1 # Blackbox tests for smbcacls
3 # Copyright (C) Noel Power noel.power@suse.com
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
18 from samba.tests.blackbox.smbcacls import SmbCaclsBlockboxTestBase
19 from samba.tests import BlackboxProcessError
22 class InheritanceSmbCaclsTests(SmbCaclsBlockboxTestBase):
27 # create toplevel testdir structure with desired ACL(s)
29 # +-tar_test_dir/ (OI)(CI)(I)(F)
30 # +-oi_dir/ (OI)(CI)(I)(F)
32 # | +-nested/ (OI)(CI)(I)(F)
34 # | +-nested_again/ (OI)(CI)(I)(F)
37 self.toplevel = self.create_remote_test_file("tar_test_dir/file-0")
38 self.f1 = self.create_remote_test_file("tar_test_dir/oi_dir/file-1")
39 self.f2 = self.create_remote_test_file("tar_test_dir/oi_dir/nested/file-2")
40 self.f3 = self.create_remote_test_file("tar_test_dir/oi_dir/nested/nested_again/file-3")
41 self.tar_dir = os.path.split(self.toplevel)[0]
42 self.oi_dir = os.path.split(self.f1)[0]
43 self.nested_dir = os.path.split(self.f2)[0]
44 self.nested_again_dir = os.path.split(self.f3)[0]
46 dir_acl_str = "ACL:%s:ALLOWED/OI|CI/FULL" % self.user
47 inherited_dir_acl_str = "ACL:%s:ALLOWED/OI|CI|I/FULL" % self.user
48 file_acl_str = "ACL:%s:ALLOWED/I/FULL" % self.user
50 self.smb_cacls(["--modify", dir_acl_str, self.tar_dir])
51 self.smb_cacls(["--modify", inherited_dir_acl_str, self.oi_dir])
52 self.smb_cacls(["--modify", inherited_dir_acl_str, self.nested_dir])
53 self.smb_cacls(["--modify", inherited_dir_acl_str, self.nested_again_dir])
54 self.smb_cacls(["--modify", file_acl_str, self.f1])
55 self.smb_cacls(["--modify", file_acl_str, self.f2])
56 self.smb_cacls(["--modify", file_acl_str, self.f3])
59 # tmp is the default share which has an existing testdir smbcacls
60 # we need to be prepared to deal with a 'custom' share (which also
61 # would have an existing testdir)
62 if self.share != "tmp":
63 self.dirpath = os.path.join(os.environ["LOCAL_PATH"],self.share)
64 self.dirpath = os.path.join(self.dirpath,self.testdir)
67 def test_simple_oi_add(self):
68 """test smbcacls '--propagate-inheritance --add' which attempts to add the ACL
69 for the file and additionally use inheritance rules to propagate appropriate
72 This test adds an ACL with (OI)(READ)
76 +-tar_test_dir/ (OI)(CI)(I)(F)
77 +-oi_dir/ (OI)(CI)(I)(F)
79 | +-nested/ (OI)(CI)(I)(F)
81 | +-nested_again/ (OI)(CI)(I)(F)
86 +-tar_test_dir/ (OI)(CI)(I)(F)
87 +-oi_dir/ (OI)(CI)(I)(F), (OI)(READ)
88 | +-file.1 (I)(F), (I)(READ)
89 | +-nested/ (OI)(CI)(I)(F), (OI)(IO)(I)(READ)
90 | +-file.2 (I)(F), (I)(READ)
91 | +-nested_again/ (OI)(CI)(I)(F), (OI)(IO)(I)(READ)
92 | +-file.3 (I)(F), (I)(READ)"""
94 dir_add_acl_str = "ACL:%s:ALLOWED/OI/READ" % self.user
95 obj_inherited_ace_str = "ACL:%s:ALLOWED/I/READ" % self.user
96 dir_inherited_ace_str = "ACL:%s:ALLOWED/OI|IO|I/READ" % self.user
100 self.smb_cacls(["--propagate-inheritance", "--add",
101 dir_add_acl_str, self.oi_dir])
103 # check top level container 'oi_dir' has OI/READ
104 dir_ace = self.ace_parse_str(dir_add_acl_str)
105 self.assertTrue(self.file_ace_check(self.oi_dir, dir_ace))
107 # file 'oi_dir/file-1' should have inherited I/READ
108 child_file_ace = self.ace_parse_str(obj_inherited_ace_str)
109 self.assertTrue(self.file_ace_check(self.f1, child_file_ace))
111 # nested dir 'oi_dir/nested/' should have OI|IO/READ
112 child_dir_ace = self.ace_parse_str(dir_inherited_ace_str)
113 self.assertTrue(self.file_ace_check(self.nested_dir, child_dir_ace))
115 # nested file 'oi_dir/nested/file-2' should have inherited I/READ
116 self.assertTrue(self.file_ace_check(self.f2, child_file_ace))
118 # nested_again dir 'oi_dir/nested/nested_again' should have OI|IO/READ
119 child_dir_ace = self.ace_parse_str(dir_inherited_ace_str)
120 self.assertTrue(self.file_ace_check(self.nested_again_dir, child_dir_ace))
121 # nested_again file 'oi_dir/nested/nested_again/file-3' should have inherited I/READ
122 self.assertTrue(self.file_ace_check(self.f3, child_file_ace))
123 except BlackboxProcessError as e:
