From a133a989c319bfba18ea8b204716d8e362e28f80 Mon Sep 17 00:00:00 2001
From: Christian Ambach <ambi@samba.org>
Date: Wed, 30 Jan 2013 11:00:48 +0100
Subject: selftest: add a test that demonstrates how new ACL blob code helps

this test shows that a change to POSIX ACL->SD mapping behavior does not invalidate the stored SD

Signed-off-by: Christian Ambach <ambi@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/scripting/python/samba/tests/posixacl.py | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'source4/scripting')

diff --git a/source4/scripting/python/samba/tests/posixacl.py b/source4/scripting/python/samba/tests/posixacl.py
index 652721f4f1..7cd22ebccd 100644
--- a/source4/scripting/python/samba/tests/posixacl.py
+++ b/source4/scripting/python/samba/tests/posixacl.py
@@ -106,6 +106,23 @@ class PosixAclMappingTests(TestCaseInTempDir):
         anysid = security.dom_sid(security.SID_NT_SELF)
         self.assertEquals(simple_acl_from_posix, facl.as_sddl(anysid))
 
+    def test_setntacl_smbd_dont_invalidate_getntacl_smbd(self):
+        # set an ACL on a tempfile
+        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
+        os.chmod(self.tempf, 0750)
+        setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
+
+        # now influence the POSIX ACL->SD mapping it returns something else than
+        # what was set previously
+        # this should not invalidate the hash and the complete ACL should still
+        # be returned
+        self.lp.set("profile acls", "yes")
+        # we should still get back the ACL (and not one mapped from POSIX ACL)
+        facl = getntacl(self.lp, self.tempf, direct_db_access=False)
+        self.lp.set("profile acls", "no")
+        anysid = security.dom_sid(security.SID_NT_SELF)
+        self.assertEquals(acl, facl.as_sddl(anysid))
+
     def test_setntacl_getntacl_smbd(self):
         acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
         setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True)
-- 
cgit