mirror of
https://codeberg.org/icewind/SMB.git
synced 2026-06-03 17:24:07 +02:00
add basic testing for acl parsing
This commit is contained in:
parent
0d9341c527
commit
91d173cc55
3 changed files with 113 additions and 52 deletions
|
|
@ -7,6 +7,7 @@
|
|||
|
||||
namespace Icewind\SMB\Wrapped;
|
||||
|
||||
use Icewind\SMB\ACL;
|
||||
use Icewind\SMB\Exception\AccessDeniedException;
|
||||
use Icewind\SMB\Exception\AlreadyExistsException;
|
||||
use Icewind\SMB\Exception\AuthenticationException;
|
||||
|
|
@ -188,4 +189,67 @@ class Parser {
|
|||
}
|
||||
return $shareNames;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string[] $rawAcls
|
||||
* @return ACL[]
|
||||
*/
|
||||
public function parseACLs(array $rawAcls): array {
|
||||
$acls = [];
|
||||
foreach ($rawAcls as $acl) {
|
||||
if (strpos($acl, ':') === false) {
|
||||
continue;
|
||||
}
|
||||
[$type, $acl] = explode(':', $acl, 2);
|
||||
if ($type !== 'ACL') {
|
||||
continue;
|
||||
}
|
||||
[$user, $permissions] = explode(':', $acl, 2);
|
||||
[$type, $flags, $mask] = explode('/', $permissions);
|
||||
|
||||
$type = $type === 'ALLOWED' ? ACL::TYPE_ALLOW : ACL::TYPE_DENY;
|
||||
|
||||
$flagsInt = 0;
|
||||
foreach (explode('|', $flags) as $flagString) {
|
||||
if ($flagString === 'OI') {
|
||||
$flagsInt += ACL::FLAG_OBJECT_INHERIT;
|
||||
} elseif ($flagString === 'CI') {
|
||||
$flagsInt += ACL::FLAG_CONTAINER_INHERIT;
|
||||
}
|
||||
}
|
||||
|
||||
if (substr($mask, 0, 2) === '0x') {
|
||||
$maskInt = hexdec($mask);
|
||||
} else {
|
||||
$maskInt = 0;
|
||||
foreach (explode('|', $mask) as $maskString) {
|
||||
if ($maskString === 'R') {
|
||||
$maskInt += ACL::MASK_READ;
|
||||
} elseif ($maskString === 'W') {
|
||||
$maskInt += ACL::MASK_WRITE;
|
||||
} elseif ($maskString === 'X') {
|
||||
$maskInt += ACL::MASK_EXECUTE;
|
||||
} elseif ($maskString === 'D') {
|
||||
$maskInt += ACL::MASK_DELETE;
|
||||
} elseif ($maskString === 'READ') {
|
||||
$maskInt += ACL::MASK_READ + ACL::MASK_EXECUTE;
|
||||
} elseif ($maskString === 'CHANGE') {
|
||||
$maskInt += ACL::MASK_READ + ACL::MASK_EXECUTE + ACL::MASK_WRITE + ACL::MASK_DELETE;
|
||||
} elseif ($maskString === 'FULL') {
|
||||
$maskInt += ACL::MASK_READ + ACL::MASK_EXECUTE + ACL::MASK_WRITE + ACL::MASK_DELETE;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($acls[$user])) {
|
||||
$existing = $acls[$user];
|
||||
$maskInt += $existing->getMask();
|
||||
}
|
||||
$acls[$user] = new ACL($type, $flagsInt, $maskInt);
|
||||
}
|
||||
|
||||
ksort($acls);
|
||||
|
||||
return $acls;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -502,58 +502,7 @@ class Share extends AbstractShare {
|
|||
}
|
||||
|
||||
$rawAcls = $connection->readAll();
|
||||
|
||||
$acls = [];
|
||||
foreach ($rawAcls as $acl) {
|
||||
[$type, $acl] = explode(':', $acl, 2);
|
||||
if ($type !== 'ACL') {
|
||||
continue;
|
||||
}
|
||||
[$user, $permissions] = explode(':', $acl, 2);
|
||||
[$type, $flags, $mask] = explode('/', $permissions);
|
||||
|
||||
$type = $type === 'ALLOWED' ? ACL::TYPE_ALLOW : ACL::TYPE_DENY;
|
||||
|
||||
$flagsInt = 0;
|
||||
foreach (explode('|', $flags) as $flagString) {
|
||||
if ($flagString === 'OI') {
|
||||
$flagsInt += ACL::FLAG_OBJECT_INHERIT;
|
||||
} elseif ($flagString === 'CI') {
|
||||
$flagsInt += ACL::FLAG_CONTAINER_INHERIT;
|
||||
}
|
||||
}
|
||||
|
||||
if (substr($mask, 0, 2) === '0x') {
|
||||
$maskInt = hexdec($mask);
|
||||
} else {
|
||||
$maskInt = 0;
|
||||
foreach (explode('|', $mask) as $maskString) {
|
||||
if ($maskString === 'R') {
|
||||
$maskInt += ACL::MASK_READ;
|
||||
} elseif ($maskString === 'W') {
|
||||
$maskInt += ACL::MASK_WRITE;
|
||||
} elseif ($maskString === 'X') {
|
||||
