se_access_check() tests.

(This used to be commit bba912cad8dfcef3dbc1db020304ab29fd71d5cb)

1 files changed, 158 insertions, 0 deletions

diff --git a/testsuite/smbd/se_access_check_utils.c b/testsuite/smbd/se_access_check_utils.c
new file mode 100644
index 00000000000..316bb5d905a
--- /dev/null
+++ b/testsuite/smbd/se_access_check_utils.c
@@ -0,0 +1,158 @@
+/* 
+   Unix SMB/Netbios implementation.
+   Version 1.9.
+   Security context tests
+   Copyright (C) Tim Potter 2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "se_access_check_utils.h"
+
+void char_to_sid(DOM_SID *sid, char *sid_str)
+{
+	/* If it looks like a SID, call string_to_sid() else look it up
+	   using wbinfo. */
+
+	if (strncmp(sid_str, "S-", 2) == 0) {
+		string_to_sid(sid, sid_str);
+	} else {
+		struct winbindd_request request;
+		struct winbindd_response response;
+
+		/* Send off request */
+
+		ZERO_STRUCT(request);
+		ZERO_STRUCT(response);
+		
+		fstrcpy(request.data.name, sid_str);
+		if (winbindd_request(WINBINDD_LOOKUPNAME, &request, 
+				     &response) != NSS_STATUS_SUCCESS) {
+			printf("FAIL: unable to look up sid for name %s\n",
+			       sid_str);
+			exit(1);
+		}
+
+		string_to_sid(sid, response.data.sid.sid);
+		printf("converted char %s to sid %s\n", sid_str, 
+		       response.data.sid.sid);
+	}	
+}
+
+/* Construct an ACL from a list of ace_entry structures */
+
+SEC_ACL *build_acl(struct ace_entry *ace_list)
+{
+	SEC_ACE *aces = NULL;
+	SEC_ACL *result;
+	int num_aces = 0;
+
+	if (ace_list == NULL) return NULL;
+
+	/* Create aces */
+
+	while(ace_list->sid) {
+		SEC_ACCESS sa;
+		DOM_SID sid;
+
+		/* Create memory for new ACE */
+
+		if (!(aces = Realloc(aces, 
+				     sizeof(SEC_ACE) * (num_aces + 1)))) {
+			return NULL;
+		}
+
+		/* Create ace */
+
+		init_sec_access(&sa, ace_list->mask);
+
+		char_to_sid(&sid, ace_list->sid);
+		init_sec_ace(&aces[num_aces], &sid, ace_list->type,
+			     sa, ace_list->flags);
+
+		num_aces++;
+		ace_list++;
+	}
+
+	/* Create ACL from list of ACEs */
+
+	result = make_sec_acl(ACL_REVISION, num_aces, aces);
+	free(aces);
+
+	return result;
+}
+
+/* Make a security descriptor */
+
+SEC_DESC *build_sec_desc(struct ace_entry *dacl, struct ace_entry *sacl, 
+			 char *owner_sid, char *group_sid)
+{
+	DOM_SID the_owner_sid, the_group_sid;
+	SEC_ACL *the_dacl, *the_sacl;
+	SEC_DESC *result;
+	size_t size;
+
+	/* Build up bits of security descriptor */
+
+	char_to_sid(&the_owner_sid, owner_sid);
+	char_to_sid(&the_group_sid, group_sid);
+
+	the_dacl = build_acl(dacl);
+	the_sacl = build_acl(sacl);
+
+	result =  make_sec_desc(SEC_DESC_REVISION, 
+				SEC_DESC_SELF_RELATIVE | SEC_DESC_DACL_PRESENT,
+				&the_owner_sid, &the_group_sid, 
+				the_sacl, the_dacl, &size);
+
+	free_sec_acl(&the_dacl);
+	free_sec_acl(&the_sacl);
+
+	return result;
+}
+
+/* Iterate over password database and call a user-specified function */
+
+void visit_pwdb(BOOL (*fn)(struct passwd *pw, int ngroups, gid_t *groups))
+{
+	struct passwd *pw;
+	int ngroups;
+	gid_t *groups;
+
+	setpwent();
+
+	while ((pw = getpwent())) {
+		BOOL result;
+
+		/* Get grouplist */
+
+		ngroups = getgroups(0, NULL);
+
+		groups = malloc(sizeof(gid_t) * ngroups);
+		getgroups(ngroups, groups);
+
+		/* Call function */
+
+		result = fn(pw, ngroups, groups);
+		if (!result) break;
+
+		/* Clean up */
+
+		free(groups);
+	}
+
+	endpwent();
+}