{ SEC_GENERIC_EXECUTE, SEC_RIGHTS_DIR_EXECUTE },
{ SEC_GENERIC_ALL, SEC_RIGHTS_DIR_ALL }
};
+ BOOL has_restore_privilege;
+ BOOL has_take_ownership_privilege;
printf("TESTING FILE GENERIC BITS\n");
owner_sid = dom_sid_string(mem_ctx, sd_orig->owner_sid);
+ status = smblsa_sid_check_privilege(cli, owner_sid, SEC_PRIV_RESTORE);
+ has_restore_privilege = NT_STATUS_IS_OK(status);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smblsa_sid_check_privilege - %s\n", nt_errstr(status));
+ }
+ printf("SEC_PRIV_RESTORE - %s\n", has_restore_privilege?"Yes":"No");
+
+ status = smblsa_sid_check_privilege(cli, owner_sid, SEC_PRIV_TAKE_OWNERSHIP);
+ has_take_ownership_privilege = NT_STATUS_IS_OK(status);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smblsa_sid_check_privilege - %s\n", nt_errstr(status));
+ }
+ printf("SEC_PRIV_TAKE_OWNERSHIP - %s\n", has_restore_privilege?"Yes":"No");
for (i=0;i<ARRAY_SIZE(file_mappings);i++) {
+ uint32_t expected_mask =
+ SEC_STD_WRITE_DAC |
+ SEC_STD_READ_CONTROL |
+ SEC_FILE_READ_ATTRIBUTE |
+ SEC_STD_DELETE;
+ uint32_t expected_mask_anon = SEC_FILE_READ_ATTRIBUTE;
+
+ if (has_restore_privilege) {
+ expected_mask_anon |= SEC_STD_DELETE;
+ }
printf("testing generic bits 0x%08x\n",
file_mappings[i].gen_bits);
status = smb_raw_open(cli->tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_ACCESS_FLAGS(io.ntcreatex.out.fnum,
- SEC_STD_READ_CONTROL |
- SEC_STD_WRITE_DAC |
- SEC_STD_DELETE |
- SEC_FILE_READ_ATTRIBUTE |
- file_mappings[i].specific_bits);
+ expected_mask | file_mappings[i].specific_bits);
smbcli_close(cli->tree, io.ntcreatex.out.fnum);
+ if (!has_take_ownership_privilege) {
+ continue;
+ }
printf("testing generic bits 0x%08x (anonymous)\n",
file_mappings[i].gen_bits);
sd = security_descriptor_create(mem_ctx,
- SID_ANONYMOUS, NULL,
+ SID_NT_ANONYMOUS, NULL,
owner_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED,
file_mappings[i].gen_bits,
CHECK_STATUS(status, NT_STATUS_OK);
sd2 = security_descriptor_create(mem_ctx,
- SID_ANONYMOUS, NULL,
+ SID_NT_ANONYMOUS, NULL,
owner_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED,
file_mappings[i].specific_bits,
status = smb_raw_open(cli->tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_ACCESS_FLAGS(io.ntcreatex.out.fnum,
- SEC_STD_DELETE |
- SEC_FILE_READ_ATTRIBUTE |
- file_mappings[i].specific_bits);
+ expected_mask_anon | file_mappings[i].specific_bits);
smbcli_close(cli->tree, io.ntcreatex.out.fnum);
}
for (i=0;i<ARRAY_SIZE(dir_mappings);i++) {
+ uint32_t expected_mask =
+ SEC_STD_WRITE_DAC |
+ SEC_STD_READ_CONTROL |
+ SEC_FILE_READ_ATTRIBUTE |
+ SEC_STD_DELETE;
printf("testing generic bits 0x%08x\n",
file_mappings[i].gen_bits);
status = smb_raw_open(cli->tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_ACCESS_FLAGS(io.ntcreatex.out.fnum,
- SEC_STD_WRITE_DAC |
- SEC_STD_READ_CONTROL |
- SEC_STD_DELETE |
- SEC_FILE_READ_ATTRIBUTE |
- dir_mappings[i].specific_bits);
+ expected_mask | dir_mappings[i].specific_bits);
smbcli_close(cli->tree, io.ntcreatex.out.fnum);
-
}
+
printf("put back original sd\n");
set.set_secdesc.in.sd = sd_orig;
status = smb_raw_setfileinfo(cli->tree, &set);
git.samba.org / samba.git / commitdiff