summaryrefslogtreecommitdiffstats
path: root/python/samba/tests/samba_tool/ntacl.py
diff options
context:
space:
mode:
Diffstat (limited to 'python/samba/tests/samba_tool/ntacl.py')
-rw-r--r--python/samba/tests/samba_tool/ntacl.py247
1 files changed, 247 insertions, 0 deletions
diff --git a/python/samba/tests/samba_tool/ntacl.py b/python/samba/tests/samba_tool/ntacl.py
new file mode 100644
index 0000000..1173101
--- /dev/null
+++ b/python/samba/tests/samba_tool/ntacl.py
@@ -0,0 +1,247 @@
+# Unix SMB/CIFS implementation.
+# Copyright (C) Andrew Bartlett 2012
+#
+# Based on user.py:
+# Copyright (C) Sean Dague <sdague@linux.vnet.ibm.com> 2011
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+import os
+from samba.tests.samba_tool.base import SambaToolCmdTest
+from samba.tests import env_loadparm
+import random
+
+
+class NtACLCmdSysvolTestCase(SambaToolCmdTest):
+ """Tests for samba-tool ntacl sysvol* subcommands"""
+
+ def test_ntvfs(self):
+ (result, out, err) = self.runsubcmd("ntacl", "sysvolreset",
+ "--use-ntvfs")
+ self.assertCmdSuccess(result, out, err)
+ self.assertEqual(out, "", "Shouldn't be any output messages")
+ self.assertIn("Please note that POSIX permissions have NOT been changed, only the stored NT ACL", err)
+
+ def test_s3fs(self):
+ (result, out, err) = self.runsubcmd("ntacl", "sysvolreset",
+ "--use-s3fs")
+
+ self.assertCmdSuccess(result, out, err)
+ self.assertEqual(err, "", "Shouldn't be any error messages")
+ self.assertEqual(out, "", "Shouldn't be any output messages")
+
+ def test_ntvfs_check(self):
+ (result, out, err) = self.runsubcmd("ntacl", "sysvolreset",
+ "--use-ntvfs")
+ self.assertCmdSuccess(result, out, err)
+ self.assertEqual(out, "", "Shouldn't be any output messages")
+ self.assertIn("Please note that POSIX permissions have NOT been changed, only the stored NT ACL", err)
+ # Now check they were set correctly
+ (result, out, err) = self.runsubcmd("ntacl", "sysvolcheck")
+ self.assertCmdSuccess(result, out, err)
+ self.assertEqual(err, "", "Shouldn't be any error messages")
+ self.assertEqual(out, "", "Shouldn't be any output messages")
+
+ def test_s3fs_check(self):
+ (result, out, err) = self.runsubcmd("ntacl", "sysvolreset",
+ "--use-s3fs")
+
+ self.assertCmdSuccess(result, out, err)
+ self.assertEqual(err, "", "Shouldn't be any error messages")
+ self.assertEqual(out, "", "Shouldn't be any output messages")
+
+ # Now check they were set correctly
+ (result, out, err) = self.runsubcmd("ntacl", "sysvolcheck")
+ self.assertCmdSuccess(result, out, err)
+ self.assertEqual(err, "", "Shouldn't be any error messages")
+ self.assertEqual(out, "", "Shouldn't be any output messages")
+
+ def test_with_missing_files(self):
+ lp = env_loadparm()
+ sysvol = lp.get('path', 'sysvol')
+ realm = lp.get('realm').lower()
+
+ src = os.path.join(sysvol, realm, 'Policies')
+ dest = os.path.join(sysvol, realm, 'Policies-NOT-IN-THE-EXPECTED-PLACE')
+ try:
+ os.rename(src, dest)
+
+ for args in (["sysvolreset", "--use-s3fs"],
+ ["sysvolreset", "--use-ntvfs"],
+ ["sysvolreset"],
+ ["sysvolcheck"]
+ ):
+
+ (result, out, err) = self.runsubcmd("ntacl", *args)
+ self.assertCmdFail(result, f"succeeded with {args} with missing dir")
+ self.assertNotIn("uncaught exception", err,
+ "Shouldn't be uncaught exception")
+ self.assertNotRegex(err, r'^\s*File [^,]+, line \d+, in',
+ "Shouldn't be lines of traceback")
+ self.assertEqual(out, "", "Shouldn't be any output messages")
+ finally:
+ os.rename(dest, src)
+
+
+class NtACLCmdGetSetTestCase(SambaToolCmdTest):
+ """Tests for samba-tool ntacl get/set subcommands"""
+
+ acl = "O:DAG:DUD:P(A;OICI;FA;;;DA)(A;OICI;FA;;;EA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;DA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;AU)(A;OICI;0x1200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
+
+ def test_ntvfs(self):
+ path = os.environ['SELFTEST_PREFIX']
+ tempf = os.path.join(path, "pytests" + str(int(100000 * random.random())))
+ open(tempf, 'w').write("empty")
+
+ (result, out, err) = self.runsubcmd("ntacl", "set", self.acl, tempf,
+ "--use-ntvfs")
+ self.assertCmdSuccess(result, out, err)
+ self.assertEqual(out, "", "Shouldn't be any output messages")
+ self.assertIn("Please note that POSIX permissions have NOT been changed, only the stored NT ACL", err)
+
+ def test_s3fs(self):
+ path = os.environ['SELFTEST_PREFIX']
+ tempf = os.path.join(path, "pytests" + str(int(100000 * random.random())))
+ open(tempf, 'w').write("empty")
+
+ (result, out, err) = self.runsubcmd("ntacl", "set", self.acl, tempf,
+ "--use-s3fs")
+
+ self.assertCmdSuccess(result, out, err)
+ self.assertEqual(err, "", "Shouldn't be any error messages")
