mirror of
https://github.com/samba-team/samba.git
synced 2025-10-19 23:33:15 +03:00
s3/utils: when encoding ace string use "FA", "FR", "FW", "FX" string rights
prior to this patch rights matching "FA", "FR", "FW", "FX" were outputted as the hex string representing the bit value. While outputting the hex string is perfectly fine, it makes it harder to compare icacls output (which always uses the special string values) Additionally adjust various tests to deal with use of shortcut access masks as sddl format now uses FA, FR, FW & FX strings (like icalcs does) instead of hex representation of the bit mask. adjust samba4.blackbox.samba-tool_ntacl samba3.blackbox.large_acl samba.tests.samba_tool.ntacl samba.tests.ntacls samba.tests.posixacl so various string comparisons of the sddl format now pass Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> [abartlet@samba.org Adapted to new stricter SDDL behaviour around leading zeros in hex numbers, eg 0x001]
This commit is contained in:
Noel Power
committed by
Andrew Bartlett
Andrew Bartlett
parent
0a153c1d58
commit
d36bab52d0
@@ -333,6 +333,22 @@ static const struct flag_map decode_ace_access_mask[] = {
|
|||||||
{ NULL, 0 },
|
{ NULL, 0 },
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
static char *sddl_match_file_rights(TALLOC_CTX *mem_ctx,
|
||||||
|
uint32_t flags)
|
||||||
|
{
|
||||||
|
int i;
|
||||||
|
|
||||||
|
/* try to find an exact match */
|
||||||
|
for (i=0;decode_ace_access_mask[i].name;i++) {
|
||||||
|
if (decode_ace_access_mask[i].flag == flags) {
|
||||||
|
return talloc_strdup(mem_ctx,
|
||||||
|
decode_ace_access_mask[i].name);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
static bool sddl_decode_access(const char *str, uint32_t *pmask)
|
static bool sddl_decode_access(const char *str, uint32_t *pmask)
|
||||||
{
|
{
|
||||||
const char *str0 = str;
|
const char *str0 = str;
|
||||||
@@ -776,8 +792,12 @@ static char *sddl_transition_encode_ace(TALLOC_CTX *mem_ctx, const struct securi
|
|||||||
sddl_mask = sddl_flags_to_string(tmp_ctx, ace_access_mask,
|
sddl_mask = sddl_flags_to_string(tmp_ctx, ace_access_mask,
|
||||||
ace->access_mask, true);
|
ace->access_mask, true);
|
||||||
if (sddl_mask == NULL) {
|
if (sddl_mask == NULL) {
|
||||||
sddl_mask = talloc_asprintf(tmp_ctx, "0x%x",
|
sddl_mask = sddl_match_file_rights(tmp_ctx,
|
||||||
ace->access_mask);
|
ace->access_mask);
|
||||||
|
if (sddl_mask == NULL) {
|
||||||
|
sddl_mask = talloc_asprintf(tmp_ctx, "0x%x",
|
||||||
|
ace->access_mask);
|
||||||
|
}
|
||||||
if (sddl_mask == NULL) {
|
if (sddl_mask == NULL) {
|
||||||
goto failed;
|
goto failed;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1598,8 +1598,8 @@ def fill_samdb(samdb, lp, names, logger, policyguid,
|
|||||||
return samdb
|
return samdb
|
||||||
|
|
||||||
|
|
||||||
SYSVOL_ACL = "O:LAG:BAD:P(A;OICI;0x1f01ff;;;BA)(A;OICI;0x1200a9;;;SO)(A;OICI;0x1f01ff;;;SY)(A;OICI;0x1200a9;;;AU)"
|
SYSVOL_ACL = "O:LAG:BAD:P(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;SO)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;AU)"
|
||||||
POLICIES_ACL = "O:LAG:BAD:P(A;OICI;0x1f01ff;;;BA)(A;OICI;0x1200a9;;;SO)(A;OICI;0x1f01ff;;;SY)(A;OICI;0x1200a9;;;AU)(A;OICI;0x1301bf;;;PA)"
|
POLICIES_ACL = "O:LAG:BAD:P(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;SO)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;AU)(A;OICI;0x1301bf;;;PA)"
|
||||||
SYSVOL_SERVICE = "sysvol"
|
SYSVOL_SERVICE = "sysvol"
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -26,7 +26,7 @@ from samba.dcerpc import security
|
|||||||
from samba.tests import TestCaseInTempDir, SkipTest
|
from samba.tests import TestCaseInTempDir, SkipTest
|
||||||
from samba.auth_util import system_session_unix
|
from samba.auth_util import system_session_unix
