2018-06-28 10:45:28 +12:00
# Unix SMB/CIFS implementation. Tests for ntacls manipulation
# Copyright (C) Andrew Bartlett 2018
# Copyright (C) Joe Guo <joeg@catalyst.net.nz> 2018
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
""" Tests for samba ntacls backup """
import os
2018-12-13 16:05:36 +13:00
from samba . samba3 import libsmb_samba_internal as libsmb
2018-06-28 10:45:28 +12:00
from samba . samba3 import smbd
from samba import samdb
from samba import ntacls
from samba . auth import system_session
2019-12-17 14:14:45 +01:00
from samba . auth_util import system_session_unix
2018-06-28 10:45:28 +12:00
from samba . dcerpc import security
2019-03-15 15:20:21 +13:00
from samba . tests import env_loadparm
from samba . tests . smbd_base import SmbdBaseTests
2018-06-28 10:45:28 +12:00
2019-03-15 15:20:21 +13:00
class NtaclsBackupRestoreTests ( SmbdBaseTests ) :
2018-06-28 10:45:28 +12:00
"""
Tests for NTACLs backup and restore .
"""
def setUp ( self ) :
2023-11-28 16:38:22 +13:00
super ( ) . setUp ( )
2018-06-28 10:45:28 +12:00
self . server = os . environ [ " SERVER " ] # addc
2018-07-30 18:18:03 +12:00
samdb_url = ' ldap:// ' + self . server
2018-06-28 10:45:28 +12:00
self . service = ' test1 ' # service/share to test
# root path for service
self . service_root = os . path . join (
os . environ [ " LOCAL_PATH " ] , self . service )
self . smb_conf_path = os . environ [ ' SMB_CONF_PATH ' ]
self . creds = self . insta_creds ( template = self . get_credentials ( ) )
2018-11-23 09:46:38 +13:00
self . samdb_conn = samdb . SamDB (
url = samdb_url , session_info = system_session ( ) ,
credentials = self . creds , lp = env_loadparm ( ) )
self . dom_sid = security . dom_sid ( self . samdb_conn . get_domain_sid ( ) )
2018-06-28 10:45:28 +12:00
# helper will load conf into lp, that's how smbd can find services.
self . ntacls_helper = ntacls . NtaclsHelper ( self . service ,
self . smb_conf_path ,
self . dom_sid )
self . lp = self . ntacls_helper . lp
2018-12-13 16:05:36 +13:00
self . smb_conn = libsmb . Conn (
2018-06-28 10:45:28 +12:00
self . server , self . service , lp = self . lp , creds = self . creds )
self . smb_helper = ntacls . SMBHelper ( self . smb_conn , self . dom_sid )
self . tarfile_path = os . path . join ( self . tempdir ,
' ntacls-backup.tar.gz ' )
# an example file tree
self . tree = {
' file0.txt ' : b ' test file0 ' ,
' dir1 ' : {
' file1.txt ' : b ' test file1 ' ,
' dir2 ' : { } # an empty dir in dir
} ,
}
self . _delete_tarfile ( )
self . smb_helper . delete_tree ( )
self . smb_helper . create_tree ( self . tree )
self . _check_tree ( )
# keep a copy of ntacls after tree just created
self . original_ntacls = self . smb_helper . get_ntacls ( )
def tearDown ( self ) :
self . _delete_tarfile ( )
self . smb_helper . delete_tree ( )
2023-11-28 16:38:22 +13:00
super ( ) . tearDown ( )
2018-06-28 10:45:28 +12:00
def _delete_tarfile ( self ) :
try :
os . remove ( self . tarfile_path )
except OSError :
pass
def _check_tarfile ( self ) :
self . assertTrue ( os . path . isfile ( self . tarfile_path ) )
def _check_tree ( self ) :
actual_tree = self . smb_helper . get_tree ( )
self . assertDictEqual ( self . tree , actual_tree )
def test_smbd_mkdir ( self ) :
"""
A smoke test for smbd . mkdir API
"""