126 def test_simple_oi_delete(self):
127 """test smbcacls '--propagate-inheritance --add' which attempts to add the ACL
128 for the file and additionally use inheritance rules to propagate appropriate
131 This test adds an ACL with (OI)(READ)
135 +-tar_test_dir/ (OI)(CI)(I)(F)
136 +-oi_dir/ (OI)(CI)(I)(F), (OI)(IO)(READ)
137 | +-file.1 (I)(F), (I)(READ)
138 | +-nested/ (OI)(CI)(I)(F), (OI)(IO)(I)(READ)
139 | +-file.2 (I)(F), (I)(READ)
140 | +-nested_again/ (OI)(CI)(I)(F)
145 +-tar_test_dir/ (OI)(CI)(I)(F)
146 +-oi_dir/ (OI)(CI)(I)(F)
148 | +-nested/ (OI)(CI)(I)(F)
150 | +-nested_again/ (OI)(CI)(I)(F)
153 dir_acl_str = "ACL:%s:ALLOWED/OI/READ" % self.user
154 obj_inherited_ace_str = "ACL:%s:ALLOWED/I/READ" % self.user
155 dir_inherited_ace_str = "ACL:%s:ALLOWED/OI|IO|I/READ" % self.user
158 # add flags on oi_dir
159 self.smb_cacls([ "--add", dir_acl_str, self.oi_dir])
161 # add flags on oi_dir/nested
162 self.smb_cacls([ "--add", dir_inherited_ace_str, self.nested_dir])
164 # add flags on oi_dir/nested/nested_again
165 self.smb_cacls([ "--add", dir_inherited_ace_str, self.nested_again_dir])
167 # add flags on oi_dir/file-1
168 self.smb_cacls(["--add", obj_inherited_ace_str, self.f1])
170 # add flags on oi_dir/nested/file-2
171 self.smb_cacls([ "--add", obj_inherited_ace_str, self.f2])
173 # add flags on oi_dir/nested/nested_again/file-3
174 self.smb_cacls([ "--add", obj_inherited_ace_str, self.f3])
176 self.smb_cacls(["--propagate-inheritance",
177 "--delete", dir_acl_str, self.oi_dir])
179 # check top level container 'oi_dir' no longer has OI/READ
180 dir_ace = self.ace_parse_str(dir_acl_str)
181 self.assertTrue(self.file_ace_check(self.oi_dir, dir_ace) == False)
183 # file 'oi_dir/file-1' should no longer have inherited I/READ
184 child_file_ace = self.ace_parse_str(obj_inherited_ace_str)
185 self.assertTrue(self.file_ace_check(self.f1, child_file_ace) == False)
187 # nested dir 'oi_dir/nested/' should no longer have OI|IO/READ
188 child_dir_ace = self.ace_parse_str(dir_inherited_ace_str)
189 self.assertTrue(self.file_ace_check(self.nested_dir, child_dir_ace) == False)
191 # nested file 'oi_dir/nested/file-2' should no longer have inherited I/READ
192 self.assertTrue(self.file_ace_check(self.f2, child_file_ace) == False)
194 # nested dir 'oi_dir/nested/nested_agin' should no longer have OI|IO/READ
195 child_dir_ace = self.ace_parse_str(dir_inherited_ace_str)
196 self.assertTrue(self.file_ace_check(self.nested_again_dir, child_dir_ace) == False)
198 # nested file 'oi_dir/nested/nested_again/file-3' should no longer have inherited I/READ
199 self.assertTrue(self.file_ace_check(self.f3, child_file_ace) == False)
201 except BlackboxProcessError as e:
204 def test_simple_oi_modify(self):
205 """test smbcacls '--propagate-inheritance --modify' which attempts to modify ACL
206 for the file and additionally use inheritance rules to propagate appropriate
209 This test first adds an ACL with (OI)(R), then it modifies that acl to be
210 (OI)(D) - where D == 0x00110000
214 +-tar_test_dir/ (OI)(CI)(I)(F)
215 +-oi_dir/ (OI)(IO)(R)
217 | +-nested/ (OI)(IO)(I)(R)
219 | +-nested_again/ (OI)(IO)(I)(R)
224 +-tar_test_dir/ (OI)(CI)(I)(F)
225 +-oi_dir/ (OI)(IO)(CHANGE)
226 | +-file.1 (I)(CHANGED)
227 | +-nested/ (OI)(IO)(I)(CHANGED)
228 | +-file.2 (I)(CHANGED)
229 | +-nested_again/ (OI)(IO)(I)(CHANGE)
230 | +-file.3 (I)(CHANGE)"""
232 explict_access_ace_str = "ACL:%s:ALLOWED/0x0/RWD" % self.user
233 dir_mod_acl_str = "ACL:%s:ALLOWED/OI/CHANGE" % self.user
234 file_mod_inherited_ace_str = "ACL:%s:ALLOWED/I/CHANGE" % self.user
235 dir_mod_inherited_ace_str = "ACL:%s:ALLOWED/OI|IO|I/CHANGE" % self.user
238 # add flags on oi_dir
240 # This is somewhat artificial, we need to add a new acl to the directory
241 # so that the following modify operation doesn't fail. Previously
242 # '--modify' was used in place of '--add' but that resulted in failure
243 # to access the directory ( or even modify the acl ).
