sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-04 17:47:26 +03:00
Code
samba-mirror/python/samba/tests/samba_tool/ntacl.py
Douglas Bagnall 8df9fdc551 pytest: samba-tool ntacl should report errors better 
We want `samba-tool ntacl sysvolreset` and `samba-tool ntacl
sysvolcheck` to fail when the Policies folder is not in place, but not
to produce an inscrutable stacktrace.

https://bugzilla.samba.org/show_bug.cgi?id=14937

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-07 05:01:37 +00:00

250 lines
12 KiB
Python
Raw Blame History

# Unix SMB/CIFS implementation.
# Copyright (C) Andrew Bartlett 2012
#
# Based on user.py:
# Copyright (C) Sean Dague <sdague@linux.vnet.ibm.com> 2011
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import os
import time
import ldb
from samba.tests.samba_tool.base import SambaToolCmdTest
from samba.tests import env_loadparm
import random
class NtACLCmdSysvolTestCase(SambaToolCmdTest):
"""Tests for samba-tool ntacl sysvol* subcommands"""
def test_ntvfs(self):
(result, out, err) = self.runsubcmd("ntacl", "sysvolreset",
"--use-ntvfs")
self.assertCmdSuccess(result, out, err)
self.assertEqual(out, "", "Shouldn't be any output messages")
self.assertIn("Please note that POSIX permissions have NOT been changed, only the stored NT ACL", err)
def test_s3fs(self):
(result, out, err) = self.runsubcmd("ntacl", "sysvolreset",
"--use-s3fs")
self.assertCmdSuccess(result, out, err)
self.assertEqual(err, "", "Shouldn't be any error messages")
self.assertEqual(out, "", "Shouldn't be any output messages")
def test_ntvfs_check(self):
(result, out, err) = self.runsubcmd("ntacl", "sysvolreset",
"--use-ntvfs")
self.assertCmdSuccess(result, out, err)
self.assertEqual(out, "", "Shouldn't be any output messages")
self.assertIn("Please note that POSIX permissions have NOT been changed, only the stored NT ACL", err)
# Now check they were set correctly
(result, out, err) = self.runsubcmd("ntacl", "sysvolcheck")
self.assertCmdSuccess(result, out, err)
self.assertEqual(err, "", "Shouldn't be any error messages")
self.assertEqual(out, "", "Shouldn't be any output messages")
def test_s3fs_check(self):
(result, out, err) = self.runsubcmd("ntacl", "sysvolreset",
"--use-s3fs")
self.assertCmdSuccess(result, out, err)
self.assertEqual(err, "", "Shouldn't be any error messages")
self.assertEqual(out, "", "Shouldn't be any output messages")
# Now check they were set correctly
(result, out, err) = self.runsubcmd("ntacl", "sysvolcheck")
self.assertCmdSuccess(result, out, err)
self.assertEqual(err, "", "Shouldn't be any error messages")
self.assertEqual(out, "", "Shouldn't be any output messages")
def test_with_missing_files(self):
lp = env_loadparm()
sysvol = lp.get('path', 'sysvol')
realm = lp.get('realm').lower()
src = os.path.join(sysvol, realm, 'Policies')
dest = os.path.join(sysvol, realm, 'Policies-NOT-IN-THE-EXPECTED-PLACE')
try:
os.rename(src, dest)
for args in (["sysvolreset", "--use-s3fs"],
["sysvolreset", "--use-ntvfs"],
["sysvolreset"],
["sysvolcheck"]
):
(result, out, err) = self.runsubcmd("ntacl", *args)
self.assertCmdFail(result, f"succeeded with {args} with missing dir")
self.assertNotIn("uncaught exception", err,
"Shouldn't be uncaught exception")
self.assertNotRegex(err, '^\s*File [^,]+, line \d+, in',
"Shouldn't be lines of traceback")
self.assertEqual(out, "", "Shouldn't be any output messages")
finally:
os.rename(dest, src)
class NtACLCmdGetSetTestCase(SambaToolCmdTest):
"""Tests for samba-tool ntacl get/set subcommands"""
acl = "O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
def test_ntvfs(self):
path = os.environ['SELFTEST_PREFIX']
tempf = os.path.join(path, "pytests" + str(int(100000 * random.random())))
open(tempf, 'w').write("empty")
(result, out, err) = self.runsubcmd("ntacl", "set", self.acl, tempf,
"--use-ntvfs")
self.assertCmdSuccess(result, out, err)
self.assertEqual(out, "", "Shouldn't be any output messages")
self.assertIn("Please note that POSIX permissions have NOT been changed, only the stored NT ACL", err)
def test_s3fs(self):
path = os.environ['SELFTEST_PREFIX']
tempf = os.path.join(path, "pytests" + str(int(100000 * random.random())))
open(tempf, 'w').write("empty")
(result, out, err) = self.runsubcmd("ntacl", "set", self.acl, tempf,
"--use-s3fs")
self.assertCmdSuccess(result, out, err)
