mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
tests/posixacl: define global DOM_SID to make code DRY
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13521 Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This commit is contained in:
parent
cd9f6c5f74
commit
197b4b8508
@ -28,6 +28,8 @@ import os
|
||||
from samba.samba3 import smbd, passdb
|
||||
from samba.samba3 import param as s3param
|
||||
|
||||
DOM_SID = "S-1-5-21-2212615479-2695158682-2101375467"
|
||||
|
||||
|
||||
class PosixAclMappingTests(TestCaseInTempDir):
|
||||
|
||||
@ -44,18 +46,18 @@ class PosixAclMappingTests(TestCaseInTempDir):
|
||||
|
||||
def test_setntacl(self):
|
||||
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
|
||||
setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
|
||||
setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False)
|
||||
|
||||
def test_setntacl_smbd_getntacl(self):
|
||||
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
|
||||
setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True)
|
||||
setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=True)
|
||||
facl = getntacl(self.lp, self.tempf, direct_db_access=True)
|
||||
anysid = security.dom_sid(security.SID_NT_SELF)
|
||||
self.assertEquals(facl.as_sddl(anysid),acl)
|
||||
|
||||
def test_setntacl_smbd_setposixacl_getntacl(self):
|
||||
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
|
||||
setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True)
|
||||
setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=True)
|
||||
|
||||
# This will invalidate the ACL, as we have a hook!
|
||||
smbd.set_simple_acl(self.tempf, 0o640)
|
||||
@ -69,7 +71,7 @@ class PosixAclMappingTests(TestCaseInTempDir):
|
||||
|
||||
def test_setntacl_invalidate_getntacl(self):
|
||||
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
|
||||
setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True)
|
||||
setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=True)
|
||||
|
||||
# This should invalidate the ACL, as we include the posix ACL in the hash
|
||||
(backend_obj, dbname) = checkset_backend(self.lp, None, None)
|
||||
@ -83,7 +85,7 @@ class PosixAclMappingTests(TestCaseInTempDir):
|
||||
|
||||
def test_setntacl_invalidate_getntacl_smbd(self):
|
||||
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
|
||||
setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
|
||||
setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False)
|
||||
|
||||
# This should invalidate the ACL, as we include the posix ACL in the hash
|
||||
(backend_obj, dbname) = checkset_backend(self.lp, None, None)
|
||||
@ -99,7 +101,7 @@ class PosixAclMappingTests(TestCaseInTempDir):
|
||||
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
|
||||
simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x001200a9;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
|
||||
os.chmod(self.tempf, 0o750)
|
||||
setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
|
||||
setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False)
|
||||
|
||||
# This should invalidate the ACL, as we include the posix ACL in the hash
|
||||
(backend_obj, dbname) = checkset_backend(self.lp, None, None)
|
||||
@ -113,14 +115,14 @@ class PosixAclMappingTests(TestCaseInTempDir):
|
||||
|
||||
def test_setntacl_getntacl_smbd(self):
|
||||
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
|
||||
setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True)
|
||||
setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=True)
|
||||
facl = getntacl(self.lp, self.tempf, direct_db_access=False)
|
||||
anysid = security.dom_sid(security.SID_NT_SELF)
|
||||
self.assertEquals(facl.as_sddl(anysid),acl)
|
||||
|
||||
def test_setntacl_smbd_getntacl_smbd(self):
|
||||
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
|
||||
setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
|
||||
setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False)
|
||||
facl = getntacl(self.lp, self.tempf, direct_db_access=False)
|
||||
anysid = security.dom_sid(security.SID_NT_SELF)
|
||||
self.assertEquals(facl.as_sddl(anysid),acl)
|
||||
@ -128,7 +130,7 @@ class PosixAclMappingTests(TestCaseInTempDir):
|
||||
def test_setntacl_smbd_setposixacl_getntacl_smbd(self):
|
||||
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
|
||||
simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x00120089;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
|
||||
setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
|
||||
setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False)
|
||||
# This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
|
||||
smbd.set_simple_acl(self.tempf, 0o640)
|
||||
facl = getntacl(self.lp, self.tempf, direct_db_access=False)
|
||||
@ -139,7 +141,7 @@ class PosixAclMappingTests(TestCaseInTempDir):
|
||||
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
|
||||
BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
|
||||
simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x00120089;;;BA)(A;;0x00120089;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
|
||||
setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
|
||||
setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False)
|
||||
# This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
|
||||
s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
|
||||
(BA_gid,BA_type) = s4_passdb.sid_to_id(BA_sid)
|
||||
@ -152,14 +154,14 @@ class PosixAclMappingTests(TestCaseInTempDir):
|
||||
|
||||
def test_setntacl_smbd_getntacl_smbd_gpo(self):
|
||||
acl = "O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
|
||||
setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
|
||||
setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False)
|
||||
facl = getntacl(self.lp, self.tempf, direct_db_access=False)
|
||||
domsid = security.dom_sid("S-1-5-21-2212615479-2695158682-2101375467")
|
||||
domsid = security.dom_sid(DOM_SID)
|
||||
self.assertEquals(facl.as_sddl(domsid),acl)
|
||||
|
||||
def test_setntacl_getposixacl(self):
|
||||
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
|
||||
setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
|
||||
setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False)
|
||||
facl = getntacl(self.lp, self.tempf)
|
||||
anysid = security.dom_sid(security.SID_NT_SELF)
|
||||
self.assertEquals(facl.as_sddl(anysid),acl)
|
||||
|
Loading…
Reference in New Issue
Block a user