244 # Note: when running this test against a windows server it seems that
245 # running as Administrator ensures best results
247 # add flags on oi_dir/oi_dir
248 self.smb_cacls(["--add", explict_access_ace_str, self.oi_dir])
250 # add flags on oi_dir/nested
251 self.smb_cacls(["--add", explict_access_ace_str, self.nested_dir])
253 # add flags on oi_dir/nested/nested_again
254 self.smb_cacls(["--add", explict_access_ace_str, self.nested_again_dir])
256 # add flags on oi_dir/file-1
257 self.smb_cacls([ "--add", explict_access_ace_str, self.f1])
259 # add flags on oi_dir/nested/file-2
260 self.smb_cacls(["--add", explict_access_ace_str, self.f2])
262 # add flags on oi_dir/nested/nested_again/file-3
263 self.smb_cacls(["--add", explict_access_ace_str, self.f3])
265 self.smb_cacls(["--propagate-inheritance", "--modify",
266 dir_mod_acl_str, self.oi_dir])
269 # check top level container 'oi_dir' has OI/CHANGE
270 dir_ace = self.ace_parse_str(dir_mod_acl_str)
271 self.assertTrue(self.file_ace_check(self.oi_dir, dir_ace))
273 # file 'oi_dir/file-1' should have inherited I/CHANGE
274 child_file_ace = self.ace_parse_str(file_mod_inherited_ace_str)
275 self.assertTrue(self.file_ace_check(self.f1, child_file_ace))
277 # nested dir 'oi_dir/nested/' should have OI|IO/CHANGE
278 child_dir_ace = self.ace_parse_str(dir_mod_inherited_ace_str)
279 self.assertTrue(self.file_ace_check(self.nested_dir, child_dir_ace))
281 # nested file 'oi_dir/nested/file-2' should have inherited I/CHANGE
282 self.assertTrue(self.file_ace_check(self.f2, child_file_ace))
284 # nested dir 'oi_dir/nested/nested_again' should have OI|IO/CHANGE
285 child_dir_ace = self.ace_parse_str(dir_mod_inherited_ace_str)
286 self.assertTrue(self.file_ace_check(self.nested_again_dir, child_dir_ace))
288 # nested file 'oi_dir/nested/nested_agsin/file-3' should have inherited I/CHANGE
289 self.assertTrue(self.file_ace_check(self.f3, child_file_ace))
291 except BlackboxProcessError as e:
294 def test_simple_ci_add(self):
295 """test smbcacls '--propagate-inheritance --add' which attempts to add the ACL
296 for the file and additionally use inheritance rules to propagate appropriate
299 This test adds an ACL with (CI)(READ)
303 +-tar_test_dir/ (OI)(CI)(I)(F)
304 +-oi_dir/ (OI)(CI)(I)(F)
306 | +-nested/ (OI)(CI)(I)(F)
308 | +-nested_again/ (OI)(CI)(I)(F)
313 +-tar_test_dir/ (OI)(CI)(I)(F)
314 +-oi_dir/ (OI)(CI)(I)(F), (CI)(READ)
316 | +-nested/ (OI)(CI)(I)(F), (CI)((I)(READ)
318 | +-nested_again/ (OI)(CI)(I)(F), (CI)((I)(READ)
321 dir_add_acl_str = "ACL:%s:ALLOWED/CI/READ" % self.user
322 file_inherited_ace_str = "ACL:%s:ALLOWED/I/READ" % self.user
323 dir_inherited_ace_str = "ACL:%s:ALLOWED/CI|I/READ" % self.user
325 self.smb_cacls(["--propagate-inheritance", "--add",
326 dir_add_acl_str, self.oi_dir])
328 # check top level container 'oi_dir' has CI/READ
329 dir_ace = self.ace_parse_str(dir_add_acl_str)
330 self.assertTrue(self.file_ace_check(self.oi_dir, dir_ace))
332 # nested file 'oi_dir/file-1' should NOT have inherited I/READ
333 child_file_ace = self.ace_parse_str(file_inherited_ace_str)
334 self.assertTrue(self.file_ace_check(self.f1, child_file_ace) == False)
336 # nested dir 'oi_dir/nested/' should have CI|I|READ
337 child_dir_ace = self.ace_parse_str(dir_inherited_ace_str)
338 self.assertTrue(self.file_ace_check(self.nested_dir, child_dir_ace))
340 # nested file 'oi_dir/nested/file-2' should NOT have inherited I/READ
341 child_file_ace = self.ace_parse_str(file_inherited_ace_str)
342 self.assertTrue(self.file_ace_check(self.f2, child_file_ace) == False)
344 # nested dir 'oi_dir/nested/nested_again' should have CI|I|READ
345 child_dir_ace = self.ace_parse_str(dir_inherited_ace_str)
346 self.assertTrue(self.file_ace_check(self.nested_again_dir, child_dir_ace))
348 # nested file 'oi_dir/nested/nested_again/file-3' should NOT have inherited I/READ
349 child_file_ace = self.ace_parse_str(file_inherited_ace_str)
350 self.assertTrue(self.file_ace_check(self.f3, child_file_ace) == False)
352 except BlackboxProcessError as e:
355 def test_simple_ci_delete(self):
356 """test smbcacls '--propagate-inheritance --add' which attempts to add the ACL
357 for the file and additionally use inheritance rules to propagate appropriate
360 This test delete an ACL with (CI)(READ)
364 +-tar_test_dir/ (OI)(CI)(I)(F)
365 +-oi_dir/ (OI)(CI)(I)(F), (CI)(READ)
367 | +-nested/ (OI)(CI)(I)(F), (CI)((I)(READ)
369 | +-nested_again/ (OI)(CI)(I)(F), (CI)((I)(READ)
374 +-tar_test_dir/ (OI)(CI)(I)(F)
375 +-oi_dir/ (OI)(CI)(I)(F)
377 | +-nested/ (OI)(CI)(I)(F)
379 | +-nested_again/ (OI)(CI)(I)(F)
382 dir_acl_str = "ACL:%s:ALLOWED/CI/READ" % self.user
383 file_inherited_ace_str = "ACL:%s:ALLOWED/I/READ" % self.user
384 dir_inherited_ace_str = "ACL:%s:ALLOWED/CI|I/READ" % self.user
387 # add flags on oi_dir
388 self.smb_cacls(["--add", dir_acl_str, self.oi_dir])
390 # add flags on oi_dir/nested
391 self.smb_cacls(["--add", dir_inherited_ace_str, self.nested_dir])
393 # add flags on oi_dir/nested/nested_again
394 self.smb_cacls(["--add", dir_inherited_ace_str, self.nested_dir])
396 # make sure no (I|READ) flags on oi_dir/file-1
397 self.smb_cacls(["--delete", file_inherited_ace_str, self.f1])
399 # make sure no (I|READ) flags on oi_dir/nested/file-2