dirpath = os . path . join ( self . service_root , ' a-dir ' )
2019-12-17 14:57:53 +01:00
smbd . mkdir ( dirpath , system_session_unix ( ) , self . service )
2019-03-21 17:21:58 +13:00
mode = os . stat ( dirpath ) . st_mode
# This works in conjunction with the TEST_UMASK in smbd_base
# to ensure that permissions are not related to the umask
# but instead the smb.conf settings
2020-02-07 11:02:38 +13:00
self . assertEqual ( mode & 0o777 , 0o755 )
2018-06-28 10:45:28 +12:00
self . assertTrue ( os . path . isdir ( dirpath ) )
def test_smbd_create_file ( self ) :
"""
A smoke test for smbd . create_file and smbd . unlink API
"""
filepath = os . path . join ( self . service_root , ' a-file ' )
2019-12-17 14:58:57 +01:00
smbd . create_file ( filepath , system_session_unix ( ) , self . service )
2018-06-28 10:45:28 +12:00
self . assertTrue ( os . path . isfile ( filepath ) )
2019-03-21 17:21:58 +13:00
mode = os . stat ( filepath ) . st_mode
# This works in conjunction with the TEST_UMASK in smbd_base
# to ensure that permissions are not related to the umask
# but instead the smb.conf settings
2020-02-07 11:02:38 +13:00
self . assertEqual ( mode & 0o777 , 0o644 )
2019-03-21 17:21:58 +13:00
2018-06-28 10:45:28 +12:00
# As well as checking that unlink works, this removes the
# fake xattrs from the dev/inode based DB
2019-12-17 14:14:45 +01:00
smbd . unlink ( filepath , system_session_unix ( ) , self . service )
2018-06-28 10:45:28 +12:00
self . assertFalse ( os . path . isfile ( filepath ) )
def test_compare_getntacl ( self ) :
"""
Ntacls get from different ways should be the same
"""
file_name = ' file0.txt '
file_path = os . path . join ( self . service_root , file_name )
sd0 = self . smb_helper . get_acl ( file_name , as_sddl = True )
sd1 = self . ntacls_helper . getntacl (
2019-12-17 14:52:49 +01:00
file_path , system_session_unix ( ) , as_sddl = True , direct_db_access = False )
2018-06-28 10:45:28 +12:00
sd2 = self . ntacls_helper . getntacl (
2019-12-17 14:52:49 +01:00
file_path , system_session_unix ( ) , as_sddl = True , direct_db_access = True )
2018-06-28 10:45:28 +12:00
2020-02-07 11:02:38 +13:00
self . assertEqual ( sd0 , sd1 )
self . assertEqual ( sd1 , sd2 )
2018-06-28 10:45:28 +12:00
def test_backup_online ( self ) :
"""
Backup service online , delete files , restore and check .
"""
ntacls . backup_online (
self . smb_conn , self . tarfile_path , self . dom_sid )
self . _check_tarfile ( )
self . smb_helper . delete_tree ( )
ntacls . backup_restore (
self . tarfile_path , self . service_root ,
self . samdb_conn , self . smb_conf_path )
self . _check_tree ( )
# compare ntacls after restored
self . assertDictEqual (
self . original_ntacls , self . smb_helper . get_ntacls ( ) )
def test_backup_offline ( self ) :
"""
Backup service offline , delete files , restore and check .
"""
ntacls . backup_offline (
self . service_root , self . tarfile_path ,
2021-03-22 11:06:30 +13:00
self . smb_conf_path , self . dom_sid )
2018-06-28 10:45:28 +12:00
self . _check_tarfile ( )
self . smb_helper . delete_tree ( )
ntacls . backup_restore (
self . tarfile_path , self . service_root ,
self . samdb_conn , self . smb_conf_path )
self . _check_tree ( )
# compare ntacls after restored
self . assertDictEqual (
self . original_ntacls , self . smb_helper . get_ntacls ( ) )