The branch, master has been updated via f52158d torture: add FSRVP share snapshot ACL test via b8b4d88 torture: add FSRVP message sequence timeout test via 3d65bfe torture: add timeout sleeps to fsrvp create helper via c9cac85 torture: validate FSCTL_SRV_ENUMERATE_SNAPSHOTS response via 159d1dd nss_wrapper: Fix some "discarding const" warnings via 9a936f9 nss_wrapper: Align indentation with the rest of Samba from cef718c autobuild: fix ctdb build of samba-ctdb target after switch to waf.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit f52158d74039afd0af6fcf185349bf80e8c36511 Author: David Disseldorp <dd...@samba.org> Date: Fri Jun 20 19:14:15 2014 +0200 torture: add FSRVP share snapshot ACL test The new test_fsrvp_share_sd test sets a unique ACL on the base share, and then confirms that snapshot shares carry the same ACL. Signed-off-by: David Disseldorp <dd...@samba.org> Reviewed-by: Michael Adam <ob...@samba.org> Autobuild-User(master): Michael Adam <ob...@samba.org> Autobuild-Date(master): Sat Jun 21 15:10:12 CEST 2014 on sn-devel-104 commit b8b4d88846cef595740ec8ad1d7586e539ed5258 Author: David Disseldorp <dd...@samba.org> Date: Fri Jun 20 19:14:14 2014 +0200 torture: add FSRVP message sequence timeout test Sleep at various points in the FSRVP snapshot creation state machine, and confirm that the state timeout is reflected in subsequent server responses. Signed-off-by: David Disseldorp <dd...@samba.org> Reviewed-by: Michael Adam <ob...@samba.org> commit 3d65bfe0fa41878a98ae14bdbf0074bb01371ad9 Author: David Disseldorp <dd...@samba.org> Date: Fri Jun 20 19:14:13 2014 +0200 torture: add timeout sleeps to fsrvp create helper Attempt to trip message sequence timeouts at various points in the FSRVP shadow-copy creation state machine. The default timeout-injection sleep durations correspond to those documented in MS-FSRVP (+500ms). They can also be manually set using the "fss: sequence timeout" parameter. Signed-off-by: David Disseldorp <dd...@samba.org> Reviewed-by: Michael Adam <ob...@samba.org> commit c9cac858d2c844f081510b147d7a79de6a6ec78e Author: David Disseldorp <dd...@samba.org> Date: Fri Jun 20 19:14:12 2014 +0200 torture: validate FSCTL_SRV_ENUMERATE_SNAPSHOTS response Check the NumberOfSnapShotsReturned and SnapShotArraySize fields in the FSCTL_SRV_ENUMERATE_SNAPSHOTS response match expected values. This is a regression test for bso#10549. Signed-off-by: David Disseldorp <dd...@samba.org> Reviewed-by: Michael Adam <ob...@samba.org> commit 159d1dde3a797360a47afa217c360a518034eb4e Author: Volker Lendecke <v...@samba.org> Date: Sat Jun 21 10:48:56 2014 +0200 nss_wrapper: Fix some "discarding const" warnings Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Michael Adam <ob...@samba.org> commit 9a936f96983d39868c9e337bcdfae945ffcc3f72 Author: Volker Lendecke <v...@samba.org> Date: Sat Jun 21 10:47:28 2014 +0200 nss_wrapper: Align indentation with the rest of Samba Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Michael Adam <ob...@samba.org> ----------------------------------------------------------------------- Summary of changes: lib/nss_wrapper/nss_wrapper.c | 32 ++-- source4/torture/rpc/fsrvp.c | 329 ++++++++++++++++++++++++++++++++++++++++- 2 files changed, 337 insertions(+), 24 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/nss_wrapper/nss_wrapper.c b/lib/nss_wrapper/nss_wrapper.c index 7c5a413..a012cbd 100644 --- a/lib/nss_wrapper/nss_wrapper.c +++ b/lib/nss_wrapper/nss_wrapper.c @@ -4046,24 +4046,24 @@ static int nwrap_getnameinfo(const struct sockaddr *sa, socklen_t salen, type = sa->sa_family; switch (type) { - case