The branch, master has been updated
via f52158d torture: add FSRVP share snapshot ACL test
via b8b4d88 torture: add FSRVP message sequence timeout test
via 3d65bfe torture: add timeout sleeps to fsrvp create helper
via c9cac85 torture: validate FSCTL_SRV_ENUMERATE_SNAPSHOTS response
via 159d1dd nss_wrapper: Fix some "discarding const" warnings
via 9a936f9 nss_wrapper: Align indentation with the rest of Samba
from cef718c autobuild: fix ctdb build of samba-ctdb target after switch
to waf.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f52158d74039afd0af6fcf185349bf80e8c36511
Author: David Disseldorp <dd...@samba.org>
Date: Fri Jun 20 19:14:15 2014 +0200
torture: add FSRVP share snapshot ACL test
The new test_fsrvp_share_sd test sets a unique ACL on the base share,
and then confirms that snapshot shares carry the same ACL.
Signed-off-by: David Disseldorp <dd...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
Autobuild-User(master): Michael Adam <ob...@samba.org>
Autobuild-Date(master): Sat Jun 21 15:10:12 CEST 2014 on sn-devel-104
commit b8b4d88846cef595740ec8ad1d7586e539ed5258
Author: David Disseldorp <dd...@samba.org>
Date: Fri Jun 20 19:14:14 2014 +0200
torture: add FSRVP message sequence timeout test
Sleep at various points in the FSRVP snapshot creation state machine,
and confirm that the state timeout is reflected in subsequent server
responses.
Signed-off-by: David Disseldorp <dd...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
commit 3d65bfe0fa41878a98ae14bdbf0074bb01371ad9
Author: David Disseldorp <dd...@samba.org>
Date: Fri Jun 20 19:14:13 2014 +0200
torture: add timeout sleeps to fsrvp create helper
Attempt to trip message sequence timeouts at various points in the FSRVP
shadow-copy creation state machine.
The default timeout-injection sleep durations correspond to those
documented in MS-FSRVP (+500ms). They can also be manually set using the
"fss: sequence timeout" parameter.
Signed-off-by: David Disseldorp <dd...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
commit c9cac858d2c844f081510b147d7a79de6a6ec78e
Author: David Disseldorp <dd...@samba.org>
Date: Fri Jun 20 19:14:12 2014 +0200
torture: validate FSCTL_SRV_ENUMERATE_SNAPSHOTS response
Check the NumberOfSnapShotsReturned and SnapShotArraySize fields in the
FSCTL_SRV_ENUMERATE_SNAPSHOTS response match expected values.
This is a regression test for bso#10549.
Signed-off-by: David Disseldorp <dd...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
commit 159d1dde3a797360a47afa217c360a518034eb4e
Author: Volker Lendecke <v...@samba.org>
Date: Sat Jun 21 10:48:56 2014 +0200
nss_wrapper: Fix some "discarding const" warnings
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
commit 9a936f96983d39868c9e337bcdfae945ffcc3f72
Author: Volker Lendecke <v...@samba.org>
Date: Sat Jun 21 10:47:28 2014 +0200
nss_wrapper: Align indentation with the rest of Samba
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/nss_wrapper/nss_wrapper.c | 32 ++--
source4/torture/rpc/fsrvp.c | 329 ++++++++++++++++++++++++++++++++++++++++-