|
||||||
|
|
||||||
NTACL_SDDL = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x1f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
|
NTACL_SDDL = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
|
||||||
DOMAIN_SID = "S-1-5-21-2212615479-2695158682-2101375467"
|
DOMAIN_SID = "S-1-5-21-2212615479-2695158682-2101375467"
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -31,7 +31,7 @@ from samba.auth_util import system_session_unix
|
|||||||
from errno import ENODATA
|
from errno import ENODATA
|
||||||
|
|
||||||
DOM_SID = "S-1-5-21-2212615479-2695158682-2101375467"
|
DOM_SID = "S-1-5-21-2212615479-2695158682-2101375467"
|
||||||
ACL = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x1f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
|
ACL = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
|
||||||
|
|
||||||
|
|
||||||
class PosixAclMappingTests(SmbdBaseTests):
|
class PosixAclMappingTests(SmbdBaseTests):
|
||||||
@@ -128,7 +128,7 @@ class PosixAclMappingTests(SmbdBaseTests):
|
|||||||
|
|
||||||
def test_setntacl_smbd_invalidate_getntacl_smbd(self):
|
def test_setntacl_smbd_invalidate_getntacl_smbd(self):
|
||||||
acl = ACL
|
acl = ACL
|
||||||
simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x1f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x1200a9;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
|
simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;FA;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x1200a9;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
|
||||||
os.chmod(self.tempf, 0o750)
|
os.chmod(self.tempf, 0o750)
|
||||||
setntacl(self.lp, self.tempf, acl, DOM_SID,
|
setntacl(self.lp, self.tempf, acl, DOM_SID,
|
||||||
self.get_session_info(), use_ntvfs=False)
|
self.get_session_info(), use_ntvfs=False)
|
||||||
@@ -161,7 +161,7 @@ class PosixAclMappingTests(SmbdBaseTests):
|
|||||||
|
|
||||||
def test_setntacl_smbd_setposixacl_getntacl_smbd(self):
|
def test_setntacl_smbd_setposixacl_getntacl_smbd(self):
|
||||||
acl = ACL
|
acl = ACL
|
||||||
simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x1f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x120089;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
|
simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x1f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;FR;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
|
||||||
setntacl(self.lp, self.tempf, acl, DOM_SID,
|
setntacl(self.lp, self.tempf, acl, DOM_SID,
|
||||||
self.get_session_info(), use_ntvfs=False)
|
self.get_session_info(), use_ntvfs=False)
|
||||||
# This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
|
# This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
|
||||||
@@ -173,7 +173,7 @@ class PosixAclMappingTests(SmbdBaseTests):
|
|||||||
def test_setntacl_smbd_setposixacl_group_getntacl_smbd(self):
|
def test_setntacl_smbd_setposixacl_group_getntacl_smbd(self):
|
||||||
acl = ACL
|
acl = ACL
|
||||||
BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
|
BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
|
||||||
simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x1f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x120089;;;BA)(A;;0x120089;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
|
simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x1f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;FR;;;BA)(A;;FR;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
|
||||||
setntacl(self.lp, self.tempf, acl, DOM_SID,
|
setntacl(self.lp, self.tempf, acl, DOM_SID,
|
||||||
self.get_session_info(), use_ntvfs=False)
|
self.get_session_info(), use_ntvfs=False)
|
||||||
# This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
|
# This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
|
