The Samba-Bugzilla – Attachment 11187 Details for
Bug 11324
Change sharesec output back to previous format
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches for 4.2
patches-4.2 (text/plain), 9.54 KB, created by
Christof Schmitt
on 2015-06-23 18:28:03 UTC
(
hide
)
Description:
Patches for 4.2
Filename:
MIME Type:
Creator:
Christof Schmitt
Created:
2015-06-23 18:28:03 UTC
Size:
9.54 KB
patch
obsolete
>From 1e5e0481e78dfa179e37889bdef63e6d108c328e Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Tue, 9 Jun 2015 09:50:18 -0700 >Subject: [PATCH 1/3] sharesec: Use non-numerical output for sharesec > >This is an easy change to get the sharesec output back to the format >used before. It is also easier to understand than the output of the >flags. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11324 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit 0b9fa2849dc8b7c61467a6517c40e6e15c104d4a) >--- > source3/utils/sharesec.c | 4 ++-- > 1 files changed, 2 insertions(+), 2 deletions(-) > >diff --git a/source3/utils/sharesec.c b/source3/utils/sharesec.c >index 71a55b5..98ac224 100644 >--- a/source3/utils/sharesec.c >+++ b/source3/utils/sharesec.c >@@ -182,7 +182,7 @@ static int change_share_sec(TALLOC_CTX *mem_ctx, const char *sharename, char *th > /* should not happen */ > return 0; > case SMB_ACL_VIEW: >- sec_desc_print(NULL, stdout, old, true); >+ sec_desc_print(NULL, stdout, old, false); > return 0; > case SMB_ACL_DELETE: > for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) { >@@ -203,7 +203,7 @@ static int change_share_sec(TALLOC_CTX *mem_ctx, const char *sharename, char *th > > if (!found) { > printf("ACL for ACE:"); >- print_ace(NULL, stdout, &sd->dacl->aces[i], true); >+ print_ace(NULL, stdout, &sd->dacl->aces[i], false); > printf(" not found\n"); > } > } >-- >1.7.1 > > >From 273655ef39ec0ca736c280f335cd3ffb942bdfda Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Tue, 9 Jun 2015 10:28:17 -0700 >Subject: [PATCH 2/3] selftest: Add test for sharesec command > >Add a test for the sharesec command to ensure that it works, and to also >verify that the output does not change. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11324 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit a6650d74d1b7cc051637c1a19daff5a8009f405b) >--- > source3/script/tests/test_sharesec.sh | 111 +++++++++++++++++++++++++++++++++ > source3/selftest/tests.py | 3 + > 2 files changed, 114 insertions(+), 0 deletions(-) > create mode 100755 source3/script/tests/test_sharesec.sh > >diff --git a/source3/script/tests/test_sharesec.sh b/source3/script/tests/test_sharesec.sh >new file mode 100755 >index 0000000..ef207ff >--- /dev/null >+++ b/source3/script/tests/test_sharesec.sh >@@ -0,0 +1,111 @@ >+#!/bin/sh >+# >+# Test sharesec command. >+# >+# Verify that changing and querying the security descriptor works. Also >+# ensure that the output format for ACL entries does not change. >+# >+# The test uses well-known SIDs to not require looking up names and SIDs >+# >+# Copyright (C) 2015 Christof Schmitt >+ >+if [ $# -lt 3 ]; then >+Usage: test_sharesec.sh SERVERCONFFILE SHARESEC SHARE >+exit 1 >+fi >+ >+CONF=$1 >+SHARESEC=$2 >+SHARE=$3 >+ >+CMD="$SHARESEC $CONF $SHARE" >+ >+incdir=$(dirname $0)/../../../testprogs/blackbox >+. $incdir/subunit.sh >+ >+failed=0 >+ >+testit "Set new ACL" $CMD --replace S-1-1-0:ALLOWED/0x0/READ || \ >+ failed=$(expr $failed + 