2 files changed, 337 insertions(+), 24 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/nss_wrapper/nss_wrapper.c b/lib/nss_wrapper/nss_wrapper.c
index 7c5a413..a012cbd 100644
--- a/lib/nss_wrapper/nss_wrapper.c
+++ b/lib/nss_wrapper/nss_wrapper.c
@@ -4046,24 +4046,24 @@ static int nwrap_getnameinfo(const struct sockaddr *sa,
socklen_t salen,
type = sa->sa_family;
switch (type) {
- case AF_INET:
- if (salen < sizeof(struct sockaddr_in))
- return EAI_FAMILY;
- addr = &((struct sockaddr_in *)sa)->sin_addr;
- addrlen = sizeof(((struct sockaddr_in *)sa)->sin_addr);
- port = ntohs(((struct sockaddr_in *)sa)->sin_port);
- break;
+ case AF_INET:
+ if (salen < sizeof(struct sockaddr_in))
+ return EAI_FAMILY;
+ addr = &((const struct sockaddr_in *)sa)->sin_addr;
+ addrlen = sizeof(((const struct sockaddr_in *)sa)->sin_addr);
+ port = ntohs(((const struct sockaddr_in *)sa)->sin_port);
+ break;
#ifdef HAVE_IPV6
- case AF_INET6:
- if (salen < sizeof(struct sockaddr_in6))
- return EAI_FAMILY;
- addr = &((struct sockaddr_in6 *)sa)->sin6_addr;
- addrlen = sizeof(((struct sockaddr_in6
*)sa)->sin6_addr);
- port = ntohs(((struct sockaddr_in6 *)sa)->sin6_port);
- break;
-#endif
- default:
+ case AF_INET6:
+ if (salen < sizeof(struct sockaddr_in6))
return EAI_FAMILY;
+ addr = &((const struct sockaddr_in6 *)sa)->sin6_addr;
+ addrlen = sizeof(((const struct sockaddr_in6 *)sa)->sin6_addr);
+ port = ntohs(((const struct sockaddr_in6 *)sa)->sin6_port);
+ break;
+#endif
+ default:
+ return EAI_FAMILY;
}
if (host != NULL) {
diff --git a/source4/torture/rpc/fsrvp.c b/source4/torture/rpc/fsrvp.c
index 4a55d28..d535f9b 100644
--- a/source4/torture/rpc/fsrvp.c
+++ b/source4/torture/rpc/fsrvp.c
@@ -30,17 +30,19 @@
* This test suite requires a snapshotable share named FSHARE (see #def below).
*/
#include "includes.h"
-#include "librpc/gen_ndr/security.h"
#include "lib/param/param.h"
#include "libcli/smb2/smb2.h"
#include "libcli/smb2/smb2_calls.h"
#include "libcli/smb_composite/smb_composite.h"
#include "libcli/resolve/resolve.h"
#include "libcli/util/hresult.h"
+#include "libcli/security/dom_sid.h"
+#include "libcli/security/security_descriptor.h"
#include "torture/torture.h"
#include "torture/smb2/proto.h"
#include "torture/rpc/torture_rpc.h"
-#include "librpc/gen_ndr/ndr_fsrvp.h"
+#include "librpc/gen_ndr/ndr_security.c"
+#include "librpc/gen_ndr/ndr_srvsvc_c.h"
#include "librpc/gen_ndr/ndr_fsrvp_c.h"
#define FSHARE "fsrvp_share"
@@ -130,9 +132,21 @@ static bool test_fsrvp_set_ctx(struct torture_context
*tctx,
return true;
}
+enum test_fsrvp_inject {
+ TEST_FSRVP_TOUT_NONE = 0,
+ TEST_FSRVP_TOUT_SET_CTX,
+ TEST_FSRVP_TOUT_START_SET,
+ TEST_FSRVP_TOUT_ADD_TO_SET,
+ TEST_FSRVP_TOUT_PREPARE,
+ TEST_FSRVP_TOUT_COMMIT,
+
+ TEST_FSRVP_STOP_B4_EXPOSE,
+};
+
static bool test_fsrvp_sc_create(struct torture_context *tctx,
struct dcerpc_pipe *p,
const char *share,
+ enum test_fsrvp_inject inject,
struct fssagent_share_mapping_1 **sc_map)
{
struct fss_IsPathSupported r_pathsupport_get;
@@ -149,7 +163,8 @@ static bool test_fsrvp_sc_create(struct torture_context
*tctx,
NTSTATUS status;
