samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

206 lines

8.6 KiB

Python

Raw Normal View History

r26197: Add bindings for libsecurity. (This used to be commit 8625cd403ba3a7d2b1b1fccfeb5efd7e21de0135) 2007-11-29 14:49:47 +01:00			`# Unix SMB/CIFS implementation.`
			`# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007`
py/security: Add test for dom_sid.split. Signed-off-by: Andrew Tridgell <tridge@samba.org> 2009-12-30 21:59:50 +01:00			`#`
r26197: Add bindings for libsecurity. (This used to be commit 8625cd403ba3a7d2b1b1fccfeb5efd7e21de0135) 2007-11-29 14:49:47 +01:00			`# This program is free software; you can redistribute it and/or modify`
			`# it under the terms of the GNU General Public License as published by`
			`# the Free Software Foundation; either version 3 of the License, or`
			`# (at your option) any later version.`
py/security: Add test for dom_sid.split. Signed-off-by: Andrew Tridgell <tridge@samba.org> 2009-12-30 21:59:50 +01:00			`#`
r26197: Add bindings for libsecurity. (This used to be commit 8625cd403ba3a7d2b1b1fccfeb5efd7e21de0135) 2007-11-29 14:49:47 +01:00			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
py/security: Add test for dom_sid.split. Signed-off-by: Andrew Tridgell <tridge@samba.org> 2009-12-30 21:59:50 +01:00			`#`
r26197: Add bindings for libsecurity. (This used to be commit 8625cd403ba3a7d2b1b1fccfeb5efd7e21de0135) 2007-11-29 14:49:47 +01:00			`# You should have received a copy of the GNU General Public License`
			`# along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`#`

s4-python: Add some more module docstrings. 2010-12-05 16:56:27 +01:00			`"""Tests for samba.dcerpc.security."""`

python: Use samba.tests.TestCase, make sure base class tearDown and setUp methods are called, fix formatting. 2010-06-19 18:58:18 +02:00			`import samba.tests`
Fix more tests, improve repr() functions for various Python types. 2008-12-21 23:05:35 +01:00			`from samba.dcerpc import security`
python: Add tests for check_access function from samba.security. Signed-off-by: Lumir Balhar <lbalhar@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 2017-08-08 08:48:28 +02:00			`from samba.security import access_check`
			`from samba import ntstatus`
			`from samba import NTSTATUSError`

r26197: Add bindings for libsecurity. (This used to be commit 8625cd403ba3a7d2b1b1fccfeb5efd7e21de0135) 2007-11-29 14:49:47 +01:00
python: Use samba.tests.TestCase, make sure base class tearDown and setUp methods are called, fix formatting. 2010-06-19 18:58:18 +02:00			`class SecurityTokenTests(samba.tests.TestCase):`

r26197: Add bindings for libsecurity. (This used to be commit 8625cd403ba3a7d2b1b1fccfeb5efd7e21de0135) 2007-11-29 14:49:47 +01:00			`def setUp(self):`
python: Use samba.tests.TestCase, make sure base class tearDown and setUp methods are called, fix formatting. 2010-06-19 18:58:18 +02:00			`super(SecurityTokenTests, self).setUp()`
Fix more tests, improve repr() functions for various Python types. 2008-12-21 23:05:35 +01:00			`self.token = security.token()`
r26197: Add bindings for libsecurity. (This used to be commit 8625cd403ba3a7d2b1b1fccfeb5efd7e21de0135) 2007-11-29 14:49:47 +01:00
			`def test_is_system(self):`
			`self.assertFalse(self.token.is_system())`

			`def test_is_anonymous(self):`
			`self.assertFalse(self.token.is_anonymous())`

			`def test_has_builtin_administrators(self):`
			`self.assertFalse(self.token.has_builtin_administrators())`

			`def test_has_nt_authenticated_users(self):`
			`self.assertFalse(self.token.has_nt_authenticated_users())`

			`def test_has_priv(self):`
			`self.assertFalse(self.token.has_privilege(security.SEC_PRIV_SHUTDOWN))`

