]> git.ipfire.org Git - thirdparty/samba.git/commit
smbtorture: split smb2.acls into acls-with-sysacl and acls-ignore-sysacl
authorRalph Boehme <slow@samba.org>
Mon, 8 Jun 2026 13:49:57 +0000 (15:49 +0200)
committerRalph Boehme <slow@samba.org>
Fri, 26 Jun 2026 11:46:42 +0000 (11:46 +0000)
commit8d5674bccfdfecde34ea7a1b1fd384b0cff60d82
tree259c7be9d8ebe00463ea99bc4e5f9984a3c78a2a
parent2f1120304c5c9e817bf910524909f59e9731407e
smbtorture: split smb2.acls into acls-with-sysacl and acls-ignore-sysacl

The smb2.acls test suite contains tests (OWNER-RIGHTS-DENY1 and DENY1) that use
non-canonical ACLs (containing out-of-order DENY ACEs).  Under standard POSIX
draft/system ACL mapping, such non-canonical ACLs cannot be represented
on the underlying file system, hence the current code is supposed to fail
attempts to set such ACLs in the Samba POSIX ACL mapping backend.

However, as the current code wrongly silently swallows the error returned from
the low level mapping function unpack_canon_ace() and a subsequent commit is
going to fix this, the tests mentioned above will start failing.

As these non-canonical ACL are in fact valid ACLs and eg Windows allows setting
them and they only fail when Samba uses POSIX ACL backend, adjust the tests to
run against a share that uses acl_xattr without POSIX ACLs:

- smb2.acls-with-sysacl: Runs tests that are compatible with system POSIX
  ACL mapping, executed against the standard 'tmp' share.
- smb2.acls-ignore-sysacl: Contains tests that require Windows-like ACL
  handling (like non-canonical ACE ordering) which are executed against
  the 'acl_xattr_ign_sysacl_windows' share (where system ACLs are ignored).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=16097

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
selftest/flapping
selftest/knownfail
source3/selftest/tests.py
source4/torture/smb2/acls.c
source4/torture/smb2/smb2.c