2010-01-08 13:12:11 +03:00
# Unix SMB/CIFS implementation. Tests for ntacls manipulation
# Copyright (C) Matthieu Patou <mat@matws.net> 2009-2010
2012-11-11 07:01:44 +04:00
# Copyright (C) Andrew Bartlett 2012
2010-01-08 13:12:11 +03:00
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
2010-12-05 18:56:27 +03:00
""" Tests for samba.ntacls. """
2018-06-01 05:28:43 +03:00
import os
2010-01-08 13:12:11 +03:00
from samba . ntacls import setntacl , getntacl , XattrBackendError
from samba . param import LoadParm
2014-12-14 23:03:28 +03:00
from samba . dcerpc import security
from samba . tests import TestCaseInTempDir , SkipTest
2019-12-17 16:49:42 +03:00
from samba . auth_util import system_session_unix
2010-01-08 13:12:11 +03:00
s3/utils: when encoding ace string use "FA", "FR", "FW", "FX" string rights
prior to this patch rights matching "FA", "FR", "FW", "FX" were
outputted as the hex string representing the bit value.
While outputting the hex string is perfectly fine, it makes it harder
to compare icacls output (which always uses the special string values)
Additionally adjust various tests to deal with use of shortcut access masks
as sddl format now uses FA, FR, FW & FX strings (like icalcs does) instead
of hex representation of the bit mask.
adjust
samba4.blackbox.samba-tool_ntacl
samba3.blackbox.large_acl
samba.tests.samba_tool.ntacl
samba.tests.ntacls
samba.tests.posixacl
so various string comparisons of the sddl format now pass
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
[abartlet@samba.org Adapted to new stricter SDDL behaviour around leading zeros in hex
numbers, eg 0x001]
2022-08-25 16:29:09 +03:00
NTACL_SDDL = " O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375467-512) "
2018-06-01 05:23:54 +03:00
DOMAIN_SID = " S-1-5-21-2212615479-2695158682-2101375467 "
2012-11-11 07:01:44 +04:00
class NtaclsTests ( TestCaseInTempDir ) :
2010-01-08 13:12:11 +03:00
2018-06-01 05:28:43 +03:00
def setUp ( self ) :
2023-11-28 06:38:22 +03:00
super ( ) . setUp ( )
2018-06-01 05:28:43 +03:00
self . tempf = os . path . join ( self . tempdir , " test " )
open ( self . tempf , ' w ' ) . write ( " empty " )
2019-12-17 16:49:42 +03:00
self . session_info = system_session_unix ( )
2018-06-01 05:28:43 +03:00
def tearDown ( self ) :
os . unlink ( self . tempf )
2023-11-28 06:38:22 +03:00
super ( ) . tearDown ( )
2018-06-01 05:28:43 +03:00
2010-03-29 17:43:43 +04:00
def test_setntacl ( self ) :
lp = LoadParm ( )
2012-11-11 07:01:44 +04:00
open ( self . tempf , ' w ' ) . write ( " empty " )
2018-06-01 05:28:43 +03:00
lp . set ( " posix:eadb " , os . path . join ( self . tempdir , " eadbtest.tdb " ) )
2019-12-17 16:49:42 +03:00
setntacl ( lp , self . tempf , NTACL_SDDL , DOMAIN_SID , self . session_info )
2018-06-01 05:28:43 +03:00
os . unlink ( os . path . join ( self . tempdir , " eadbtest.tdb " ) )
2010-01-08 13:12:11 +03:00
2010-03-29 17:43:43 +04:00
def test_setntacl_getntacl ( self ) :
lp = LoadParm ( )
2012-11-11 07:01:44 +04:00
open ( self . tempf , ' w ' ) . write ( " empty " )
2018-06-01 05:28:43 +03:00
lp . set ( " posix:eadb " , os . path . join ( self . tempdir , " eadbtest.tdb " ) )
2019-12-17 16:49:42 +03:00
setntacl ( lp , self . tempf , NTACL_SDDL , DOMAIN_SID , self . session_info )
2019-12-17 16:52:49 +03:00
facl = getntacl ( lp , self . tempf , self . session_info )
2010-03-29 17:43:43 +04:00
anysid = security . dom_sid ( security . SID_NT_SELF )
2020-02-07 01:02:38 +03:00
self . assertEqual ( facl . as_sddl ( anysid ) , NTACL_SDDL )
2018-06-01 05:28:43 +03:00
os . unlink ( os . path . join ( self . tempdir , " eadbtest.tdb " ) )
2010-01-08 13:12:11 +03:00
2010-03-29 17:43:43 +04:00
def test_setntacl_getntacl_param ( self ) :
lp = LoadParm ( )
2012-11-11 07:01:44 +04:00
open ( self . tempf , ' w ' ) . write ( " empty " )
2019-12-17 16:49:42 +03:00
setntacl ( lp , self . tempf , NTACL_SDDL , DOMAIN_SID , self . session_info , " tdb " ,
2018-06-01 05:28:43 +03:00
os . path . join ( self . tempdir , " eadbtest.tdb " ) )
2019-12-17 16:52:49 +03:00
facl = getntacl ( lp , self . tempf , self . session_info , " tdb " , os . path . join (
2018-06-01 05:28:43 +03:00
self . tempdir , " eadbtest.tdb " ) )
domsid = security . dom_sid ( security . SID_NT_SELF )
2020-02-07 01:02:38 +03:00
self . assertEqual ( facl . as_sddl ( domsid ) , NTACL_SDDL )
2018-06-01 05:28:43 +03:00
os . unlink ( os . path . join ( self . tempdir , " eadbtest.tdb " ) )
2010-01-08 13:12:11 +03:00
2010-03-29 17:43:43 +04:00
def test_setntacl_invalidbackend ( self ) :
lp = LoadParm ( )
2012-11-11 07:01:44 +04:00
open ( self . tempf , ' w ' ) . write ( " empty " )
2018-06-01 05:28:43 +03:00
self . assertRaises ( XattrBackendError , setntacl , lp , self . tempf ,
2019-12-17 16:49:42 +03:00
NTACL_SDDL , DOMAIN_SID , self . session_info , " ttdb " ,
2018-06-01 05:28:43 +03:00
os . path . join ( self . tempdir , " eadbtest.tdb " ) )
2010-01-08 13:12:11 +03:00
2010-03-29 17:43:43 +04:00
def test_setntacl_forcenative ( self ) :
2010-06-19 19:49:15 +04:00
if os . getuid ( ) == 0 :
2014-12-14 23:03:28 +03:00
raise SkipTest ( " Running test as root, test skipped " )
2010-06-19 19:49:15 +04:00
lp = LoadParm ( )
2012-11-11 07:01:44 +04:00
open ( self . tempf , ' w ' ) . write ( " empty " )
2018-06-01 05:28:43 +03:00
lp . set ( " posix:eadb " , os . path . join ( self . tempdir , " eadbtest.tdb " ) )
2018-06-01 05:23:54 +03:00
self . assertRaises ( Exception , setntacl , lp , self . tempf , NTACL_SDDL ,
2019-12-17 16:49:42 +03:00
DOMAIN_SID , self . session_info , " native " )