From f2f16b45b58c2bbf3053ff55e7a290fc069e0efd Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 29 Nov 2007 14:49:47 +0100 Subject: r26197: Add bindings for libsecurity. (This used to be commit 8625cd403ba3a7d2b1b1fccfeb5efd7e21de0135) --- source4/autogen.sh | 2 +- source4/lib/ldb/ldb_ildap/config.mk | 1 + source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c | 153 ------------------------ source4/lib/ldb_wrap.c | 186 ------------------------------ source4/lib/talloc/config.mk | 9 +- source4/lib/talloc/talloc.i | 2 - source4/lib/tdb_wrap.c | 117 ------------------- source4/libcli/security/config.mk | 8 +- source4/libcli/security/security.i | 121 +++++++++++++++++++ source4/libcli/security/tests/bindings.py | 65 +++++++++++ source4/scripting/python/config.mk | 4 - source4/scripting/python/sidmodule.c | 56 --------- source4/selftest/samba4_tests.sh | 1 + 13 files changed, 195 insertions(+), 530 deletions(-) delete mode 100644 source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c delete mode 100644 source4/lib/ldb_wrap.c delete mode 100644 source4/lib/tdb_wrap.c create mode 100644 source4/libcli/security/security.i create mode 100644 source4/libcli/security/tests/bindings.py delete mode 100644 source4/scripting/python/sidmodule.c (limited to 'source4') diff --git a/source4/autogen.sh b/source4/autogen.sh index 9288cba986..667ac89a44 100755 --- a/source4/autogen.sh +++ b/source4/autogen.sh @@ -65,7 +65,7 @@ rm -rf autom4te*.cache # Run swig if it is available SWIG=swig -SWIG_FILES="./scripting/python/misc.i ./auth/auth.i ./auth/credentials/credentials.i ./lib/talloc/talloc.i ./lib/ldb/ldb.i ./lib/registry/registry.i ./lib/tdb/tdb.i ./libcli/swig/libcli_smb.i ./libcli/swig/libcli_nbt.i ./librpc/rpc/dcerpc.i lib/events/events.i" +SWIG_FILES="./scripting/python/misc.i ./auth/auth.i ./auth/credentials/credentials.i ./lib/ldb/ldb.i ./lib/registry/registry.i ./lib/tdb/tdb.i ./libcli/swig/libcli_smb.i ./libcli/swig/libcli_nbt.i ./librpc/rpc/dcerpc.i lib/events/events.i libcli/security/security.i" if which $SWIG >/dev/null 2>&1; then for I in $SWIG_FILES do diff --git a/source4/lib/ldb/ldb_ildap/config.mk b/source4/lib/ldb/ldb_ildap/config.mk index 71887c14f8..f7ed3469f3 100644 --- a/source4/lib/ldb/ldb_ildap/config.mk +++ b/source4/lib/ldb/ldb_ildap/config.mk @@ -3,6 +3,7 @@ [MODULE::ldb_ildap] SUBSYSTEM = LIBLDB CFLAGS = -Ilib/ldb/include +OUTPUT_TYPE = SHARED_LIBRARY PRIVATE_DEPENDENCIES = LIBTALLOC LIBCLI_LDAP INIT_FUNCTION = ldb_ildap_init ALIASES = ldapi ldaps ldap diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c b/source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c deleted file mode 100644 index 654574cd2f..0000000000 --- a/source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c +++ /dev/null @@ -1,153 +0,0 @@ -/* - ldb database library - - Copyright (C) Andrew Tridgell 2005 - - ** NOTE! The following LGPL license applies to the ldb - ** library. This does NOT imply that all of Samba is released - ** under the LGPL - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 3 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, see . -*/ - -#include "ldb_includes.h" - -#include "ldb_tdb.h" - -/* - the purpose of this code is to work around the braindead posix locking - rules, to allow us to have a ldb open more than once while allowing - locking to work -*/ - -struct ltdb_wrap { - struct ltdb_wrap *next, *prev; - struct tdb_context *tdb; - dev_t device; - ino_t inode; -}; - -static struct ltdb_wrap *tdb_list; - -/* destroy the last connection to a tdb */ -static int ltdb_wrap_destructor(struct ltdb_wrap *w) -{ - tdb_close(w->tdb); - if (w->next) { - w->next->prev = w->prev; - } - if (w->prev) { - w->prev->next = w->next; - } - if (w == tdb_list) { - tdb_list = w->next; - } - return 0; -} - -static void ltdb_log_fn(struct tdb_context *tdb, enum tdb_debug_level level, const char *fmt, ...) PRINTF_ATTRIBUTE(3, 4); -static void ltdb_log_fn(struct tdb_context *tdb, enum tdb_debug_level level, const char *fmt, ...) -{ - va_list ap; - const char *name = tdb_name(tdb); - struct ldb_context *ldb = talloc_get_type(tdb_get_logging_private(tdb), struct ldb_context); - enum ldb_debug_level ldb_level; - char *message; - va_start(ap, fmt); - message = talloc_vasprintf(ldb, fmt, ap); - va_end(ap); - - switch (level) { - case TDB_DEBUG_FATAL: - ldb_level = LDB_DEBUG_FATAL; - break; - case TDB_DEBUG_ERROR: - ldb_level = LDB_DEBUG_ERROR; - break; - case TDB_DEBUG_WARNING: - ldb_level = LDB_DEBUG_WARNING; - break; - case TDB_DEBUG_TRACE: - ldb_level = LDB_DEBUG_TRACE; - break; - default: - ldb_level = LDB_DEBUG_FATAL; - } - - ldb_debug(ldb, ldb_level, "ltdb: tdb(%s): %s", name, message); - talloc_free(message); -} - -/* - wrapped connection to a tdb database. The caller should _not_ free - this as it is not a talloc structure (as tdb does not use talloc - yet). It will auto-close when the caller frees the mem_ctx that is - passed to this call - */ -struct tdb_context *ltdb_wrap_open(TALLOC_CTX *mem_ctx, - const char *path, int hash_size, - int tdb_flags, - int open_flags, mode_t mode, - struct ldb_context *ldb) -{ - struct ltdb_wrap *w; - struct stat st; - struct tdb_logging_context log_ctx; - - log_ctx.log_fn = ltdb_log_fn; - log_ctx.log_private = ldb; - - if (stat(path, &st) == 0) { - for (w=tdb_list;w;w=w->next) { - if (st.st_dev == w->device && st.st_ino == w->inode) { - if (!talloc_reference(mem_ctx, w)) { - return NULL; - } - return w->tdb; - } - } - } - - w = talloc(mem_ctx, struct ltdb_wrap); - if (w == NULL) { - return NULL; - } - - w->tdb = tdb_open_ex(path, hash_size, tdb_flags, open_flags, mode, &log_ctx, NULL); - if (w->tdb == NULL) { - talloc_free(w); - return NULL; - } - - if (fstat(tdb_fd(w->tdb), &st) != 0) { - tdb_close(w->tdb); - talloc_free(w); - return NULL; - } - - w->device = st.st_dev; - w->inode = st.st_ino; - - talloc_set_destructor(w, ltdb_wrap_destructor); - - w->next = tdb_list; - w->prev = NULL; - if (tdb_list) { - tdb_list->prev = w; - } - tdb_list = w; - - return w->tdb; -} - diff --git a/source4/lib/ldb_wrap.c b/source4/lib/ldb_wrap.c deleted file mode 100644 index 21ca04997e..0000000000 --- a/source4/lib/ldb_wrap.c +++ /dev/null @@ -1,186 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - LDB wrap functions - - Copyright (C) Andrew Tridgell 2004 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - the stupidity of the unix fcntl locking design forces us to never - allow a database file to be opened twice in the same process. These - wrappers provide convenient access to a tdb or ldb, taking advantage - of talloc destructors to ensure that only a single open is done -*/ - -#include "includes.h" -#include "lib/events/events.h" -#include "lib/ldb/include/ldb.h" -#include "lib/ldb/include/ldb_errors.h" -#include "lib/ldb-samba/ldif_handlers.h" -#include "ldb_wrap.h" -#include "dsdb/samdb/samdb.h" -#include "param/param.h" - -/* - this is used to catch debug messages from ldb -*/ -static void ldb_wrap_debug(void *context, enum ldb_debug_level level, - const char *fmt, va_list ap) PRINTF_ATTRIBUTE(3,0); - -static void ldb_wrap_debug(void *context, enum ldb_debug_level level, - const char *fmt, va_list ap) -{ - int samba_level; - char *s = NULL; - switch (level) { - case LDB_DEBUG_FATAL: - samba_level = 0; - break; - case LDB_DEBUG_ERROR: - samba_level = 1; - break; - case LDB_DEBUG_WARNING: - samba_level = 2; - break; - case LDB_DEBUG_TRACE: - samba_level = 5; - break; - - }; - vasprintf(&s, fmt, ap); - if (!s) return; - DEBUG(level, ("ldb: %s\n", s)); - free(s); -} - -/* check for memory leaks on the ldb context */ -static int ldb_wrap_destructor(struct ldb_context *ldb) -{ - size_t *startup_blocks = (size_t *)ldb_get_opaque(ldb, "startup_blocks"); - if (startup_blocks && - talloc_total_blocks(ldb) > *startup_blocks + 400) { - DEBUG(0,("WARNING: probable memory leak in ldb %s - %lu blocks (startup %lu) %lu bytes\n", - (char *)ldb_get_opaque(ldb, "wrap_url"), - (unsigned long)talloc_total_blocks(ldb), - (unsigned long)*startup_blocks, - (unsigned long)talloc_total_size(ldb))); -#if 0 - talloc_report_full(ldb, stdout); - call_backtrace(); - smb_panic("probable memory leak in ldb"); -#endif - } - return 0; -} - -/* - wrapped connection to a ldb database - to close just talloc_free() the returned ldb_context - - TODO: We need an error_string parameter - */ -struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx, - struct loadparm_context *lp_ctx, - const char *url, - struct auth_session_info *session_info, - struct cli_credentials *credentials, - unsigned int flags, - const char *options[]) -{ - struct ldb_context *ldb; - int ret; - struct event_context *ev; - char *real_url = NULL; - size_t *startup_blocks; - - ldb = ldb_init(mem_ctx); - if (ldb == NULL) { - return NULL; - } - - ldb_set_modules_dir(ldb, - talloc_asprintf(ldb, "%s/ldb", lp_modulesdir(lp_ctx))); - - /* we want to use the existing event context if possible. This - relies on the fact that in smbd, everything is a child of - the main event_context */ - ev = event_context_find(ldb); - - if (ldb_set_opaque(ldb, "EventContext", ev)) { - talloc_free(ldb); - return NULL; - } - - if (ldb_set_opaque(ldb, "sessionInfo", session_info)) { - talloc_free(ldb); - return NULL; - } - - if (ldb_set_opaque(ldb, "credentials", credentials)) { - talloc_free(ldb); - return NULL; - } - - if (strcmp(lp_sam_url(lp_ctx), url) == 0) { - dsdb_set_global_schema(ldb); - } - - ret = ldb_register_samba_handlers(ldb); - if (ret == -1) { - talloc_free(ldb); - return NULL; - } - - ldb_set_debug(ldb, ldb_wrap_debug, NULL); - - ldb_set_utf8_fns(ldb, NULL, wrap_casefold); - - real_url = private_path(ldb, lp_ctx, url); - if (real_url == NULL) { - talloc_free(ldb); - return NULL; - } - - /* allow admins to force non-sync ldb for all databases */ - if (lp_parm_bool(lp_ctx, NULL, "ldb", "nosync", false)) { - flags |= LDB_FLG_NOSYNC; - } - - /* we usually want Samba databases to be private. If we later - find we need one public, we will need to add a parameter to - ldb_wrap_connect() */ - ldb_set_create_perms(ldb, 0600); - - ret = ldb_connect(ldb, real_url, flags, options); - if (ret != LDB_SUCCESS) { - talloc_free(ldb); - return NULL; - } - - /* setup for leak detection */ - ldb_set_opaque(ldb, "wrap_url", real_url); - startup_blocks = talloc(ldb, size_t); - *startup_blocks = talloc_total_blocks(ldb); - ldb_set_opaque(ldb, "startup_blocks", startup_blocks); - - talloc_set_destructor(ldb, ldb_wrap_destructor); - - return ldb; -} - - - diff --git a/source4/lib/talloc/config.mk b/source4/lib/talloc/config.mk index 714ad72d1c..942ced6b86 100644 --- a/source4/lib/talloc/config.mk +++ b/source4/lib/talloc/config.mk @@ -1,13 +1,8 @@ -################################################ -# Start LIBRARY LIBTALLOC [LIBRARY::LIBTALLOC] -VERSION = 0.0.1 -SO_VERSION = 0 +VERSION = 1.0.0 +SO_VERSION = 1 OBJ_FILES = talloc.o MANPAGE = talloc.3 CFLAGS = -Ilib/talloc PUBLIC_HEADERS = talloc.h DESCRIPTION = A hierarchical pool based memory system with destructors -# -# End LIBRARY LIBTALLOC -################################################ diff --git a/source4/lib/talloc/talloc.i b/source4/lib/talloc/talloc.i index 593c20465e..c35d5d2411 100644 --- a/source4/lib/talloc/talloc.i +++ b/source4/lib/talloc/talloc.i @@ -19,8 +19,6 @@ /* Don't expose talloc contexts in Python code. Python does reference counting for us, so just create a new top-level talloc context. */ -%module talloc; - %typemap(in, numinputs=0) TALLOC_CTX * { $1 = NULL; } diff --git a/source4/lib/tdb_wrap.c b/source4/lib/tdb_wrap.c deleted file mode 100644 index 37095dff2c..0000000000 --- a/source4/lib/tdb_wrap.c +++ /dev/null @@ -1,117 +0,0 @@ -/* - Unix SMB/CIFS implementation. - TDB wrap functions - - Copyright (C) Andrew Tridgell 2004 - Copyright (C) Jelmer Vernooij 2007 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#include "includes.h" -#include "lib/tdb/include/tdb.h" -#include "lib/util/dlinklist.h" -#include "tdb_wrap.h" -#include "tdb.h" - -static struct tdb_wrap *tdb_list; - -/* destroy the last connection to a tdb */ -static int tdb_wrap_destructor(struct tdb_wrap *w) -{ - tdb_close(w->tdb); - DLIST_REMOVE(tdb_list, w); - return 0; -} - -/* - Log tdb messages via DEBUG(). -*/ -static void tdb_wrap_log(TDB_CONTEXT *tdb, enum tdb_debug_level level, - const char *format, ...) PRINTF_ATTRIBUTE(3,4); - -static void tdb_wrap_log(TDB_CONTEXT *tdb, enum tdb_debug_level level, - const char *format, ...) -{ - va_list ap; - char *ptr = NULL; - int debug_level; - - va_start(ap, format); - vasprintf(&ptr, format, ap); - va_end(ap); - - switch (level) { - case TDB_DEBUG_FATAL: - debug_level = 0; - break; - case TDB_DEBUG_ERROR: - debug_level = 1; - break; - case TDB_DEBUG_WARNING: - debug_level = 2; - break; - case TDB_DEBUG_TRACE: - debug_level = 5; - break; - default: - debug_level = 0; - } - - if (ptr != NULL) { - const char *name = tdb_name(tdb); - DEBUG(debug_level, ("tdb(%s): %s", name ? name : "unnamed", ptr)); - free(ptr); - } -} - - -/* - wrapped connection to a tdb database - to close just talloc_free() the tdb_wrap pointer - */ -struct tdb_wrap *tdb_wrap_open(TALLOC_CTX *mem_ctx, - const char *name, int hash_size, int tdb_flags, - int open_flags, mode_t mode) -{ - struct tdb_wrap *w; - struct tdb_logging_context log_ctx; - log_ctx.log_fn = tdb_wrap_log; - - for (w=tdb_list;w;w=w->next) { - if (strcmp(name, w->name) == 0) { - return talloc_reference(mem_ctx, w); - } - } - - w = talloc(mem_ctx, struct tdb_wrap); - if (w == NULL) { - return NULL; - } - - w->name = talloc_strdup(w, name); - - w->tdb = tdb_open_ex(name, hash_size, tdb_flags, - open_flags, mode, &log_ctx, NULL); - if (w->tdb == NULL) { - talloc_free(w); - return NULL; - } - - talloc_set_destructor(w, tdb_wrap_destructor); - - DLIST_ADD(tdb_list, w); - - return w; -} diff --git a/source4/libcli/security/config.mk b/source4/libcli/security/config.mk index 3c97ec4264..ff7480c957 100644 --- a/source4/libcli/security/config.mk +++ b/source4/libcli/security/config.mk @@ -1,5 +1,3 @@ -################################# -# Start SUBSYSTEM LIBSECURITY [SUBSYSTEM::LIBSECURITY] PRIVATE_PROTO_HEADER = proto.h OBJ_FILES = security_token.o \ @@ -9,5 +7,7 @@ OBJ_FILES = security_token.o \ privilege.o \ sddl.o PUBLIC_DEPENDENCIES = NDR_MISC -# End SUBSYSTEM LIBSECURITY -################################# + +[PYTHON::swig_security] +SWIG_FILE = security.i +PRIVATE_DEPENDENCIES = LIBSECURITY diff --git a/source4/libcli/security/security.i b/source4/libcli/security/security.i new file mode 100644 