The branch, master has been updated
via 4164111 testprogs/blackbox/subunit: Fix testok
via 66f5d09 test_sharesec: Fix check for deleted ACL
via 2272c97 test_sharesec: Fix usage message
via 4a80114 test_sharesec: Add new test for ACL entry from numerical
input
via 4b56ce3 util_sd: Also accept hex input for ALLOW/DENIED
from da74d0c tevent: version 0.9.28
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4164111f55a8104c8e9690dee0d824ac24d28089
Author: Christof Schmitt <[email protected]>
Date: Mon Feb 8 14:20:56 2016 -0700
testprogs/blackbox/subunit: Fix testok
The fail count is always in the second parameter. Omit the shift
operations, so that the value can be read correctly from $2.
Signed-off-by: Christof Schmitt <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
Autobuild-User(master): Jeremy Allison <[email protected]>
Autobuild-Date(master): Sat Feb 20 03:58:01 CET 2016 on sn-devel-144
commit 66f5d0902da209276124fb7c504a3e0d926d989b
Author: Christof Schmitt <[email protected]>
Date: Thu Feb 4 16:39:59 2016 -0700
test_sharesec: Fix check for deleted ACL
Remove semicolon; without this change the test could not detect a
failure of removing the ACL.
Signed-off-by: Christof Schmitt <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit 2272c9723d1e8478a3173c297f809c539ac1fd5c
Author: Christof Schmitt <[email protected]>
Date: Thu Feb 4 16:35:25 2016 -0700
test_sharesec: Fix usage message
Signed-off-by: Christof Schmitt <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit 4a80114a0e48d129cfd8a02ff97a2d5f17784a25
Author: Christof Schmitt <[email protected]>
Date: Thu Feb 4 16:35:08 2016 -0700
test_sharesec: Add new test for ACL entry from numerical input
Signed-off-by: Christof Schmitt <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit 4b56ce3abdb459bffc182a55e2bc82eaf135635f
Author: Christof Schmitt <[email protected]>
Date: Mon Feb 8 13:56:23 2016 -0700
util_sd: Also accept hex input for ALLOW/DENIED
Implement this by explicitly checking for decimal or hexadecimal input.
This avoids using sscanf with %i and a signed integer type, and it also
matches the code paths for flags and mask that also have an explicit
check.
Signed-off-by: Christof Schmitt <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
source3/lib/util_sd.c | 37 +++++++++++++++++++++++++----------
source3/script/tests/test_sharesec.sh | 18 +++++++++++++++--
testprogs/blackbox/subunit.sh | 2 --
3 files changed, 43 insertions(+), 14 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/lib/util_sd.c b/source3/lib/util_sd.c
index 8065a0f..9a7b34f 100644
--- a/source3/lib/util_sd.c
+++ b/source3/lib/util_sd.c
@@ -418,14 +418,6 @@ bool parse_ace(struct cli_state *cli, struct security_ace
*ace,
}
*p = '\0';
p++;
- /* Try to parse numeric form */
-
- if (sscanf(p, "%u/%u/%u", &atype, &aflags, &amask) == 3 &&
- StringToSid(cli, &sid, str)) {
- goto done;
- }
-
- /* Try to parse text form */
if (!StringToSid(cli, &sid, str)) {
printf("ACE '%s': failed to convert '%s' to SID\n",
@@ -448,6 +440,33 @@ bool parse_ace(struct cli_state *cli, struct security_ace