400 self.smb_cacls(["--delete", file_inherited_ace_str, self.f2])
402 # make sure no (I|READ) flags on oi_dir/nested/nested_again/file-3
403 self.smb_cacls(["--delete", file_inherited_ace_str, self.f2])
405 self.smb_cacls(["--propagate-inheritance",
407 dir_acl_str, self.oi_dir])
409 # check top level container 'oi_dir' no longer has CI/READ
410 dir_ace = self.ace_parse_str(dir_acl_str)
411 self.assertTrue(self.file_ace_check(self.oi_dir, dir_ace) == False)
413 child_file_ace = self.ace_parse_str(file_inherited_ace_str)
414 # nested file 'oi_dir/file-1' should NOT have inherited I/READ
415 self.assertTrue(self.file_ace_check(self.f1, child_file_ace) == False)
417 child_dir_ace = self.ace_parse_str(dir_inherited_ace_str)
418 # nested dir 'oi_dir/nested/' should no longer have CI|I|READ
419 self.assertTrue(self.file_ace_check(self.nested_dir, child_dir_ace) == False)
421 # nested dir 'oi_dir/nested/nested_again' should no longer have CI|I|READ
422 self.assertTrue(self.file_ace_check(self.nested_again_dir, child_dir_ace) == False)
424 except BlackboxProcessError as e:
427 def test_simple_ci_modify(self):
428 """test smbcacls '--propagate-inheritance --modify' which attempts to modify ACL
429 for the file and additionally use inheritance rules to propagate appropriate
432 This test first adds an ACL with (CI)(R), then it modifies that acl to be
433 (CI)(D) - where D == 0x00110000
437 +-tar_test_dir/ (OI)(CI)(I)(F)
440 | +-nested/ (CI)(I)(R)
442 | +-nested_again/ (CI)(I)(R)
448 +-tar_test_dir/ (OI)(CI)(I)(F)
449 +-oi_dir/ (CI)(CHANGE)
451 | +-nested/ (CI)(I)(CHANGE)
453 | +-nested_again/ (CI)(I)(CHANGE)
456 dir_acl_str = "ACL:%s:ALLOWED/CI/READ" % self.user
457 file_inherited_ace_str = "ACL:%s:ALLOWED/I/READ" % self.user
458 dir_inherited_ace_str = "ACL:%s:ALLOWED/CI|I/READ" % self.user
459 dir_mod_acl_str = "ACL:%s:ALLOWED/CI/CHANGE" % self.user
460 file_mod_inherited_ace_str = "ACL:%s:ALLOWED/I/CHANGE" % self.user
461 dir_mod_inherited_ace_str = "ACL:%s:ALLOWED/CI|I/CHANGE" % self.user
462 delete_ace_str = "ACL:%s:ALLOWED/0x0/RWD" % self.user
465 # This is somewhat artificial, we need to add a new acl to the
466 # directory so that the following modify operation doesn't fail.
467 # Previously '--modify' was used in place of '--add' but that
468 # resulted in failure to access the directory ( or even modify
470 # Note: when running this test against a windows server it seems
471 # that running as Administrator ensures best results
472 self.smb_cacls(["--add", dir_acl_str, self.oi_dir])
474 # add flags on oi_dir/nested
475 self.smb_cacls(["--add", dir_inherited_ace_str, self.nested_dir])
477 # add flags on oi_dir/nested/nested_again
478 self.smb_cacls(["--add", dir_inherited_ace_str, self.nested_again_dir])
480 self.smb_cacls(["--propagate-inheritance", "--modify",
481 dir_mod_acl_str, self.oi_dir])
483 # check top level container 'oi_dir' has CI/CHANGE
484 dir_ace = self.ace_parse_str(dir_mod_acl_str)
485 self.assertTrue(self.file_ace_check(self.oi_dir, dir_ace))
487 # nested file 'oi_dir/file-1' should NOT have inherited I/CHANGE
488 child_file_ace = self.ace_parse_str(file_mod_inherited_ace_str)
489 self.assertTrue(self.file_ace_check(self.f1, child_file_ace) == False)
491 # nested dir 'oi_dir/nested/' should have OI|I/CHANGE
492 child_dir_ace = self.ace_parse_str(dir_mod_inherited_ace_str)
493 self.assertTrue(self.file_ace_check(self.nested_dir, child_dir_ace))
495 # nested file 'oi_dir/nested/file-2' should NOT have inherited I/CHANGE
496 child_file_ace = self.ace_parse_str(file_mod_inherited_ace_str)
497 self.assertTrue(self.file_ace_check(self.f2, child_file_ace) == False)
499 # nested dir 'oi_dir/nested/nested_again' should have OI|I/CHANGE
500 child_dir_ace = self.ace_parse_str(dir_mod_inherited_ace_str)
501 self.assertTrue(self.file_ace_check(self.nested_again_dir, child_dir_ace))
503 # nested file 'oi_dir/nested/nested_again/file-3' should NOT have inherited I/CHANGE
504 child_file_ace = self.ace_parse_str(file_mod_inherited_ace_str)
505 self.assertTrue(self.file_ace_check(self.f3, child_file_ace) == False)
507 # set some flags to allow us to delete the files
508 self.smb_cacls(["--set", delete_ace_str, self.f1])
509 self.smb_cacls(["--set", delete_ace_str, self.f2])
510 self.smb_cacls(["--set", delete_ace_str, self.f3])
512 except BlackboxProcessError as e:
515 def test_simple_cioi_add(self):
516 """test smbcacls '--propagate-inheritance --add' which attempts to add the ACL
517 for the file and additionally use inheritance rules to propagate appropriate
520 This test adds an ACL with (CI)(OI)(READ)
524 +-tar_test_dir/ (OI)(CI)(I)(F)
525 +-oi_dir/ (OI)(CI)(I)(F)
527 | +-nested/ (OI)(CI)(I)(F)
529 | +-nested_again/ (OI)(CI)(I)(F)
534 +-tar_test_dir/ (OI)(CI)(I)(F)
535 +-oi_dir/ (OI)(CI)(I)(F), (CI)(OI)READ)
536 | +-file.1 (I)(F), (I)(READ)
537 | +-nested/ (OI)(CI)(I)(F), (CI)(OI)(I)(READ)
538 | +-file.2 (I)(F), (I)(READ)
539 | +-nested_again/ (OI)(CI)(I)(F), (CI)(OI)(I)(READ)
540 | +-file.3 (I)(F), (I)(READ)"""
542 dir_add_acl_str = "ACL:%s:ALLOWED/OI|CI/READ" % self.user
543 file_inherited_ace_str = "ACL:%s:ALLOWED/I/READ" % self.user
544 dir_inherited_ace_str = "ACL:%s:ALLOWED/OI|CI|I/READ" % self.user
548 self.smb_cacls(["--propagate-inheritance", "--add",
549 dir_add_acl_str, self.oi_dir])