index 0000000000..cc5afb40c0 --- /dev/null +++ b/source4/libcli/security/security.i @@ -0,0 +1,121 @@ +/* + Unix SMB/CIFS implementation. + Copyright (C) Jelmer Vernooij 2007 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +%module(package="samba.security") security + +%{ +#include "includes.h" +#include "libcli/security/security.h" + +typedef struct dom_sid dom_sid; +typedef struct security_token security_token; +typedef struct security_descriptor security_descriptor; +%} + +%import "../../lib/talloc/talloc.i" +%import "../util/errors.i" +%import "stdint.i" + +enum sec_privilege { + SEC_PRIV_SECURITY=1, + SEC_PRIV_BACKUP=2, + SEC_PRIV_RESTORE=3, + SEC_PRIV_SYSTEMTIME=4, + SEC_PRIV_SHUTDOWN=5, + SEC_PRIV_REMOTE_SHUTDOWN=6, + SEC_PRIV_TAKE_OWNERSHIP=7, + SEC_PRIV_DEBUG=8, + SEC_PRIV_SYSTEM_ENVIRONMENT=9, + SEC_PRIV_SYSTEM_PROFILE=10, + SEC_PRIV_PROFILE_SINGLE_PROCESS=11, + SEC_PRIV_INCREASE_BASE_PRIORITY=12, + SEC_PRIV_LOAD_DRIVER=13, + SEC_PRIV_CREATE_PAGEFILE=14, + SEC_PRIV_INCREASE_QUOTA=15, + SEC_PRIV_CHANGE_NOTIFY=16, + SEC_PRIV_UNDOCK=17, + SEC_PRIV_MANAGE_VOLUME=18, + SEC_PRIV_IMPERSONATE=19, + SEC_PRIV_CREATE_GLOBAL=20, + SEC_PRIV_ENABLE_DELEGATION=21, + SEC_PRIV_INTERACTIVE_LOGON=22, + SEC_PRIV_NETWORK_LOGON=23, + SEC_PRIV_REMOTE_INTERACTIVE_LOGON=24 +}; + +%rename(SecurityToken) security_token; + +typedef struct security_token { + %extend { + security_token(TALLOC_CTX *mem_ctx) { return security_token_initialise(mem_ctx); } + ~security_token() { talloc_free($self); } + bool is_sid(const struct dom_sid *sid); + bool is_system(); + bool is_anonymous(); + bool has_sid(const struct dom_sid *sid); + bool has_builtin_administrators(); + bool has_nt_authenticated_users(); + bool has_privilege(enum sec_privilege privilege); + void set_privilege(enum sec_privilege privilege); + } +} security_token; + +typedef struct security_descriptor { + %extend { + security_descriptor(TALLOC_CTX *mem_ctx) { return security_descriptor_initialise(mem_ctx); } + ~security_descriptor() { talloc_free($self); } + NTSTATUS sacl_add(const struct security_ace *ace); + NTSTATUS dacl_add(const struct security_ace *ace); + NTSTATUS dacl_del(const struct security_ace *ace); + NTSTATUS sacl_del(const struct security_ace *ace); +#ifdef SWIGPYTHON + %rename(equal) __eq__; +#endif + bool equal(const struct security_descriptor *other); + } +} security_descriptor; + +%rename(Sid) dom_sid; + +typedef struct dom_sid { + %extend { + bool equal(const struct dom_sid *other); +#ifdef SWIGPYTHON + const char *__str__(TALLOC_CTX *mem_ctx) { + return dom_sid_string(mem_ctx, $self); + } +#endif + } +} dom_sid; + +%inline %{ +static struct dom_sid *random_sid(TALLOC_CTX *mem_ctx) +{ + char *str = talloc_asprintf(mem_ctx, "S-1-5-21-%u-%u-%u", + (unsigned)generate_random(), + (unsigned)generate_random(), + (unsigned)generate_random()); + + return dom_sid_parse_talloc(mem_ctx, str); +} +%} + +%rename(privilege_name) sec_privilege_name; +const char *sec_privilege_name(enum sec_privilege privilege); +%rename(privilege_id) sec_privilege_id; +enum sec_privilege sec_privilege_id(const char *name); diff --git a/source4/libcli/security/tests/bindings.py b/source4/libcli/security/tests/bindings.py new file mode 100644 index 0000000000..15e2381a2b --- /dev/null +++ b/source4/libcli/security/tests/bindings.py @@ -0,0 +1,65 @@ +#!