time_t start_time;
TALLOC_CTX *tmp_ctx = talloc_new(tctx);
- struct fssagent_share_mapping_1 *map;
+ struct fssagent_share_mapping_1 *map = NULL;
+ int sleep_time;
/*
* PrepareShadowCopySet & CommitShadowCopySet often exceed the default
@@ -181,16 +196,37 @@ static bool test_fsrvp_sc_create(struct torture_context
*tctx,
torture_assert_int_equal(tctx, r_context_set.out.result, 0,
"failed SetContext response");
+ if (inject == TEST_FSRVP_TOUT_SET_CTX) {
+ sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
+ "sequence timeout", 180);
+ torture_comment(tctx, "sleeping for %d\n", sleep_time);
+ smb_msleep((sleep_time * 1000) + 500);
+ }
+
ZERO_STRUCT(r_scset_start);
r_scset_start.in.ClientShadowCopySetId = GUID_random();
status = dcerpc_fss_StartShadowCopySet_r(b, tmp_ctx, &r_scset_start);
torture_assert_ntstatus_ok(tctx, status,
"StartShadowCopySet failed");
+ if (inject == TEST_FSRVP_TOUT_SET_CTX) {
+ /* expect error due to message sequence timeout after set_ctx */
+ torture_assert_int_equal(tctx, r_scset_start.out.result,
+ FSRVP_E_BAD_STATE,
+ "StartShadowCopySet timeout response");
+ goto done;
+ }
torture_assert_int_equal(tctx, r_scset_start.out.result, 0,
"failed StartShadowCopySet response");
torture_comment(tctx, "%s: shadow-copy set created\n",
GUID_string(tmp_ctx,
r_scset_start.out.pShadowCopySetId));
+ if (inject == TEST_FSRVP_TOUT_START_SET) {
+ sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
+ "sequence timeout", 180);
+ torture_comment(tctx, "sleeping for %d\n", sleep_time);
+ smb_msleep((sleep_time * 1000) + 500);
+ }
+
ZERO_STRUCT(r_scset_add1);
r_scset_add1.in.ClientShadowCopyId = GUID_random();
r_scset_add1.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
@@ -198,6 +234,12 @@ static bool test_fsrvp_sc_create(struct torture_context
*tctx,
status = dcerpc_fss_AddToShadowCopySet_r(b, tmp_ctx, &r_scset_add1);
torture_assert_ntstatus_ok(tctx, status,
"AddToShadowCopySet failed");
+ if (inject == TEST_FSRVP_TOUT_START_SET) {
+ torture_assert_int_equal(tctx, r_scset_add1.out.result,
+ HRES_ERROR_V(HRES_E_INVALIDARG),
+ "AddToShadowCopySet timeout response");
+ goto done;
+ }
torture_assert_int_equal(tctx, r_scset_add1.out.result, 0,
"failed AddToShadowCopySet response");
torture_comment(tctx, "%s(%s): %s added to shadow-copy set\n",
@@ -217,6 +259,13 @@ static bool test_fsrvp_sc_create(struct torture_context
*tctx,
FSRVP_E_OBJECT_ALREADY_EXISTS,
"failed AddToShadowCopySet response");
+ if (inject == TEST_FSRVP_TOUT_ADD_TO_SET) {
+ sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
+ "sequence timeout", 1800);
+ torture_comment(tctx, "sleeping for %d\n", sleep_time);
+ smb_msleep((sleep_time * 1000) + 500);
+ }
+
start_time = time_mono(NULL);
ZERO_STRUCT(r_scset_prep);
r_scset_prep.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
@@ -225,12 +274,25 @@ static bool test_fsrvp_sc_create(struct torture_context
*tctx,
status = dcerpc_fss_PrepareShadowCopySet_r(b, tmp_ctx, &r_scset_prep);
torture_assert_ntstatus_ok(tctx, status,
"PrepareShadowCopySet failed");
+ if (inject == TEST_FSRVP_TOUT_ADD_TO_SET) {