551 # check top level container 'oi_dir' has OI|CI/READ
552 dir_ace = self.ace_parse_str(dir_add_acl_str)
553 self.assertTrue(self.file_ace_check(self.oi_dir, dir_ace))
555 # nested file 'oi_dir/file-1' should have inherited I/READ
556 child_file_ace = self.ace_parse_str(file_inherited_ace_str)
557 self.assertTrue(self.file_ace_check(self.f1, child_file_ace))
559 # nested dir 'oi_dir/nested/' should have OI|CI|I|READ
560 child_dir_ace = self.ace_parse_str(dir_inherited_ace_str)
561 self.assertTrue(self.file_ace_check(self.nested_dir, child_dir_ace))
563 # nested file 'oi_dir/nested/file-2' should have inherited I/READ
564 child_file_ace = self.ace_parse_str(file_inherited_ace_str)
565 self.assertTrue(self.file_ace_check(self.f2, child_file_ace))
567 # nested dir 'oi_dir/nested/nested_again' should have OI|CI|I|READ
568 child_dir_ace = self.ace_parse_str(dir_inherited_ace_str)
569 self.assertTrue(self.file_ace_check(self.nested_again_dir, child_dir_ace))
571 # nested file 'oi_dir/nested/nested_again/file-3' should have inherited I/READ
572 child_file_ace = self.ace_parse_str(file_inherited_ace_str)
573 self.assertTrue(self.file_ace_check(self.f3, child_file_ace))
575 except BlackboxProcessError as e:
578 def test_simple_cioi_delete(self):
579 """test smbcacls '--propagate-inheritance --delete' which attempts to delete the
580 ACL for the file and additionally use inheritance rules to propagate
581 appropriate changes to children
583 This test deletes an ACL with (CI)(OI)(READ)
587 +-tar_test_dir/ (OI)(CI)(I)(F)
588 +-oi_dir/ (OI)(CI)(I)(F), (CI)(OI)(READ)
589 | +-file.1 (I)(F), (I)(READ)
590 | +-nested/ (OI)(CI)(I)(F), (CI)(OI)(I)(READ)
591 | +-file.2 (I)(F), (I)(READ)
592 | +-nested_again/ (OI)(CI)(I)(F), (CI)(OI)(I)(READ)
593 | +-file.3 (I)(F), (I)(READ)
597 +-tar_test_dir/ (OI)(CI)(I)(F)
598 +-oi_dir/ (OI)(CI)(I)(F)
600 | +-nested/ (OI)(CI)(I)(F)
602 | +-nested_again/ (OI)(CI)(I)(F)
606 dir_acl_str = "ACL:%s:ALLOWED/OI|CI/READ" % self.user
607 file_inherited_ace_str = "ACL:%s:ALLOWED/I/READ" % self.user
608 dir_inherited_ace_str = "ACL:%s:ALLOWED/OI|CI|I/READ" % self.user
612 # add flags on oi_dir
613 self.smb_cacls(["--add", dir_acl_str, self.oi_dir])
615 # add flags on oi_dir/nested
616 self.smb_cacls(["--add", dir_inherited_ace_str, self.nested_dir])
618 # add flags on oi_dir/file-1
619 self.smb_cacls(["--add", file_inherited_ace_str, self.f1])
621 # add flags on oi_dir/nested/file-2
622 self.smb_cacls(["--add", file_inherited_ace_str, self.f2])
624 # add flags on oi_dir/nested/nested_again/file-3
625 self.smb_cacls(["--add", file_inherited_ace_str, self.f2])
627 self.smb_cacls(["--propagate-inheritance", "--delete",
628 dir_acl_str, self.oi_dir])
630 # check top level container 'oi_dir' no longer has OI|CI/READ
631 dir_ace = self.ace_parse_str(dir_acl_str)
632 self.assertTrue(self.file_ace_check(self.oi_dir, dir_ace) == False)
634 # nested file 'oi_dir/file-1' should NOT have inherited I/READ
635 child_file_ace = self.ace_parse_str(file_inherited_ace_str)
636 self.assertTrue(self.file_ace_check(self.f1, child_file_ace) == False)
638 # nested dir 'oi_dir/nested/' should no longer have OI|CI|I|READ
639 child_dir_ace = self.ace_parse_str(dir_inherited_ace_str)
640 self.assertTrue(self.file_ace_check(self.nested_dir, child_dir_ace) == False)
641 # nested file 'oi_dir/nested/file-2' should NOT have inherited I/READ
642 child_file_ace = self.ace_parse_str(file_inherited_ace_str)
643 self.assertTrue(self.file_ace_check(self.f2, child_file_ace) == False)
644 # nested dir 'oi_dir/nested/nested_again' should no longer have OI|CI|I|READ
645 child_dir_ace = self.ace_parse_str(dir_inherited_ace_str)
646 self.assertTrue(self.file_ace_check(self.nested_again_dir, child_dir_ace) == False)
647 # nested file 'oi_dir/nested/nested_againfile-2' should NOT have inherited I/READ
648 child_file_ace = self.ace_parse_str(file_inherited_ace_str)
649 self.assertTrue(self.file_ace_check(self.f3, child_file_ace) == False)
650 except BlackboxProcessError as e:
653 def test_simple_cioi_modify(self):
654 """test smbcacls '--propagate-inheritance --modify' which attempts to modify the
655 ACLfor the file and additionally use inheritance rules to propagate
656 appropriate changes to children
658 This test first adds an ACL with (CI)(OI)(R), then it modifies that acl to be
659 (CI)(OI)(D) - where D == 0x00110000
663 +-tar_test_dir/ (OI)(CI)(I)(F)
664 +-oi_dir/ (CI)(OI)(R)
666 | +-nested/ (CI)(OI)(I)(R)
668 | +-nested_again/ (CI)(OI)(I)(R)
673 +-tar_test_dir/ (OI)(CI)(I)(F)
674 +-oi_dir/ (CI)(OI)(CHANGE)
675 | +-file.1 (I)(CHANGE)
676 | +-nested/ (CI)(OI)(I)(CHANGE)
677 | +-file.2 (I)(CHANGE)
678 | +-nested_again/ (CI)(OI)(I)(CHANGE)
679 | +-file.3 (I)(CHANGE)"""
681 dir_acl_str = "ACL:%s:ALLOWED/OI|CI/R" % self.user
682 file_inherited_ace_str = "ACL:%s:ALLOWED/I/R" % self.user
683 dir_inherited_ace_str = "ACL:%s:ALLOWED/OI|CI|I/R" % self.user
685 dir_mod_acl_str = "ACL:%s:ALLOWED/OI|CI/CHANGE" % self.user
686 file_mod_inherited_ace_str = "ACL:%s:ALLOWED/I/CHANGE" % self.user
687 dir_mod_inherited_ace_str = "ACL:%s:ALLOWED/OI|CI|I/CHANGE" % self.user
689 # add flags on oi_dir
691 # This is somewhat artificial, we need to add a new acl to the
692 # directory so that the following modify operation doesn't fail.