1) >+testit "Query new ACL" $CMD --view || failed=$(expr $failed + 1) >+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l) >+testit "Verify new ACL count" test $COUNT -eq 1 || failed=$(expr $failed + 1) >+ACL=$($CMD --view | grep ACL: | sed -e 's/^ACL://') >+testit "Verify new ACL" test $ACL = S-1-1-0:ALLOWED/0x0/READ >+ >+OWNER=$($CMD --view | grep OWNER:) >+testit "Verify empty OWNER" test "$OWNER" = "OWNER:" || \ >+ failed=$(expr $failed + 1) >+GROUP=$($CMD --view | grep GROUP:) >+testit "Verify empty GROUP" test "$GROUP" = "GROUP:" || \ >+ failed=$(expr $failed + 1) >+CONTROL=$($CMD --view | grep CONTROL: | sed -e 's/^CONTROL://') >+testit "Verify control flags" test "$CONTROL" = "SR|DP" || \ >+ failed=$(expr $failed + 1) >+ >+testit "Add second ACL entry" $CMD --add S-1-5-32-544:ALLOWED/0x0/FULL || \ >+ failed=$(expr $failed + 1) >+testit "Query ACL with two entries" $CMD --view || \ >+ failed=$(expr $failed + 1) >+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l) >+testit "Verify ACL count with two entries" test $COUNT -eq 2 || \ >+ failed=$(expr $failed + 1) >+ACL=$($CMD --view | grep S-1-5-32-544 | sed -e 's/^ACL://') >+testit "Verify second ACL entry" test $ACL = S-1-5-32-544:ALLOWED/0x0/FULL || \ >+ failed=$(expr $failed + 1) >+ >+testit "Modify ACL entry" $CMD --modify S-1-5-32-544:ALLOWED/0x0/CHANGE || \ >+ failed=$(expr $failed + 1) >+testit "Verify ACL with two entries after modify" $CMD --view || \ >+ failed=$(expr $failed + 1) >+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l) >+testit "Verify ACL count with two entries after modify" test $COUNT -eq 2 || \ >+ failed=$(expr $failed + 1) >+ACL=$($CMD --view | grep S-1-5-32-544 | sed -e 's/^ACL://') >+testit "Verify modified entry" test $ACL = S-1-5-32-544:ALLOWED/0x0/CHANGE || \ >+ failed=$(expr $failed + 1) >+ >+testit "Add deny ACL entry" $CMD --add S-1-5-32-545:DENIED/0x0/CHANGE || \ >+ failed=$(expr $failed + 1) >+testit "Query ACL with three entries" $CMD --view || \ >+ failed=$(expr $failed + 1) >+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l) >+testit "Verify ACL count with three entries" test $COUNT -eq 3 || \ >+ failed=$(expr $failed + 1) >+ACL=$($CMD --view | grep S-1-5-32-545 | sed -e 's/^ACL://') >+testit "Verify DENIED ACL entry" test $ACL = S-1-5-32-545:DENIED/0x0/CHANGE || \ >+ failed=$(expr $failed + 1) >+ >+testit "Add special ACL entry" $CMD --add S-1-5-32-546:ALLOWED/0x0/RWXDP || \ >+ failed=$(expr $failed + 1) >+testit "Query ACL with four entries" $CMD --view || \ >+ failed=$(expr $failed + 1) >+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l) >+testit "Verify ACL count with four entries" test $COUNT -eq 4 || \ >+ failed=$(expr $failed + 1) >+ACL=$($CMD --view | grep S-1-5-32-546 | sed -e 's/^ACL://') >+testit "Verify special entry" test $ACL = S-1-5-32-546:ALLOWED/0x0/RWXDP || \ >+ failed=$(expr $failed + 1) >+ >+testit "Remove ACL entry" $CMD --remove S-1-5-32-546:ALLOWED/0x0/RWXDP || \ >+ failed=$(expr $failed + 1) >+testit "Query ACL with three entries after removal" $CMD --view || \ >+ failed=$(expr $failed + 1) >+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l) >+testit "Verify ACL count after removal" test $COUNT -eq 3 || \ >+ failed=$(expr $failed + 1) >+ACL="$($CMD --view | grep S-1-5-32-546')" >+testit "Verify removal" test -e "$ACL" || failed=$(expr $failed + 1) >+ >+testit "Set back to default ACL " $CMD --replace S-1-1-0:ALLOWED/0x0/FULL || \ >+ failed=$(expr $failed + 1) >+testit "Query standard ACL" $CMD --view || \ >+ failed=$(expr $failed + 1) >+COUNT=$($CMD --view | grep ACL: | sed -e 's/^ACL://' | wc -l) >+testit "Verify standard ACL count" test $COUNT -eq 1 || \ >+ failed=$(expr $failed + 1) >+ACL=$($CMD --view | grep ACL: | sed -e 's/^ACL://') >+testit "Verify standard ACL" test $ACL = S-1-1-0:ALLOWED/0x0/FULL || \ >+ failed=$(expr $failed + 1) >+ >+testok $0 $failed >diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py >index 3902a2c..555a211 100755 >--- a/source3/selftest/tests.py >+++ b/source3/selftest/tests.py >@@ -413,6 +413,9 @@ for s in signseal_options: > > plantestsuite("samba3.blackbox.rpcclient_samlogon", "s3member:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"), > "$DC_USERNAME", "$DC_PASSWORD", "ncacn_np:$DC_SERVER", configuration]) >+plantestsuite("samba3.blackbox.sharesec", "simpleserver:local", >+ [os.path.join(samba3srcdir, "script/tests/test_sharesec.sh"), >+ configuration, os.path.join(bindir(), "sharesec"), "tmp"]) > > options_list = ["", "-e"] > for options in options_list: >-- >1.7.1 > > >From bb30e01a7820d97f872418e90a073f4485d26a81 Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Tue, 9 Jun 2015 10:29:21 -0700 >Subject: [PATCH 3/3] docs-xml: Update sharesec manpage to reflect current output > >Update the sharesec man page to reflect the output currently used, and >also add a note that the OWNER and GROUP fields are not used for share >ACLs. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11324 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> > >Autobuild-User(master): Volker Lendecke <vl@samba.org> >Autobuild-Date(master): Wed Jun 17 13:36:23 CEST 2015 on sn-devel-104 >(cherry picked from commit 8406d4dd1593b4a4d7bcbdc7b7c7893339f8e814) >--- > docs-xml/manpages/sharesec.1.xml | 16 ++++++++-------- > 1 files changed, 8 insertions(+), 8 deletions(-) > >diff --git a/docs-xml/manpages/sharesec.1.xml b/docs-xml/manpages/sharesec.1.xml >index 6a201cc..7e13d49 100644 >--- a/docs-xml/manpages/sharesec.1.xml >+++ b/docs-xml/manpages/sharesec.1.xml >@@ -154,10 +154,9 @@ > If not specified it defaults to 1. Using values other than 1 may > cause strange behaviour.</para> > >- <para>The owner and group specify the owner and group SIDs for the >- object. If a SID in the format S-1-x-y-z is specified this is used, >- otherwise the name specified is resolved using the server on which >- the file or directory resides.</para> >+ <para>The owner and group specify the owner and group SIDs for >+ the object. Share ACLs do not specify an owner or a group, so >+ these fields are empty.</para> > > <para>ACLs specify permissions granted to the SID. This SID > can be specified in S-1-x-y-z format or as a name in which case >@@ -227,10 +226,11 @@ > <programlisting> > host:~ # sharesec share -v > REVISION:1 >- OWNER:(NULL SID) >- GROUP:(NULL SID) >- ACL:S-1-1-0:ALLOWED/0/0x101f01ff >- ACL:S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0/FULL >+ CONTROL:SR|DP >+ OWNER: >+ GROUP: >+ ACL:S-1-1-0:ALLOWED/0x0/FULL >+ ACL:S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0x0/FULL > </programlisting> > </refsect1> > >-- >1.7.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=11187">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
cs
:
review+
vl
:
review+
Actions:
View
Attachments on
bug 11324
: 11187