The branch, master has been updated via 4164111 testprogs/blackbox/subunit: Fix testok via 66f5d09 test_sharesec: Fix check for deleted ACL via 2272c97 test_sharesec: Fix usage message via 4a80114 test_sharesec: Add new test for ACL entry from numerical input via 4b56ce3 util_sd: Also accept hex input for ALLOW/DENIED from da74d0c tevent: version 0.9.28
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 4164111f55a8104c8e9690dee0d824ac24d28089 Author: Christof Schmitt <c...@samba.org> Date: Mon Feb 8 14:20:56 2016 -0700 testprogs/blackbox/subunit: Fix testok The fail count is always in the second parameter. Omit the shift operations, so that the value can be read correctly from $2. Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Sat Feb 20 03:58:01 CET 2016 on sn-devel-144 commit 66f5d0902da209276124fb7c504a3e0d926d989b Author: Christof Schmitt <c...@samba.org> Date: Thu Feb 4 16:39:59 2016 -0700 test_sharesec: Fix check for deleted ACL Remove semicolon; without this change the test could not detect a failure of removing the ACL. Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 2272c9723d1e8478a3173c297f809c539ac1fd5c Author: Christof Schmitt <c...@samba.org> Date: Thu Feb 4 16:35:25 2016 -0700 test_sharesec: Fix usage message Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 4a80114a0e48d129cfd8a02ff97a2d5f17784a25 Author: Christof Schmitt <c...@samba.org> Date: Thu Feb 4 16:35:08 2016 -0700 test_sharesec: Add new test for ACL entry from numerical input Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 4b56ce3abdb459bffc182a55e2bc82eaf135635f Author: Christof Schmitt <c...@samba.org> Date: Mon Feb 8 13:56:23 2016 -0700 util_sd: Also accept hex input for ALLOW/DENIED Implement this by explicitly checking for decimal or hexadecimal input. This avoids using sscanf with %i and a signed integer type, and it also matches the code paths for flags and mask that also have an explicit check. Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/lib/util_sd.c | 37 +++++++++++++++++++++++++---------- source3/script/tests/test_sharesec.sh | 18 +++++++++++++++-- testprogs/blackbox/subunit.sh | 2 -- 3 files changed, 43 insertions(+), 14 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/util_sd.c b/source3/lib/util_sd.c index 8065a0f..9a7b34f 100644 --- a/source3/lib/util_sd.c +++ b/source3/lib/util_sd.c @@ -418,14 +418,6 @@ bool parse_ace(struct cli_state *cli, struct security_ace *ace, } *p = '\0'; p++; - /* Try to parse numeric form */ - - if (sscanf(p, "%u/%u/%u", &atype, &aflags, &amask) == 3 && - StringToSid(cli, &sid, str)) { - goto done; - } - - /* Try to parse text form */ if (!StringToSid(cli, &sid, str)) { printf("ACE '%s': failed to convert '%s' to SID\n", @@ -448,6 +440,33 @@ bool parse_ace(struct cli_state *cli, struct security_ace *ace, atype = SEC_ACE_TYPE_ACCESS_ALLOWED; } else if (strncmp(tok, "DENIED", strlen("DENIED")) == 0) { atype = SEC_ACE_TYPE_ACCESS_DENIED; + + } else if (strnequal(tok, "0x", 2)) { + int result; + + result = sscanf(tok, "%x", &atype); + if (result == 0 || + (atype != SEC_ACE_TYPE_ACCESS_ALLOWED && + atype != SEC_ACE_TYPE_ACCESS_DENIED)) { + printf("ACE '%s': bad hex value for type at '%s'\n", + orig_str, tok); + SAFE_FREE(str); + TALLOC_FREE(frame); + return false; + } + } else if(tok[0] >= '0' && tok[0] <= '9') { + int result; + + result = sscanf(tok, "%u", &atype); + if (result == 0 || + (atype != SEC_ACE_TYPE_ACCESS_ALLOWED && + atype != SEC_ACE_TYPE_ACCESS_DENIED)) { + printf("ACE '%s': bad integer value for type at '%s'\n", + orig_str, tok); + SAFE_FREE(str); + TALLOC_FREE(frame); + return false; + } } else { printf("ACE '%s': missing 'ALLOWED' or 'DENIED' entry at '%s'\n", orig_str, tok); @@ -456,8 +475,6 @@ bool parse_ace(struct cli_state *cli, struct security_ace *ace, return False; } - /* Only numeric form accepted for flags at present */ - if (!next_token_talloc(frame, &cp, &tok, "/")) { printf("ACE '%s': bad flags entry at '%s'\n", orig_str, tok); diff --git a/source3/script/tests/test_sharesec.sh b/source3/script/tests/test_sharesec.sh index ef207ff..8165a58 100755 --- a/source3/script/tests/test_sharesec.sh +++ b/source3/script/tests/test_sharesec.sh @@ -10,7 +10,7 @@ # Copyright (C) 2015 Christof Schmitt if [ $# -lt 3 ]; then -Usage: test_sharesec.sh SERVERCONFFILE SHARESEC SHARE + echo Usage: test_sharesec.sh SERVERCONFFILE SHARESEC SHARE exit 1 fi @@ -94,9 +94,23 @@ testit "Query ACL with three entries after removal" $CMD --view || \ COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l) testit "Verify ACL count after removal" test $COUNT -eq 3 || \ failed=$(expr $failed + 1) -ACL="$($CMD --view | grep S-1-5-32-546')" +ACL="$($CMD --view | grep S-1-5-32-546)" testit "Verify removal" test -e "$ACL" || failed=$(expr $failed + 1) +testit "Set ACL as hex value" $CMD --add S-1-5-32-547:0x1/0x0/0x001F01FF || \ + failed=$(expr $failed + 1) +ACL="$($CMD --view | grep S-1-5-32-547 | sed -e 's/^ACL://')" +testit "Verify numerically set entry" \ + test "$ACL" = S-1-5-32-547:DENIED/0x0/FULL || \ + failed=$(expr $failed + 1) + +testit "Set ACL as dec value" $CMD --add S-1-5-32-548:1/0/0x001F01FF || \ + failed=$(expr $failed + 1) +ACL="$($CMD --view | grep S-1-5-32-548 | sed -e 's/^ACL://')" +testit "Verify numerically set entry" \ + test "$ACL" = S-1-5-32-548:DENIED/0x0/FULL || \ + failed=$(expr $failed + 1) + testit "Set back to default ACL " $CMD --replace S-1-1-0:ALLOWED/0x0/FULL || \ failed=$(expr $failed + 1) testit "Query standard ACL" $CMD --view || \ diff --git a/testprogs/blackbox/subunit.sh b/testprogs/blackbox/subunit.sh index 3ed0882..db7fb05 100755 --- a/testprogs/blackbox/subunit.sh +++ b/testprogs/blackbox/subunit.sh @@ -96,9 +96,7 @@ testit_expect_failure () { testok () { name=`basename $1` - shift failed=$2 - shift exit $failed } -- Samba Shared Repository