AF_INET: - if (salen < sizeof(struct sockaddr_in)) - return EAI_FAMILY; - addr = &((struct sockaddr_in *)sa)->sin_addr; - addrlen = sizeof(((struct sockaddr_in *)sa)->sin_addr); - port = ntohs(((struct sockaddr_in *)sa)->sin_port); - break; + case AF_INET: + if (salen < sizeof(struct sockaddr_in)) + return EAI_FAMILY; + addr = &((const struct sockaddr_in *)sa)->sin_addr; + addrlen = sizeof(((const struct sockaddr_in *)sa)->sin_addr); + port = ntohs(((const struct sockaddr_in *)sa)->sin_port); + break; #ifdef HAVE_IPV6 - case AF_INET6: - if (salen < sizeof(struct sockaddr_in6)) - return EAI_FAMILY; - addr = &((struct sockaddr_in6 *)sa)->sin6_addr; - addrlen = sizeof(((struct sockaddr_in6 *)sa)->sin6_addr); - port = ntohs(((struct sockaddr_in6 *)sa)->sin6_port); - break; -#endif - default: + case AF_INET6: + if (salen < sizeof(struct sockaddr_in6)) return EAI_FAMILY; + addr = &((const struct sockaddr_in6 *)sa)->sin6_addr; + addrlen = sizeof(((const struct sockaddr_in6 *)sa)->sin6_addr); + port = ntohs(((const struct sockaddr_in6 *)sa)->sin6_port); + break; +#endif + default: + return EAI_FAMILY; } if (host != NULL) { diff --git a/source4/torture/rpc/fsrvp.c b/source4/torture/rpc/fsrvp.c index 4a55d28..d535f9b 100644 --- a/source4/torture/rpc/fsrvp.c +++ b/source4/torture/rpc/fsrvp.c @@ -30,17 +30,19 @@ * This test suite requires a snapshotable share named FSHARE (see #def below). */ #include "includes.h" -#include "librpc/gen_ndr/security.h" #include "lib/param/param.h" #include "libcli/smb2/smb2.h" #include "libcli/smb2/smb2_calls.h" #include "libcli/smb_composite/smb_composite.h" #include "libcli/resolve/resolve.h" #include "libcli/util/hresult.h" +#include "libcli/security/dom_sid.h" +#include "libcli/security/security_descriptor.h" #include "torture/torture.h" #include "torture/smb2/proto.h" #include "torture/rpc/torture_rpc.h" -#include "librpc/gen_ndr/ndr_fsrvp.h" +#include "librpc/gen_ndr/ndr_security.c" +#include "librpc/gen_ndr/ndr_srvsvc_c.h" #include "librpc/gen_ndr/ndr_fsrvp_c.h" #define FSHARE "fsrvp_share" @@ -130,9 +132,21 @@ static bool test_fsrvp_set_ctx(struct torture_context *tctx, return true; } +enum test_fsrvp_inject { + TEST_FSRVP_TOUT_NONE = 0, + TEST_FSRVP_TOUT_SET_CTX, + TEST_FSRVP_TOUT_START_SET, + TEST_FSRVP_TOUT_ADD_TO_SET, + TEST_FSRVP_TOUT_PREPARE, + TEST_FSRVP_TOUT_COMMIT, + + TEST_FSRVP_STOP_B4_EXPOSE, +}; + static bool test_fsrvp_sc_create(struct torture_context *tctx, struct dcerpc_pipe *p, const char *share, + enum test_fsrvp_inject inject, struct fssagent_share_mapping_1 **sc_map) { struct fss_IsPathSupported r_pathsupport_get; @@ -149,7 +163,8 @@ static bool test_fsrvp_sc_create(struct torture_context *tctx, NTSTATUS status; time_t start_time; TALLOC_CTX *tmp_ctx = talloc_new(tctx); - struct fssagent_share_mapping_1 *map; + struct fssagent_share_mapping_1 *map = NULL; + int sleep_time; /* * PrepareShadowCopySet & CommitShadowCopySet often exceed the default @@ -181,16 +196,37 @@ static bool test_fsrvp_sc_create(struct torture_context *tctx, torture_assert_int_equal(tctx, r_context_set.out.result, 0, "failed SetContext response"); + if (inject == TEST_FSRVP_TOUT_SET_CTX) { + sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss", + "sequence timeout", 180); + torture_comment(tctx, "sleeping for %d\n", sleep_time); + smb_msleep((sleep_time * 1000) + 500); + } + ZERO_STRUCT(r_scset_start); r_scset_start.in.ClientShadowCopySetId = GUID_random(); status = dcerpc_fss_StartShadowCopySet_r(b, tmp_ctx, &r_scset_start); torture_assert_ntstatus_ok(tctx, status, "StartShadowCopySet failed"); + if (inject == TEST_FSRVP_TOUT_SET_CTX) { + /* expect error due to message sequence timeout after set_ctx */ + torture_assert_int_equal(tctx, r_scset_start.out.result, + FSRVP_E_BAD_STATE, + "StartShadowCopySet timeout response"); + goto done; + } torture_assert_int_equal(tctx, r_scset_start.out.result, 0, "failed StartShadowCopySet response"); torture_comment(tctx, "%s: shadow-copy set created\n", GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId)); + if (inject == TEST_FSRVP_TOUT_START_SET) { + sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss", + "sequence timeout", 180); + torture_comment(tctx, "sleeping for %d\n", sleep_time); + smb_msleep((sleep_time * 1000) + 500); + } + ZERO_STRUCT(r_scset_add1); r_scset_add1.in.ClientShadowCopyId = GUID_random(); r_scset_add1.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId; @@ -198,6 +234,12 @@ static bool test_fsrvp_sc_create(struct torture_context *tctx, status = dcerpc_fss_AddToShadowCopySet_r(b, tmp_ctx, &r_scset_add1); torture_assert_ntstatus_ok(tctx, status, "AddToShadowCopySet failed"); + if (inject == TEST_FSRVP_TOUT_START_SET) { + torture_assert_int_equal(tctx, r_scset_add1.out.result, + HRES_ERROR_V(HRES_E_INVALIDARG), + "AddToShadowCopySet timeout response"); + goto done; + } torture_assert_int_equal(tctx, r_scset_add1.out.result, 0, "failed AddToShadowCopySet response"); torture_comment(tctx, "%s(%s): %s added to shadow-copy set\n", @@ -217,6 +259,13 @@ static bool test_fsrvp_sc_create(struct torture_context *tctx, FSRVP_E_OBJECT_ALREADY_EXISTS, "failed AddToShadowCopySet response"); + if (inject == TEST_FSRVP_TOUT_ADD_TO_SET) { + sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss", + "sequence timeout", 1800); + torture_comment(tctx, "sleeping for %d\n", sleep_time); + smb_msleep((sleep_time * 1000) + 500); + } + start_time = time_mono(NULL); ZERO_STRUCT(r_scset_prep); r_scset_prep.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId; @@ -225,12 +274,25 @@ static bool test_fsrvp_sc_create(struct torture_context *tctx, status = dcerpc_fss_PrepareShadowCopySet_r(b, tmp_ctx, &r_scset_prep); torture_assert_ntstatus_ok(tctx, status, "PrepareShadowCopySet failed"); + if (inject == TEST_FSRVP_TOUT_ADD_TO_SET) { + torture_assert_int_equal(tctx, r_scset_prep.out.result, + HRES_ERROR_V(HRES_E_INVALIDARG), + "PrepareShadowCopySet tout response"); + goto done; + } torture_assert_int_equal(tctx, r_scset_prep.out.result, 0, "failed PrepareShadowCopySet response"); torture_comment(tctx, "%s: prepare completed in %llu secs\n", GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId), (unsigned long long)(time_mono(NULL) - start_time)); + if (inject == TEST_FSRVP_TOUT_PREPARE) { + sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss", + "sequence timeout", 1800); + torture_comment(tctx, "sleeping for %d\n", sleep_time); + smb_msleep((sleep_time * 1000) + 500); + } + start_time = time_mono(NULL); ZERO_STRUCT(r_scset_commit); r_scset_commit.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId; @@ -238,12 +300,31 @@ static bool test_fsrvp_sc_create(struct torture_context *tctx, status = dcerpc_fss_CommitShadowCopySet_r(b, tmp_ctx, &r_scset_commit); torture_assert_ntstatus_ok(tctx, status, "CommitShadowCopySet failed"); + if (inject == TEST_FSRVP_TOUT_PREPARE) { + torture_assert_int_equal(tctx, r_scset_commit.out.result, + HRES_ERROR_V(HRES_E_INVALIDARG), + "CommitShadowCopySet tout response"); + goto done; + } torture_assert_int_equal(tctx, r_scset_commit.out.result, 0, "failed CommitShadowCopySet response"); torture_comment(tctx, "%s: commit completed in %llu secs\n", GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId), (unsigned