693 # Previously '--modify' was used in place of '--add' but that
694 # resulted in failure to access the directory ( or even modify
695 # the acl ). Note: when running this test against a windows server
696 # it seems that running as Administrator ensures best results
698 self.smb_cacls(["--add", dir_acl_str, self.oi_dir])
700 # add flags on oi_dir/nested
701 self.smb_cacls(["--add", dir_inherited_ace_str, self.nested_dir])
703 # add flags on oi_dir/nested/nested_again
704 self.smb_cacls(["--add", dir_inherited_ace_str, self.nested_again_dir])
706 # add flags on oi_dir/file-1
707 self.smb_cacls(["--add", file_inherited_ace_str, self.f1])
709 # add flags on oi_dir/nested/file-2
710 self.smb_cacls(["--add", file_inherited_ace_str, self.f2])
712 # add flags on oi_dir/nested/nested_again/file-2
713 self.smb_cacls(["--add", file_inherited_ace_str, self.f3])
715 self.smb_cacls(["--propagate-inheritance", "--modify",
716 dir_mod_acl_str, self.oi_dir])
718 # check top level container 'oi_dir' has OI|CI/CHANGE
719 dir_ace = self.ace_parse_str(dir_mod_acl_str)
720 self.assertTrue(self.file_ace_check(self.oi_dir, dir_ace))
722 # nested file 'oi_dir/file-1' should have inherited I|CHANGE
723 child_file_ace = self.ace_parse_str(file_mod_inherited_ace_str)
724 self.assertTrue(self.file_ace_check(self.f1, child_file_ace))
726 # nested dir 'oi_dir/nested/' should have OI|CI|I|CHANGE
727 child_dir_ace = self.ace_parse_str(dir_mod_inherited_ace_str)
728 self.file_ace_check(self.nested_dir, child_dir_ace)
730 # nested file 'oi_dir/nested/file-2' should have inherited I|CHANGE
731 child_file_ace = self.ace_parse_str(file_mod_inherited_ace_str)
732 self.assertTrue(self.file_ace_check(self.f2, child_file_ace))
734 # nested dir 'oi_dir/nested/nested_again' should have OI|CI|I|CHANGE
735 child_dir_ace = self.ace_parse_str(dir_mod_inherited_ace_str)
736 self.file_ace_check(self.nested_again_dir, child_dir_ace)
738 # nested file 'oi_dir/nested/nested_again/file-3' should have inherited I|CHANGE
739 child_file_ace = self.ace_parse_str(file_mod_inherited_ace_str)
740 self.assertTrue(self.file_ace_check(self.f3, child_file_ace))
742 except BlackboxProcessError as e:
745 def test_simple_set_fail(self):
746 """test smbcacls '--propagate-inheritance --set' which attempts to set the ACL
747 for the file and additionally use inheritance rules to propagate appropriate
750 This test adds an ACL with (CI)(OI)(READ)
754 +-tar_test_dir/ (OI)(CI)(I)(F)
755 +-oi_dir/ (OI)(CI)(I)(F)
757 | +-nested/ (OI)(CI)(I)(F)
759 | +-nested_again/ (OI)(CI)(I)(F)
763 fail, oid_dir has inheritance enabled, set should fail and exit with '1'"""
764 dir_acl_str = "ACL:%s:ALLOWED/OI|CI/R" % self.user
765 file_inherited_ace_str = "ACL:%s:ALLOWED/I/R" % self.user
766 dir_inherited_ace_str = "ACL:%s:ALLOWED/OI|CI|I/R" % self.user
769 f1 = self.create_remote_test_file("oi_dir/file-1")
770 f2 = self.create_remote_test_file("oi_dir/nested/file-2")
771 oi_dir = os.path.split(f1)[0]
772 nested_dir = os.path.split(f2)[0]
775 self.smb_cacls(["--propagate-inheritance", "--set",
776 dir_acl_str, oi_dir])
777 self.fail("%s succeeded unexpectedly while processing container with inheritance enabled")
778 except BlackboxProcessError as e:
781 except BlackboxProcessError as e:
784 def test_simple_oici_set(self):
785 """test smbcacls '--propagate-inheritance --set' which attempts to set the ACL
786 for the file and additionally use inheritance rules to propagate appropriate
789 This test adds an ACL with (CI)(OI)(RWD) additionally it removes
790 inheritance from oi_dir
794 +-tar_test_dir/ (OI)(CI)(I)(F)
795 +-oi_dir/ (OI)(CI)(I)(F)
797 | +-nested/ (OI)(CI)(I)(F)
799 | +-nested_again/ (OI)(CI)(I)(F)
804 +-tar_test_dir/ (OI)(CI)(I)(F)
805 +-oi_dir/ (OI)(CI)(RWD)
807 | +-nested/ (OI)(CI)(I)(RWD)
809 | +-nested_again/ (OI)(CI)(I)(RWD)
810 | +-file.3 (I)(RWD)"""
812 dir_acl_str = "ACL:%s:ALLOWED/OI|CI/RWD" % self.user
813 file_inherited_ace_str = "ACL:%s:ALLOWED/I/RWD" % self.user
814 dir_inherited_ace_str = "ACL:%s:ALLOWED/OI|CI|I/RWD" % self.user
817 # smb_cacls --inherit=copy
