selftest: Add a test of the NT ACL -> posix ACL mapping layer

This is the start of what will be a series of tests confirming exactly how some NT ACLs are mapped to posix ACLs. Andrew Bartlett
author: Andrew Bartlett <abartlet@samba.org> 2012-08-21 22:42:54 +1000
committer: Andrew Bartlett <abartlet@samba.org> 2012-08-23 15:02:26 +0200
commit: 318b8cb4fafcc48bb0f8266171d667a6316f66d4 (patch)
tree: b2dbeed597e2d32bde373a6e512ca81f5814e705 /source4/scripting
parent: b1825c64215ac304eff8fcd3555e9f5943f3ba63 (diff)
download: samba-318b8cb4fafcc48bb0f8266171d667a6316f66d4.tar.gz
samba-318b8cb4fafcc48bb0f8266171d667a6316f66d4.tar.bz2
samba-318b8cb4fafcc48bb0f8266171d667a6316f66d4.zip
1 files changed, 131 insertions, 0 deletions
diff --git a/source4/scripting/python/samba/tests/posixacl.py b/source4/scripting/python/samba/tests/posixacl.py
new file mode 100644
index 0000000000..877363b6cd
--- /dev/null
+++ b/source4/scripting/python/samba/tests/posixacl.py
@@ -0,0 +1,131 @@
+# Unix SMB/CIFS implementation. Tests for NT and posix ACL manipulation
+# Copyright (C) Matthieu Patou <mat@matws.net> 2009-2010
+# Copyright (C) Andrew Bartlett 2012
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+"""Tests for the Samba3 NT -> posix ACL layer"""
+
+from samba.ntacls import setntacl, getntacl, XattrBackendError
+from samba.dcerpc import xattr, security, smb_acl
+from samba.param import LoadParm
+from samba.tests import TestCase, TestSkipped
+from samba import provision
+import random
+import os
+from samba.samba3 import smbd, passdb
+from samba.samba3 import param as s3param
+
+class PosixAclMappingTests(TestCase):
+
+    def test_setntacl(self):
+        random.seed()
+        lp = LoadParm()
+        path = os.environ['SELFTEST_PREFIX']
+        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
+        tempf = os.path.join(path,"pytests"+str(int(100000*random.random())))
+        open(tempf, 'w').write("empty")
+        setntacl(lp, tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
+        os.unlink(tempf)
+
+    def test_setntacl_smbd_getntacl(self):
+        random.seed()
+        lp = LoadParm()
+        path = None
+        path = os.environ['SELFTEST_PREFIX']
+        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
+        tempf = os.path.join(path,"pytests"+str(int(100000*random.random())))
+        open(tempf, 'w').write("empty")
+        setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True)
+        facl = getntacl(lp,tempf)
+        anysid = security.dom_sid(security.SID_NT_SELF)
+        self.assertEquals(facl.as_sddl(anysid),acl)
+        os.unlink(tempf)
+
+    def test_setntacl_getntacl_smbd(self):
+        random.seed()
+        lp = LoadParm()
+        path = None
+        path = os.environ['SELFTEST_PREFIX']
+        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
+        tempf = os.path.join(path,"pytests"+str(int(100000*random.random())))
+        open(tempf, 'w').write("empty")
+        setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
+        facl = getntacl(lp,tempf, direct_db_access=True)
+        anysid = security.dom_sid(security.SID_NT_SELF)
+        self.assertEquals(facl.as_sddl(anysid),acl)
+        os.unlink(tempf)
+
+    def test_setntacl_smbd_getntacl_smbd(self):
+        random.seed()
+        lp = LoadParm()
+        path = None
+        path = os.environ['SELFTEST_PREFIX']
+        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
+        tempf = os.path.join(path,"pytests"+str(int(100000*random.random())))
+        open(tempf, 'w').write("empty")
+        setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True)
+        facl = getntacl(lp,tempf, direct_db_access=True)
+        anysid = security.dom_sid(security.SID_NT_SELF)
+        self.assertEquals(facl.as_sddl(anysid),acl)
+        os.unlink(tempf)
+
+    def test_setntacl_getposixacl(self):
+        random.seed()
+        lp = LoadParm()
+        path = None
+        path = os.environ['SELFTEST_PREFIX']
+        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
+        tempf = os.path.join(path,"pytests"+str(int(100000*random.random())))
+        open(tempf, 'w').write("empty")
+        setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
+        facl = getntacl(lp,tempf)
+        anysid = security.dom_sid(security.SID_NT_SELF)
+        self.assertEquals(facl.as_sddl(anysid),acl)
+        posix_acl = smbd.get_sys_acl(tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
+        os.unlink(tempf)
+
+    def test_setntacl_sysvol_check_getposixacl(self):
+        random.seed()
+        lp = LoadParm()
+        s3conf = s3param.get_context()
+        path = None
+        path = os.environ['SELFTEST_PREFIX']
+        acl = provision.SYSVOL_ACL
+        tempf = os.path.join(path,"pytests"+str(int(100000*random.random())))
+        open(tempf, 'w').write("empty")
+        domsid = passdb.get_global_sam_sid()
+        setntacl(lp,tempf,acl,str(domsid), use_ntvfs=False)
+        facl = getntacl(lp,tempf)
+        self.assertEquals(facl.as_sddl(domsid),acl)
+        posix_acl = smbd.get_sys_acl(tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
+
+# check that it matches:
+# user::rwx
+# user:root:rwx
+# group::rwx
+# group:wheel:rwx
+# group:3000000:r-x
+# group:3000001:rwx
+# group:3000002:r-x
+# mask::rwx
+# other::---
+
+        os.unlink(tempf)
+
+    def setUp(self):
+        super(PosixAclMappingTests, self).setUp()
+        s3conf = s3param.get_context()
+        s3conf.load(self.get_loadparm().configfile)
author	Andrew Bartlett <abartlet@samba.org>	2012-08-21 22:42:54 +1000
committer	Andrew Bartlett <abartlet@samba.org>	2012-08-23 15:02:26 +0200
commit	318b8cb4fafcc48bb0f8266171d667a6316f66d4 (patch)
tree	b2dbeed597e2d32bde373a6e512ca81f5814e705 /source4/scripting
parent	b1825c64215ac304eff8fcd3555e9f5943f3ba63 (diff)
download	samba-318b8cb4fafcc48bb0f8266171d667a6316f66d4.tar.gz samba-318b8cb4fafcc48bb0f8266171d667a6316f66d4.tar.bz2 samba-318b8cb4fafcc48bb0f8266171d667a6316f66d4.zip