/usr/bin/python + +# Unix SMB/CIFS implementation. +# Copyright (C) Jelmer Vernooij 2007 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +import unittest +import security + +class SecurityTokenTests(unittest.TestCase): + def setUp(self): + self.token = security.SecurityToken() + + def test_is_system(self): + self.assertFalse(self.token.is_system()) + + def test_is_anonymous(self): + self.assertFalse(self.token.is_anonymous()) + + def test_has_builtin_administrators(self): + self.assertFalse(self.token.has_builtin_administrators()) + + def test_has_nt_authenticated_users(self): + self.assertFalse(self.token.has_nt_authenticated_users()) + + def test_has_priv(self): + self.assertFalse(self.token.has_privilege(security.SEC_PRIV_SHUTDOWN)) + + def test_set_priv(self): + self.assertFalse(self.token.has_privilege(security.SEC_PRIV_SHUTDOWN)) + self.assertFalse(self.token.set_privilege(security.SEC_PRIV_SHUTDOWN)) + self.assertTrue(self.token.has_privilege(security.SEC_PRIV_SHUTDOWN)) + + +class SecurityDescriptorTests(unittest.TestCase): + def setUp(self): + self.descriptor = security.SecurityDescriptor() + + +class RandomSidTests(unittest.TestCase): + def test_random(self): + sid = security.random_sid() + self.assertTrue(str(sid).startswith("S-1-5-21-")) + + +class PrivilegeTests(unittest.TestCase): + def test_privilege_name(self): + self.assertEquals("SeShutdownPrivilege", security.privilege_name(security.SEC_PRIV_SHUTDOWN)) + + def test_privilege_id(self): + self.assertEquals(security.SEC_PRIV_SHUTDOWN, security.privilege_id("SeShutdownPrivilege")) + diff --git a/source4/scripting/python/config.mk b/source4/scripting/python/config.mk index c396cf62bc..c17511203e 100644 --- a/source4/scripting/python/config.mk +++ b/source4/scripting/python/config.mk @@ -6,10 +6,6 @@ OBJ_FILES = parammodule.o PRIVATE_DEPENDENCIES = LIBNDR OBJ_FILES = uuidmodule.o -[PYTHON::python_sid] -PRIVATE_DEPENDENCIES = LIBNDR -OBJ_FILES = sidmodule.o - [PYTHON::python_misc] PRIVATE_DEPENDENCIES = LIBNDR LIBLDB SWIG_FILE = misc.i diff --git a/source4/scripting/python/sidmodule.c b/source4/scripting/python/sidmodule.c deleted file mode 100644 index 4b199b1158..0000000000 --- a/source4/scripting/python/sidmodule.c +++ /dev/null @@ -1,56 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Samba utility functions - Copyright (C) Jelmer Vernooij 2007 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#include "includes.h" -#include "Python.h" -#include "libcli/security/security.h" - -static PyObject *sid_random(PyObject *self, PyObject *args) -{ - char *str; - - if (!PyArg_ParseTuple(args, "")) - return NULL; - - str = talloc_asprintf(NULL, "S-1-5-21-%u-%u-%u", - (unsigned)generate_random(), - (unsigned)generate_random(), - (unsigned)generate_random()); - - if (str == NULL) { - PyErr_SetString(PyExc_TypeError, "can't generate random sid"); - return NULL; - } - - return PyString_FromString(str); -} - -static PyMethodDef methods[] = { - { "random", (PyCFunction)sid_random, METH_VARARGS, NULL}, - { NULL, NULL } -}; - -PyDoc_STRVAR(param_doc, "SID helper routines"); - -PyMODINIT_FUNC initsid(void) -{ - PyObject *mod = Py_InitModule3("sid", methods, param_doc); - if (mod == NULL) - return; -} diff --git a/source4/selftest/samba4_tests.sh b/source4/selftest/samba4_tests.sh index ac8f4dd95f..b0034f888a 100755 --- a/source4/selftest/samba4_tests.sh +++ b/source4/selftest/samba4_tests.sh @@ -299,4 +299,5 @@ then plantest "registry.python" none PYTHONPATH=bin/python:scripting/python:lib/registry/tests/ scripting/bin/subunitrun bindings plantest "tdb.python" none PYTHONPATH=bin/python:scripting/python:lib/tdb/python/tests scripting/bin/subunitrun simple plantest "auth.python" none PYTHONPATH=bin/python:scripting/python:auth/tests/ scripting/bin/subunitrun bindings + plantest "security.python" none PYTHONPATH=bin/python:scripting/python:libcli/security/tests/ scripting/bin/subunitrun bindings fi -- cgit