testprogs/blackbox/test_samba-tool_ntacl.sh

   1 #!/bin/sh
   2 # Blackbox tests for samba-tool ntacl get/set on member server
   3 # Copyright (C) 2018 Björn Baumbach <bb@sernet.de>
   4
   5 if [ $# -ne 2 ]; then
   6         echo "Usage: test_samba-tool_ntacl.sh PREFIX DOMSID"
   7         exit 1
   8 fi
   9
  10 set -u
  11 set -e
  12
  13 PREFIX=$1
  14 domain_sid=$2
  15 CONFIGURATION="--configfile=$PREFIX/ad_member/lib/server.conf"
  16
  17 failed=0
  18
  19 samba4bindir="$BINDIR"
  20 samba_tool="$samba4bindir/samba-tool"
  21
  22 testdirtop="$PREFIX/ntacl_testdirtop"
  23 testfile="$testdirtop/testfile"
  24 testdir1="$testdirtop/dir1"
  25 testdir1f="$testdirtop/dir1/file"
  26 testdir1l="$testdirtop/dir1/symlink"
  27
  28 # acl from samba_tool/ntacl.py tests
  29 acl="O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
  30 new_acl="O:S-1-5-21-2212615479-2695158682-2101375468-512G:S-1-5-21-2212615479-2695158682-2101375468-513D:P(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-519)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
  31 new_domain_sid="S-1-5-21-2212615479-2695158682-2101375468"
  32
  33 . $(dirname $0)/subunit.sh
  34
  35 UID_WRAPPER_ROOT=1
  36 export UID_WRAPPER_ROOT
  37
  38 test_get_acl()
  39 {
  40         testfile="$1"
  41         exptextedacl="$2"
  42         shift 2
  43
  44         retacl=$($PYTHON $samba_tool ntacl get "$testfile" --as-sddl "$@") || return $?
  45
  46         test "$retacl" = "$exptextedacl"
  47 }
  48
  49 test_set_acl()
  50 {
  51         testfile="$1"
  52         acl="$2"
  53         shift 2
  54
  55         $PYTHON $samba_tool ntacl set "$acl" "$testfile" "$@"
  56 }
  57
  58 test_get_acl_ntvfs()
  59 {
  60         testfile="$1"
  61         exptextedacl="$2"
  62
  63         retacl=$($PYTHON $samba_tool ntacl get "$testfile" --as-sddl --use-ntvfs --xattr-backend=tdb $CONFIGURATION) || return $?
  64
  65         test "$retacl" = "$exptextedacl"
  66 }
  67
  68 test_set_acl_ntvfs()
  69 {
  70         testfile="$1"
  71         acl="$2"
  72
  73         $PYTHON $samba_tool ntacl set "$acl" "$testfile" --use-ntvfs --xattr-backend=tdb $CONFIGURATION
  74 }
  75
  76 test_changedomsid()
  77 {
  78         testfile="$1"
  79         shift 1
  80
  81         $PYTHON $samba_tool ntacl changedomsid \
  82                 "$domain_sid" "$new_domain_sid" "$testfile" \
  83                 --service=tmp \
  84                 $CONFIGURATION "$@"
  85 }
  86
  87 test_changedomsid_ntvfs()
  88 {
  89         testfile="$1"
  90
  91         $PYTHON $samba_tool ntacl changedomsid \
  92                 "$domain_sid" "$new_domain_sid" "$testfile" \
  93                 --use-ntvfs \
  94                 --xattr-backend=tdb \
  95                 $CONFIGURATION
  96
  97         retacl=$($PYTHON $samba_tool ntacl get \
  98                 "$testfile" \
  99                 --as-sddl \
 100                 --xattr-backend=tdb \
 101                 --use-ntvfs \
 102                 $CONFIGURATION) || return $?
