diff --git a/.gear/admc.spec b/.gear/admc.spec
index c904af42..31b273e9 100644
--- a/.gear/admc.spec
+++ b/.gear/admc.spec
@@ -83,7 +83,6 @@ Tests for ADMC
%_bindir/admc_test_ad_security
%_bindir/admc_test_select_base_widget
%_bindir/admc_test_filter_widget
-%_bindir/admc_test_security_tab
%_bindir/admc_test_attributes_tab
%_bindir/admc_test_member_of_tab
%_bindir/admc_test_members_tab
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index e4a269d5..e2bc0e98 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -43,7 +43,6 @@ set(TEST_TARGETS
admc_test_gplink
admc_test_select_base_widget
admc_test_filter_widget
- admc_test_security_tab
admc_test_attributes_tab
admc_test_members_tab
admc_test_member_of_tab
diff --git a/tests/admc_test_ad_interface.cpp b/tests/admc_test_ad_interface.cpp
index 20617ee8..4d2918e9 100644
--- a/tests/admc_test_ad_interface.cpp
+++ b/tests/admc_test_ad_interface.cpp
@@ -105,15 +105,10 @@ void ADMCTestAdInterface::gpo_check_perms() {
const AdObject gpc_object = ad.search_object(gpc_dn);
security_descriptor *out = gpc_object.get_security_descriptor();
- const QByteArray trustee = []() {
- // NOTE: S-1-1-0 is "WORLD"
- const QString world_trustee_string = "S-1-1-0";
- const QByteArray trustee_everyone = sid_string_to_bytes(world_trustee_string);
+ // NOTE: S-1-1-0 is "WORLD"
+ const QByteArray trustee_everyone = sid_string_to_bytes("S-1-1-0");
- return bytes;
- }();
-
- security_descriptor_add_right(out, trustee, AdSecurityMasks::generic_all, QByteArray(), true);
+ security_descriptor_add_right(out, trustee_everyone, SEC_ADS_GENERIC_ALL, QByteArray(), true);
return out;
}();
diff --git a/tests/admc_test_security_tab.cpp b/tests/admc_test_security_tab.cpp
deleted file mode 100644
index f8e6a84f..00000000
--- a/tests/admc_test_security_tab.cpp
+++ /dev/null
@@ -1,329 +0,0 @@
-/*
- * ADMC - AD Management Center
- *
- * Copyright (C) 2020 BaseALT Ltd.
- * Copyright (C) 2020-2021 Dmitry Degtyarev
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
- */
-
-#include "admc_test_security_tab.h"
-
-#include "samba/ndr_security.h"
-#include "tabs/security_tab.h"
-
-#include
-#include
-#include
-#include
-#include
-
-Q_DECLARE_METATYPE(AcePermission)
-
-void ADMCTestSecurityTab::init() {
- ADMCTest::init();
-
- security_tab = new SecurityTab();
- add_widget(security_tab);
-
- // Create test user
- const QString name = TEST_USER;
- test_user_dn = test_object_dn(name, CLASS_USER);
- const bool create_success = ad.object_add(test_user_dn, CLASS_USER);
- QVERIFY(create_success);
-
- const AdObject object = ad.search_object(test_user_dn);
-
- security_tab->load(ad, object);
-}
-
-void ADMCTestSecurityTab::load_data() {
- // NOTE: store trustee name in the data tag to avoid repetition
- // QTest::addColumn("trustee_name");
- QTest::addColumn>("allowed_set");
-
- QTest::newRow("Account Operators") << all_permissions;
-
- QTest::newRow("Administrators") << [&]() {
- QSet out = all_permissions;
- out -= AcePermission_FullControl;
- out -= AcePermission_DeleteChild;
- out -= AcePermission_DeleteSubtree;
-
- return out;
- }();
-
- QTest::newRow("Authenticated Users") << [&]() {
- QSet out;
- out += AcePermission_ReadGeneralInfo;
- out += AcePermission_ReadPersonalInfo;
- out += AcePermission_ReadPublicInfo;
