From 53244c915113cef87692756e9ad545ff75074df0 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 25 Oct 2012 19:58:15 +1100 Subject: selftest: Cover one more NT ACL invalidation case and improve comments This tries to show the difference between the cases where we trap the POSIX ACL change and where we actually detect an OS-level change. Andrew Bartlett --- source4/scripting/python/samba/tests/posixacl.py | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) (limited to 'source4/scripting') diff --git a/source4/scripting/python/samba/tests/posixacl.py b/source4/scripting/python/samba/tests/posixacl.py index 449a87c128..a575138570 100644 --- a/source4/scripting/python/samba/tests/posixacl.py +++ b/source4/scripting/python/samba/tests/posixacl.py @@ -82,7 +82,7 @@ class PosixAclMappingTests(TestCase): pass os.unlink(tempf) - def test_setntacl_smbd_chmod_getntacl(self): + def test_setntacl_invalidate_getntacl(self): random.seed() lp = LoadParm() path = None @@ -103,26 +103,25 @@ class PosixAclMappingTests(TestCase): self.assertEquals(acl, facl.as_sddl(anysid)) os.unlink(tempf) - def test_setntacl_smbd_chmod_getntacl_smbd(self): + def test_setntacl_invalidate_getntacl_smbd(self): random.seed() lp = LoadParm() path = None path = os.environ['SELFTEST_PREFIX'] acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)" - simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)" tempf = os.path.join(path,"pytests"+str(int(100000*random.random()))) open(tempf, 'w').write("empty") - setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True) + setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False) # This should invalidate the ACL, as we include the posix ACL in the hash (backend_obj, dbname) = checkset_backend(lp, None, None) backend_obj.wrap_setxattr(dbname, tempf, "system.fake_access_acl", "") - #the hash breaks, and we return an ACL based only on the mode + #the hash would break, and we return an ACL based only on the mode, except we set the ACL using the 'ntvfs' mode that doesn't include a hash facl = getntacl(lp,tempf) anysid = security.dom_sid(security.SID_NT_SELF) - self.assertEquals(simple_acl_from_posix, facl.as_sddl(anysid)) + self.assertEquals(acl, facl.as_sddl(anysid)) os.unlink(tempf) def test_setntacl_getntacl_smbd(self): @@ -163,7 +162,7 @@ class PosixAclMappingTests(TestCase): tempf = os.path.join(path,"pytests"+str(int(100000*random.random()))) open(tempf, 'w').write("empty") setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False) - # This invalidates the hash of the NT acl just set + # This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code smbd.set_simple_acl(tempf, 0640) facl = getntacl(lp,tempf, direct_db_access=False) anysid = security.dom_sid(security.SID_NT_SELF) @@ -181,7 +180,7 @@ class PosixAclMappingTests(TestCase): tempf = os.path.join(path,"pytests"+str(int(100000*random.random()))) open(tempf, 'w').write("empty") setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False) - # This invalidates the hash of the NT acl just set + # This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code s3conf = s3param.get_context() s4_passdb = passdb.PDB(s3conf.get("passdb backend")) (BA_gid,BA_type) = s4_passdb.sid_to_id(BA_sid) -- cgit