1/* 2 Unix SMB/Netbios implementation. 3 Version 1.9. 4 Security context tests 5 Copyright (C) Tim Potter 2000 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License as published by 9 the Free Software Foundation; either version 3 of the License, or 10 (at your option) any later version. 11 12 This program is distributed in the hope that it will be useful, 13 but WITHOUT ANY WARRANTY; without even the implied warranty of 14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 GNU General Public License for more details. 16 17 You should have received a copy of the GNU General Public License 18 along with this program. If not, see <http://www.gnu.org/licenses/>. 19*/ 20 21#include "includes.h" 22#include "se_access_check_utils.h" 23 24/* Globals */ 25 26BOOL failed; 27SEC_DESC *sd; 28 29struct ace_entry acl_allowall[] = { 30 { SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_ACE_FLAG_CONTAINER_INHERIT, 31 GENERIC_ALL_ACCESS, "S-1-1-0" }, 32 { 0, 0, 0, NULL} 33}; 34 35/* Check that access is always allowed for a NULL security descriptor */ 36 37BOOL allowall_check(struct passwd *pw, int ngroups, gid_t *groups) 38{ 39 uint32 acc_granted, status; 40 BOOL result; 41 42 result = se_access_check(sd, pw->pw_uid, pw->pw_gid, 43 ngroups, groups, 44 SEC_RIGHTS_MAXIMUM_ALLOWED, 45 &acc_granted, &status); 46 47 if (!result || status != NT_STATUS_NO_PROBLEMO || 48 acc_granted != GENERIC_ALL_ACCESS) { 49 printf("FAIL: allowall se_access_check %d/%d\n", 50 pw->pw_uid, pw->pw_gid); 51 failed = True; 52 } 53 54 return True; 55} 56 57/* Main function */ 58 59int main(int argc, char **argv) 60{ 61 /* Initialisation */ 62 63 generate_wellknown_sids(); 64 65 /* Create security descriptor */ 66 67 sd = build_sec_desc(acl_allowall, NULL, NULL_SID, NULL_SID); 68 69 if (!sd) { 70 printf("FAIL: could not build security descriptor\n"); 71 return 1; 72 } 73 74 /* Run test */ 75 76 visit_pwdb(allowall_check); 77 78 /* Return */ 79 80 if (!failed) { 81 printf("PASS\n"); 82 return 0; 83 } 84 85 return 1; 86} 87