From 318b8cb4fafcc48bb0f8266171d667a6316f66d4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 21 Aug 2012 22:42:54 +1000 Subject: selftest: Add a test of the NT ACL -> posix ACL mapping layer This is the start of what will be a series of tests confirming exactly how some NT ACLs are mapped to posix ACLs. Andrew Bartlett --- source4/scripting/python/samba/tests/posixacl.py | 131 +++++++++++++++++++++++ 1 file changed, 131 insertions(+) create mode 100644 source4/scripting/python/samba/tests/posixacl.py (limited to 'source4/scripting') diff --git a/source4/scripting/python/samba/tests/posixacl.py b/source4/scripting/python/samba/tests/posixacl.py new file mode 100644 index 0000000000..877363b6cd --- /dev/null +++ b/source4/scripting/python/samba/tests/posixacl.py @@ -0,0 +1,131 @@ +# Unix SMB/CIFS implementation. Tests for NT and posix ACL manipulation +# Copyright (C) Matthieu Patou 2009-2010 +# Copyright (C) Andrew Bartlett 2012 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +"""Tests for the Samba3 NT -> posix ACL layer""" + +from samba.ntacls import setntacl, getntacl, XattrBackendError +from samba.dcerpc import xattr, security, smb_acl +from samba.param import LoadParm +from samba.tests import TestCase, TestSkipped +from samba import provision +import random +import os +from samba.samba3 import smbd, passdb +from samba.samba3 import param as s3param + +class PosixAclMappingTests(TestCase): + + def test_setntacl(self): + random.seed() + lp = LoadParm() + path = os.environ['SELFTEST_PREFIX'] + acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)" + tempf = os.path.join(path,"pytests"+str(int(100000*random.random()))) + open(tempf, 'w').write("empty") + setntacl(lp, tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False) + os.unlink(tempf) + + def test_setntacl_smbd_getntacl(self): + random.seed() + lp = LoadParm() + path = None + path = os.environ['SELFTEST_PREFIX'] + acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)" + tempf = os.path.join(path,"pytests"+str(int(100000*random.random()))) + open(tempf, 'w').write("empty") + setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True) + facl = getntacl(lp,tempf) + anysid = security.dom_sid(security.SID_NT_SELF) + self.assertEquals(facl.as_sddl(anysid),acl) + os.unlink(tempf) + + def test_setntacl_getntacl_smbd(self): + random.seed() + lp = LoadParm() + path = None + path = os.environ['SELFTEST_PREFIX'] + acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)" + tempf = os.path.join(path,"pytests"+str(int(100000*random.random()))) + open(tempf, 'w').write("empty") + setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False) + facl = getntacl(lp,tempf, direct_db_access=True) + anysid = security.dom_sid(security.SID_NT_SELF) + self.assertEquals(facl.as_sddl(anysid),acl) + os.unlink(tempf) + + def test_setntacl_smbd_getntacl_smbd(self): + random.seed() + lp = LoadParm() + path = None + path = os.environ['SELFTEST_PREFIX'] + acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)" + tempf = os.path.join(path,"pytests"+str(int(100000*random.random()))) + open(tempf, 'w').write("empty") + setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True) + facl = getntacl(lp,tempf, direct_db_access=True) + anysid = security.dom_sid(security.SID_NT_SELF) + self.assertEquals(facl.as_sddl(anysid),acl) + os.unlink(tempf) + + def test_setntacl_getposixacl(self): + random.seed() + lp = LoadParm() + path = None + path = os.environ['SELFTEST_PREFIX'] + acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)" + tempf = os.path.join(path,"pytests"+str(int(100000*random.random()))) + open(tempf, 'w').write("empty") + setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False) + facl = getntacl(lp,tempf) + anysid = security.dom_sid(security.SID_NT_SELF) + self.assertEquals(facl.as_sddl(anysid),acl) + posix_acl = smbd.get_sys_acl(tempf, smb_acl.SMB_ACL_TYPE_ACCESS) + os.unlink(tempf) + + def test_setntacl_sysvol_check_getposixacl(self): + random.seed() + lp = LoadParm() + s3conf = s3param.get_context() + path = None + path = os.environ['SELFTEST_PREFIX'] + acl = provision.SYSVOL_ACL + tempf = os.path.join(path,"pytests"+str(int(100000*random.random()))) + open(tempf, 'w').write("empty") + domsid = passdb.get_global_sam_sid() + setntacl(lp,tempf,acl,str(domsid), use_ntvfs=False) + facl = getntacl(lp,tempf) + self.assertEquals(facl.as_sddl(domsid),acl) + posix_acl = smbd.get_sys_acl(tempf, smb_acl.SMB_ACL_TYPE_ACCESS) + +# check that it matches: +# user::rwx +# user:root:rwx +# group::rwx +# group:wheel:rwx +# group:3000000:r-x +# group:3000001:rwx +# group:3000002:r-x +# mask::rwx +# other::--- + + os.unlink(tempf) + + def setUp(self): + super(PosixAclMappingTests, self).setUp() + s3conf = s3param.get_context() + s3conf.load(self.get_loadparm().configfile) -- cgit