||||||
@@ -187,7 +187,7 @@ class PosixAclMappingTests(SmbdBaseTests):
|
|||||||
self.assertEqual(simple_acl_from_posix, facl.as_sddl(anysid))
|
self.assertEqual(simple_acl_from_posix, facl.as_sddl(anysid))
|
||||||
|
|
||||||
def test_setntacl_smbd_getntacl_smbd_gpo(self):
|
def test_setntacl_smbd_getntacl_smbd_gpo(self):
|
||||||
acl = "O:DAG:DUD:P(A;OICI;0x1f01ff;;;DA)(A;OICI;0x1f01ff;;;EA)(A;OICIIO;0x1f01ff;;;CO)(A;OICI;0x1f01ff;;;DA)(A;OICI;0x1f01ff;;;SY)(A;OICI;0x1200a9;;;AU)(A;OICI;0x1200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
|
acl = "O:DAG:DUD:P(A;OICI;FA;;;DA)(A;OICI;FA;;;EA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;DA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;AU)(A;OICI;0x1200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
|
||||||
setntacl(self.lp, self.tempf, acl, DOM_SID,
|
setntacl(self.lp, self.tempf, acl, DOM_SID,
|
||||||
self.get_session_info(), use_ntvfs=False)
|
self.get_session_info(), use_ntvfs=False)
|
||||||
facl = getntacl(self.lp, self.tempf, self.get_session_info(), direct_db_access=False)
|
facl = getntacl(self.lp, self.tempf, self.get_session_info(), direct_db_access=False)
|
||||||
@@ -217,7 +217,7 @@ class PosixAclMappingTests(SmbdBaseTests):
|
|||||||
user_SID = s4_passdb.uid_to_sid(os.stat(self.tempf).st_uid)
|
user_SID = s4_passdb.uid_to_sid(os.stat(self.tempf).st_uid)
|
||||||
smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info())
|
smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info())
|
||||||
facl = getntacl(self.lp, self.tempf, self.get_session_info(), direct_db_access=False)
|
facl = getntacl(self.lp, self.tempf, self.get_session_info(), direct_db_access=False)
|
||||||
acl = "O:%sG:%sD:(A;;0x1f019f;;;%s)(A;;0x120089;;;%s)(A;;;;;WD)" % (user_SID, group_SID, user_SID, group_SID)
|
acl = "O:%sG:%sD:(A;;0x1f019f;;;%s)(A;;FR;;;%s)(A;;;;;WD)" % (user_SID, group_SID, user_SID, group_SID)
|
||||||
anysid = security.dom_sid(security.SID_NT_SELF)
|
anysid = security.dom_sid(security.SID_NT_SELF)
|
||||||
self.assertEqual(acl, facl.as_sddl(anysid))
|
self.assertEqual(acl, facl.as_sddl(anysid))
|
||||||
|
|
||||||
@@ -234,7 +234,7 @@ class PosixAclMappingTests(SmbdBaseTests):
|
|||||||
smbd.chown(self.tempdir, BA_id, SO_id, self.get_session_info())
|
smbd.chown(self.tempdir, BA_id, SO_id, self.get_session_info())
|
||||||
smbd.set_simple_acl(self.tempdir, 0o750, self.get_session_info())
|
smbd.set_simple_acl(self.tempdir, 0o750, self.get_session_info())
|
||||||
facl = getntacl(self.lp, self.tempdir, self.get_session_info(), direct_db_access=False)
|
facl = getntacl(self.lp, self.tempdir, self.get_session_info(), direct_db_access=False)
|
||||||
acl = "O:BAG:SOD:(A;;0x1f01ff;;;BA)(A;;0x1200a9;;;SO)(A;;;;;WD)(A;OICIIO;0x1f01ff;;;CO)(A;OICIIO;0x1200a9;;;CG)(A;OICIIO;0x1200a9;;;WD)"
|
acl = "O:BAG:SOD:(A;;FA;;;BA)(A;;0x1200a9;;;SO)(A;;;;;WD)(A;OICIIO;FA;;;CO)(A;OICIIO;0x1200a9;;;CG)(A;OICIIO;0x1200a9;;;WD)"
|
||||||
|
|
||||||
anysid = security.dom_sid(security.SID_NT_SELF)
|
anysid = security.dom_sid(security.SID_NT_SELF)
|
||||||
self.assertEqual(acl, facl.as_sddl(anysid))
|
self.assertEqual(acl, facl.as_sddl(anysid))
|
||||||
@@ -249,7 +249,7 @@ class PosixAclMappingTests(SmbdBaseTests):
|
|||||||
smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info(), BA_gid)
|
smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info(), BA_gid)
|
||||||
facl = getntacl(self.lp, self.tempf, self.get_session_info(), direct_db_access=False)
|
facl = getntacl(self.lp, self.tempf, self.get_session_info(), direct_db_access=False)
|
||||||
domsid = passdb.get_global_sam_sid()
|
domsid = passdb.get_global_sam_sid()
|
||||||
acl = "O:%sG:%sD:(A;;0x1f019f;;;%s)(A;;0x120089;;;BA)(A;;0x120089;;;%s)(A;;;;;WD)" % (user_SID, group_SID, user_SID, group_SID)
