diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2012-08-21 22:42:54 +1000 | 
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2012-08-23 15:02:26 +0200 | 
| commit | 318b8cb4fafcc48bb0f8266171d667a6316f66d4 (patch) | |
| tree | b2dbeed597e2d32bde373a6e512ca81f5814e705 | |
| parent | b1825c64215ac304eff8fcd3555e9f5943f3ba63 (diff) | |
| download | samba-318b8cb4fafcc48bb0f8266171d667a6316f66d4.tar.gz samba-318b8cb4fafcc48bb0f8266171d667a6316f66d4.tar.bz2 samba-318b8cb4fafcc48bb0f8266171d667a6316f66d4.zip | |
selftest: Add a test of the NT ACL -> posix ACL mapping layer
This is the start of what will be a series of tests confirming exactly how
some NT ACLs are mapped to posix ACLs.
Andrew Bartlett
| -rw-r--r-- | source4/scripting/python/samba/tests/posixacl.py | 131 | 
1 files changed, 131 insertions, 0 deletions
| diff --git a/source4/scripting/python/samba/tests/posixacl.py b/source4/scripting/python/samba/tests/posixacl.py new file mode 100644 index 0000000000..877363b6cd --- /dev/null +++ b/source4/scripting/python/samba/tests/posixacl.py @@ -0,0 +1,131 @@ +# Unix SMB/CIFS implementation. Tests for NT and posix ACL manipulation +# Copyright (C) Matthieu Patou <mat@matws.net> 2009-2010 +# Copyright (C) Andrew Bartlett 2012 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program.  If not, see <http://www.gnu.org/licenses/>. +# + +"""Tests for the Samba3 NT -> posix ACL layer""" + +from samba.ntacls import setntacl, getntacl, XattrBackendError +from samba.dcerpc import xattr, security, smb_acl +from samba.param import LoadParm +from samba.tests import TestCase, TestSkipped +from samba import provision +import random +import os +from samba.samba3 import smbd, passdb +from samba.samba3 import param as s3param + +class PosixAclMappingTests(TestCase): + +    def test_setntacl(self): +        random.seed() +        lp = LoadParm() +        path = os.environ['SELFTEST_PREFIX'] +        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)" +        tempf = os.path.join(path,"pytests"+str(int(100000*random.random()))) +        open(tempf, 'w').write("empty") +        setntacl(lp, tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False) +        os.unlink(tempf) + +    def test_setntacl_smbd_getntacl(self): +        random.seed() +        lp = LoadParm() +        path = None +        path = os.environ['SELFTEST_PREFIX'] +        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)" +        tempf = os.path.join(path,"pytests"+str(int(100000*random.random()))) +        open(tempf, 'w').write("empty") +        setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True) +        facl = getntacl(lp,tempf) +        anysid = security.dom_sid(security.SID_NT_SELF) +        self.assertEquals(facl.as_sddl(anysid),acl) +        os.unlink(tempf) + +    def test_setntacl_getntacl_smbd(self): +        random.seed() +        lp = LoadParm() +        path = None +        path = os.environ['SELFTEST_PREFIX'] +        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)" +        tempf = os.path.join(path,"pytests"+str(int(100000*random.random()))) +        open(tempf, 'w').write("empty") +        setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False) +        facl = getntacl(lp,tempf, direct_db_access=True) +        anysid = security.dom_sid(security.SID_NT_SELF) +        self.assertEquals(facl.as_sddl(anysid),acl) +        os.unlink(tempf) + +    def test_setntacl_smbd_getntacl_smbd(self): +        random.seed() +        lp = LoadParm() +        path = None +        path = os.environ['SELFTEST_PREFIX'] +        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)" +        tempf = os.path.join(path,"pytests"+str(int(100000*random.random()))) +        open(tempf, 'w').write("empty") +        setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True) +        facl = getntacl(lp,tempf, direct_db_access=True) +        anysid = security.dom_sid(security.SID_NT_SELF) +        self.assertEquals(facl.as_sddl(anysid),acl) +        os.unlink(tempf) + +    def test_setntacl_getposixacl(self): +        random.seed() +        lp = LoadParm() +        path = None +        path = os.environ['SELFTEST_PREFIX'] +        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)" +        tempf = os.path.join(path,"pytests"+str(int(100000*random.random()))) +        open(tempf, 'w').write("empty") +        setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False) +        facl = getntacl(lp,tempf) +        anysid = security.dom_sid(security.SID_NT_SELF) +        self.assertEquals(facl.as_sddl(anysid),acl) +        posix_acl = smbd.get_sys_acl(tempf, smb_acl.SMB_ACL_TYPE_ACCESS) +        os.unlink(tempf) + +    def test_setntacl_sysvol_check_getposixacl(self): +        random.seed() +        lp = LoadParm() +        s3conf = s3param.get_context() +        path = None +        path = os.environ['SELFTEST_PREFIX'] +        acl = provision.SYSVOL_ACL +        tempf = os.path.join(path,"pytests"+str(int(100000*random.random()))) +        open(tempf, 'w').write("empty") +        domsid = passdb.get_global_sam_sid() +        setntacl(lp,tempf,acl,str(domsid), use_ntvfs=False) +        facl = getntacl(lp,tempf) +        self.assertEquals(facl.as_sddl(domsid),acl) +        posix_acl = smbd.get_sys_acl(tempf, smb_acl.SMB_ACL_TYPE_ACCESS) + +# check that it matches: +# user::rwx +# user:root:rwx +# group::rwx +# group:wheel:rwx +# group:3000000:r-x +# group:3000001:rwx +# group:3000002:r-x +# mask::rwx +# other::--- + +        os.unlink(tempf) + +    def setUp(self): +        super(PosixAclMappingTests, self).setUp() +        s3conf = s3param.get_context() +        s3conf.load(self.get_loadparm().configfile) | 