			`def test_set_priv(self):`
			`self.assertFalse(self.token.has_privilege(security.SEC_PRIV_SHUTDOWN))`
			`self.assertFalse(self.token.set_privilege(security.SEC_PRIV_SHUTDOWN))`
			`self.assertTrue(self.token.has_privilege(security.SEC_PRIV_SHUTDOWN))`


python: Use samba.tests.TestCase, make sure base class tearDown and setUp methods are called, fix formatting. 2010-06-19 18:58:18 +02:00			`class SecurityDescriptorTests(samba.tests.TestCase):`
py/security: Add test for dom_sid.split. Signed-off-by: Andrew Tridgell <tridge@samba.org> 2009-12-30 21:59:50 +01:00
r26197: Add bindings for libsecurity. (This used to be commit 8625cd403ba3a7d2b1b1fccfeb5efd7e21de0135) 2007-11-29 14:49:47 +01:00			`def setUp(self):`
python: Use samba.tests.TestCase, make sure base class tearDown and setUp methods are called, fix formatting. 2010-06-19 18:58:18 +02:00			`super(SecurityDescriptorTests, self).setUp()`
Fix more tests, improve repr() functions for various Python types. 2008-12-21 23:05:35 +01:00			`self.descriptor = security.descriptor()`
r26197: Add bindings for libsecurity. (This used to be commit 8625cd403ba3a7d2b1b1fccfeb5efd7e21de0135) 2007-11-29 14:49:47 +01:00
Support parsing sddl for security descriptors. 2009-01-22 14:37:59 +01:00			`def test_from_sddl(self):`
			`desc = security.descriptor.from_sddl("O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)", security.dom_sid("S-2-0-0"))`
pytests: heed assertEquals deprecation warning en-masse TestCase.assertEquals() is an alias for TestCase.assertEqual() and has been deprecated since Python 2.7. When we run our tests with in python developer mode (`PYTHONDEVMODE=1 make test`) we get 580 DeprecationWarnings about this. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org> 2020-02-07 11:02:38 +13:00			`self.assertEqual(desc.group_sid, security.dom_sid('S-2-0-0-512'))`
			`self.assertEqual(desc.owner_sid, security.dom_sid('S-1-5-32-548'))`
			`self.assertEqual(desc.revision, 1)`
			`self.assertEqual(desc.sacl, None)`
			`self.assertEqual(desc.type, 0x8004)`
Support parsing sddl for security descriptors. 2009-01-22 14:37:59 +01:00
pyldb: Don't segfault when invalid type is specified to as_sddl and from_sddl. Fix bug #6723 2009-09-17 19:56:02 +04:00			`def test_from_sddl_invalidsddl(self):`
librpc/ndr/pysecurity: use better exceptions The wrong string is the wrong value but the right type. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 2023-04-12 17:34:35 +12:00			`self.assertRaises(ValueError, security.descriptor.from_sddl, "foo", security.dom_sid("S-2-0-0"))`
pyldb: Don't segfault when invalid type is specified to as_sddl and from_sddl. Fix bug #6723 2009-09-17 19:56:02 +04:00
			`def test_from_sddl_invalidtype1(self):`
PEP8: fix E231: missing whitespace after ',' Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 2018-07-30 18:19:05 +12:00			`self.assertRaises(TypeError, security.descriptor.from_sddl, security.dom_sid('S-2-0-0-512'), security.dom_sid("S-2-0-0"))`
pyldb: Don't segfault when invalid type is specified to as_sddl and from_sddl. Fix bug #6723 2009-09-17 19:56:02 +04:00
python: Use samba.tests.TestCase, make sure base class tearDown and setUp methods are called, fix formatting. 2010-06-19 18:58:18 +02:00			`def test_from_sddl_invalidtype2(self):`
pyldb: Don't segfault when invalid type is specified to as_sddl and from_sddl. Fix bug #6723 2009-09-17 19:56:02 +04:00			`sddl = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"`
python: Use samba.tests.TestCase, make sure base class tearDown and setUp methods are called, fix formatting. 2010-06-19 18:58:18 +02:00			`self.assertRaises(TypeError, security.descriptor.from_sddl, sddl,`
