selftest: test samba-tool ntacl get/set on AD member server
authorBjörn Baumbach <bb@sernet.de>
Wed, 19 Sep 2018 14:36:45 +0000 (16:36 +0200)
committerBjörn Baumbach <bb@sernet.de>
Thu, 11 Oct 2018 08:28:19 +0000 (10:28 +0200)
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
source4/selftest/tests.py
testprogs/blackbox/test_samba-tool_ntacl.sh [new file with mode: 0755]

index c841131..101418a 100755 (executable)
@@ -463,6 +463,7 @@ plantestsuite("samba4.blackbox.client_etypes_all(ad_dc:client)", "ad_dc:client",
 plantestsuite("samba4.blackbox.client_etypes_legacy(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'legacy', '23'])
 plantestsuite("samba4.blackbox.client_etypes_strong(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'strong', '17_18'])
 plantestsuite("samba4.blackbox.net_ads_dns(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_net_ads_dns.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$REALM', '$USERNAME', '$PASSWORD'])
+plantestsuite("samba4.blackbox.samba-tool_ntacl(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_samba-tool_ntacl.sh"), '$PREFIX'])
 plantestsuite_loadlist("samba4.rpc.echo against NetBIOS alias", "ad_dc_ntvfs", [valgrindify(smbtorture4), "$LISTOPT", "$LOADLIST", 'ncacn_np:$NETBIOSALIAS', '-U$DOMAIN/$USERNAME%$PASSWORD', 'rpc.echo'])
 # json tests hook into ``chgdcpass'' to make them run in contributor CI on
 # gitlab
diff --git a/testprogs/blackbox/test_samba-tool_ntacl.sh b/testprogs/blackbox/test_samba-tool_ntacl.sh
new file mode 100755 (executable)
index 0000000..f538704
--- /dev/null
@@ -0,0 +1,68 @@
+#!/bin/sh
+# Blackbox tests for samba-tool ntacl get/set on member server
+# Copyright (C) 2018 Björn Baumbach <bb@sernet.de>
+
+if [ $# -lt 1 ]; then
+cat <<EOF
+Usage: test_net_ads_dns.sh PREFIX
+EOF
+exit 1;
+fi
+
+PREFIX=$1
+
+failed=0
+
+samba4bindir="$BINDIR"
+samba_tool="$samba4bindir/samba-tool"
+
+testfile="$PREFIX/ntacl_testfile"
+
+# acl from samba_tool/ntacl.py tests
+acl="O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
+
+. `dirname $0`/subunit.sh
+
+UID_WRAPPER_ROOT=1
+export UID_WRAPPER_ROOT
+
+test_get_acl()
+{
+       testfile="$1"
+       exptextedacl="$2"
+
+       retacl=$($samba_tool ntacl get "$testfile" --as-sddl) || return $?
+
+       test "$retacl" = "$exptextedacl"
+}
+
+test_set_acl()
+{
+       testfile="$1"
+       acl="$2"
+
+       $samba_tool ntacl set "$acl" "$testfile"
+}
+
+# work around include error - s4-loadparm does not allow missing include files
+#
+# Unable to load file /home/bbaumba/src/git/samba/st/ad_member/lib/server.conf
+#  File "bin/python/samba/netcmd/__init__.py", line 183, in _run
+#    return self.run(*args, **kwargs)
+#  File "bin/python/samba/netcmd/ntacl.py", line 175, in run
+#    lp = sambaopts.get_loadparm()
+#  File "bin/python/samba/getopt.py", line 92, in get_loadparm
+#    self._lp.load(os.getenv("SMB_CONF_PATH"))
+#    Processing section "[global]"
+touch "$(dirname $SMB_CONF_PATH)/error_inject.conf"
+touch "$(dirname $SMB_CONF_PATH)/delay_inject.conf"
+
+touch "$testfile"
+
+testit "set_ntacl" test_set_acl "$testfile" "$acl" || failed=`expr $failed + 1`
+
+testit "get_ntacl" test_get_acl "$testfile" "$acl" || failed=`expr $failed + 1`
+
+rm -f "$testfile"
+
+exit $failed