|
acl = "O:%sG:%sD:(A;;0x1f019f;;;%s)(A;;FR;;;BA)(A;;FR;;;%s)(A;;;;;WD)" % (user_SID, group_SID, user_SID, group_SID)
|
||||||
anysid = security.dom_sid(security.SID_NT_SELF)
|
anysid = security.dom_sid(security.SID_NT_SELF)
|
||||||
self.assertEqual(acl, facl.as_sddl(anysid))
|
self.assertEqual(acl, facl.as_sddl(anysid))
|
||||||
|
|
||||||
|
|||||||
@@ -100,7 +100,7 @@ class NtACLCmdSysvolTestCase(SambaToolCmdTest):
|
|||||||
class NtACLCmdGetSetTestCase(SambaToolCmdTest):
|
class NtACLCmdGetSetTestCase(SambaToolCmdTest):
|
||||||
"""Tests for samba-tool ntacl get/set subcommands"""
|
"""Tests for samba-tool ntacl get/set subcommands"""
|
||||||
|
|
||||||
acl = "O:DAG:DUD:P(A;OICI;0x1f01ff;;;DA)(A;OICI;0x1f01ff;;;EA)(A;OICIIO;0x1f01ff;;;CO)(A;OICI;0x1f01ff;;;DA)(A;OICI;0x1f01ff;;;SY)(A;OICI;0x1200a9;;;AU)(A;OICI;0x1200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
|
acl = "O:DAG:DUD:P(A;OICI;FA;;;DA)(A;OICI;FA;;;EA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;DA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;AU)(A;OICI;0x1200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
|
||||||
|
|
||||||
def test_ntvfs(self):
|
def test_ntvfs(self):
|
||||||
path = os.environ['SELFTEST_PREFIX']
|
path = os.environ['SELFTEST_PREFIX']
|
||||||
@@ -163,9 +163,9 @@ class NtACLCmdGetSetTestCase(SambaToolCmdTest):
|
|||||||
|
|
||||||
class NtACLCmdChangedomsidTestCase(SambaToolCmdTest):
|
class NtACLCmdChangedomsidTestCase(SambaToolCmdTest):
|
||||||
"""Tests for samba-tool ntacl changedomsid subcommand"""
|
"""Tests for samba-tool ntacl changedomsid subcommand"""
|
||||||
|
maxDiff = 10000
|
||||||
acl = "O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
|
acl = "O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
|
||||||
new_acl="O:S-1-5-21-2212615479-2695158682-2101375468-512G:S-1-5-21-2212615479-2695158682-2101375468-513D:P(A;OICI;0x1f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;0x1f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-519)(A;OICIIO;0x1f01ff;;;CO)(A;OICI;0x1f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;0x1f01ff;;;SY)(A;OICI;0x1200a9;;;AU)(A;OICI;0x1200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
|
new_acl="O:S-1-5-21-2212615479-2695158682-2101375468-512G:S-1-5-21-2212615479-2695158682-2101375468-513D:P(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-519)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;AU)(A;OICI;0x1200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
|
||||||
domain_sid=os.environ['DOMSID']
|
domain_sid=os.environ['DOMSID']
|
||||||
new_domain_sid="S-1-5-21-2212615479-2695158682-2101375468"
|
new_domain_sid="S-1-5-21-2212615479-2695158682-2101375468"
|
||||||
|
|
||||||
|
|||||||
@@ -1,4 +0,0 @@
|
|||||||
^samba.tests.sddl.+.SddlCanonical.test_sddl_D:.A;;FA;;;WD..none
|
|
||||||
^samba.tests.sddl.+.SddlNonCanonical.test_sddl_D:.A;;0x001f01ff;;;WD..A;;0x001f01ff;;;S-1-5-21-11111111-22222222-33333333-1001..A;;0x001f01ff;;;S-1+11522-more-characters.none
|
|
||||||
^samba.tests.sddl.+.SddlNonCanonical.test_sddl_O:LAG:BAD:P.A;OICI;0x1f01ff;;;BA..none
|
|
||||||
^samba.tests.sddl.+.SddlNonCanonical.test_sddl_O:S-1-5-21-2212615479-2695158682-2101375468-512G:S-1-5-21-2212615479-2695158682-2101375468-513D:P.A;+482-more-characters.none
|
|
||||||
|
|||||||
@@ -43,14 +43,11 @@ build_files
|
|||||||
test_large_acl()
|
test_large_acl()
|
||||||
{
|
{
|
||||||
#An ACL with 200 entries, ~7K
|
#An ACL with 200 entries, ~7K
|
||||||
new_acl=$(seq 1001 1200 | sed -r -e '1 i\D:(A;;0x001f01ff;;;WD)' -e 's/(.*)/(A;;0x001f01ff;;;S-1-5-21-11111111-22222222-33333333-\1)/' | tr -d '\n')
|
new_acl=$(seq 1001 1200 | sed -r -e '1 i\D:(A;;FA;;;WD)' -e 's/(.*)/(A;;FA;;;S-1-5-21-11111111-22222222-33333333-\1)/' | tr -d '\n')
