diff options
| author | Christian Ambach <ambi@samba.org> | 2013-01-30 11:00:48 +0100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2013-02-04 12:19:30 +0100 |
| commit | a133a989c319bfba18ea8b204716d8e362e28f80 (patch) | |
| tree | 3dab707dc8def317edd1b7ab77a8d9658535cf71 /source4/scripting | |
| parent | f0e49b015bfcb021aea61615185d9da57538c68d (diff) | |
| download | samba-a133a989c319bfba18ea8b204716d8e362e28f80.tar.gz samba-a133a989c319bfba18ea8b204716d8e362e28f80.tar.bz2 samba-a133a989c319bfba18ea8b204716d8e362e28f80.zip | |
selftest: add a test that demonstrates how new ACL blob code helps
this test shows that a change to POSIX ACL->SD mapping behavior does not invalidate the stored SD
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/scripting')
| -rw-r--r-- | source4/scripting/python/samba/tests/posixacl.py | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/source4/scripting/python/samba/tests/posixacl.py b/source4/scripting/python/samba/tests/posixacl.py index 652721f4f1..7cd22ebccd 100644 --- a/source4/scripting/python/samba/tests/posixacl.py +++ b/source4/scripting/python/samba/tests/posixacl.py @@ -106,6 +106,23 @@ class PosixAclMappingTests(TestCaseInTempDir): anysid = security.dom_sid(security.SID_NT_SELF) self.assertEquals(simple_acl_from_posix, facl.as_sddl(anysid)) + def test_setntacl_smbd_dont_invalidate_getntacl_smbd(self): + # set an ACL on a tempfile + acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)" + os.chmod(self.tempf, 0750) + setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False) + + # now influence the POSIX ACL->SD mapping it returns something else than + # what was set previously + # this should not invalidate the hash and the complete ACL should still + # be returned + self.lp.set("profile acls", "yes") + # we should still get back the ACL (and not one mapped from POSIX ACL) + facl = getntacl(self.lp, self.tempf, direct_db_access=False) + self.lp.set("profile acls", "no") + anysid = security.dom_sid(security.SID_NT_SELF) + self.assertEquals(acl, facl.as_sddl(anysid)) + def test_setntacl_getntacl_smbd(self): acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)" setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True) |