diff options
author | Andrew Bartlett <abartlet@samba.org> | 2012-10-25 19:58:15 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2012-10-25 20:24:36 +1100 |
commit | 53244c915113cef87692756e9ad545ff75074df0 (patch) | |
tree | bf823e08aa1da7abd0e9ce064ef2b76ef7ef8e89 | |
parent | e9b6b23fbdafff700ceb788dbff2ba69584ff833 (diff) | |
download | samba-53244c915113cef87692756e9ad545ff75074df0.tar.gz samba-53244c915113cef87692756e9ad545ff75074df0.tar.bz2 samba-53244c915113cef87692756e9ad545ff75074df0.zip |
selftest: Cover one more NT ACL invalidation case and improve comments
This tries to show the difference between the cases where we trap
the POSIX ACL change and where we actually detect an OS-level change.
Andrew Bartlett
-rw-r--r-- | source4/scripting/python/samba/tests/posixacl.py | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/source4/scripting/python/samba/tests/posixacl.py b/source4/scripting/python/samba/tests/posixacl.py index 449a87c128..a575138570 100644 --- a/source4/scripting/python/samba/tests/posixacl.py +++ b/source4/scripting/python/samba/tests/posixacl.py @@ -82,7 +82,7 @@ class PosixAclMappingTests(TestCase): pass os.unlink(tempf) - def test_setntacl_smbd_chmod_getntacl(self): + def test_setntacl_invalidate_getntacl(self): random.seed() lp = LoadParm() path = None @@ -103,26 +103,25 @@ class PosixAclMappingTests(TestCase): self.assertEquals(acl, facl.as_sddl(anysid)) os.unlink(tempf) - def test_setntacl_smbd_chmod_getntacl_smbd(self): + def test_setntacl_invalidate_getntacl_smbd(self): random.seed() lp = LoadParm() path = None path = os.environ['SELFTEST_PREFIX'] acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)" - simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)" tempf = os.path.join(path,"pytests"+str(int(100000*random.random()))) open(tempf, 'w').write("empty") - setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True) + setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False) # This should invalidate the ACL, as we include the posix ACL in the hash (backend_obj, dbname) = checkset_backend(lp, None, None) backend_obj.wrap_setxattr(dbname, tempf, "system.fake_access_acl", "") - #the hash breaks, and we return an ACL based only on the mode + #the hash would break, and we return an ACL based only on the mode, except we set the ACL using the 'ntvfs' mode that doesn't include a hash facl = getntacl(lp,tempf) anysid = security.dom_sid(security.SID_NT_SELF) - self.assertEquals(simple_acl_from_posix, facl.as_sddl(anysid)) + self.assertEquals(acl, facl.as_sddl(anysid)) os.unlink(tempf) def test_setntacl_getntacl_smbd(self): @@ -163,7 +162,7 @@ class PosixAclMappingTests(TestCase): tempf = os.path.join(path,"pytests"+str(int(100000*random.random()))) open(tempf, 'w').write("empty") setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False) - # This invalidates the hash of the NT acl just set + # This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code smbd.set_simple_acl(tempf, 0640) facl = getntacl(lp,tempf, direct_db_access=False) anysid = security.dom_sid(security.SID_NT_SELF) @@ -181,7 +180,7 @@ class PosixAclMappingTests(TestCase): tempf = os.path.join(path,"pytests"+str(int(100000*random.random()))) open(tempf, 'w').write("empty") setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False) - # This invalidates the hash of the NT acl just set + # This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code s3conf = s3param.get_context() s4_passdb = passdb.PDB(s3conf.get("passdb backend")) (BA_gid,BA_type) = s4_passdb.sid_to_id(BA_sid) |