+ self.assertEqual(out, "", "Shouldn't be any output messages")
+
+ def test_ntvfs_check(self):
+ path = os.environ['SELFTEST_PREFIX']
+ tempf = os.path.join(path, "pytests" + str(int(100000 * random.random())))
+ open(tempf, 'w').write("empty")
+
+ (result, out, err) = self.runsubcmd("ntacl", "set", self.acl, tempf,
+ "--use-ntvfs")
+ self.assertCmdSuccess(result, out, err)
+ self.assertEqual(out, "", "Shouldn't be any output messages")
+ self.assertIn("Please note that POSIX permissions have NOT been changed, only the stored NT ACL", err)
+
+ # Now check they were set correctly
+ (result, out, err) = self.runsubcmd("ntacl", "get", tempf,
+ "--use-ntvfs", "--as-sddl")
+ self.assertCmdSuccess(result, out, err)
+ self.assertEqual(err, "", "Shouldn't be any error messages")
+ self.assertEqual(self.acl + "\n", out, "Output should be the ACL")
+
+ def test_s3fs_check(self):
+ path = os.environ['SELFTEST_PREFIX']
+ tempf = os.path.join(path, "pytests" + str(int(100000 * random.random())))
+ open(tempf, 'w').write("empty")
+
+ (result, out, err) = self.runsubcmd("ntacl", "set", self.acl, tempf,
+ "--use-s3fs")
+ self.assertCmdSuccess(result, out, err)
+ self.assertEqual(out, "", "Shouldn't be any output messages")
+ self.assertEqual(err, "", "Shouldn't be any error messages")
+
+ # Now check they were set correctly
+ (result, out, err) = self.runsubcmd("ntacl", "get", tempf,
+ "--use-s3fs", "--as-sddl")
+ self.assertCmdSuccess(result, out, err)
+ self.assertEqual(err, "", "Shouldn't be any error messages")
+ self.assertEqual(self.acl + "\n", out, "Output should be the ACL")
+
+class NtACLCmdChangedomsidTestCase(SambaToolCmdTest):
+ """Tests for samba-tool ntacl changedomsid subcommand"""
+ maxDiff = 10000
+ acl = "O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
+ new_acl="O:S-1-5-21-2212615479-2695158682-2101375468-512G:S-1-5-21-2212615479-2695158682-2101375468-513D:P(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-519)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;AU)(A;OICI;0x1200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
+ domain_sid=os.environ['DOMSID']
+ new_domain_sid="S-1-5-21-2212615479-2695158682-2101375468"
+
+ def test_ntvfs_check(self):
+ path = os.environ['SELFTEST_PREFIX']
+ tempf = os.path.join(
+ path, "pytests" + str(int(100000 * random.random())))
+ open(tempf, 'w').write("empty")
+
+ print("DOMSID: %s", self.domain_sid)
+
+ (result, out, err) = self.runsubcmd("ntacl",
+ "set",
+ self.acl,
+ tempf,
+ "--use-ntvfs")
+ self.assertCmdSuccess(result, out, err)
+ self.assertEqual(out, "", "Shouldn't be any output messages")
+ self.assertIn("Please note that POSIX permissions have NOT been "
+ "changed, only the stored NT ACL", err)
+
+ (result, out, err) = self.runsubcmd("ntacl",
+ "changedomsid",
+ self.domain_sid,
+ self.new_domain_sid,
+ tempf,
+ "--use-ntvfs")
+ self.assertCmdSuccess(result, out, err)
+ self.assertEqual(out, "", "Shouldn't be any output messages")
+ self.assertIn("Please note that POSIX permissions have NOT been "
+ "changed, only the stored NT ACL.", err)
+
+ # Now check they were set correctly
+ (result, out, err) = self.runsubcmd("ntacl",
+ "get",
+ tempf,
+ "--use-ntvfs",
+ "--as-sddl")
+ self.assertCmdSuccess(result, out, err)
+ self.assertEqual(err, "", "Shouldn't be any error messages")
+ self.assertEqual(self.new_acl + "\n", out, "Output should be the ACL")
+
+ def test_s3fs_check(self):
+ path = os.environ['SELFTEST_PREFIX']
+ tempf = os.path.join(
+ path, "pytests" + str(int(100000 * random.random())))
+ open(tempf, 'w').write("empty")
+
+ print("DOMSID: %s" % self.domain_sid)
+
+ (result, out, err) = self.runsubcmd("ntacl",
+ "set",
+ self.acl,
+ tempf,
+ "--use-s3fs",
+ "--service=sysvol")
+ self.assertCmdSuccess(result, out, err)
+ self.assertEqual(out, "", "Shouldn't be any output messages")
+ self.assertEqual(err, "", "Shouldn't be any error messages")
+
+ (result, out, err) = self.runsubcmd("ntacl",
+ "changedomsid",
+ self.domain_sid,
+ self.new_domain_sid,
+ tempf,
+ "--use-s3fs",
+ "--service=sysvol")
+ self.assertCmdSuccess(result, out, err)
+ self.assertEqual(out, "", "Shouldn't be any output messages")
+ self.assertEqual(err, "", "Shouldn't be any error messages")
+
+ # Now check they were set correctly
+ (result, out, err) = self.runsubcmd("ntacl",
+ "get",
+ tempf,
+ "--use-s3fs",
+ "--as-sddl",
+ "--service=sysvol")
+ self.assertCmdSuccess(result, out, err)
+ self.assertEqual(err, "", "Shouldn't be any error messages")
+ self.assertEqual(self.new_acl + "\n", out, "Output should be the ACL")
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-28 11:33:00 +0000