1/* 2 Unix SMB/Netbios implementation. 3 Version 1.9. 4 Security context tests 5 Copyright (C) Tim Potter 2000 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License as published by 9 the Free Software Foundation; either version 2 of the License, or 10 (at your option) any later version. 11 12 This program is distributed in the hope that it will be useful, 13 but WITHOUT ANY WARRANTY; without even the implied warranty of 14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 GNU General Public License for more details. 16 17 You should have received a copy of the GNU General Public License 18 along with this program; if not, write to the Free Software 19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 20*/ 21 22#include "includes.h" 23#include "se_access_check_utils.h" 24 25/* Globals */ 26 27BOOL failed; 28SEC_DESC *sd; 29 30struct ace_entry acl_allowall[] = { 31 { SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_ACE_FLAG_CONTAINER_INHERIT, 32 GENERIC_ALL_ACCESS, "S-1-1-0" }, 33 { 0, 0, 0, NULL} 34}; 35 36/* Check that access is always allowed for a NULL security descriptor */ 37 38BOOL allowall_check(struct passwd *pw, int ngroups, gid_t *groups) 39{ 40 uint32 acc_granted, status; 41 BOOL result; 42 43 result = se_access_check(sd, pw->pw_uid, pw->pw_gid, 44 ngroups, groups, 45 SEC_RIGHTS_MAXIMUM_ALLOWED, 46 &acc_granted, &status); 47 48 if (!result || status != NT_STATUS_NO_PROBLEMO || 49 acc_granted != GENERIC_ALL_ACCESS) { 50 printf("FAIL: allowall se_access_check %d/%d\n", 51 pw->pw_uid, pw->pw_gid); 52 failed = True; 53 } 54 55 return True; 56} 57 58/* Main function */ 59 60int main(int argc, char **argv) 61{ 62 /* Initialisation */ 63 64 generate_wellknown_sids(); 65 66 /* Create security descriptor */ 67 68 sd = build_sec_desc(acl_allowall, NULL, NULL_SID, NULL_SID); 69 70 if (!sd) { 71 printf("FAIL: could not build security descriptor\n"); 72 return 1; 73 } 74 75 /* Run test */ 76 77 visit_pwdb(allowall_check); 78 79 /* Return */ 80 81 if (!failed) { 82 printf("PASS\n"); 83 return 0; 84 } 85 86 return 1; 87} 88