summaryrefslogtreecommitdiff
path: root/source4/scripting/python
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-10-25 20:17:55 +1100
committerAndrew Bartlett <abartlet@samba.org>2012-10-25 22:18:50 +1100
commit117d5f4c372c02d69106df45e12ac69d1c047f50 (patch)
tree13848a0a59f2c51dfebfb203608bf963d51d59f2 /source4/scripting/python
parent53244c915113cef87692756e9ad545ff75074df0 (diff)
downloadsamba-117d5f4c372c02d69106df45e12ac69d1c047f50.tar.gz
samba-117d5f4c372c02d69106df45e12ac69d1c047f50.tar.bz2
samba-117d5f4c372c02d69106df45e12ac69d1c047f50.zip
selftest: Cover the important non-Samba invalidation of the NT ACL
This covers the case where we have a valid hash of the posix ACL (or the NT ACL from the POSIX ACL) and we notice it no longer matches. Andrew Bartlett
Diffstat (limited to 'source4/scripting/python')
-rw-r--r--source4/scripting/python/samba/tests/posixacl.py23
1 files changed, 23 insertions, 0 deletions
diff --git a/source4/scripting/python/samba/tests/posixacl.py b/source4/scripting/python/samba/tests/posixacl.py
index a575138570..cf7a40f031 100644
--- a/source4/scripting/python/samba/tests/posixacl.py
+++ b/source4/scripting/python/samba/tests/posixacl.py
@@ -124,6 +124,29 @@ class PosixAclMappingTests(TestCase):
self.assertEquals(acl, facl.as_sddl(anysid))
os.unlink(tempf)
+ def test_setntacl_smbd_invalidate_getntacl_smbd(self):
+ random.seed()
+ lp = LoadParm()
+ path = None
+ path = os.environ['SELFTEST_PREFIX']
+ acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
+ simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x001200a9;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;WO;;;WD)"
+ tempf = os.path.join(path,"pytests"+str(int(100000*random.random())))
+ open(tempf, 'w').write("empty")
+ os.chmod(tempf, 0750)
+ setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
+
+ # This should invalidate the ACL, as we include the posix ACL in the hash
+ (backend_obj, dbname) = checkset_backend(lp, None, None)
+ backend_obj.wrap_setxattr(dbname,
+ tempf, "system.fake_access_acl", "")
+
+ #the hash will break, and we return an ACL based only on the mode
+ facl = getntacl(lp,tempf, direct_db_access=False)
+ anysid = security.dom_sid(security.SID_NT_SELF)
+ self.assertEquals(simple_acl_from_posix, facl.as_sddl(anysid))
+ os.unlink(tempf)
+
def test_setntacl_getntacl_smbd(self):
random.seed()
lp = LoadParm()