- out += AcePermission_ReadWebInfo;
-
- return out;
- }();
-
- QTest::newRow("Cert Publishers") << QSet();
-
- QTest::newRow("Domain Admins") << all_permissions;
-
- QTest::newRow("ENTERPRISE DOMAIN CONTROLLERS") << QSet();
-
- QTest::newRow("Enterprise Admins") << all_permissions;
-
- QTest::newRow("Everyone") << [&]() {
- QSet out;
- out += AcePermission_ChangePassword;
-
- return out;
- }();
-
- QTest::newRow("Pre-Windows 2000 Compatible Access") << [&]() {
- QSet out;
- out += AcePermission_ReadAccountRestrictions;
- out += AcePermission_ReadGeneralInfo;
- out += AcePermission_ReadGroupMembership;
- out += AcePermission_ReadLogonInfo;
- out += AcePermission_ReadRemoteAccessInfo;
-
- return out;
- }();
-
- QTest::newRow("RAS and IAS Servers") << [&]() {
- QSet out;
- out += AcePermission_ReadAccountRestrictions;
- out += AcePermission_ReadGroupMembership;
- out += AcePermission_ReadLogonInfo;
- out += AcePermission_ReadRemoteAccessInfo;
-
- return out;
- }();
-
- QTest::newRow("SELF") << [&]() {
- QSet out;
- out += AcePermission_Read;
- out += read_prop_permissions;
- out += AcePermission_ChangePassword;
- out += AcePermission_ReceiveAs;
- out += AcePermission_SendAs;
- out += AcePermission_WritePersonalInfo;
- out += AcePermission_WritePhoneAndMailOptions;
- out += AcePermission_WritePrivateInfo;
- out += AcePermission_WriteWebInfo;
-
- return out;
- }();
-
- QTest::newRow("SYSTEM") << all_permissions;
-
- QTest::newRow("Terminal Server License Servers") << [&]() {
- QSet out;
- out += AcePermission_ReadTerminalServerLicenseServer;
- out += AcePermission_WriteTerminalServerLicenseServer;
-
- return out;
- }();
-
- QTest::newRow("Windows Authorization Access Group") << QSet();
-}
-
-// NOTE: just checking that the default security descriptor
-// is laoded correctly. Creating custom security descriptors
-// is too complicated at the moment.
-void ADMCTestSecurityTab::load() {
- const QString trustee_name = QTest::currentDataTag();
- QFETCH(QSet, allowed_set);
-
- QVERIFY(security_tab->set_trustee(trustee_name));
-
- const QSet none_set = all_permissions - allowed_set;
- QVERIFY(state_is(allowed_set, PermissionState_Allowed));
- QVERIFY(state_is(none_set, PermissionState_None));
-}
-
-// When you allow some perm then deny it, the allow checkbox
-// should become unchecked, aka they are exclusive.
-void ADMCTestSecurityTab::allow_then_deny() {
- uncheck_all_permissions();
-
- // NOTE: permission doesn't matter, just picked some random one
- const AcePermission permission = AcePermission_SendAs;
- set_permission_state({permission}, AceColumn_Allowed, Qt::Checked);
- QVERIFY(state_is({permission}, PermissionState_Allowed));
-
- set_permission_state({permission}, AceColumn_Denied, Qt::Checked);
- QVERIFY(state_is({permission}, PermissionState_Denied));
-}
-
-// Allowing full should allow every permission
-void ADMCTestSecurityTab::allow_full() {
- uncheck_all_permissions();
-
- QVERIFY(state_is(all_permissions, PermissionState_None));
-
- set_permission_state({AcePermission_FullControl}, AceColumn_Allowed, Qt::Checked);
-
- QVERIFY(state_is(all_permissions, PermissionState_Allowed));
-}
-
-// Allowing full and denying read, should allow everything
-// except read permissions which should be denied.