+ torture_assert_int_equal(tctx, r_scset_prep.out.result,
+ HRES_ERROR_V(HRES_E_INVALIDARG),
+ "PrepareShadowCopySet tout response");
+ goto done;
+ }
torture_assert_int_equal(tctx, r_scset_prep.out.result, 0,
"failed PrepareShadowCopySet response");
torture_comment(tctx, "%s: prepare completed in %llu secs\n",
GUID_string(tmp_ctx,
r_scset_start.out.pShadowCopySetId),
(unsigned long long)(time_mono(NULL) - start_time));
+ if (inject == TEST_FSRVP_TOUT_PREPARE) {
+ sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
+ "sequence timeout", 1800);
+ torture_comment(tctx, "sleeping for %d\n", sleep_time);
+ smb_msleep((sleep_time * 1000) + 500);
+ }
+
start_time = time_mono(NULL);
ZERO_STRUCT(r_scset_commit);
r_scset_commit.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
@@ -238,12 +300,31 @@ static bool test_fsrvp_sc_create(struct torture_context
*tctx,
status = dcerpc_fss_CommitShadowCopySet_r(b, tmp_ctx, &r_scset_commit);
torture_assert_ntstatus_ok(tctx, status,
"CommitShadowCopySet failed");
+ if (inject == TEST_FSRVP_TOUT_PREPARE) {
+ torture_assert_int_equal(tctx, r_scset_commit.out.result,
+ HRES_ERROR_V(HRES_E_INVALIDARG),
+ "CommitShadowCopySet tout response");
+ goto done;
+ }
torture_assert_int_equal(tctx, r_scset_commit.out.result, 0,
"failed CommitShadowCopySet response");
torture_comment(tctx, "%s: commit completed in %llu secs\n",
GUID_string(tmp_ctx,
r_scset_start.out.pShadowCopySetId),
(unsigned long long)(time_mono(NULL) - start_time));
+ if (inject == TEST_FSRVP_TOUT_COMMIT) {
+ sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
+ "sequence timeout", 180);
+ torture_comment(tctx, "sleeping for %d\n", sleep_time);
+ smb_msleep((sleep_time * 1000) + 500);
+ } else if (inject == TEST_FSRVP_STOP_B4_EXPOSE) {
+ /* return partial snapshot information */
+ map = talloc_zero(tctx, struct fssagent_share_mapping_1);
+ map->ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
+ map->ShadowCopyId = *r_scset_add1.out.pShadowCopyId;
+ goto done;
+ }
+
start_time = time_mono(NULL);
ZERO_STRUCT(r_scset_expose);
r_scset_expose.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
@@ -251,6 +332,12 @@ static bool test_fsrvp_sc_create(struct torture_context
*tctx,
status = dcerpc_fss_ExposeShadowCopySet_r(b, tmp_ctx, &r_scset_expose);
torture_assert_ntstatus_ok(tctx, status,
"ExposeShadowCopySet failed");
+ if (inject == TEST_FSRVP_TOUT_COMMIT) {
+ torture_assert_int_equal(tctx, r_scset_expose.out.result,
+ HRES_ERROR_V(HRES_E_INVALIDARG),
+ "ExposeShadowCopySet tout response");
+ goto done;
+ }
torture_assert_int_equal(tctx, r_scset_expose.out.result, 0,
"failed ExposeShadowCopySet response");
torture_comment(tctx, "%s: expose completed in %llu secs\n",
@@ -289,6 +376,7 @@ static bool test_fsrvp_sc_create(struct torture_context
*tctx,
&map->ShadowCopyId),
"sc GUID missmatch in GetShareMapping");
+done:
talloc_free(tmp_ctx);
*sc_map = map;
@@ -323,7 +411,7 @@ static bool test_fsrvp_sc_create_simple(struct
torture_context *tctx,
char *share_unc = talloc_asprintf(tctx, "\\\\%s\\%s",
dcerpc_server_name(p), FSHARE);
- torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, &sc_map),
+ torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc,
TEST_FSRVP_TOUT_NONE, &sc_map),
"sc create");
torture_assert(tctx, test_fsrvp_sc_delete(tctx, p, sc_map), "sc del");
@@ -405,7 +493,7 @@ static bool test_fsrvp_bad_id(struct torture_context *tctx,
char *share_unc = talloc_asprintf(tmp_ctx, "\\\\%s\\%s\\",
dcerpc_server_name(p), FSHARE);
- torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, &sc_map),
+ torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc,
TEST_FSRVP_TOUT_NONE, &sc_map),
"sc create");
ZERO_STRUCT(r_sharemap_del);
@@ -477,7 +565,7 @@ static bool test_fsrvp_sc_share_io(struct torture_context
*tctx,
torture_assert_ntstatus_ok(tctx, status, "src write");
- torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, &sc_map),
+ torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc,
TEST_FSRVP_TOUT_NONE, &sc_map),
"sc create");
status = smb2_util_write(tree_base, base_fh, "post-snap", 0,
@@ -551,6 +639,16 @@ static bool test_fsrvp_enum_snaps(struct torture_context
*tctx,
*_count = IVAL(io.out.out.data, 0);
+ /* with max_response_size=16, no labels should be sent */
+ torture_assert_int_equal(tctx, IVAL(io.out.out.data, 4), 0,
+ "enum snaps labels");
+
+ /* TODO with 0 snaps, needed_data_count should be 0? */
+ if (*_count != 0) {
+ torture_assert(tctx, IVAL(io.out.out.data, 8) != 0,
+ "enum snaps needed non-zero");
+ }
+
return true;
}
@@ -597,7 +695,7 @@ static bool test_fsrvp_enum_created(struct torture_context
*tctx,
"count");
torture_assert_int_equal(tctx, count, 0, "num snaps");
- torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, &sc_map),
+ torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc,
TEST_FSRVP_TOUT_NONE, &sc_map),
"sc create");
talloc_free(sc_map);
@@ -612,7 +710,7 @@ static bool test_fsrvp_enum_created(struct torture_context
*tctx,
torture_assert_int_equal(tctx, count, 1, "num snaps");
smb_msleep(1100); /* @GMT tokens have a 1 second resolution */
- torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, &sc_map),
+ torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc,
TEST_FSRVP_TOUT_NONE, &sc_map),
"sc create");
talloc_free(sc_map);
@@ -627,6 +725,217 @@ static bool test_fsrvp_enum_created(struct
torture_context *tctx,
return true;
}
+static bool test_fsrvp_seq_timeout(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
+{
+ int i;
+ struct fssagent_share_mapping_1 *sc_map;
+ char *share_unc = talloc_asprintf(tctx, "\\\\%s\\%s",
+ dcerpc_server_name(p), FSHARE);
+
+ for (i = TEST_FSRVP_TOUT_NONE; i <= TEST_FSRVP_TOUT_COMMIT; i++) {
+ torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc,
+ i, &sc_map),
+ "sc create");
+
+ /* only need to delete if create process didn't timeout */
+ if (i == TEST_FSRVP_TOUT_NONE) {
+ torture_assert(tctx, test_fsrvp_sc_delete(tctx, p,
sc_map),
+ "sc del");
+ }
+ }
+
+ return true;
+}
+
+static bool test_fsrvp_share_sd(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
+{
+ NTSTATUS status;
+ struct dcerpc_pipe *srvsvc_p;
+ struct srvsvc_NetShareGetInfo q;