PEP8: fix E128: continuation line under-indented for visual indent Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 2018-07-30 18:16:12 +12:00			`"S-2-0-0")`
pyldb: Don't segfault when invalid type is specified to as_sddl and from_sddl. Fix bug #6723 2009-09-17 19:56:02 +04:00
Implement as_sddl. 2009-01-22 14:49:51 +01:00			`def test_as_sddl(self):`
			`text = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"`
			`dom = security.dom_sid("S-2-0-0")`
			`desc1 = security.descriptor.from_sddl(text, dom)`
			`desc2 = security.descriptor.from_sddl(desc1.as_sddl(dom), dom)`
pytests: heed assertEquals deprecation warning en-masse TestCase.assertEquals() is an alias for TestCase.assertEqual() and has been deprecated since Python 2.7. When we run our tests with in python developer mode (`PYTHONDEVMODE=1 make test`) we get 580 DeprecationWarnings about this. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org> 2020-02-07 11:02:38 +13:00			`self.assertEqual(desc1.group_sid, desc2.group_sid)`
			`self.assertEqual(desc1.owner_sid, desc2.owner_sid)`
			`self.assertEqual(desc1.sacl, desc2.sacl)`
			`self.assertEqual(desc1.type, desc2.type)`
Add a unit test for security_descriptor.as_sddl() without arguments. 2009-04-20 15:10:17 +02:00
pyldb: Don't segfault when invalid type is specified to as_sddl and from_sddl. Fix bug #6723 2009-09-17 19:56:02 +04:00			`def test_as_sddl_invalid(self):`
			`text = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"`
			`dom = security.dom_sid("S-2-0-0")`
			`desc1 = security.descriptor.from_sddl(text, dom)`
PEP8: fix E231: missing whitespace after ',' Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 2018-07-30 18:19:05 +12:00			`self.assertRaises(TypeError, desc1.as_sddl, text)`
pyldb: Don't segfault when invalid type is specified to as_sddl and from_sddl. Fix bug #6723 2009-09-17 19:56:02 +04:00
Add a unit test for security_descriptor.as_sddl() without arguments. 2009-04-20 15:10:17 +02:00			`def test_as_sddl_no_domainsid(self):`
			`dom = security.dom_sid("S-2-0-0")`
			`text = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"`
			`desc1 = security.descriptor.from_sddl(text, dom)`
			`desc2 = security.descriptor.from_sddl(desc1.as_sddl(), dom)`
pytests: heed assertEquals deprecation warning en-masse TestCase.assertEquals() is an alias for TestCase.assertEqual() and has been deprecated since Python 2.7. When we run our tests with in python developer mode (`PYTHONDEVMODE=1 make test`) we get 580 DeprecationWarnings about this. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org> 2020-02-07 11:02:38 +13:00			`self.assertEqual(desc1.group_sid, desc2.group_sid)`
			`self.assertEqual(desc1.owner_sid, desc2.owner_sid)`
			`self.assertEqual(desc1.sacl, desc2.sacl)`
			`self.assertEqual(desc1.type, desc2.type)`
Implement as_sddl. 2009-01-22 14:49:51 +01:00
Fix of a bug in the security.descriptor.as_sddl() method security.descriptor.as_sddl() method did not work correctly when invoked without supplying the domain sid. Returned the same value as when the sid was provided. Test added for this case in libcli/security/tests/bindings.py Signed-off-by: Jelmer Vernooij <jelmer@samba.org> 2009-04-23 17:18:23 +03:00			`def test_domsid_nodomsid_as_sddl(self):`
			`dom = security.dom_sid("S-2-0-0")`
			`text = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"`
			`desc1 = security.descriptor.from_sddl(text, dom)`
			`self.assertNotEqual(desc1.as_sddl(), desc1.as_sddl(dom))`

