diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2012-10-25 20:17:55 +1100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2012-10-25 22:18:50 +1100 |
| commit | 117d5f4c372c02d69106df45e12ac69d1c047f50 (patch) | |
| tree | 13848a0a59f2c51dfebfb203608bf963d51d59f2 | |
| parent | 53244c915113cef87692756e9ad545ff75074df0 (diff) | |
| download | samba-117d5f4c372c02d69106df45e12ac69d1c047f50.tar.gz samba-117d5f4c372c02d69106df45e12ac69d1c047f50.tar.bz2 samba-117d5f4c372c02d69106df45e12ac69d1c047f50.zip | |
selftest: Cover the important non-Samba invalidation of the NT ACL
This covers the case where we have a valid hash of the posix ACL (or the NT ACL from the
POSIX ACL) and we notice it no longer matches.
Andrew Bartlett
| -rw-r--r-- | source4/scripting/python/samba/tests/posixacl.py | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/source4/scripting/python/samba/tests/posixacl.py b/source4/scripting/python/samba/tests/posixacl.py index a575138570..cf7a40f031 100644 --- a/source4/scripting/python/samba/tests/posixacl.py +++ b/source4/scripting/python/samba/tests/posixacl.py @@ -124,6 +124,29 @@ class PosixAclMappingTests(TestCase): self.assertEquals(acl, facl.as_sddl(anysid)) os.unlink(tempf) + def test_setntacl_smbd_invalidate_getntacl_smbd(self): + random.seed() + lp = LoadParm() + path = None + path = os.environ['SELFTEST_PREFIX'] + acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)" + simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x001200a9;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;WO;;;WD)" + tempf = os.path.join(path,"pytests"+str(int(100000*random.random()))) + open(tempf, 'w').write("empty") + os.chmod(tempf, 0750) + setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False) + + # This should invalidate the ACL, as we include the posix ACL in the hash + (backend_obj, dbname) = checkset_backend(lp, None, None) + backend_obj.wrap_setxattr(dbname, + tempf, "system.fake_access_acl", "") + + #the hash will break, and we return an ACL based only on the mode + facl = getntacl(lp,tempf, direct_db_access=False) + anysid = security.dom_sid(security.SID_NT_SELF) + self.assertEquals(simple_acl_from_posix, facl.as_sddl(anysid)) + os.unlink(tempf) + def test_setntacl_getntacl_smbd(self): random.seed() lp = LoadParm() |