+ struct srvsvc_NetShareSetInfo s;
+ struct srvsvc_NetShareInfo502 *info502;
+ struct fssagent_share_mapping_1 *sc_map;
+ struct fss_ExposeShadowCopySet r_scset_expose;
+ struct fss_GetShareMapping r_sharemap_get;
+ struct security_descriptor *sd_old;
+ struct security_descriptor *sd_base;
+ struct security_descriptor *sd_snap;
+ struct security_ace *ace;
+ int i;
+ int aces_found;
+ char *share_unc = talloc_asprintf(tctx, "\\\\%s\\%s",
+ dcerpc_server_name(p), FSHARE);
+ ZERO_STRUCT(q);
+ q.in.server_unc = dcerpc_server_name(p);
+ q.in.share_name = FSHARE;
+ q.in.level = 502;
+
+ status = torture_rpc_connection(tctx, &srvsvc_p, &ndr_table_srvsvc);
+ torture_assert_ntstatus_ok(tctx, status, "srvsvc rpc conn failed");
+
+ /* ensure srvsvc out pointers are allocated during unmarshalling */
+ srvsvc_p->conn->flags |= DCERPC_NDR_REF_ALLOC;
+
+ /* obtain the existing DACL for the base share */
+ status = dcerpc_srvsvc_NetShareGetInfo_r(srvsvc_p->binding_handle,
+ tctx, &q);
+ torture_assert_ntstatus_ok(tctx, status, "NetShareGetInfo failed");
+ torture_assert_werr_ok(tctx, q.out.result, "NetShareGetInfo failed");
+
+ info502 = q.out.info->info502;
+
+ /* back up the existing share SD, so it can be restored on completion */
+ sd_old = info502->sd_buf.sd;
+ sd_base = security_descriptor_copy(tctx, info502->sd_buf.sd);
+ torture_assert(tctx, sd_base != NULL, "sd dup");
+ torture_assert(tctx, sd_base->dacl != NULL, "no existing share DACL");
+
+ /* the Builtin_X_Operators placeholder ACEs need to be unique */
+ for (i = 0; i < sd_base->dacl->num_aces; i++) {
+ ace = &sd_base->dacl->aces[i];
+ if (dom_sid_equal(&ace->trustee,
+ &global_sid_Builtin_Backup_Operators)
+ || dom_sid_equal(&ace->trustee,
+ &global_sid_Builtin_Print_Operators)) {
+ torture_skip(tctx, "placeholder ACE already exists\n");
+ }
+ }
+
+ /* add Backup_Operators placeholder ACE and set base share DACL */
+ ace = talloc_zero(tctx, struct security_ace);
+ ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+ ace->access_mask = SEC_STD_SYNCHRONIZE;
+ ace->trustee = global_sid_Builtin_Backup_Operators;
+
+ status = security_descriptor_dacl_add(sd_base, ace);
+ torture_assert_ntstatus_ok(tctx, status,
+ "failed to add placeholder ACE to DACL");
+
+ info502->sd_buf.sd = sd_base;
+ info502->sd_buf.sd_size = ndr_size_security_descriptor(sd_base, 0);
+
+ ZERO_STRUCT(s);
+ s.in.server_unc = dcerpc_server_name(p);
+ s.in.share_name = FSHARE;
+ s.in.level = 502;
+ s.in.info = q.out.info;
+
+ status = dcerpc_srvsvc_NetShareSetInfo_r(srvsvc_p->binding_handle,
+ tctx, &s);
+ torture_assert_ntstatus_ok(tctx, status, "NetShareSetInfo failed");
+ torture_assert_werr_ok(tctx, s.out.result, "NetShareSetInfo failed");
+
+ /* create a snapshot, but don't expose yet */
+ torture_assert(tctx,
+ test_fsrvp_sc_create(tctx, p, share_unc,
+ TEST_FSRVP_STOP_B4_EXPOSE, &sc_map),
+ "sc create");
+
+ /*
+ * Add another unique placeholder ACE.
+ * By changing the share DACL between snapshot creation and exposure we
+ * can determine at which point the server clones the base share DACL.
