sacl-access-checking.sh [plain text]
#! /bin/bash
SCRIPTBASE=${SCRIPTBASE:-$(cd $(dirname $0)/.. && pwd )}
. $SCRIPTBASE/common.sh || exit 2
. $SCRIPTBASE/directory-services.sh || exit 2
TESTUSER=${TESTUSER:-smbtest}
TESTPASSWD=${TESTPASSWD:-smbtest}
DEBUGLEVEL=${DEBUGLEVEL:-1}
ASROOT=${ASROOT:-sudo}
SERVER=localhost
failed=0
failtest()
{
echo "*** TEST FAILED ***"
failed=`expr $failed + 1`
}
cleanup()
{
ds_delete_user smballow > /dev/null 2>&1
ds_delete_user smbdeny > /dev/null 2>&1
ds_delete_group com.apple.access_smb
exit
}
if [ -z "$NOCLEANUP" ]; then
register_cleanup_handler cleanup
fi
ds_delete_user smballow> /dev/null 2>&1
ds_delete_user smbdeny> /dev/null 2>&1
ds_delete_group com.apple.access_smb > /dev/null 2>&1
ds_create_user smballow smballow || \
testerr $0 "failed to add user smballow"
ds_create_user smbdeny smbdeny || \
testerr $0 "failed to add user smbdeny"
ds_create_user smbdeny smbdeny || \
testerr $0 "failed to add user smbdeny"
poke()
{
local user="$1"
/usr/bin/smbclient -d$DEBUGLEVEL -U$user%$user \
-N -L localhost > /dev/null
}
echo SACL is not active, we should succeed
poke smbdeny || failtest
ds_create_group com.apple.access_smb
echo SACL is active, but we are not added, we should fail
poke smbdeny && failtest
ds_add_user_to_group smballow $(ds_lookup_group_gid com.apple.access_smb)
echo SACL is active, and we are added, we should succeeed
poke smballow || failtest
testok $0 $failed