mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
pytest:sddl Samba had the wrong value for FA, now fix the tests
The tests that were in SddlWindowsFlagsAreDifferent have the behaviour we want, and as we aim for Samba flags no longer being different, we shift them to SddlNonCanonical. The tests in SddlSambaDoesItsOwnThing are removed because they showed Samba's old behaviour around FA. This will create knownfails, which will be fixed by the commit fixing the value of "FA". Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
parent
c0d477738e
commit
334afc7157
@ -578,6 +578,44 @@ class SddlNonCanonical(SddlDecodeEncodeBase):
|
||||
("D:AI(A;CI;RP LCLO RC;;;AU)", "D:AI(A;CI;LCRPLORC;;;AU)"),
|
||||
# space before string flags is ignored.
|
||||
("D:(A;; GA;;;LG)", "D:(A;;GA;;;LG)"),
|
||||
|
||||
# from 'samba3.blackbox.large_acl.NT1.able to retrieve a large ACL if VFS supports it'
|
||||
(("D:(A;;0x001f01ff;;;WD)" +
|
||||
''.join(f"(A;;0x001f01ff;;;S-1-5-21-11111111-22222222-33333333-{i})"
|
||||
for i in range(1001, 1201))),
|
||||
("D:(A;;FA;;;WD)" +
|
||||
''.join(f"(A;;FA;;;S-1-5-21-11111111-22222222-33333333-{i})"
|
||||
for i in range(1001, 1201)))
|
||||
),
|
||||
|
||||
# from samba4.blackbox.samba-tool_ntacl, but using 0x1f01ff in place of FA (which it will become)
|
||||
(("O:S-1-5-21-2212615479-2695158682-2101375468-512"
|
||||
"G:S-1-5-21-2212615479-2695158682-2101375468-513"
|
||||
"D:P(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
|
||||
"(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-519)"
|
||||
"(A;OICIIO;0x001f01ff;;;CO)"
|
||||
"(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
|
||||
"(A;OICI;0x001f01ff;;;SY)"
|
||||
"(A;OICI;0x001200a9;;;AU)"
|
||||
"(A;OICI;0x001200a9;;;ED)"
|
||||
"S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;"
|
||||
"bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
|
||||
"(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;"
|
||||
"bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"),
|
||||
("O:S-1-5-21-2212615479-2695158682-2101375468-512"
|
||||
"G:S-1-5-21-2212615479-2695158682-2101375468-513"
|
||||
"D:P(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
|
||||
"(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-519)"
|
||||
"(A;OICIIO;FA;;;CO)"
|
||||
"(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
|
||||
"(A;OICI;FA;;;SY)"
|
||||
"(A;OICI;0x1200a9;;;AU)"
|
||||
"(A;OICI;0x1200a9;;;ED)"
|
||||
"S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;"
|
||||
"bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
|
||||
"(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;"
|
||||
"bf967aa5-0de6-11d0-a285-00aa003049e2;WD)")),
|
||||
|
||||
]
|
||||
|
||||
|
||||
@ -611,6 +649,7 @@ class SddlCanonical(SddlDecodeEncodeBase):
|
||||
"O:S-1-2-512D:",
|
||||
"D:PARAI(A;;GA;;;SY)",
|
||||
"D:P(A;;GA;;;LG)(A;;GX;;;AA)",
|
||||
"D:(A;;FA;;;WD)"
|
||||
]
|
||||
|
||||
|
||||
@ -752,115 +791,6 @@ class SddlWindowsIsLessFussy(SddlDecodeEncodeBase):
|
||||
]
|
||||
|
||||
|
||||
@DynamicTestCase
|
||||
class SddlWindowsFlagsAreDifferent(SddlDecodeEncodeBase):
|
||||
"""On Windows the 'FA' symbol means 0x1f01ff, while on Samba it means
|
||||
0x1ff (Samba is SEC_FILE_ALL, Windows is SEC_FILE_ALL |
|
||||
SEC_STD_ALL).
|
||||
|
||||
https://lists.samba.org/archive/cifs-protocol/2010-February/001387.html
|
||||
is maybe relevant.
|
||||
"""
|
||||
name = "windows_flags_are_different"
|
||||
should_succeed = True
|
||||
strings = [
|
||||
# from 'samba3.blackbox.large_acl.NT1.able to retrieve a large ACL if VFS supports it'
|
||||
(("D:(A;;0x001f01ff;;;WD)" +
|
||||
''.join(f"(A;;0x001f01ff;;;S-1-5-21-11111111-22222222-33333333-{i})"
|
||||
for i in range(1001, 1201))),
|
||||
("D:(A;;FA;;;WD)" +
|
||||
''.join(f"(A;;FA;;;S-1-5-21-11111111-22222222-33333333-{i})"
|
||||
for i in range(1001, 1201)))
|
||||
),
|
||||
# from samba4.blackbox.samba-tool_ntacl, but using FA in place of 0x1f01ff
|
||||
(("O:S-1-5-21-2212615479-2695158682-2101375468-512"
|
||||
"G:S-1-5-21-2212615479-2695158682-2101375468-513"
|
||||
"D:P(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
|
||||
"(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-519)"
|
||||
"(A;OICIIO;0x001f01ff;;;CO)"
|
||||
"(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
|
||||
"(A;OICI;0x001f01ff;;;SY)"
|
||||
"(A;OICI;0x001200a9;;;AU)"
|
||||
"(A;OICI;0x001200a9;;;ED)"
|
||||
"S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;"
|
||||
"bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
|
||||
"(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;"
|
||||
"bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"),
|
||||
("O:S-1-5-21-2212615479-2695158682-2101375468-512"
|
||||
"G:S-1-5-21-2212615479-2695158682-2101375468-513"
|
||||
"D:P(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
|
||||
"(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-519)"
|
||||
"(A;OICIIO;FA;;;CO)"
|
||||
"(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
|
||||
"(A;OICI;FA;;;SY)"
|
||||
"(A;OICI;0x1200a9;;;AU)"
|
||||
"(A;OICI;0x1200a9;;;ED)"
|
||||
"S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;"
|
||||
"bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
|
||||
"(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;"
|
||||
"bf967aa5-0de6-11d0-a285-00aa003049e2;WD)")),
|
||||
|
||||
("D:(A;;FA;;;WD)", "D:(A;;FA;;;WD)"),
|
||||
]
|
||||
|
||||
|
||||
@DynamicTestCase
|
||||
class SddlSambaDoesItsOwnThing(SddlDecodeEncodeBase):
|
||||
"""Samba's corresponding strings for the "windows flags are different"
|
||||
examples.