self.assertEqual(err, "", "Shouldn't be any error messages")
self.assertEqual(out, "", "Shouldn't be any output messages")
def test_ntvfs_check(self):
path = os.environ['SELFTEST_PREFIX']
tempf = os.path.join(path, "pytests" + str(int(100000 * random.random())))
open(tempf, 'w').write("empty")
(result, out, err) = self.runsubcmd("ntacl", "set", self.acl, tempf,
"--use-ntvfs")
self.assertCmdSuccess(result, out, err)
self.assertEqual(out, "", "Shouldn't be any output messages")
self.assertIn("Please note that POSIX permissions have NOT been changed, only the stored NT ACL", err)
# Now check they were set correctly
(result, out, err) = self.runsubcmd("ntacl", "get", tempf,
"--use-ntvfs", "--as-sddl")
self.assertCmdSuccess(result, out, err)
self.assertEqual(err, "", "Shouldn't be any error messages")
self.assertEqual(self.acl + "\n", out, "Output should be the ACL")
def test_s3fs_check(self):
path = os.environ['SELFTEST_PREFIX']
tempf = os.path.join(path, "pytests" + str(int(100000 * random.random())))
open(tempf, 'w').write("empty")
(result, out, err) = self.runsubcmd("ntacl", "set", self.acl, tempf,
"--use-s3fs")
self.assertCmdSuccess(result, out, err)
self.assertEqual(out, "", "Shouldn't be any output messages")
self.assertEqual(err, "", "Shouldn't be any error messages")
# Now check they were set correctly
(result, out, err) = self.runsubcmd("ntacl", "get", tempf,
"--use-s3fs", "--as-sddl")
self.assertCmdSuccess(result, out, err)
self.assertEqual(err, "", "Shouldn't be any error messages")
self.assertEqual(self.acl + "\n", out, "Output should be the ACL")
class NtACLCmdChangedomsidTestCase(SambaToolCmdTest):
"""Tests for samba-tool ntacl changedomsid subcommand"""
acl = "O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
new_acl="O:S-1-5-21-2212615479-2695158682-2101375468-512G:S-1-5-21-2212615479-2695158682-2101375468-513D:P(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-519)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
domain_sid=os.environ['DOMSID']
new_domain_sid="S-1-5-21-2212615479-2695158682-2101375468"
def test_ntvfs_check(self):
path = os.environ['SELFTEST_PREFIX']
tempf = os.path.join(
path, "pytests" + str(int(100000 * random.random())))
open(tempf, 'w').write("empty")
print("DOMSID: %s", self.domain_sid)
(result, out, err) = self.runsubcmd("ntacl",
"set",
self.acl,
tempf,
"--use-ntvfs")
self.assertCmdSuccess(result, out, err)
self.assertEqual(out, "", "Shouldn't be any output messages")
self.assertIn("Please note that POSIX permissions have NOT been "
"changed, only the stored NT ACL", err)
(result, out, err) = self.runsubcmd("ntacl",
"changedomsid",
self.domain_sid,
self.new_domain_sid,
tempf,
"--use-ntvfs")
self.assertCmdSuccess(result, out, err)
self.assertEqual(out, "", "Shouldn't be any output messages")
self.assertIn("Please note that POSIX permissions have NOT been "
"changed, only the stored NT ACL.", err)
# Now check they were set correctly
(result, out, err) = self.runsubcmd("ntacl",
"get",
tempf,
"--use-ntvfs",
"--as-sddl")
self.assertCmdSuccess(result, out, err)
self.assertEqual(err, "", "Shouldn't be any error messages")
self.assertEqual(self.new_acl + "\n", out, "Output should be the ACL")
def test_s3fs_check(self):
path = os.environ['SELFTEST_PREFIX']
tempf = os.path.join(
path, "pytests" + str(int(100000 * random.random())))
open(tempf, 'w').write("empty")
print("DOMSID: %s" % self.domain_sid)
(result, out, err) = self.runsubcmd("ntacl",
"set",
self.acl,
tempf,
"--use-s3fs",
"--service=sysvol")
self.assertCmdSuccess(result, out, err)
self.assertEqual(out, "", "Shouldn't be any output messages")
self.assertEqual(err, "", "Shouldn't be any error messages")
(result, out, err) = self.runsubcmd("ntacl",
"changedomsid",
self.domain_sid,
self.new_domain_sid,
tempf,
"--use-s3fs",
"--service=sysvol")
self.assertCmdSuccess(result, out, err)
self.assertEqual(out, "", "Shouldn't be any output messages")
self.assertEqual(err, "", "Shouldn't be any error messages")
# Now check they were set correctly
(result, out, err) = self.runsubcmd("ntacl",
"get",
tempf,
"--use-s3fs",
"--as-sddl",
"--service=sysvol")
self.assertCmdSuccess(result, out, err)
self.assertEqual(err, "", "Shouldn't be any error messages")
self.assertEqual(self.new_acl + "\n", out, "Output should be the ACL")
View Git Blame Copy Permalink