py/security: Add test for dom_sid.split. Signed-off-by: Andrew Tridgell <tridge@samba.org> 2009-12-30 21:59:50 +01:00			`def test_split(self):`
			`dom = security.dom_sid("S-2-0-7")`
pytests: heed assertEquals deprecation warning en-masse TestCase.assertEquals() is an alias for TestCase.assertEqual() and has been deprecated since Python 2.7. When we run our tests with in python developer mode (`PYTHONDEVMODE=1 make test`) we get 580 DeprecationWarnings about this. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org> 2020-02-07 11:02:38 +13:00			`self.assertEqual((security.dom_sid("S-2-0"), 7), dom.split())`
py/security: Add test for dom_sid.split. Signed-off-by: Andrew Tridgell <tridge@samba.org> 2009-12-30 21:59:50 +01:00
r26197: Add bindings for libsecurity. (This used to be commit 8625cd403ba3a7d2b1b1fccfeb5efd7e21de0135) 2007-11-29 14:49:47 +01:00
python: Use samba.tests.TestCase, make sure base class tearDown and setUp methods are called, fix formatting. 2010-06-19 18:58:18 +02:00			`class DomSidTests(samba.tests.TestCase):`

r26199: Allow constructing new sids, implement __eq__ for sids. (This used to be commit 87472e35c04fdf0c61c9133bab3c05bda11eba00) 2007-11-29 15:08:22 +01:00			`def test_parse_sid(self):`
Fix more tests, improve repr() functions for various Python types. 2008-12-21 23:05:35 +01:00			`sid = security.dom_sid("S-1-5-21")`
pytests: heed assertEquals deprecation warning en-masse TestCase.assertEquals() is an alias for TestCase.assertEqual() and has been deprecated since Python 2.7. When we run our tests with in python developer mode (`PYTHONDEVMODE=1 make test`) we get 580 DeprecationWarnings about this. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org> 2020-02-07 11:02:38 +13:00			`self.assertEqual("S-1-5-21", str(sid))`
r26199: Allow constructing new sids, implement __eq__ for sids. (This used to be commit 87472e35c04fdf0c61c9133bab3c05bda11eba00) 2007-11-29 15:08:22 +01:00
			`def test_sid_equal(self):`
Fix more tests, improve repr() functions for various Python types. 2008-12-21 23:05:35 +01:00			`sid1 = security.dom_sid("S-1-5-21")`
			`sid2 = security.dom_sid("S-1-5-21")`
pytests: heed assertEquals deprecation warning en-masse TestCase.assertEquals() is an alias for TestCase.assertEqual() and has been deprecated since Python 2.7. When we run our tests with in python developer mode (`PYTHONDEVMODE=1 make test`) we get 580 DeprecationWarnings about this. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org> 2020-02-07 11:02:38 +13:00			`self.assertEqual(sid1, sid1)`
			`self.assertEqual(sid1, sid2)`
r26199: Allow constructing new sids, implement __eq__ for sids. (This used to be commit 87472e35c04fdf0c61c9133bab3c05bda11eba00) 2007-11-29 15:08:22 +01:00
r26197: Add bindings for libsecurity. (This used to be commit 8625cd403ba3a7d2b1b1fccfeb5efd7e21de0135) 2007-11-29 14:49:47 +01:00			`def test_random(self):`
			`sid = security.random_sid()`
			`self.assertTrue(str(sid).startswith("S-1-5-21-"))`

Add test for Sid.__repr__. 2008-09-19 00:05:34 +02:00			`def test_repr(self):`
			`sid = security.random_sid()`
Fix more tests, improve repr() functions for various Python types. 2008-12-21 23:05:35 +01:00			`self.assertTrue(repr(sid).startswith("dom_sid('S-1-5-21-"))`
Add test for Sid.__repr__. 2008-09-19 00:05:34 +02:00
r26197: Add bindings for libsecurity. (This used to be commit 8625cd403ba3a7d2b1b1fccfeb5efd7e21de0135) 2007-11-29 14:49:47 +01:00
python: Use samba.tests.TestCase, make sure base class tearDown and setUp methods are called, fix formatting. 2010-06-19 18:58:18 +02:00			`class PrivilegeTests(samba.tests.TestCase):`

r26197: Add bindings for libsecurity. (This used to be commit 8625cd403ba3a7d2b1b1fccfeb5efd7e21de0135) 2007-11-29 14:49:47 +01:00			`def test_privilege_name(self):`
pytests: heed assertEquals deprecation warning en-masse TestCase.assertEquals() is an alias for TestCase.assertEqual() and has been deprecated since Python 2.7. When we run our tests with in python developer mode (`PYTHONDEVMODE=1 make test`) we get 580 DeprecationWarnings about this. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org> 2020-02-07 11:02:38 +13:00			`self.assertEqual("SeShutdownPrivilege",`
PEP8: fix E128: continuation line under-indented for visual indent Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 2018-07-30 18:16:12 +12:00			`security.privilege_name(security.SEC_PRIV_SHUTDOWN))`
r26197: Add bindings for libsecurity. (This used to be commit 8625cd403ba3a7d2b1b1fccfeb5efd7e21de0135) 2007-11-29 14:49:47 +01:00
			`def test_privilege_id(self):`
pytests: heed assertEquals deprecation warning en-masse TestCase.assertEquals() is an alias for TestCase.assertEqual() and has been deprecated since Python 2.7. When we run our tests with in python developer mode (`PYTHONDEVMODE=1 make test`) we get 580 DeprecationWarnings about this. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org> 2020-02-07 11:02:38 +13:00			`self.assertEqual(security.SEC_PRIV_SHUTDOWN,`
PEP8: fix E128: continuation line under-indented for visual indent Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 2018-07-30 18:16:12 +12:00			`security.privilege_id("SeShutdownPrivilege"))`
r26197: Add bindings for libsecurity. (This used to be commit 8625cd403ba3a7d2b1b1fccfeb5efd7e21de0135) 2007-11-29 14:49:47 +01:00
python: Add tests for check_access function from samba.security. Signed-off-by: Lumir Balhar <lbalhar@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 2017-08-08 08:48:28 +02:00
			`class CheckAccessTests(samba.tests.TestCase):`