 103
 104         test "$retacl" = "$new_acl"
 105 }
 106
 107 # work around include error - s4-loadparm does not allow missing include files
 108 #
 109 # Unable to load file /home/bbaumba/src/git/samba/st/ad_member/lib/server.conf
 110 #  File "bin/python/samba/netcmd/__init__.py", line 183, in _run
 111 #    return self.run(*args, **kwargs)
 112 #  File "bin/python/samba/netcmd/ntacl.py", line 175, in run
 113 #    lp = sambaopts.get_loadparm()
 114 #  File "bin/python/samba/getopt.py", line 92, in get_loadparm
 115 #    self._lp.load(os.getenv("SMB_CONF_PATH"))
 116 #    Processing section "[global]"
 117 touch "$(dirname $SMB_CONF_PATH)/error_inject.conf"
 118 touch "$(dirname $SMB_CONF_PATH)/delay_inject.conf"
 119
 120 mkdir "$testdirtop"
 121 touch "$testfile"
 122 mkdir "$testdir1"
 123 touch "$testdir1f"
 124 ln -s "$testfile" "$testdir1l"
 125
 126 testit "set_ntacl" test_set_acl "$testfile" "$acl" || failed=$(expr $failed + 1)
 127
 128 testit "get_ntacl" test_get_acl "$testfile" "$acl" || failed=$(expr $failed + 1)
 129
 130 testit "changedomsid" test_changedomsid "$testfile" || failed=$(expr $failed + 1)
 131 testit "get_ntacl_after_changedomsid" \
 132         test_get_acl "$testfile" "$new_acl" \
 133                 --service=tmp \
 134                 $CONFIGURATION \
 135         || failed=$(expr $failed + 1)
 136
 137 testit "set_ntacl_ntvfs" test_set_acl_ntvfs "$testfile" "$acl" || failed=$(expr $failed + 1)
 138 testit "get_ntacl_ntvfs" test_get_acl_ntvfs "$testfile" "$acl" || failed=$(expr $failed + 1)
 139
 140 testit "changedomsid_ntvfs" test_changedomsid_ntvfs "$testfile" || failed=$(expr $failed + 1)
 141
 142 testit_grep "set_ntacl_recursive1 testdirtop" \
 143         "ignored symlink: $testdirtop" \
 144         test_set_acl "$testdirtop" "$acl" --recursive || failed=$(expr $failed + 1)
 145 testit "get_ntacl_after_set_recursive1 testdirtop" \
 146         test_get_acl "$testdirtop" "$acl_without_padding" \
 147                 --service=tmp \
 148                 $CONFIGURATION \
 149         || failed=$(expr $failed + 1)
 150 testit "get_ntacl_after_set_recursive1 testfile" \
 151         test_get_acl "$testfile" "$acl_without_padding" \
 152                 --service=tmp \
 153                 $CONFIGURATION \
 154         || failed=$(expr $failed + 1)
 155 testit "get_ntacl_after_set_recursive1 testdir1" \
 156         test_get_acl "$testdir1" "$acl_without_padding" \
 157                 --service=tmp \
 158                 $CONFIGURATION \
 159         || failed=$(expr $failed + 1)
 160 testit "get_ntacl_after_set_recursive1 testdir1f" \
 161         test_get_acl "$testdir1f" "$acl_without_padding" \
 162                 --service=tmp \
 163                 $CONFIGURATION \
 164         || failed=$(expr $failed + 1)
 165
 166 testit_grep "changedomsid_recursive1 testdir1" \
 167         "ignored symlink: $testdir1l" \
 168         test_changedomsid "$testdir1" --recursive || failed=$(expr $failed + 1)
 169 testit "get_ntacl_after_changedomsid_recursive1 testdirtop" \
 170         test_get_acl "$testdirtop" "$acl_without_padding" \
 171                 --service=tmp \
 172                 $CONFIGURATION \
 173         || failed=$(expr $failed + 1)
 174 testit "get_ntacl_after_changedomsid_recursive1 testfile" \
 175         test_get_acl "$testfile" "$acl_without_padding" \
 176                 --service=tmp \
 177                 $CONFIGURATION \
 178         || failed=$(expr $failed + 1)
 179 testit "get_ntacl_after_changedomsid_recursive1 testdir1" \
 180         test_get_acl "$testdir1" "$new_acl_without_padding" \
 181                 --service=tmp \
 182                 $CONFIGURATION \
 183         || failed=$(expr $failed + 1)
 184 testit "get_ntacl_after_changedomsid_recursive1 testdir1f" \
