1/* 2 Unix SMB/Netbios implementation. 3 Version 1.9. 4 Security context tests 5 Copyright (C) Tim Potter 2000 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License as published by 9 the Free Software Foundation; either version 3 of the License, or 10 (at your option) any later version. 11 12 This program is distributed in the hope that it will be useful, 13 but WITHOUT ANY WARRANTY; without even the implied warranty of 14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 GNU General Public License for more details. 16 17 You should have received a copy of the GNU General Public License 18 along with this program. If not, see <http://www.gnu.org/licenses/>. 19*/ 20 21#include "includes.h" 22#include "se_access_check_utils.h" 23 24/* Globals */ 25 26BOOL failed; 27SEC_DESC *sd; 28 29struct ace_entry acl_allowsome[] = { 30 { SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_ACE_FLAG_CONTAINER_INHERIT, 31 GENERIC_ALL_ACCESS, "user0" }, 32 { SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_ACE_FLAG_CONTAINER_INHERIT, 33 GENERIC_ALL_ACCESS, "user2" }, 34 { 0, 0, 0, NULL} 35}; 36 37BOOL allowsome_check(struct passwd *pw, int ngroups, gid_t *groups) 38{ 39 uint32 acc_granted, status; 40 fstring name; 41 BOOL result; 42 int len1, len2; 43 44 /* Check only user0 and user2 allowed access */ 45 46 result = se_access_check(sd, pw->pw_uid, pw->pw_gid, 47 ngroups, groups, 48 SEC_RIGHTS_MAXIMUM_ALLOWED, 49 &acc_granted, &status); 50 51 len1 = (int)strlen(pw->pw_name) - strlen("user0"); 52 len2 = (int)strlen(pw->pw_name) - strlen("user2"); 53 54 if ((strncmp("user0", &pw->pw_name[MAX(len1, 0)], 55 strlen("user0")) == 0) || 56 (strncmp("user2", &pw->pw_name[MAX(len2, 0)], 57 strlen("user2")) == 0)) { 58 if (!result || acc_granted != GENERIC_ALL_ACCESS) { 59 printf("FAIL: access not granted for %s\n", 60 pw->pw_name); 61 } 62 } else { 63 if (result || acc_granted != 0) { 64 printf("FAIL: access granted for %s\n", pw->pw_name); 65 } 66 } 67 68 printf("result %s for user %s\n", result ? "allowed" : "denied", 69 pw->pw_name); 70 71 return True; 72} 73 74/* Main function */ 75 76int main(int argc, char **argv) 77{ 78 /* Initialisation */ 79 80 generate_wellknown_sids(); 81 82 /* Create security descriptor */ 83 84 sd = build_sec_desc(acl_allowsome, NULL, NULL_SID, NULL_SID); 85 86 if (!sd) { 87 printf("FAIL: could not build security descriptor\n"); 88 return 1; 89 } 90 91 /* Run test */ 92 93 visit_pwdb(allowsome_check); 94 95 /* Return */ 96 97 if (!failed) { 98 printf("PASS\n"); 99 return 0; 100 } 101 102 return 1; 103} 104