summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Ambach <ambi@samba.org>2013-01-30 11:00:48 +0100
committerAndrew Bartlett <abartlet@samba.org>2013-02-04 12:19:30 +0100
commita133a989c319bfba18ea8b204716d8e362e28f80 (patch)
tree3dab707dc8def317edd1b7ab77a8d9658535cf71
parentf0e49b015bfcb021aea61615185d9da57538c68d (diff)
downloadsamba-a133a989c319bfba18ea8b204716d8e362e28f80.tar.gz
samba-a133a989c319bfba18ea8b204716d8e362e28f80.tar.bz2
samba-a133a989c319bfba18ea8b204716d8e362e28f80.zip
selftest: add a test that demonstrates how new ACL blob code helps
this test shows that a change to POSIX ACL->SD mapping behavior does not invalidate the stored SD Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r--source4/scripting/python/samba/tests/posixacl.py17
1 files changed, 17 insertions, 0 deletions
diff --git a/source4/scripting/python/samba/tests/posixacl.py b/source4/scripting/python/samba/tests/posixacl.py
index 652721f4f1..7cd22ebccd 100644
--- a/source4/scripting/python/samba/tests/posixacl.py
+++ b/source4/scripting/python/samba/tests/posixacl.py
@@ -106,6 +106,23 @@ class PosixAclMappingTests(TestCaseInTempDir):
anysid = security.dom_sid(security.SID_NT_SELF)
self.assertEquals(simple_acl_from_posix, facl.as_sddl(anysid))
+ def test_setntacl_smbd_dont_invalidate_getntacl_smbd(self):
+ # set an ACL on a tempfile
+ acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
+ os.chmod(self.tempf, 0750)
+ setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
+
+ # now influence the POSIX ACL->SD mapping it returns something else than
+ # what was set previously
+ # this should not invalidate the hash and the complete ACL should still
+ # be returned
+ self.lp.set("profile acls", "yes")
+ # we should still get back the ACL (and not one mapped from POSIX ACL)
+ facl = getntacl(self.lp, self.tempf, direct_db_access=False)
+ self.lp.set("profile acls", "no")
+ anysid = security.dom_sid(security.SID_NT_SELF)
+ self.assertEquals(acl, facl.as_sddl(anysid))
+
def test_setntacl_getntacl_smbd(self):
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True)