mirror of
https://github.com/samba-team/samba.git
synced 2025-01-21 18:04:06 +03:00
selftest: modify python.samba.test.posixacl to cope with nss_winbind active
It was observed that adding libnss_winbind (via nss_wrapper) lets the posix acl mapping come out slightly differently with respect to the owner/domain admin who is not explicitly nailed down in the original NT acl. This patch extends the test to react to the presence of nss_winbind in environment and adapts the expected results. This in particular fixes the run of the test against the (changed) plugin_s4_dc environment while keeping the possibility to successfully run it against an env without nss_winbind. Pair-Programmed-With: Guenther Deschner <gd@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org>
This commit is contained in:
Michael Adam
parent
ddcf3614ce
commit
79b927ac9e
@ -316,6 +316,12 @@ class PosixAclMappingTests(TestCaseInTempDir):
|
||||
self.assertEquals(facl.as_sddl(domsid),acl)
|
||||
posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
|
||||
|
||||
nwrap_module_so_path = os.getenv('NSS_WRAPPER_MODULE_SO_PATH')
|
||||
nwrap_module_fn_prefix = os.getenv('NSS_WRAPPER_MODULE_FN_PREFIX')
|
||||
|
||||
nwrap_winbind_active = (nwrap_module_so_path != "" and
|
||||
nwrap_module_fn_prefix == "winbind")
|
||||
|
||||
LA_sid = security.dom_sid(str(domsid)+"-"+str(security.DOMAIN_RID_ADMINISTRATOR))
|
||||
BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
|
||||
SO_sid = security.dom_sid(security.SID_BUILTIN_SERVER_OPERATORS)
|
||||
@ -345,14 +351,20 @@ class PosixAclMappingTests(TestCaseInTempDir):
|
||||
self.assertEquals(posix_acl.acl[0].info.gid, BA_gid)
|
||||
|
||||
self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_USER)
|
||||
self.assertEquals(posix_acl.acl[1].a_perm, 6)
|
||||
if nwrap_winbind_active:
|
||||
self.assertEquals(posix_acl.acl[1].a_perm, 7)
|
||||
else:
|
||||
self.assertEquals(posix_acl.acl[1].a_perm, 6)
|
||||
self.assertEquals(posix_acl.acl[1].info.uid, LA_uid)
|
||||
|
||||
self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
|
||||
self.assertEquals(posix_acl.acl[2].a_perm, 0)
|
||||
|
||||
self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_USER_OBJ)
|
||||
self.assertEquals(posix_acl.acl[3].a_perm, 6)
|
||||
if nwrap_winbind_active:
|
||||
self.assertEquals(posix_acl.acl[3].a_perm, 7)
|
||||
else:
|
||||
self.assertEquals(posix_acl.acl[3].a_perm, 6)
|
||||
|
||||
self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_USER)
|
||||
self.assertEquals(posix_acl.acl[4].a_perm, 7)
|
||||
@ -650,6 +662,12 @@ class PosixAclMappingTests(TestCaseInTempDir):
|
||||
self.assertEquals(facl.as_sddl(domsid),acl)
|
||||
posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
|
||||
|
||||
nwrap_module_so_path = os.getenv('NSS_WRAPPER_MODULE_SO_PATH')
|
||||
nwrap_module_fn_prefix = os.getenv('NSS_WRAPPER_MODULE_FN_PREFIX')
|
||||
|
||||
nwrap_winbind_active = (nwrap_module_so_path != "" and
|
||||
nwrap_module_fn_prefix == "winbind")
|
||||
|
||||
LA_sid = security.dom_sid(str(domsid)+"-"+str(security.DOMAIN_RID_ADMINISTRATOR))
|
||||
BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
|
||||
SO_sid = security.dom_sid(security.SID_BUILTIN_SERVER_OPERATORS)
|
||||
@ -682,14 +700,20 @@ class PosixAclMappingTests(TestCaseInTempDir):
|
||||
self.assertEquals(posix_acl.acl[0].info.gid, BA_gid)
|
||||
|
||||
self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_USER)
|
||||
self.assertEquals(posix_acl.acl[1].a_perm, 6)
|
||||
if nwrap_winbind_active:
|
||||
self.assertEquals(posix_acl.acl[1].a_perm, 7)
|
||||
else:
|
||||
self.assertEquals(posix_acl.acl[1].a_perm, 6)
|
||||
self.assertEquals(posix_acl.acl[1].info.uid, LA_uid)
|
||||
|
||||
self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
|
||||
self.assertEquals(posix_acl.acl[2].a_perm, 0)
|
||||
|
||||
self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_USER_OBJ)
|
||||
self.assertEquals(posix_acl.acl[3].a_perm, 6)
|
||||
if nwrap_winbind_active:
|
||||
self.assertEquals(posix_acl.acl[3].a_perm, 7)
|
||||
else:
|
||||
self.assertEquals(posix_acl.acl[3].a_perm, 6)
|
||||
|
||||
self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_USER)
|
||||
self.assertEquals(posix_acl.acl[4].a_perm, 7)
|
||||
|
||||
@ -314,11 +314,3 @@
|
||||
# Differences in our KDC compared to windows
|
||||
#
|
||||
^samba4.krb5.kdc .*.as-req-pac-request # We should reply to a request for a PAC over UDP with KRB5KRB_ERR_RESPONSE_TOO_BIG unconditionally
|
||||
#
|
||||
# Test does not work, apparently because the calling user and
|
||||
# the domain admin use the same uid. This was uncovered by
|
||||
# enabling libnss_winbindd in the nsswrapper environment.
|
||||
# TODO: fix the test.
|
||||
#
|
||||
^samba.tests.posixacl.samba.tests.posixacl.PosixAclMappingTests.test_setntacl_sysvol_check_getposixacl\(plugin_s4_dc:local\)$
|
||||
^samba.tests.posixacl.samba.tests.posixacl.PosixAclMappingTests.test_setntacl_policies_check_getposixacl\(plugin_s4_dc:local\)$
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user