*ace,
atype = SEC_ACE_TYPE_ACCESS_ALLOWED;
} else if (strncmp(tok, "DENIED", strlen("DENIED")) == 0) {
atype = SEC_ACE_TYPE_ACCESS_DENIED;
+
+ } else if (strnequal(tok, "0x", 2)) {
+ int result;
+
+ result = sscanf(tok, "%x", &atype);
+ if (result == 0 ||
+ (atype != SEC_ACE_TYPE_ACCESS_ALLOWED &&
+ atype != SEC_ACE_TYPE_ACCESS_DENIED)) {
+ printf("ACE '%s': bad hex value for type at '%s'\n",
+ orig_str, tok);
+ SAFE_FREE(str);
+ TALLOC_FREE(frame);
+ return false;
+ }
+ } else if(tok[0] >= '0' && tok[0] <= '9') {
+ int result;
+
+ result = sscanf(tok, "%u", &atype);
+ if (result == 0 ||
+ (atype != SEC_ACE_TYPE_ACCESS_ALLOWED &&
+ atype != SEC_ACE_TYPE_ACCESS_DENIED)) {
+ printf("ACE '%s': bad integer value for type at '%s'\n",
+ orig_str, tok);
+ SAFE_FREE(str);
+ TALLOC_FREE(frame);
+ return false;
+ }
} else {
printf("ACE '%s': missing 'ALLOWED' or 'DENIED' entry at
'%s'\n",
orig_str, tok);
@@ -456,8 +475,6 @@ bool parse_ace(struct cli_state *cli, struct security_ace
*ace,
return False;
}
- /* Only numeric form accepted for flags at present */
-
if (!next_token_talloc(frame, &cp, &tok, "/")) {
printf("ACE '%s': bad flags entry at '%s'\n",
orig_str, tok);
diff --git a/source3/script/tests/test_sharesec.sh
b/source3/script/tests/test_sharesec.sh
index ef207ff..8165a58 100755
--- a/source3/script/tests/test_sharesec.sh
+++ b/source3/script/tests/test_sharesec.sh
@@ -10,7 +10,7 @@
# Copyright (C) 2015 Christof Schmitt
if [ $# -lt 3 ]; then
-Usage: test_sharesec.sh SERVERCONFFILE SHARESEC SHARE
+ echo Usage: test_sharesec.sh SERVERCONFFILE SHARESEC SHARE
exit 1
fi
@@ -94,9 +94,23 @@ testit "Query ACL with three entries after removal" $CMD
--view || \
COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l)
testit "Verify ACL count after removal" test $COUNT -eq 3 || \
failed=$(expr $failed + 1)
-ACL="$($CMD --view | grep S-1-5-32-546')"
+ACL="$($CMD --view | grep S-1-5-32-546)"
testit "Verify removal" test -e "$ACL" || failed=$(expr $failed + 1)
+testit "Set ACL as hex value" $CMD --add S-1-5-32-547:0x1/0x0/0x001F01FF || \
+ failed=$(expr $failed + 1)
+ACL="$($CMD --view | grep S-1-5-32-547 | sed -e 's/^ACL://')"
+testit "Verify numerically set entry" \
+ test "$ACL" = S-1-5-32-547:DENIED/0x0/FULL || \
+ failed=$(expr $failed + 1)
+
+testit "Set ACL as dec value" $CMD --add S-1-5-32-548:1/0/0x001F01FF || \
+ failed=$(expr $failed + 1)
+ACL="$($CMD --view | grep S-1-5-32-548 | sed -e 's/^ACL://')"
+testit "Verify numerically set entry" \
+ test "$ACL" = S-1-5-32-548:DENIED/0x0/FULL || \
+ failed=$(expr $failed + 1)
+
testit "Set back to default ACL " $CMD --replace S-1-1-0:ALLOWED/0x0/FULL || \
failed=$(expr $failed + 1)
testit "Query standard ACL" $CMD --view || \
diff --git a/testprogs/blackbox/subunit.sh b/testprogs/blackbox/subunit.sh
index 3ed0882..db7fb05 100755
--- a/testprogs/blackbox/subunit.sh
+++ b/testprogs/blackbox/subunit.sh
@@ -96,9 +96,7 @@ testit_expect_failure () {
testok () {
name=`basename $1`
- shift
failed=$2
- shift
exit $failed
}
--
Samba Shared Repository
