test_nfs4_acls: Add test for mapping permissions from NFS4 ACL to DACL

author Christof Schmitt <cs@samba.org>

Tue, 2 Jul 2019 18:33:29 +0000 (11:33 -0700)

committer Karolin Seeger <kseeger@samba.org>

Mon, 26 Aug 2019 10:23:25 +0000 (10:23 +0000)
author Christof Schmitt <cs@samba.org>
Tue, 2 Jul 2019 18:33:29 +0000 (11:33 -0700)
committer Karolin Seeger <kseeger@samba.org>
Mon, 26 Aug 2019 10:23:25 +0000 (10:23 +0000)
diff --git a/source3/modules/test_nfs4_acls.c b/source3/modules/test_nfs4_acls.c

index a0e7db41b703ed93904da61ffa0f7a5756de314a..42a69453f5a46abe698411712ac5539fe2e49f4d 100644 (file)
--- a/source3/modules/test_nfs4_acls.c
+++ b/source3/modules/test_nfs4_acls.c
@@ -440,6 +440,82 @@ static void test_ace_flags_dacl_to_nfs4(void **state)
         TALLOC_FREE(frame);
  }
  
+struct ace_perm_mapping {
+       uint32_t nfs4_perm;
+       uint32_t dacl_perm;
+} perm_table_nfs4_to_dacl[] = {
+       { SMB_ACE4_READ_DATA,           SEC_FILE_READ_DATA              },
+       { SMB_ACE4_LIST_DIRECTORY,      SEC_DIR_LIST                    },
+       { SMB_ACE4_WRITE_DATA,          SEC_FILE_WRITE_DATA             },
+       { SMB_ACE4_ADD_FILE,            SEC_DIR_ADD_FILE                },
+       { SMB_ACE4_APPEND_DATA, SEC_FILE_APPEND_DATA            },
+       { SMB_ACE4_ADD_SUBDIRECTORY,    SEC_DIR_ADD_SUBDIR,             },
+       { SMB_ACE4_READ_NAMED_ATTRS,    SEC_FILE_READ_EA                },
+       { SMB_ACE4_READ_NAMED_ATTRS,    SEC_DIR_READ_EA         },
+       { SMB_ACE4_WRITE_NAMED_ATTRS,   SEC_FILE_WRITE_EA               },
+       { SMB_ACE4_WRITE_NAMED_ATTRS,   SEC_DIR_WRITE_EA                },
+       { SMB_ACE4_EXECUTE,             SEC_FILE_EXECUTE                },
+       { SMB_ACE4_EXECUTE,             SEC_DIR_TRAVERSE                },
+       { SMB_ACE4_DELETE_CHILD,        SEC_DIR_DELETE_CHILD            },
+       { SMB_ACE4_READ_ATTRIBUTES,     SEC_FILE_READ_ATTRIBUTE },
+       { SMB_ACE4_READ_ATTRIBUTES,     SEC_DIR_READ_ATTRIBUTE          },
+       { SMB_ACE4_WRITE_ATTRIBUTES,    SEC_FILE_WRITE_ATTRIBUTE        },
+       { SMB_ACE4_WRITE_ATTRIBUTES,    SEC_DIR_WRITE_ATTRIBUTE },
+       { SMB_ACE4_DELETE,              SEC_STD_DELETE                  },
+       { SMB_ACE4_READ_ACL,            SEC_STD_READ_CONTROL            },
+       { SMB_ACE4_WRITE_ACL,           SEC_STD_WRITE_DAC,              },
+       { SMB_ACE4_WRITE_OWNER, SEC_STD_WRITE_OWNER             },
+       { SMB_ACE4_SYNCHRONIZE, SEC_STD_SYNCHRONIZE             },
+};
+
+static void test_nfs4_permissions_to_dacl(void **state)
+{
+       struct dom_sid *sids = *state;
+       TALLOC_CTX *frame = talloc_stackframe();
+       int i;
+
+       for (i = 0; i < ARRAY_SIZE(perm_table_nfs4_to_dacl); i++) {
+               struct SMB4ACL_T *nfs4_acl;
+               SMB_ACE4PROP_T nfs4_ace;
+               struct security_ace *dacl_aces;
+               int good_aces;
+               struct smbacl4_vfs_params params = {
+                       .mode = e_simple,
+                       .do_chown = true,
+                       .acedup = e_merge,
+                       .map_full_control = true,
+               };
+
+               nfs4_acl = smb_create_smb4acl(frame);
+               assert_non_null(nfs4_acl);
+
+               nfs4_ace = (SMB_ACE4PROP_T) {
+                       .flags          = 0,
+                       .who.uid        = 1000,
+                       .aceType        = SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE,
+                       .aceFlags       = 0,
+                       .aceMask        = perm_table_nfs4_to_dacl[i].nfs4_perm,
+               };
+               assert_non_null(smb_add_ace4(nfs4_acl, &nfs4_ace));
+
+               assert_true(smbacl4_nfs42win(frame, &params, nfs4_acl,
+                                            &sids[0], &sids[1], false,
+                                            &dacl_aces, &good_aces));
+
+               assert_int_equal(good_aces, 1);
+               assert_non_null(dacl_aces);
+
+               assert_int_equal(dacl_aces[0].type,
+                                SEC_ACE_TYPE_ACCESS_ALLOWED);
+               assert_int_equal(dacl_aces[0].flags, 0);
+               assert_int_equal(dacl_aces[0].access_mask,
+                                perm_table_nfs4_to_dacl[i].dacl_perm);
+               assert_true(dom_sid_equal(&dacl_aces[0].trustee, &sids[0]));
+       }
+
+       TALLOC_FREE(frame);
+}
+
  int main(int argc, char **argv)
  {
         const struct CMUnitTest tests[] = {
@@ -450,6 +526,7 @@ int main(int argc, char **argv)
                 cmocka_unit_test(test_acl_type_dacl_to_nfs4),
                 cmocka_unit_test(test_ace_flags_nfs4_to_dacl),
                 cmocka_unit_test(test_ace_flags_dacl_to_nfs4),
+               cmocka_unit_test(test_nfs4_permissions_to_dacl),
         };
  
         cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
author	Christof Schmitt <cs@samba.org>
	Tue, 2 Jul 2019 18:33:29 +0000 (11:33 -0700)
committer	Karolin Seeger <kseeger@samba.org>
	Mon, 26 Aug 2019 10:23:25 +0000 (10:23 +0000)