long long)(time_mono(NULL) - start_time)); + if (inject == TEST_FSRVP_TOUT_COMMIT) { + sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss", + "sequence timeout", 180); + torture_comment(tctx, "sleeping for %d\n", sleep_time); + smb_msleep((sleep_time * 1000) + 500); + } else if (inject == TEST_FSRVP_STOP_B4_EXPOSE) { + /* return partial snapshot information */ + map = talloc_zero(tctx, struct fssagent_share_mapping_1); + map->ShadowCopySetId = *r_scset_start.out.pShadowCopySetId; + map->ShadowCopyId = *r_scset_add1.out.pShadowCopyId; + goto done; + } + start_time = time_mono(NULL); ZERO_STRUCT(r_scset_expose); r_scset_expose.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId; @@ -251,6 +332,12 @@ static bool test_fsrvp_sc_create(struct torture_context *tctx, status = dcerpc_fss_ExposeShadowCopySet_r(b, tmp_ctx, &r_scset_expose); torture_assert_ntstatus_ok(tctx, status, "ExposeShadowCopySet failed"); + if (inject == TEST_FSRVP_TOUT_COMMIT) { + torture_assert_int_equal(tctx, r_scset_expose.out.result, + HRES_ERROR_V(HRES_E_INVALIDARG), + "ExposeShadowCopySet tout response"); + goto done; + } torture_assert_int_equal(tctx, r_scset_expose.out.result, 0, "failed ExposeShadowCopySet response"); torture_comment(tctx, "%s: expose completed in %llu secs\n", @@ -289,6 +376,7 @@ static bool test_fsrvp_sc_create(struct torture_context *tctx, &map->ShadowCopyId), "sc GUID missmatch in GetShareMapping"); +done: talloc_free(tmp_ctx); *sc_map = map; @@ -323,7 +411,7 @@ static bool test_fsrvp_sc_create_simple(struct torture_context *tctx, char *share_unc = talloc_asprintf(tctx, "\\\\%s\\%s", dcerpc_server_name(p), FSHARE); - torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, &sc_map), + torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, TEST_FSRVP_TOUT_NONE, &sc_map), "sc create"); torture_assert(tctx, test_fsrvp_sc_delete(tctx, p, sc_map), "sc del"); @@ -405,7 +493,7 @@ static bool test_fsrvp_bad_id(struct torture_context *tctx, char *share_unc = talloc_asprintf(tmp_ctx, "\\\\%s\\%s\\", dcerpc_server_name(p), FSHARE); - torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, &sc_map), + torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, TEST_FSRVP_TOUT_NONE, &sc_map), "sc create"); ZERO_STRUCT(r_sharemap_del); @@ -477,7 +565,7 @@ static bool test_fsrvp_sc_share_io(struct torture_context *tctx, torture_assert_ntstatus_ok(tctx, status, "src write"); - torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, &sc_map), + torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, TEST_FSRVP_TOUT_NONE, &sc_map), "sc create"); status = smb2_util_write(tree_base, base_fh, "post-snap", 0, @@ -551,6 +639,16 @@ static bool test_fsrvp_enum_snaps(struct torture_context *tctx, *_count = IVAL(io.out.out.data, 0); + /* with max_response_size=16, no labels should be sent */ + torture_assert_int_equal(tctx, IVAL(io.out.out.data, 4), 0, + "enum snaps labels"); + + /* TODO with 0 snaps, needed_data_count should be 0? */ + if (*_count != 0) { + torture_assert(tctx, IVAL(io.out.out.data, 8) != 0, + "enum snaps needed non-zero"); + } + return true; } @@ -597,7 +695,7 @@ static bool test_fsrvp_enum_created(struct torture_context *tctx, "count"); torture_assert_int_equal(tctx, count, 0, "num snaps"); - torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, &sc_map), + torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, TEST_FSRVP_TOUT_NONE, &sc_map), "sc create"); talloc_free(sc_map); @@ -612,7 +710,7 @@ static bool test_fsrvp_enum_created(struct torture_context *tctx, torture_assert_int_equal(tctx, count, 1, "num