818 self.smb_cacls(["--inherit=copy", self.oi_dir])
820 self.smb_cacls(["--propagate-inheritance", "--set",
821 dir_acl_str, self.oi_dir])
823 # check top level container 'oi_dir' has OI|CI/RWD
824 dir_ace = self.ace_parse_str(dir_acl_str)
825 self.assertTrue(self.file_ace_check(self.oi_dir, dir_ace))
827 # check nested file oi_dir/file-1 has I/RWD
828 child_file_ace = self.ace_parse_str(file_inherited_ace_str)
829 self.assertTrue(self.file_ace_check(self.f1, child_file_ace))
831 # check nested dir oi_dir/nested has OI|CI|I/RWD
832 child_dir_ace = self.ace_parse_str(dir_inherited_ace_str)
833 self.assertTrue(self.file_ace_check(self.nested_dir, child_dir_ace))
835 # check nested file oi_dir/nested/file-2 has I/RWD
836 child_file_ace = self.ace_parse_str(file_inherited_ace_str)
837 self.assertTrue(self.file_ace_check(self.f2, child_file_ace))
839 # check nested dir oi_dir/nested/nested_again has OI|CI|I/RWD
840 child_dir_ace = self.ace_parse_str(dir_inherited_ace_str)
841 self.assertTrue(self.file_ace_check(self.nested_again_dir, child_dir_ace))
843 # check nested file oi_dir/nested/nested_again/file-3 has I/RWD
844 child_file_ace = self.ace_parse_str(file_inherited_ace_str)
845 self.assertTrue(self.file_ace_check(self.f3, child_file_ace))
847 except BlackboxProcessError as e:
850 def test_simple_ci_set(self):
851 """test smbcacls '--propagate-inheritance --set' which attempts to set the ACL
852 for the file and additionally use inheritance rules to propagate appropriate
855 This test adds an ACL with (CI)(RWD) additionally it removes
856 inheritance from oi_dir
860 +-tar_test_dir/ (OI)(CI)(I)(F)
861 +-oi_dir/ (OI)(CI)(I)(F)
863 | +-nested/ (OI)(CI)(I)(F)
865 | +-nested_again/ (OI)(CI)(I)(F)
870 +-tar_test_dir/ (OI)(CI)(I)(RWD)
873 | +-nested/ (CI)(I)(RWD)
875 | +-nested_again/ (CI)(I)(RWD)
877 dir_acl_str = "ACL:%s:ALLOWED/CI/RWD" % self.user
878 file_inherited_ace_str = "ACL:%s:ALLOWED/I/RWD" % self.user
879 dir_inherited_ace_str = "ACL:%s:ALLOWED/CI|I/RWD" % self.user
880 delete_ace_str = "ACL:%s:ALLOWED/0x0/RWD" % self.user
883 # smb_cacls --inherit=copy
884 self.smb_cacls(["--inherit=copy", self.oi_dir])
886 self.smb_cacls(["--propagate-inheritance", "--set",
887 dir_acl_str, self.oi_dir])
889 out = self.smb_cacls([self.oi_dir])
891 nacls = len([i for i in out.decode().split("\n") if i.startswith("ACL")])
893 # Although there maybe a couple of users with associated acl(s)
894 # before set, after set there should only be 1 acl
896 self.assertEqual(nacls, 1)
898 # check top level container 'oi_dir' has OI|CI/RWD
899 dir_ace = self.ace_parse_str(dir_acl_str)
900 self.assertTrue(self.file_ace_check(self.oi_dir, dir_ace))
902 # note can't check file because it has no ACL ( due to CI )
903 # check nested dir 'oi_dir/nested' has CI|I/RWD
904 child_dir_ace = self.ace_parse_str(dir_inherited_ace_str)
905 self.assertTrue(self.file_ace_check(self.nested_dir, child_dir_ace))
907 # check nested dir 'oi_dir/nested/nested_again' has CI|I/RWD
908 child_dir_ace = self.ace_parse_str(dir_inherited_ace_str)
909 self.assertTrue(self.file_ace_check(self.nested_dir, child_dir_ace))
910 self.smb_cacls(["--set", delete_ace_str, self.f1])
911 self.smb_cacls(["--set", delete_ace_str, self.f2])
912 self.smb_cacls(["--set", delete_ace_str, self.f3])
913 except BlackboxProcessError as e:
916 def test_simple_cioinp_add(self):
917 """test smbcacls '--propagate-inheritance --add' which attempts to add the ACL
918 for the file and additionally use inheritance rules to propagate appropriate
921 This test adds an ACL with (CI)(OI)(NP)(CHANGE)
922 (NP) - no propagation should not propagate the changes any further containers
926 +-tar_test_dir/ (OI)(CI)(I)(F)
927 +-oi_dir/ (OI)(CI)(I)(F)
929 | +-nested/ (OI)(CI)(I)(F)
931 | +-nested_again/ (OI)(CI)(I)(F)
936 +-tar_test_dir/ (OI)(CI)(I)(F)
937 +-oi_dir/ (OI)(CI)(I)(F), (CI)(OI)(NP)(CHANGE)
938 | +-file.1 (I)(F), (I)(CHANGE)
939 | +-nested/ (OI)(CI)(I)(F), (I)(M)
941 | +-nested_again/ (OI)(CI)(I)(F)
944 dir_add_acl_str = "ACL:%s:ALLOWED/OI|CI|NP/CHANGE" % self.user