-void ADMCTestSecurityTab::allow_full_deny_read() {
- uncheck_all_permissions();
-
- set_permission_state({AcePermission_FullControl}, AceColumn_Allowed, Qt::Checked);
- set_permission_state({AcePermission_Read}, AceColumn_Denied, Qt::Checked);
-
- QVERIFY(state_is({AcePermission_FullControl}, PermissionState_None));
- QVERIFY(state_is(access_permissions, PermissionState_Allowed));
- QVERIFY(state_is(write_prop_permissions, PermissionState_Allowed));
-
- QVERIFY(state_is({AcePermission_Read}, PermissionState_Denied));
- QVERIFY(state_is(read_prop_permissions, PermissionState_Denied));
-}
-
-// Unchecking read while full is allowed, should uncheck
-// full and nothing else.
-void ADMCTestSecurityTab::allow_full_uncheck_read() {
- uncheck_all_permissions();
-
- set_permission_state({AcePermission_FullControl}, AceColumn_Allowed, Qt::Checked);
- set_permission_state({AcePermission_Read}, AceColumn_Allowed, Qt::Unchecked);
-
- QVERIFY(state_is({AcePermission_FullControl}, PermissionState_None));
- QVERIFY(state_is(access_permissions, PermissionState_Allowed));
- QVERIFY(state_is(write_prop_permissions, PermissionState_Allowed));
- QVERIFY(state_is(read_prop_permissions, PermissionState_Allowed));
-
- QVERIFY(state_is({AcePermission_Read}, PermissionState_None));
-}
-
-// Unchecking a read prop while read is allowed, should
-// uncheck read and nothing else.
-void ADMCTestSecurityTab::allow_read_uncheck_read_prop() {
- uncheck_all_permissions();
-
- set_permission_state({AcePermission_Read}, AceColumn_Allowed, Qt::Checked);
- set_permission_state({AcePermission_ReadWebInfo}, AceColumn_Allowed, Qt::Unchecked);
-
- QVERIFY(state_is({AcePermission_Read}, PermissionState_None));
-
- QVERIFY(state_is((read_prop_permissions - QSet{AcePermission_ReadWebInfo}), PermissionState_Allowed));
-}
-
-// Denying a read prop while read is allowed, should
-// uncheck read and deny that permission.
-void ADMCTestSecurityTab::allow_read_deny_read_prop() {
- uncheck_all_permissions();
-
- set_permission_state({AcePermission_Read}, AceColumn_Allowed, Qt::Checked);
- set_permission_state({AcePermission_ReadWebInfo}, AceColumn_Denied, Qt::Checked);
-
- QVERIFY(state_is({AcePermission_Read}, PermissionState_None));
- QVERIFY(state_is({AcePermission_ReadWebInfo}, PermissionState_Denied));
-
- QVERIFY(state_is((read_prop_permissions - QSet{AcePermission_ReadWebInfo}), PermissionState_Allowed));
-}
-
-void ADMCTestSecurityTab::apply() {
- QVERIFY(security_tab->set_trustee("Cert Publishers"));
-
- // Check/uncheck some permissions in the tab
- const QSet allowed_set = {
- AcePermission_CreateChild,
- AcePermission_ReadPersonalInfo,
- };
- const QSet denied_set = {
- AcePermission_WriteWebInfo,
- AcePermission_WritePersonalInfo,
- AcePermission_DeleteChild,
- };
- const QSet none_set = all_permissions - allowed_set - denied_set;
- uncheck_all_permissions();
- set_permission_state(allowed_set, AceColumn_Allowed, Qt::Checked);
- set_permission_state(denied_set, AceColumn_Denied, Qt::Checked);
-
- // Apply
- const bool apply_success = security_tab->apply(ad, test_user_dn);
- QVERIFY(apply_success);
-
- // Reload tab
- const AdObject updated_object = ad.search_object(test_user_dn);
- security_tab->load(ad, updated_object);
-
- // Verify that state loaded correctly
- QVERIFY(security_tab->set_trustee("Cert Publishers"));