|
||||
"""
|
||||
name = "samba_does_its_own_thing"
|
||||
should_succeed = True
|
||||
strings = [
|
||||
# from 'samba3.blackbox.large_acl.NT1.able to retrieve a large ACL if VFS supports it'
|
||||
(("D:(A;;0x001f01ff;;;WD)" +
|
||||
''.join(f"(A;;0x001f01ff;;;S-1-5-21-11111111-22222222-33333333-{i})"
|
||||
for i in range(1001, 1201))),
|
||||
("D:(A;;0x1f01ff;;;WD)" +
|
||||
''.join(f"(A;;0x1f01ff;;;S-1-5-21-11111111-22222222-33333333-{i})"
|
||||
for i in range(1001, 1201)))
|
||||
),
|
||||
# On Samba this is like a canonical test (same string
|
||||
# returned), but Windows will turn all the 0x1f01ff into FA.
|
||||
(("D:(A;;0x1f01ff;;;WD)" +
|
||||
''.join(f"(A;;0x1f01ff;;;S-1-5-21-11111111-22222222-33333333-{i})"
|
||||
for i in range(1001, 1201))),
|
||||
("D:(A;;0x1f01ff;;;WD)" +
|
||||
''.join(f"(A;;0x1f01ff;;;S-1-5-21-11111111-22222222-33333333-{i})"
|
||||
for i in range(1001, 1201)))
|
||||
),
|
||||
# from samba4.blackbox.samba-tool_ntacl, removing 00 padding in 0x flags
|
||||
(("O:S-1-5-21-2212615479-2695158682-2101375468-512"
|
||||
"G:S-1-5-21-2212615479-2695158682-2101375468-513"
|
||||
"D:P(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
|
||||
"(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-519)"
|
||||
"(A;OICIIO;0x001f01ff;;;CO)"
|
||||
"(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
|
||||
"(A;OICI;0x001f01ff;;;SY)"
|
||||
"(A;OICI;0x001200a9;;;AU)"
|
||||
"(A;OICI;0x001200a9;;;ED)"
|
||||
"S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;"
|
||||
"bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
|
||||
"(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;"
|
||||
"bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"),
|
||||
("O:S-1-5-21-2212615479-2695158682-2101375468-512"
|
||||
"G:S-1-5-21-2212615479-2695158682-2101375468-513"
|
||||
"D:P(A;OICI;0x1f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
|
||||
"(A;OICI;0x1f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-519)"
|
||||
"(A;OICIIO;0x1f01ff;;;CO)"
|
||||
"(A;OICI;0x1f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
|
||||
"(A;OICI;0x1f01ff;;;SY)"
|
||||
"(A;OICI;0x1200a9;;;AU)"
|
||||
"(A;OICI;0x1200a9;;;ED)"
|
||||
"S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;"
|
||||
"bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
|
||||
"(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;"
|
||||
"bf967aa5-0de6-11d0-a285-00aa003049e2;WD)")),
|
||||
|
||||
("D:(A;;FA;;;WD)", "D:(A;;CCDCLCSWRPWPDTLOCR;;;WD)"),
|
||||
]
|
||||
|
||||
|
||||
@DynamicTestCase
|
||||
class SddlWindowsIsWeird(SddlDecodeEncodeBase):
|
||||
"""Windows will accept some very misleading SDDL strings.
|
||||
|
@ -1,3 +1,3 @@
|
||||
^samba.tests.sddl.+.SddlWindowsFlagsAreDifferent.test_sddl_D:.A;;0x001f01ff;;;WD..A;;0x001f01ff;;;S-1-5-21-11111111-22222222-33333333-1001..A;;0x001f01ff;;;S-1.11522-more-characters.none
|
||||
^samba.tests.sddl.+.SddlWindowsFlagsAreDifferent.test_sddl_D:.A;;FA;;;WD..none
|
||||
^samba.tests.sddl.+.SddlWindowsFlagsAreDifferent.test_sddl_O:S-1-5-21-2212615479-2695158682-2101375468-512G:S-1-5-21-2212615479-2695158682-2101375468-513D:P.A;.482-more-characters.none
|
||||
^samba.tests.sddl.+.SddlCanonical.test_sddl_D:.A;;FA;;;WD..none
|
||||
^samba.tests.sddl.+.SddlNonCanonical.test_sddl_D:.A;;0x001f01ff;;;WD..A;;0x001f01ff;;;S-1-5-21-11111111-22222222-33333333-1001..A;;0x001f01ff;;;S-1+11522-more-characters.none
|
||||
^samba.tests.sddl.+.SddlNonCanonical.test_sddl_O:S-1-5-21-2212615479-2695158682-2101375468-512G:S-1-5-21-2212615479-2695158682-2101375468-513D:P.A;+482-more-characters.none
|
||||
|
Loading…
Reference in New Issue
Block a user