|
||||||
# the ace flags will lose their 0x00 padding when reserialised from the SD.
|
|
||||||
new_acl_out=$(echo -n "$new_acl" | perl -p -e 's/0x00/0x/g')
|
|
||||||
$SMBCACLS //$SERVER/acl_xattr_ign_sysacl_windows -U $USERNAME%$PASSWORD --sddl -S $new_acl large_acl
|
$SMBCACLS //$SERVER/acl_xattr_ign_sysacl_windows -U $USERNAME%$PASSWORD --sddl -S $new_acl large_acl
|
||||||
actual_acl=$($SMBCACLS //$SERVER/acl_xattr_ign_sysacl_windows -U $USERNAME%$PASSWORD --sddl --numeric large_acl 2>/dev/null | sed -rn 's/.*(D:.*)/\1/p' | tr -d '\n')
|
actual_acl=$($SMBCACLS //$SERVER/acl_xattr_ign_sysacl_windows -U $USERNAME%$PASSWORD --sddl --numeric large_acl 2>/dev/null | sed -rn 's/.*(D:.*)/\1/p' | tr -d '\n')
|
||||||
if [ ! "$new_acl_out" = "$actual_acl" ]; then
|
if [ ! "$new_acl" = "$actual_acl" ]; then
|
||||||
echo -e "given:\n$new_acl\n"
|
echo -e "expected:\n$new_acl\nactual:\n$actual_acl\n"
|
||||||
echo -e "expected:\n$new_acl_out\nactual:\n$actual_acl\n"
|
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -18,15 +18,13 @@ samba_tool="$samba4bindir/samba-tool"
|
|||||||
testfile="$PREFIX/ntacl_testfile"
|
testfile="$PREFIX/ntacl_testfile"
|
||||||
|
|
||||||
# acl from samba_tool/ntacl.py tests
|
# acl from samba_tool/ntacl.py tests
|
||||||
acl="O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
|
acl="O:DAG:DUD:P(A;OICI;FA;;;DA)(A;OICI;FA;;;EA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;DA)(A;OICI;FA;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
|
||||||
|
new_acl="O:S-1-5-21-2212615479-2695158682-2101375468-512G:S-1-5-21-2212615479-2695158682-2101375468-513D:P(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-519)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;FA;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
|
||||||
new_acl="O:S-1-5-21-2212615479-2695158682-2101375468-512G:S-1-5-21-2212615479-2695158682-2101375468-513D:P(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-519)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
|
new_domain_sid="S-1-5-21-2212615479-2695158682-2101375468"
|
||||||
|
|
||||||
acl_without_padding=$(echo -n "$acl" | perl -p -e 's/0x00/0x/g')
|
acl_without_padding=$(echo -n "$acl" | perl -p -e 's/0x00/0x/g')
|
||||||
new_acl_without_padding=$(echo -n "$new_acl" | perl -p -e 's/0x00/0x/g')
|
new_acl_without_padding=$(echo -n "$new_acl" | perl -p -e 's/0x00/0x/g')
|
||||||
|
|
||||||
new_domain_sid="S-1-5-21-2212615479-2695158682-2101375468"
|
|
||||||
|
|
||||||
. $(dirname $0)/subunit.sh
|
. $(dirname $0)/subunit.sh
|
||||||
|
|
||||||
UID_WRAPPER_ROOT=1
|
UID_WRAPPER_ROOT=1
|
||||||
|
|||||||
Reference in New Issue
Block a user