- QVERIFY(state_is(allowed_set, PermissionState_Allowed));
- QVERIFY(state_is(denied_set, PermissionState_Denied));
- QVERIFY(state_is(none_set, PermissionState_None));
-}
-
-void ADMCTestSecurityTab::uncheck_all_permissions() {
- set_permission_state(all_permissions, AceColumn_Allowed, Qt::Unchecked);
- set_permission_state(all_permissions, AceColumn_Denied, Qt::Unchecked);
-}
-
-bool ADMCTestSecurityTab::state_is(const QSet &permission_set, const PermissionState state) const {
- const QSet &checked_columns = [&]() -> QSet {
- switch (state) {
- case PermissionState_Allowed: return {AceColumn_Allowed};
- case PermissionState_Denied: return {AceColumn_Denied};
- case PermissionState_None: return {};
- }
- return {};
- }();
-
- for (const AcePermission &permission : permission_set) {
- const QList column_list = {
- AceColumn_Allowed,
- AceColumn_Denied,
- };
-
- for (const AceColumn &column : column_list) {
- QStandardItem *item = security_tab->get_item(permission, column);
-
- const bool should_be_checked = checked_columns.contains(column);
- const bool is_checked = (item->checkState() == Qt::Checked);
- const bool state_is_correct = (is_checked == should_be_checked);
-
- if (!state_is_correct) {
- const QString permission_name = SecurityTab::ace_permission_to_name_map()[permission];
- const QString column_name = [&]() {
- switch (column) {
- case AceColumn_Allowed: return "Allowed";
- case AceColumn_Denied: return "Denied";
- default: break;
- }
-
- return "unknown";
- }();
-
- qInfo().noquote() << QString("Incorrect state:\n\tpermission = %1\n\tcolumn = %2\n\tcurrent state = %3\n\tcorrect state = %4").arg(permission_name, column_name, QString::number(is_checked), QString::number(should_be_checked));
-
- return false;
- }
- }
- }
-
- return true;
-}
-
-void ADMCTestSecurityTab::set_permission_state(const QSet &permission_set, const AceColumn column, const Qt::CheckState state) {
- for (const AcePermission &permission : permission_set) {
- QStandardItem *item = security_tab->get_item(permission, column);
- item->setCheckState(state);
- }
-}
-
-QTEST_MAIN(ADMCTestSecurityTab)
diff --git a/tests/admc_test_security_tab.h b/tests/admc_test_security_tab.h
deleted file mode 100644
index 3f321360..00000000
--- a/tests/admc_test_security_tab.h
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * ADMC - AD Management Center
- *
- * Copyright (C) 2020 BaseALT Ltd.
- * Copyright (C) 2020-2021 Dmitry Degtyarev
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
- */
-
-#ifndef ADMC_TEST_SECURITY_TAB_H
-#define ADMC_TEST_SECURITY_TAB_H
-
-#include "admc_test.h"
-
-#include "tabs/security_tab.h"
-
-class SecurityTab;
-
-class ADMCTestSecurityTab : public ADMCTest {
- Q_OBJECT
-
-private slots:
- void init() override;
-
- void load_data();
- void load();
- void allow_then_deny();
- void allow_full();
- void allow_full_deny_read();
- void allow_full_uncheck_read();
- void allow_read_uncheck_read_prop();
- void allow_read_deny_read_prop();
- void apply();
-
-private:
- SecurityTab *security_tab;
- QString test_user_dn;
-
- void uncheck_all_permissions();
- void set_permission_state(const QSet &permission_set, const AceColumn column, const Qt::CheckState state);
- bool state_is(const QSet &permission_set, const PermissionState state) const;
-};
-
-#endif /* ADMC_TEST_SECURITY_TAB_H */