snaps"); smb_msleep(1100); /* @GMT tokens have a 1 second resolution */ - torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, &sc_map), + torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, TEST_FSRVP_TOUT_NONE, &sc_map), "sc create"); talloc_free(sc_map); @@ -627,6 +725,217 @@ static bool test_fsrvp_enum_created(struct torture_context *tctx, return true; } +static bool test_fsrvp_seq_timeout(struct torture_context *tctx, + struct dcerpc_pipe *p) +{ + int i; + struct fssagent_share_mapping_1 *sc_map; + char *share_unc = talloc_asprintf(tctx, "\\\\%s\\%s", + dcerpc_server_name(p), FSHARE); + + for (i = TEST_FSRVP_TOUT_NONE; i <= TEST_FSRVP_TOUT_COMMIT; i++) { + torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, + i, &sc_map), + "sc create"); + + /* only need to delete if create process didn't timeout */ + if (i == TEST_FSRVP_TOUT_NONE) { + torture_assert(tctx, test_fsrvp_sc_delete(tctx, p, sc_map), + "sc del"); + } + } + + return true; +} + +static bool test_fsrvp_share_sd(struct torture_context *tctx, + struct dcerpc_pipe *p) +{ + NTSTATUS status; + struct dcerpc_pipe *srvsvc_p; + struct srvsvc_NetShareGetInfo q; + struct srvsvc_NetShareSetInfo s; + struct srvsvc_NetShareInfo502 *info502; + struct fssagent_share_mapping_1 *sc_map; + struct fss_ExposeShadowCopySet r_scset_expose; + struct fss_GetShareMapping r_sharemap_get; + struct security_descriptor *sd_old; + struct security_descriptor *sd_base; + struct security_descriptor *sd_snap; + struct security_ace *ace; + int i; + int aces_found; + char *share_unc = talloc_asprintf(tctx, "\\\\%s\\%s", + dcerpc_server_name(p), FSHARE); + ZERO_STRUCT(q); + q.in.server_unc = dcerpc_server_name(p); + q.in.share_name = FSHARE; + q.in.level = 502; + + status = torture_rpc_connection(tctx, &srvsvc_p, &ndr_table_srvsvc); + torture_assert_ntstatus_ok(tctx, status, "srvsvc rpc conn failed"); + + /* ensure srvsvc out pointers are allocated during unmarshalling */ + srvsvc_p->conn->flags |= DCERPC_NDR_REF_ALLOC; + + /* obtain the existing DACL for the base share */ + status = dcerpc_srvsvc_NetShareGetInfo_r(srvsvc_p->binding_handle, + tctx, &q); + torture_assert_ntstatus_ok(tctx, status, "NetShareGetInfo failed"); + torture_assert_werr_ok(tctx, q.out.result, "NetShareGetInfo failed"); + + info502 = q.out.info->info502; + + /* back up the existing share SD, so it can be restored on completion */ + sd_old = info502->sd_buf.sd; + sd_base = security_descriptor_copy(tctx, info502->sd_buf.sd); + torture_assert(tctx, sd_base != NULL, "sd dup"); + torture_assert(tctx, sd_base->dacl != NULL, "no existing share DACL"); + + /* the Builtin_X_Operators placeholder ACEs need to be unique */ + for (i = 0; i < sd_base->dacl->num_aces; i++) { + ace = &sd_base->dacl->aces[i]; + if (dom_sid_equal(&ace->trustee, + &global_sid_Builtin_Backup_Operators) + || dom_sid_equal(&ace->trustee, + &global_sid_Builtin_Print_Operators)) { + torture_skip(tctx, "placeholder ACE already exists\n"); + } + } + + /* add Backup_Operators placeholder ACE and set base share DACL */ + ace = talloc_zero(tctx, struct security_ace); + ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED; + ace->access_mask = SEC_STD_SYNCHRONIZE; + ace->trustee = global_sid_Builtin_Backup_Operators; + + status = security_descriptor_dacl_add(sd_base, ace); + torture_assert_ntstatus_ok(tctx, status, + "failed to add placeholder ACE to DACL"); + + info502->sd_buf.sd = sd_base; + info502->sd_buf.sd_size = ndr_size_security_descriptor(sd_base, 0); + + ZERO_STRUCT(s); + s.in.server_unc = dcerpc_server_name(p); + s.in.share_name = FSHARE; + s.in.level = 502; + s.in.info = q.out.info; + + status = dcerpc_srvsvc_NetShareSetInfo_r(srvsvc_p->binding_handle, + tctx, &s); + torture_assert_ntstatus_ok(tctx, status, "NetShareSetInfo failed"); + torture_assert_werr_ok(tctx, s.out.result, "NetShareSetInfo failed"); + + /* create a snapshot, but don't expose yet */ + torture_assert(tctx, + test_fsrvp_sc_create(tctx, p, share_unc, + TEST_FSRVP_STOP_B4_EXPOSE, &sc_map), + "sc create"); + + /* + * Add another unique placeholder ACE. + * By changing the share DACL between snapshot creation and exposure we + * can determine at which point the server clones the base share DACL. + */ + ace = talloc_zero(tctx, struct security_ace); + ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED; + ace->access_mask = SEC_STD_SYNCHRONIZE; + ace->trustee = global_sid_Builtin_Print_Operators; + + status = security_descriptor_dacl_add(sd_base, ace); + torture_assert_ntstatus_ok(tctx, status, + "failed to add placeholder ACE to DACL"); + + info502->sd_buf.sd = sd_base; + info502->sd_buf.sd_size = ndr_size_security_descriptor(sd_base, 0); + + ZERO_STRUCT(s); + s.in.server_unc = dcerpc_server_name(p); + s.in.share_name = FSHARE; + s.in.level = 502; + s.in.info = q.out.info; + + status = dcerpc_srvsvc_NetShareSetInfo_r(srvsvc_p->binding_handle, + tctx, &s); + torture_assert_ntstatus_ok(tctx, status, "NetShareSetInfo failed"); + torture_assert_werr_ok(tctx, s.out.result, "NetShareSetInfo failed"); + + /* expose the snapshot share and get the new share details */ + ZERO_STRUCT(r_scset_expose); + r_scset_expose.in.ShadowCopySetId = sc_map->ShadowCopySetId; + r_scset_expose.in.TimeOutInMilliseconds = (120 * 1000); /* win8 */ + status = dcerpc_fss_ExposeShadowCopySet_r(p->binding_handle, tctx, + &r_scset_expose); + torture_assert_ntstatus_ok(tctx, status, + "ExposeShadowCopySet failed"); + torture_assert_int_equal(tctx, r_scset_expose.out.result, 0, + "failed ExposeShadowCopySet response"); + + ZERO_STRUCT(r_sharemap_get); + r_sharemap_get.in.ShadowCopyId = sc_map->ShadowCopyId; + r_sharemap_get.in.ShadowCopySetId = sc_map->ShadowCopySetId; + r_sharemap_get.in.ShareName = share_unc; + r_sharemap_get.in.Level = 1; + status = dcerpc_fss_GetShareMapping_r(p->binding_handle, tctx, + &r_sharemap_get); + torture_assert_ntstatus_ok(tctx, status, "GetShareMapping failed"); + torture_assert_int_equal(tctx, r_sharemap_get.out.result, 0, + "failed GetShareMapping response"); + talloc_free(sc_map); + sc_map = r_sharemap_get.out.ShareMapping->ShareMapping1; + + /* restore the original base share ACL */ + info502->sd_buf.sd = sd_old; + info502->sd_buf.sd_size = ndr_size_security_descriptor(sd_old, 0); + status = dcerpc_srvsvc_NetShareSetInfo_r(srvsvc_p->binding_handle, + tctx, &s); + torture_assert_ntstatus_ok(tctx, status, "NetShareSetInfo failed"); + torture_assert_werr_ok(tctx, s.out.result, "NetShareSetInfo failed"); + + /* check for placeholder ACEs in the snapshot share DACL */ + ZERO_STRUCT(q); + q.in.server_unc = dcerpc_server_name(p); + q.in.share_name = sc_map->ShadowCopyShareName; + q.in.level = 502; + status = dcerpc_srvsvc_NetShareGetInfo_r(srvsvc_p->binding_handle, + tctx, &q); + torture_assert_ntstatus_ok(tctx, status, "NetShareGetInfo failed"); + torture_assert_werr_ok(tctx, q.out.result, "NetShareGetInfo failed"); + info502 = q.out.info->info502; + + sd_snap = info502->sd_buf.sd; + torture_assert(tctx, sd_snap != NULL, "sd"); + torture_assert(tctx, sd_snap->dacl != NULL, "no snap share DACL"); + + aces_found = 0; + for (i = 0; i < sd_snap->dacl->num_aces; i++) { + ace = &sd_snap->dacl->aces[i]; + if (dom_sid_equal(&ace->trustee, -- Samba Shared Repository