+ */
+ ace = talloc_zero(tctx, struct security_ace);
+ ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+ ace->access_mask = SEC_STD_SYNCHRONIZE;
+ ace->trustee = global_sid_Builtin_Print_Operators;
+
+ status = security_descriptor_dacl_add(sd_base, ace);
+ torture_assert_ntstatus_ok(tctx, status,
+ "failed to add placeholder ACE to DACL");
+
+ info502->sd_buf.sd = sd_base;
+ info502->sd_buf.sd_size = ndr_size_security_descriptor(sd_base, 0);
+
+ ZERO_STRUCT(s);
+ s.in.server_unc = dcerpc_server_name(p);
+ s.in.share_name = FSHARE;
+ s.in.level = 502;
+ s.in.info = q.out.info;
+
+ status = dcerpc_srvsvc_NetShareSetInfo_r(srvsvc_p->binding_handle,
+ tctx, &s);
+ torture_assert_ntstatus_ok(tctx, status, "NetShareSetInfo failed");
+ torture_assert_werr_ok(tctx, s.out.result, "NetShareSetInfo failed");
+
+ /* expose the snapshot share and get the new share details */
+ ZERO_STRUCT(r_scset_expose);
+ r_scset_expose.in.ShadowCopySetId = sc_map->ShadowCopySetId;
+ r_scset_expose.in.TimeOutInMilliseconds = (120 * 1000); /* win8 */
+ status = dcerpc_fss_ExposeShadowCopySet_r(p->binding_handle, tctx,
+ &r_scset_expose);
+ torture_assert_ntstatus_ok(tctx, status,
+ "ExposeShadowCopySet failed");
+ torture_assert_int_equal(tctx, r_scset_expose.out.result, 0,
+ "failed ExposeShadowCopySet response");
+
+ ZERO_STRUCT(r_sharemap_get);
+ r_sharemap_get.in.ShadowCopyId = sc_map->ShadowCopyId;
+ r_sharemap_get.in.ShadowCopySetId = sc_map->ShadowCopySetId;
+ r_sharemap_get.in.ShareName = share_unc;
+ r_sharemap_get.in.Level = 1;
+ status = dcerpc_fss_GetShareMapping_r(p->binding_handle, tctx,
+ &r_sharemap_get);
+ torture_assert_ntstatus_ok(tctx, status, "GetShareMapping failed");
+ torture_assert_int_equal(tctx, r_sharemap_get.out.result, 0,
+ "failed GetShareMapping response");
+ talloc_free(sc_map);
+ sc_map = r_sharemap_get.out.ShareMapping->ShareMapping1;
+
+ /* restore the original base share ACL */
+ info502->sd_buf.sd = sd_old;
+ info502->sd_buf.sd_size = ndr_size_security_descriptor(sd_old, 0);
+ status = dcerpc_srvsvc_NetShareSetInfo_r(srvsvc_p->binding_handle,
+ tctx, &s);
+ torture_assert_ntstatus_ok(tctx, status, "NetShareSetInfo failed");
+ torture_assert_werr_ok(tctx, s.out.result, "NetShareSetInfo failed");
+
+ /* check for placeholder ACEs in the snapshot share DACL */
+ ZERO_STRUCT(q);
+ q.in.server_unc = dcerpc_server_name(p);
+ q.in.share_name = sc_map->ShadowCopyShareName;
+ q.in.level = 502;
+ status = dcerpc_srvsvc_NetShareGetInfo_r(srvsvc_p->binding_handle,
+ tctx, &q);
+ torture_assert_ntstatus_ok(tctx, status, "NetShareGetInfo failed");
+ torture_assert_werr_ok(tctx, q.out.result, "NetShareGetInfo failed");
+ info502 = q.out.info->info502;
+
+ sd_snap = info502->sd_buf.sd;
+ torture_assert(tctx, sd_snap != NULL, "sd");
+ torture_assert(tctx, sd_snap->dacl != NULL, "no snap share DACL");
+
+ aces_found = 0;
+ for (i = 0; i < sd_snap->dacl->num_aces; i++) {
+ ace = &sd_snap->dacl->aces[i];
+ if (dom_sid_equal(&ace->trustee,
--
Samba Shared Repository
