From: Christof Schmitt <cs@samba.org>
Date: Wed, 10 Jul 2019 20:14:32 +0000 (-0700)
Subject: nfs4_acls: Add test for merging duplicates when mapping from NFS4 ACL to DACL
X-Git-Tag: samba-4.9.12~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c5d4691183fc64c38462cff9b9d715e8eea2ff04;p=thirdparty%2Fsamba.git

nfs4_acls: Add test for merging duplicates when mapping from NFS4 ACL to DACL

The previous patch introduced merging of duplicates on the mapping path
from NFS4 ACL entries to DACL entries. Add a testcase to verify the
expected behavior of this codepath.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 1a137a2f20c2f159c5feaef230a2b85bb9fb23b5)
---

diff --git a/source3/modules/test_nfs4_acls.c b/source3/modules/test_nfs4_acls.c
index 170a397579a..0b23bd1d02e 100644
--- a/source3/modules/test_nfs4_acls.c
+++ b/source3/modules/test_nfs4_acls.c
@@ -1776,6 +1776,84 @@ static void test_dacl_to_nfs4_idmap_type_both(void **state)
 	TALLOC_FREE(frame);
 }
 
+static void test_nfs4_to_dacl_remove_duplicate(void **state)
+{
+
+	struct dom_sid *sids = *state;
+	TALLOC_CTX *frame = talloc_stackframe();
+	struct SMB4ACL_T *nfs4_acl;
+	SMB_ACE4PROP_T nfs4_ace;
+	struct security_ace *dacl_aces;
+	int good_aces;
+	struct smbacl4_vfs_params params = {
+		.mode = e_simple,
+		.do_chown = true,
+		.acedup = e_dontcare,
+		.map_full_control = true,
+	};
+
+	nfs4_acl = smb_create_smb4acl(frame);
+	assert_non_null(nfs4_acl);
+
+	nfs4_ace = (SMB_ACE4PROP_T) {
+		.flags		= 0,
+		.who.uid	= 1002,
+		.aceType	= SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE,
+		.aceFlags	= SMB_ACE4_INHERITED_ACE,
+		.aceMask	= SMB_ACE4_WRITE_DATA,
+	};
+	assert_non_null(smb_add_ace4(nfs4_acl, &nfs4_ace));
+
+	nfs4_ace = (SMB_ACE4PROP_T) {
+		.flags		= 0,
+		.who.gid	= 1002,
+		.aceType	= SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE,
+		.aceFlags	= SMB_ACE4_IDENTIFIER_GROUP|
+				  SMB_ACE4_INHERITED_ACE,
+		.aceMask	= SMB_ACE4_WRITE_DATA,
+	};
+	assert_non_null(smb_add_ace4(nfs4_acl, &nfs4_ace));
+
+	nfs4_ace = (SMB_ACE4PROP_T) {
+		.flags		= 0,
+		.who.gid	= 1002,
+		.aceType	= SMB_ACE4_ACCESS_DENIED_ACE_TYPE,
+		.aceFlags	= SMB_ACE4_IDENTIFIER_GROUP|
+				  SMB_ACE4_INHERITED_ACE,
+		.aceMask	= SMB_ACE4_WRITE_DATA,
+	};
+	assert_non_null(smb_add_ace4(nfs4_acl, &nfs4_ace));
+
+	nfs4_ace = (SMB_ACE4PROP_T) {
+		.flags		= 0,
+		.who.gid	= 1002,
+		.aceType	= SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE,
+		.aceFlags	= SMB_ACE4_IDENTIFIER_GROUP|
+				  SMB_ACE4_INHERITED_ACE,
+		.aceMask	= SMB_ACE4_WRITE_DATA,
+	};
+	assert_non_null(smb_add_ace4(nfs4_acl, &nfs4_ace));
+
+	assert_true(smbacl4_nfs42win(frame, &params, nfs4_acl,
+				     &sids[0], &sids[1], true,
+				     &dacl_aces, &good_aces));
+
+	assert_int_equal(good_aces, 2);
+	assert_non_null(dacl_aces);
+
+	assert_int_equal(dacl_aces[0].type, SEC_ACE_TYPE_ACCESS_ALLOWED);
+	assert_int_equal(dacl_aces[0].flags, SEC_ACE_FLAG_INHERITED_ACE);
+	assert_int_equal(dacl_aces[0].access_mask, SEC_FILE_WRITE_DATA);
+	assert_true(dom_sid_equal(&dacl_aces[0].trustee, &sids[2]));
+
+	assert_int_equal(dacl_aces[1].type, SEC_ACE_TYPE_ACCESS_DENIED);
+	assert_int_equal(dacl_aces[1].flags, SEC_ACE_FLAG_INHERITED_ACE);
+	assert_int_equal(dacl_aces[1].access_mask, SEC_FILE_WRITE_DATA);
+	assert_true(dom_sid_equal(&dacl_aces[1].trustee, &sids[2]));
+
+	TALLOC_FREE(frame);
+}
+
 int main(int argc, char **argv)
 {
 	const struct CMUnitTest tests[] = {
@@ -1799,6 +1877,7 @@ int main(int argc, char **argv)
 		cmocka_unit_test(test_nfs4_to_dacl_config_special),
 		cmocka_unit_test(test_nfs4_to_dacl_idmap_type_both),
 		cmocka_unit_test(test_dacl_to_nfs4_idmap_type_both),
+		cmocka_unit_test(test_nfs4_to_dacl_remove_duplicate),
 	};
 
 	cmocka_set_message_output(CM_OUTPUT_SUBUNIT);