$maskInt += ACL::MASK_EXECUTE;
|
||||
} elseif ($maskString === 'D') {
|
||||
$maskInt += ACL::MASK_DELETE;
|
||||
} elseif ($maskString === 'READ') {
|
||||
$maskInt += ACL::MASK_READ + ACL::MASK_EXECUTE;
|
||||
} elseif ($maskString === 'CHANGE') {
|
||||
$maskInt += ACL::MASK_READ + ACL::MASK_EXECUTE + ACL::MASK_WRITE + ACL::MASK_DELETE;
|
||||
} elseif ($maskString === 'FULL') {
|
||||
$maskInt += ACL::MASK_READ + ACL::MASK_EXECUTE + ACL::MASK_WRITE + ACL::MASK_DELETE;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($acls[$user])) {
|
||||
$existing = $acls[$user];
|
||||
$maskInt += $existing->getMask();
|
||||
}
|
||||
$acls[$user] = new ACL($type, $flagsInt, $maskInt);
|
||||
}
|
||||
|
||||
return $acls;
|
||||
return $this->parser->parseACLs($rawAcls);
|
||||
}
|
||||
|
||||
public function getServer(): IServer {
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@
|
|||
|
||||
namespace Icewind\SMB\Test;
|
||||
|
||||
use Icewind\SMB\ACL;
|
||||
use Icewind\SMB\IFileInfo;
|
||||
use Icewind\SMB\Wrapped\FileInfo;
|
||||
|
||||
|
|
@ -128,4 +129,51 @@ class ParserTest extends \PHPUnit\Framework\TestCase {
|
|||
return [];
|
||||
}));
|
||||
}
|
||||
|
||||
public function testParseACL() {
|
||||
$parser = new \Icewind\SMB\Wrapped\Parser('CEST');
|
||||
$raw = [
|
||||
"lp_load_ex: refreshing parameters",
|
||||
"Initialising global parameters",
|
||||
"Processing section \"[global]\"",
|
||||
"added interface docker0 ip=172.17.0.1 bcast=172.17.255.255 netmask=255.255.0.0",
|
||||
"added interface br-d8e07730e261 ip=172.18.0.1 bcast=172.18.255.255 netmask=255.255.0.0",
|
||||
"Connecting to 192.168.10.187 at port 445",
|
||||
"GENSEC backend 'gssapi_spnego' registered",
|
||||
"GENSEC backend 'gssapi_krb5' registered",
|
||||
"GENSEC backend 'gssapi_krb5_sasl' registered",
|
||||
"GENSEC backend 'spnego' registered",
|
||||
"GENSEC backend 'schannel' registered",
|
||||
"GENSEC backend 'naclrpc_as_system' registered",
|
||||
"Cannot do GSE to an IP address",
|
||||
"Got challenge flags:",
|
||||
"Got NTLMSSP neg_flags=0x628",
|
||||
"NTLMSSP: Set final flags:",
|
||||
"Got NTLMSSP neg_flags=0x620",
|
||||
"NTLMSSP Sign/Seal - Initialising with flags:",
|
||||
"Got NTLMSSP neg_flags=0x620",
|
||||
"NTLMSSP Sign/Seal - Initialising with flags:",
|
||||
"Got NTLMSSP neg_flags=0x620",
|
||||
"REVISION:1",
|
||||
"CONTROL:SR|PD|DI|DP",
|
||||
"OWNER:DESKTOP-MLM38Q5\robin",
|
||||
"GROUP:DESKTOP-MLM38Q5\None",
|
||||
"ACL:Everyone:ALLOWED/OI|CI/R",
|
||||
"ACL:NT AUTHORITY\SYSTEM:ALLOWED/OI|CI/FULL",
|
||||
"ACL:DESKTOP\\robin:ALLOWED/OI|CI/FULL",
|
||||
"ACL:DESKTOP\\test:ALLOWED/OI|CI/R",
|
||||
"ACL:BUILTIN\Administrators:ALLOWED/OI|CI/FULL",
|
||||
"Maximum access: 0x120089"
|
||||
];
|
||||
|
||||
$expected = [
|
||||
"BUILTIN\Administrators" => new ACL(ACL::TYPE_ALLOW, ACL::FLAG_CONTAINER_INHERIT + ACL::FLAG_OBJECT_INHERIT, ACL::MASK_DELETE + ACL::MASK_EXECUTE + ACL::MASK_WRITE + ACL::MASK_READ),
|
||||
"Everyone" => new ACL(ACL::TYPE_ALLOW, ACL::FLAG_CONTAINER_INHERIT + ACL::FLAG_OBJECT_INHERIT, ACL::MASK_READ),
|
||||
"NT AUTHORITY\SYSTEM" => new ACL(ACL::TYPE_ALLOW, ACL::FLAG_CONTAINER_INHERIT + ACL::FLAG_OBJECT_INHERIT, ACL::MASK_DELETE + ACL::MASK_EXECUTE + ACL::MASK_WRITE + ACL::MASK_READ),
|
||||
"DESKTOP\\test" => new ACL(ACL::TYPE_ALLOW, ACL::FLAG_CONTAINER_INHERIT + ACL::FLAG_OBJECT_INHERIT, ACL::MASK_READ),
|
||||
"DESKTOP\\robin" => new ACL(ACL::TYPE_ALLOW, ACL::FLAG_CONTAINER_INHERIT + ACL::FLAG_OBJECT_INHERIT, ACL::MASK_DELETE + ACL::MASK_EXECUTE + ACL::MASK_WRITE + ACL::MASK_READ),
|
||||
];
|
||||
$result = $parser->parseACLs($raw);
|
||||
$this->assertEquals($expected, $result);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue