1/* 2 Unix SMB/Netbios implementation. 3 Version 1.9. 4 Security context tests 5 Copyright (C) Tim Potter 2000 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License as published by 9 the Free Software Foundation; either version 2 of the License, or 10 (at your option) any later version. 11 12 This program is distributed in the hope that it will be useful, 13 but WITHOUT ANY WARRANTY; without even the implied warranty of 14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 GNU General Public License for more details. 16 17 You should have received a copy of the GNU General Public License 18 along with this program; if not, write to the Free Software 19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 20*/ 21 22#include "includes.h" 23#include "se_access_check_utils.h" 24 25/* Globals */ 26 27BOOL failed; 28SEC_DESC *sd; 29 30struct ace_entry acl_denyall[] = { 31 { SEC_ACE_TYPE_ACCESS_DENIED, SEC_ACE_FLAG_CONTAINER_INHERIT, 32 GENERIC_ALL_ACCESS, "S-1-1-0" }, 33 { 0, 0, 0, NULL} 34}; 35 36/* Check that access is always allowed for a NULL security descriptor */ 37 38BOOL denyall_check(struct passwd *pw, int ngroups, gid_t *groups) 39{ 40 uint32 acc_granted, status; 41 BOOL result; 42 43 result = se_access_check(sd, pw->pw_uid, pw->pw_gid, 44 ngroups, groups, 45 SEC_RIGHTS_MAXIMUM_ALLOWED, 46 &acc_granted, &status); 47 48 if (result || acc_granted != 0) { 49 printf("FAIL: denyall se_access_check %d/%d\n", 50 pw->pw_uid, pw->pw_gid); 51 failed = True; 52 } 53 54 return True; 55} 56 57/* Main function */ 58 59int main(int argc, char **argv) 60{ 61 /* Initialisation */ 62 63 generate_wellknown_sids(); 64 65 /* Create security descriptor */ 66 67 sd = build_sec_desc(acl_denyall, NULL, NULL_SID, NULL_SID); 68 69 if (!sd) { 70 printf("FAIL: could not build security descriptor\n"); 71 return 1; 72 } 73 74 /* Run test */ 75 76 visit_pwdb(denyall_check); 77 78 /* Return */ 79 80 if (!failed) { 81 printf("PASS\n"); 82 return 0; 83 } 84 85 return 1; 86} 87