status = get_nt_acl_xattr_internal(handle,
NULL,
parent_name,
- DACL_SECURITY_INFORMATION,
+ (OWNER_SECURITY_INFORMATION |
+ GROUP_SECURITY_INFORMATION |
+ DACL_SECURITY_INFORMATION),
&parent_desc);
if (NT_STATUS_IS_OK(status)) {
/* Create an inherited descriptor from the parent. */
+
+ if (DEBUGLEVEL >= 10) {
+ DEBUG(10,("inherit_new_acl: parent acl is:\n"));
+ NDR_PRINT_DEBUG(security_descriptor, parent_desc);
+ }
+
status = se_create_child_secdesc(ctx,
&psd,
&size,
if (!NT_STATUS_IS_OK(status)) {
return status;
}
+
+ if (DEBUGLEVEL >= 10) {
+ DEBUG(10,("inherit_new_acl: child acl is:\n"));
+ NDR_PRINT_DEBUG(security_descriptor, psd);
+ }
+
} else {
DEBUG(10,("inherit_new_acl: directory %s failed "
"to get acl %s\n",
if (!psd) {
return NT_STATUS_NO_MEMORY;
}
+
+ if (DEBUGLEVEL >= 10) {
+ DEBUG(10,("inherit_new_acl: default acl is:\n"));
+ NDR_PRINT_DEBUG(security_descriptor, psd);
+ }
}
status = create_acl_blob(psd, &blob);
(!(test_flags[i].parent_flags & SEC_ACE_FLAG_OBJECT_INHERIT) ||
(test_flags[i].parent_flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT))) {
if (!security_descriptor_equal(q.query_secdesc.out.sd, sd_def)) {
- printf("Expected default sd for dir at %d - got:\n", i);
+ printf("Expected default sd for dir at %d:\n", i);
+ NDR_PRINT_DEBUG(security_descriptor, sd_def);
+ printf("got:\n");
NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
}
continue;
!dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee,
sd_orig->owner_sid) ||
q.query_secdesc.out.sd->dacl->aces[0].flags != test_flags[i].dir_flags) {
- printf("Bad sd in child dir at %d (parent 0x%x)\n",
+ printf("(CI & NP) Bad sd in child dir at %d (parent 0x%x)\n",
i, test_flags[i].parent_flags);
NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
ret = false;
q.query_secdesc.out.sd->dacl->aces[0].flags != 0 ||
q.query_secdesc.out.sd->dacl->aces[1].flags !=
(test_flags[i].dir_flags | SEC_ACE_FLAG_INHERIT_ONLY)) {
- printf("Bad sd in child dir at %d (parent 0x%x)\n",
+ printf("(CI) Bad sd in child dir at %d (parent 0x%x)\n",
i, test_flags[i].parent_flags);
NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
ret = false;
!dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee,
creator_owner) ||
q.query_secdesc.out.sd->dacl->aces[0].flags != test_flags[i].dir_flags) {
- printf("Bad sd in child dir at %d (parent 0x%x)\n",
- i, test_flags[i].parent_flags);
+ printf("FAIL. t1 = %d, t2 = %d, t3 = %d, t4 = %d, t5 = %d\n",
+ q.query_secdesc.out.sd->dacl == NULL,
+ q.query_secdesc.out.sd->dacl->num_aces != 1,
+ q.query_secdesc.out.sd->dacl->aces[0].access_mask != SEC_FILE_WRITE_DATA,
+ !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee,
+ creator_owner),
+ q.query_secdesc.out.sd->dacl->aces[0].flags != test_flags[i].dir_flags);
+
+ printf("(0) Bad sd in child dir at %d (parent 0x%x) flags = 0x%x dir_flags=0x%x\n",
+ i,
+ test_flags[i].parent_flags,
+ q.query_secdesc.out.sd->dacl->aces[0].flags,
+ test_flags[i].dir_flags);
NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
ret = false;
continue;
projects / thirdparty / samba.git / commitdiff
