se_access_check_empty.c [plain text]
#include "includes.h"
#include "se_access_check_utils.h"
BOOL failed;
SEC_DESC *sd;
struct ace_entry acl_empty[] = {
{ 0, 0, 0, NULL}
};
BOOL emptysd_check(struct passwd *pw, int ngroups, gid_t *groups)
{
uint32 acc_granted, status;
BOOL result;
result = se_access_check(sd, pw->pw_uid, pw->pw_gid,
ngroups, groups,
SEC_RIGHTS_MAXIMUM_ALLOWED,
&acc_granted, &status);
if (!result || !(acc_granted == SEC_RIGHTS_MAXIMUM_ALLOWED)) {
printf("FAIL: no dacl for %s (%d/%d)\n", pw->pw_name,
pw->pw_uid, pw->pw_gid);
failed = True;
}
result = se_access_check(sd, pw->pw_uid, pw->pw_gid,
ngroups, groups, 0x1234,
&acc_granted, &status);
if (!result || !(acc_granted == 0x1234)) {
printf("FAIL: no dacl2 for %s (%d/%d)\n", pw->pw_name,
pw->pw_uid, pw->pw_gid);
failed = True;
}
result = se_access_check(sd, pw->pw_uid, pw->pw_gid,
ngroups, groups, 0,
&acc_granted, &status);
if (result) {
printf("FAIL: zero desired access for %s (%d/%d)\n",
pw->pw_name, pw->pw_uid, pw->pw_gid);
failed = True;
}
return True;
}
int main(int argc, char **argv)
{
generate_wellknown_sids();
sd = build_sec_desc(acl_empty, NULL, NULL_SID, NULL_SID);
if (!sd) {
printf("FAIL: could not build security descriptor\n");
return 1;
}
visit_pwdb(emptysd_check);
if (!failed) {
printf("PASS\n");
return 0;
}
return 1;
}