testprogs/blackbox/test_samba-tool_ntacl.sh

   1 #!/bin/sh
   2 # Blackbox tests for samba-tool ntacl get/set on member server
   3 # Copyright (C) 2018 Björn Baumbach <bb@sernet.de>
   4
   5 if [ $# -lt 1 ]; then
   6 cat <<EOF
   7 Usage: test_net_ads_dns.sh PREFIX
   8 EOF
   9 exit 1;
  10 fi
  11
  12 PREFIX=$1
  13 domain_sid=$2
  14
  15 failed=0
  16
  17 samba4bindir="$BINDIR"
  18 samba_tool="$samba4bindir/samba-tool"
  19
  20 testfile="$PREFIX/ntacl_testfile"
  21
  22 # acl from samba_tool/ntacl.py tests
  23 acl="O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
  24 new_acl="O:S-1-5-21-2212615479-2695158682-2101375468-512G:S-1-5-21-2212615479-2695158682-2101375468-513D:P(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-519)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
  25 new_domain_sid="S-1-5-21-2212615479-2695158682-2101375468"
  26
  27 . `dirname $0`/subunit.sh
  28
  29 UID_WRAPPER_ROOT=1
  30 export UID_WRAPPER_ROOT
  31
  32 test_get_acl()
  33 {
  34         testfile="$1"
  35         exptextedacl="$2"
  36
  37         retacl=$($PYTHON $samba_tool ntacl get "$testfile" --as-sddl) || return $?
  38
  39         test "$retacl" = "$exptextedacl"
  40 }
  41
  42 test_set_acl()
  43 {
  44         testfile="$1"
  45         acl="$2"
  46
  47         $PYTHON $samba_tool ntacl set "$acl" "$testfile"
  48 }
  49
  50 test_get_acl_ntvfs()
  51 {
  52         testfile="$1"
  53         exptextedacl="$2"
  54
  55         retacl=$($PYTHON $samba_tool ntacl get "$testfile" --as-sddl --use-ntvfs --xattr-backend=tdb -s $PREFIX/ad_member/lib/server.conf) || return $?
  56
  57         test "$retacl" = "$exptextedacl"
  58 }
  59
  60 test_set_acl_ntvfs()
  61 {
  62         testfile="$1"
  63         acl="$2"
  64
  65         $PYTHON $samba_tool ntacl set "$acl" "$testfile" --use-ntvfs --xattr-backend=tdb -s $PREFIX/ad_member/lib/server.conf
  66 }
  67
  68 test_changedomsid()
  69 {
  70         testfile="$1"
  71
  72         $PYTHON $samba_tool ntacl changedomsid \
  73                 "$domain_sid" "$new_domain_sid" "$testfile" \
  74                 --service=tmp \
  75                 -s $PREFIX/ad_member/lib/server.conf
  76
  77         retacl=$($PYTHON $samba_tool ntacl get \
  78                         "$testfile" \
  79                         --as-sddl \
  80                         --service=tmp \
  81                         -s $PREFIX/ad_member/lib/server.conf) || return $?
  82
  83         test "$retacl" = "$new_acl"
  84 }
  85
  86 test_changedomsid_ntvfs()
  87 {
  88         testfile="$1"
  89
  90         $PYTHON $samba_tool ntacl changedomsid \
  91                 "$domain_sid" "$new_domain_sid" "$testfile" \
  92                 --use-ntvfs \
  93                 --xattr-backend=tdb \
  94                 -s $PREFIX/ad_member/lib/server.conf
  95
  96         retacl=$($PYTHON $samba_tool ntacl get \
  97                         "$testfile" \
  98                         --as-sddl \
  99                         --xattr-backend=tdb \
 100                         --use-ntvfs \
 101                         -s $PREFIX/ad_member/lib/server.conf) || return $?
 102
 103         test "$retacl" = "$new_acl"
 104 }
 105
 106 # work around include error - s4-loadparm does not allow missing include files
 107 #
 108 # Unable to load file /home/bbaumba/src/git/samba/st/ad_member/lib/server.conf
 109 #  File "bin/python/samba/netcmd/__init__.py", line 183, in _run
 110 #    return self.run(*args, **kwargs)
 111 #  File "bin/python/samba/netcmd/ntacl.py", line 175, in run
 112 #    lp = sambaopts.get_loadparm()
 113 #  File "bin/python/samba/getopt.py", line 92, in get_loadparm
 114 #    self._lp.load(os.getenv("SMB_CONF_PATH"))
 115 #    Processing section "[global]"
 116 touch "$(dirname $SMB_CONF_PATH)/error_inject.conf"
 117 touch "$(dirname $SMB_CONF_PATH)/delay_inject.conf"
 118
 119 touch "$testfile"
 120
 121 testit "set_ntacl" test_set_acl "$testfile" "$acl" || failed=`expr $failed + 1`
 122
 123 testit "get_ntacl" test_get_acl "$testfile" "$acl" || failed=`expr $failed + 1`
 124
 125 testit "changedomsid" test_changedomsid "$testfile" || failed=`expr $failed + 1`
 126
 127 testit "set_ntacl_ntvfs" test_set_acl_ntvfs "$testfile" "$acl" || failed=`expr $failed + 1`
 128 testit "get_ntacl_ntvfs" test_get_acl_ntvfs "$testfile" "$acl" || failed=`expr $failed + 1`
 129
 130 testit "changedomsid_ntvfs" test_changedomsid_ntvfs "$testfile" || failed=`expr $failed + 1`
 131
 132 rm -f "$testfile"
 133
 134 exit $failed