			`def test_check_access(self):`
			`desc = security.descriptor.from_sddl("O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)", security.dom_sid("S-2-0-0"))`
			`token = security.token()`

			`self.assertEqual(access_check(desc, token, 0), 0)`

			`params = (`
			`(security.SEC_FLAG_SYSTEM_SECURITY,`
			`ntstatus.NT_STATUS_PRIVILEGE_NOT_HELD),`
			`(security.SEC_STD_READ_CONTROL, ntstatus.NT_STATUS_ACCESS_DENIED)`
			`)`

			`for arg, num in params:`
			`try:`
			`result = access_check(desc, token, arg)`
			`except Exception as e:`
			`self.assertTrue(isinstance(e, NTSTATUSError))`
			`e_num, e_msg = e.args`
			`self.assertEqual(num, e_num)`
CVE-2020-25720 python:tests: Ensure that access checks don't succeed BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 2022-04-30 13:55:39 +12:00			`else:`
			`self.fail()`
python security: Add unit tests for comparing ACEs and exporting as SDDL Added two unit tests for the python functions to compare ACEs and to export an ACE as SDDL. Signed-off-by: Christian Merten <christian@merten.dev> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> 2022-09-19 23:22:04 +02:00

			`class SecurityAceTests(samba.tests.TestCase):`
			`sddl = "(OA;CIIO;RPWP;aaaaaaaa-1111-bbbb-2222-dddddddddddd;33333333-eeee-4444-ffff-555555555555;PS)"`
			`sddl2 = "(OA;CIIO;RPWP;cccccccc-9999-ffff-8888-eeeeeeeeeeee;77777777-dddd-6666-bbbb-555555555555;PS)"`
			`sddl3 = "(OA;CIIO;RPWP;aaaaaaaa-1111-bbbb-2222-dddddddddddd;77777777-dddd-6666-bbbb-555555555555;PS)"`
			`sddl_uc = "(OA;CIIO;RPWP;AAAAAAAA-1111-BBBB-2222-DDDDDDDDDDDD;33333333-EEEE-4444-FFFF-555555555555;PS)"`
			`sddl_mc = "(OA;CIIO;RPWP;AaAaAAAa-1111-BbBb-2222-DDddDDdDDDDD;33333333-EeeE-4444-FffF-555555555555;PS)"`
			`sddl_sid = "(OA;CIIO;RPWP;aaaaaaaa-1111-bbbb-2222-dddddddddddd;33333333-eeee-4444-ffff-555555555555;S-1-5-10)"`

			`def setUp(self):`
			`super(SecurityAceTests, self).setUp()`
			`self.dom = security.dom_sid("S-2-0-0")`

			`def test_equality(self):`
			`ace = security.descriptor.from_sddl("D:" + self.sddl, self.dom).dacl.aces[0]`
			`ace2 = security.descriptor.from_sddl("D:" + self.sddl2, self.dom).dacl.aces[0]`
			`ace3 = security.descriptor.from_sddl("D:" + self.sddl3, self.dom).dacl.aces[0]`
			`ace_uc = security.descriptor.from_sddl("D:" + self.sddl_uc, self.dom).dacl.aces[0]`
			`ace_mc = security.descriptor.from_sddl("D:" + self.sddl_mc, self.dom).dacl.aces[0]`
			`ace_sid = security.descriptor.from_sddl("D:" + self.sddl_sid, self.dom).dacl.aces[0]`
			`self.assertTrue(ace == ace_uc, "Case should not matter.")`
			`self.assertTrue(ace == ace_mc, "Case should not matter.")`
			`self.assertTrue(ace != ace2, "Different ACEs should be unequal.")`
			`self.assertTrue(ace2 != ace3, "Different ACEs should be unequal.")`
			`self.assertTrue(ace == ace_sid, "Different ways of specifying SID should not matter.")`

			`def test_as_sddl(self):`
			`ace = security.descriptor.from_sddl("D:" + self.sddl, self.dom).dacl.aces[0]`
			`ace_sddl = ace.as_sddl(self.dom)`
			`# compare created SDDL with original one (we need to strip the parenthesis from the original`
			`# since as_sddl does not create them)`
			`self.assertEqual(ace_sddl, self.sddl[1:-1])`
			`ace_new = security.descriptor.from_sddl("D:(" + ace_sddl + ")", self.dom).dacl.aces[0]`
			`self.assertTrue(ace == ace_new, "Exporting ace as SDDl and reading back should result in same ACE.")`

206 lines 8.6 KiB Python Raw Normal View History Unescape Escape

206 lines

8.6 KiB

Python

Raw Normal View History