 185         test_get_acl "$testdir1f" "$new_acl_without_padding" \
 186                 --service=tmp \
 187                 $CONFIGURATION \
 188         || failed=$(expr $failed + 1)
 189
 190 testit_grep "changedomsid_recursive2 testdirtop" \
 191         "ignored symlink: $testdir1l" \
 192         test_changedomsid "$testdirtop" --recursive || failed=$(expr $failed + 1)
 193 testit "get_ntacl_after_changedomsid_recursive2 testdirtop" \
 194         test_get_acl "$testdirtop" "$new_acl_without_padding" \
 195                 --service=tmp \
 196                 $CONFIGURATION \
 197         || failed=$(expr $failed + 1)
 198 testit "get_ntacl_after_changedomsid_recursive2 testfile" \
 199         test_get_acl "$testfile" "$new_acl_without_padding" \
 200                 --service=tmp \
 201                 $CONFIGURATION \
 202         || failed=$(expr $failed + 1)
 203 testit "get_ntacl_after_changedomsid_recursive2 testdir1" \
 204         test_get_acl "$testdir1" "$new_acl_without_padding" \
 205                 --service=tmp \
 206                 $CONFIGURATION \
 207         || failed=$(expr $failed + 1)
 208 testit "get_ntacl_after_changedomsid_recursive2 testdir1f" \
 209         test_get_acl "$testdir1f" "$new_acl_without_padding" \
 210                 --service=tmp \
 211                 $CONFIGURATION \
 212         || failed=$(expr $failed + 1)
 213
 214 testit_grep "set_ntacl_recursive2 testdir1" \
 215         "ignored symlink: $testdir1l" \
 216         test_set_acl "$testdir1" "$acl" --recursive || failed=$(expr $failed + 1)
 217 testit "get_ntacl_after_set_recursive2 testdirtop" \
 218         test_get_acl "$testdirtop" "$new_acl_without_padding" \
 219                 --service=tmp \
 220                 $CONFIGURATION \
 221         || failed=$(expr $failed + 1)
 222 testit "get_ntacl_after_set_recursive2 testfile" \
 223         test_get_acl "$testfile" "$new_acl_without_padding" \
 224                 --service=tmp \
 225                 $CONFIGURATION \
 226         || failed=$(expr $failed + 1)
 227 testit "get_ntacl_after_set_recursive2 testdir1" \
 228         test_get_acl "$testdir1" "$acl_without_padding" \
 229                 --service=tmp \
 230                 $CONFIGURATION \
 231         || failed=$(expr $failed + 1)
 232 testit "get_ntacl_after_set_recursive2 testdir1f" \
 233         test_get_acl "$testdir1f" "$acl_without_padding" \
 234                 --service=tmp \
 235                 $CONFIGURATION \
 236         || failed=$(expr $failed + 1)
 237
 238 testit_grep "set_ntacl_recursive3 testdir1" \
 239         "symlink: $testdir1l" \
 240         test_set_acl "$testdir1" "$acl" --recursive --follow-symlinks --verbose || failed=$(expr $failed + 1)
 241 testit "get_ntacl_after_set_recursive3 testdirtop" \
 242         test_get_acl "$testdirtop" "$new_acl_without_padding" \
 243                 --service=tmp \
 244                 $CONFIGURATION \
 245         || failed=$(expr $failed + 1)
 246 testit "get_ntacl_after_set_recursive3 testfile" \
 247         test_get_acl "$testfile" "$acl_without_padding" \
 248                 --service=tmp \
 249                 $CONFIGURATION \
 250         || failed=$(expr $failed + 1)
 251 testit "get_ntacl_after_set_recursive3 testdir1" \
 252         test_get_acl "$testdir1" "$acl_without_padding" \
 253                 --service=tmp \
 254                 $CONFIGURATION \
 255         || failed=$(expr $failed + 1)
 256 testit "get_ntacl_after_set_recursive3 testdir1f" \
 257         test_get_acl "$testdir1f" "$acl_without_padding" \
 258                 --service=tmp \
 259                 $CONFIGURATION \
 260         || failed=$(expr $failed + 1)
 261
 262 rm -rf "$testdirtop"
 263
 264 exit $failed