sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code

s3: torture: Call the smbtorture3 SMB2-SACL test.

Browse Source 
Calls the test in the previous commit by adding
SeSecurityPrivilege first, running the SMB2-SACL test
then removing SeSecurityPrivilege.

Demonstrates the difference between server behavior
with SEC_FLAG_SYSTEM_SECURITY against SMB1 and SMB2 servers.

Mark as knownfail for now.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This commit is contained in:
Jeremy Allison 2020-04-17 17:39:22 -07:00
parent ad5f6b82c3
commit b338636a1e
3 changed files with 49 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
selftest/knownfail.d/sacl_set_get Normal file
View File

@ -0,0 +1,2 @@
^samba3.blackbox.sacl_get_set.SACL set_get\(fileserver\)

44
source3/script/tests/test_sacl_set_get.sh Executable file
View File

@ -0,0 +1,44 @@
#!/bin/sh
#
# Runs the smbtorture3 SMB2-SACL test
# that requres SeSecurityPrivilege
# against Samba.
#
if [ $# -lt 7 ]; then
echo "Usage: $0 SERVER SERVER_IP USERNAME PASSWORD SMBTORTURE3 NET SHARE"
exit 1
fi
SERVER="$1"
SERVER_IP="$2"
USERNAME="$3"
PASSWORD="$4"
SMBTORTURE3="$5"
NET="$6"
SHARE="$7"
failed=0
incdir=`dirname $0`/../../../testprogs/blackbox
. $incdir/subunit.sh
sacl_set_get() {
out=$($SMBTORTURE3 //$SERVER_IP/$SHARE -U $USERNAME%$PASSWORD SMB2-SACL)
if [ $? -ne 0 ] ; then
echo "SMB2-SACL failed"
echo "$out"
return 1
fi
}
# Grant SeSecurityPrivilege to the user
testit "grant SeSecurityPrivilege" $NET rpc rights grant $USERNAME SeSecurityPrivilege -U $USERNAME%$PASSWORD -I $SERVER_IP || failed=`expr $failed + 1`
# Run the tests.
testit "SACL set_get" sacl_set_get || failed=`expr $failed + 1`
# Revoke SeSecurityPrivilege
testit "revoke SeSecurityPrivilege" $NET rpc rights revoke $USERNAME SeSecurityPrivilege -U $USERNAME%$PASSWORD -I $SERVER_IP || failed=`expr $failed + 1`
exit $failed

3
source3/selftest/tests.py
View File

@ -415,6 +415,9 @@ for env in ["fileserver"]:
plantestsuite("samba3.blackbox.smb1_system_security", env + "_smb1_done",
[os.path.join(samba3srcdir, "script/tests/test_smb1_system_security.sh"),
'$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', smbtorture3, net, 'tmp'])
plantestsuite("samba3.blackbox.sacl_get_set", env,
[os.path.join(samba3srcdir, "script/tests/test_sacl_set_get.sh"),
'$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', smbtorture3, net, 'tmp'])
#
# tar command tests