --view | grep S-1-5-32-546 | sed -e 's/^ACL://')
testit "Verify special entry" test $ACL = S-1-5-32-546:ALLOWED/0x0/RWXDP || \
failed=$(expr $failed + 1)
testit "Remove ACL entry" $CMD --remove S-1-5-32-546:ALLOWED/0x0/RWXDP || \
failed=$(expr $failed + 1)
testit "Query ACL with three entries after removal" $CMD --view || \
failed=$(expr $failed + 1)
COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
testit "Verify ACL count after removal" test $COUNT -eq 3 || \
failed=$(expr $failed + 1)
ACL="$($CMD --view | grep S-1-5-32-546')"
testit "Verify removal" test -e "$ACL" || failed=$(expr $failed + 1)
testit "Set back to default ACL " $CMD --replace S-1-1-0:ALLOWED/0x0/FULL || \
failed=$(expr $failed + 1)
testit "Query standard ACL" $CMD --view || \
failed=$(expr $failed + 1)
COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
testit "Verify standard ACL count" test $COUNT -eq 1 || \
failed=$(expr $failed + 1)
ACL=$($CMD --view | grep ACL: | sed -e 's/^ACL://')
testit "Verify standard ACL" test $ACL = S-1-1-0:ALLOWED/0x0/FULL || \
failed=$(expr $failed + 1)
testok $0 $failed

View File

@ -424,6 +424,9 @@ for s in signseal_options:
plantestsuite("samba3.blackbox.rpcclient_samlogon", "ad_member:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"),
"$DC_USERNAME", "$DC_PASSWORD", "ncacn_np:$DC_SERVER", configuration])
plantestsuite("samba3.blackbox.sharesec", "simpleserver:local",
[os.path.join(samba3srcdir, "script/tests/test_sharesec.sh"),
configuration, os.path.join(bindir(), "sharesec"), "tmp"])
plantestsuite("samba3.blackbox.net_dom_join_fail_dc", "nt4_dc",
[os.path.join(samba3srcdir, "script/tests/test_net_dom_join_fail_dc.sh"),