seltest: add test for "ignore system acls" in vfs_acl_xattr.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11806

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/selftest/selftesthelpers.py b/selftest/selftesthelpers.py
index f26484bf4551a7234ca9f2c62fd2633a5620cc2d..495a0b7a9227d5ab9e413b89598d92d38297f1b0 100644 (file)
--- a/selftest/selftesthelpers.py
+++ b/selftest/selftesthelpers.py
@@ -186,3 +186,4 @@ vfstest = binpath('vfstest')
 smbcquotas = binpath('smbcquotas')
 smbget = binpath('smbget')
 rpcclient = binpath('rpcclient')
+smbcacls = binpath('smbcacls')

diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 5dc4b177dfe5d5d0300cb4e6303ac7067daf32cf..0b16e032d667cd6bfee71f01330772ccb7f8e213 100755 (executable)
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -649,6 +649,10 @@ sub setup_fileserver($$)
        path = $smbget_sharedir
        comment = smb username is [%U]
        guest ok = yes
+[ign_sysacls]
+       path = $share_dir
+       comment = ignore system acls
+       acl_xattr:ignore system acls = yes
 ";
 
        my $vars = $self->provision($path,

diff --git a/source3/script/tests/test_acl_xattr.sh b/source3/script/tests/test_acl_xattr.sh
new file mode 100755 (executable)
index 0000000..9b8808d
--- /dev/null
+++ b/source3/script/tests/test_acl_xattr.sh
@@ -0,0 +1,125 @@
+#!/bin/sh
+
+# this tests acl_xattr config parameter "ignore system acl"
+
+if [ $# -lt 6 ]; then
+cat <<EOF
+Usage: $0 SERVER USERNAME PASSWORD PREFIX SMBCLIENT SMBCACLS
+EOF
+exit 1;
+fi
+
+SERVER="$1"
+USERNAME="$2"
+PASSWORD="$3"
+PREFIX="$4"
+SMBCLIENT="$5"
+SMBCACLS="$6"
+SMBCLIENT="$VALGRIND ${SMBCLIENT}"
+SMBCACLS="$VALGRIND ${SMBCACLS}"
+
+incdir=`dirname $0`/../../../testprogs/blackbox
+. $incdir/subunit.sh
+
+setup_remote_file() {
+    local share=$1
+    local fname="$share.$$"
+    local local_fname=$PREFIX/$fname
+    touch $local_fname
+    $SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "rm $fname"
+    $SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "ls" | grep "$fname" && exit 1
+    $SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "lcd $PREFIX; put $fname" || exit 1
+}
+
+nt_affects_posix() {
+    local share=$1
+    local expected=$2
+    local b4
+    local af
+    local fname="$share.$$"
+    b4=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
+    $SMBCACLS //$SERVER/$share $fname -U $USERNAME%$PASSWORD -a "ACL:$SERVER\force_user:ALLOWED/0x0/READ" 2>/dev/null || exit 1
+    af=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
+    echo "before: $b4"
+    echo "after: $af"
+    if test "$expected" = "true" ; then
+        test "$b4" != "$af"
+    else
+        test "$b4" = "$af"
+    fi
+}
+
+nt_affects_chown() {
+    local share=$1
+    local b4_expected
+    local af_expected
+    local b4_actual
+    local af_actual
+    local fname="$share.$$"
+
+    echo -n "determining uid of $USERNAME..."
+    b4_expected=$(getent passwd $USERNAME) || exit 1
+    b4_expected=$(echo "$b4_expected" | awk -F: '{print $3}')
+    echo "$b4_expected"
+
+    echo -n "determining uid of force_user..."
+    af_expected=$(getent passwd force_user) || exit 1
+    af_expected=$(echo "$af_expected" | awk -F: '{print $3}')
+    echo "$af_expected"
+
+    #basic sanity...
+    test "$b4_expected != $af_expected" || exit 1
+
+    b4_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
+    b4_actual=$(echo "$b4_actual" | sed -rn 's/^# owner: (.*)/\1/p')
+    $SMBCACLS //$SERVER/$share $fname -U $USERNAME%$PASSWORD -C force_user 2>/dev/null || exit 1
+    af_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
+    af_actual=$(echo "$af_actual" | sed -rn 's/^# owner: (.*)/\1/p')
+    echo "before: $b4_actual"
+    echo "after: $af_actual"
+    test "$b4_expected" = "$b4_actual" && test "$af_expected" = "$af_actual"
+}
+
+nt_affects_chgrp() {
+    local share=$1
+    local b4_expected
+    local af_expected
+    local b4_actual
+    local af_actual
+    local fname="$share.$$"
+
+    echo -n "determining gid of domusers..."
+    b4_expected=$(getent group domusers) || exit 1
+    b4_expected=$(echo "$b4_expected" | awk -F: '{print $3}')
+    echo "$b4_expected"
+
+    echo -n "determining uid of domadmins..."
+    af_expected=$(getent passwd domadmins) || exit 1
+    af_expected=$(echo "$af_expected" | awk -F: '{print $3}')
+    echo "$af_expected"
+
+    #basic sanity...
+    test "$b4_expected != $af_expected" || exit 1
+
+    b4_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
+    b4_actual=$(echo "$b4_actual" | sed -rn 's/^# group: (.*)/\1/p')
+    $SMBCACLS //$SERVER/$share $fname -U $USERNAME%$PASSWORD -G domadmins 2>/dev/null || exit 1
+    af_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
+    af_actual=$(echo "$af_actual" | sed -rn 's/^# group: (.*)/\1/p')
+    echo "before: $b4_actual"
+    echo "after: $af_actual"
+    test "$b4_expected" = "$b4_actual" && test "$af_expected" = "$af_actual"
+}
+
+testit "setup remote file tmp" setup_remote_file tmp
+testit "setup remote file ign_sysacls" setup_remote_file ign_sysacls
+testit "nt_affects_posix tmp" nt_affects_posix tmp "true"
+testit "nt_affects_posix ign_sysacls" nt_affects_posix ign_sysacls "false"
+testit "setup remote file tmp" setup_remote_file tmp
+testit "setup remote file ign_sysacls" setup_remote_file ign_sysacls
+testit "nt_affects_chown tmp" nt_affects_chown tmp
+testit "nt_affects_chown ign_sysacls" nt_affects_chown ign_sysacls
+testit "setup remote file tmp" setup_remote_file tmp
+testit "setup remote file ign_sysacls" setup_remote_file ign_sysacls
+testit "nt_affects_chgrp tmp" nt_affects_chown tmp
+testit "nt_affects_chgrp ign_sysacls" nt_affects_chown ign_sysacls

diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index c4bed49b754ec8079db5b4a0d02371feed1c3c3f..54b51367aeb7a73f762de50669e465931e955934 100755 (executable)
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -187,6 +187,7 @@ for env in ["fileserver"]:
     plantestsuite("samba3.blackbox.smbclient.forceuser_validusers (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_forceuser_validusers.sh"), '$SERVER', '$DOMAIN', '$USERNAME', '$PASSWORD', '$LOCAL_PATH', smbclient3])
     plantestsuite("samba3.blackbox.smbget (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbget.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', 'smbget_user', '$PASSWORD', '$LOCAL_PATH/smbget', smbget])
     plantestsuite("samba3.blackbox.netshareenum (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_shareenum.sh"), '$SERVER', '$USERNAME', '$PASSWORD', rpcclient])
+    plantestsuite("samba3.blackbox.acl_xattr (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_acl_xattr.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3, smbcacls])
 
     #
     # tar command tests