945 inherited_ace_str = "ACL:%s:ALLOWED/I/CHANGE" % self.user
947 self.smb_cacls(["--propagate-inheritance", "--add",
948 dir_add_acl_str, self.oi_dir])
950 # check top level container 'oi_dir' has OI|CI|NP/READ
951 dir_ace = self.ace_parse_str(dir_add_acl_str)
952 self.assertTrue(self.file_ace_check(self.oi_dir, dir_ace))
954 child_file_ace = self.ace_parse_str(inherited_ace_str)
955 # nested file 'oi_dir/file-1' should have inherited I/CHANGE
956 self.assertTrue(self.file_ace_check(self.f1, child_file_ace))
958 # nested dir 'oi_dir/nested' should have inherited I/CHANGE
959 child_dir_ace = self.ace_parse_str(inherited_ace_str)
960 self.assertTrue(self.file_ace_check(self.nested_dir, child_dir_ace))
961 # nested file 'oi_dir/nested/file-2' should NOT have I/CHANGE
962 child_dir_ace = self.ace_parse_str(inherited_ace_str)
963 self.assertTrue(self.file_ace_check(self.f2, child_dir_ace) == False)
964 # nested dir 'oi_dir/nested/nested_again/' should NOT have I/CHANGE
965 child_dir_ace = self.ace_parse_str(inherited_ace_str)
966 self.assertTrue(self.file_ace_check(self.nested_again_dir, child_dir_ace) == False)
967 # nested file 'oi_dir/nested/nested_again/file-3' should NOT have I/CHANGE
968 child_dir_ace = self.ace_parse_str(inherited_ace_str)
969 self.assertTrue(self.file_ace_check(self.f3, child_dir_ace) == False)
971 except BlackboxProcessError as e:
974 def test_simple_oinp_add(self):
975 """test smbcacls '--propagate-inheritance --add' which attempts to add the ACL
976 for the file and additionally use inheritance rules to propagate appropriate
979 This test adds an ACL with (OI)(NP)(CHANGE)
980 (NP) - no propagation should not propagate the changes any further containers
984 +-tar_test_dir/ (OI)(CI)(I)(F)
985 +-oi_dir/ (OI)(CI)(I)(F)
987 | +-nested/ (OI)(CI)(I)(F)
989 | +-nested_again/ (OI)(CI)(I)(F)
994 +-tar_test_dir/ (OI)(CI)(I)(F)
995 +-oi_dir/ (OI)(CI)(I)(F), (OI)(NP)(CHANGE)
996 | +-file.1 (I)(F), (I)(CHANGE)
997 | +-nested/ (OI)(CI)(I)(F)
999 | +-nested_again/ (OI)(CI)(I)(F)
1000 | +-file.3 (I)(F)"""
1002 dir_add_acl_str = "ACL:%s:ALLOWED/OI|NP/CHANGE" % self.user
1003 inherited_ace_str = "ACL:%s:ALLOWED/I/CHANGE" % self.user
1005 self.smb_cacls(["--propagate-inheritance",
1007 dir_add_acl_str, self.oi_dir])
1009 # check top level container 'oi_dir' has OI|NP/CHANGE
1010 dir_ace = self.ace_parse_str(dir_add_acl_str)
1011 self.assertTrue(self.file_ace_check(self.oi_dir, dir_ace))
1013 child_file_ace = self.ace_parse_str(inherited_ace_str)
1014 # nested file 'oi_dir/file-1' should have inherited I/CHANGE
1015 self.assertTrue(self.file_ace_check(self.f1, child_file_ace))
1017 # nested dir 'oi_dir/nested' should NOT have I/CHANGE
1018 child_dir_ace = self.ace_parse_str(inherited_ace_str)
1019 self.assertTrue(self.file_ace_check(self.nested_dir, child_dir_ace) == False)
1021 child_file_ace = self.ace_parse_str(inherited_ace_str)
1022 # nested file 'oi_dir/nested/file-1' should NOT have inherited I/CHANGE
1023 self.assertTrue(self.file_ace_check(self.f2, child_file_ace) == False)
1025 except BlackboxProcessError as e:
1028 def test_simple_cinp_add(self):
1029 """# test smbcacls '--propagate-inheritance --add' which attempts to add the ACL
1030 for the file and additionally use inheritance rules to propagate appropriate
1033 This test adds an ACL with (CI)(NP)(CHANGE)
1034 (NP) - no propagation should not propagate the changes any further containers
1038 +-tar_test_dir/ (OI)(CI)(I)(F)
1039 +-oi_dir/ (OI)(CI)(I)(F)
1041 | +-nested/ (OI)(CI)(I)(F)
1043 | +-nested_again/ (OI)(CI)(I)(F)
1048 +-tar_test_dir/ (OI)(CI)(I)(F)
1049 +-oi_dir/ (OI)(CI)(I)(F), (CI)(NP)(CHANGE)
1051 | +-nested/ (OI)(CI)(I)(F), (I)(CHANGE)
1053 | +-nested_again/ (OI)(CI)(I)(F)
1054 | +-file.3 (I)(F)"""
1056 dir_add_acl_str = "ACL:%s:ALLOWED/CI|NP/CHANGE" % self.user
1057 inherited_ace_str = "ACL:%s:ALLOWED/I/CHANGE" % self.user
1059 self.smb_cacls(["--propagate-inheritance", "--add",
1060 dir_add_acl_str, self.oi_dir])
1062 # check top level container 'oi_dir' has CI|NP/READ
1063 dir_ace = self.ace_parse_str(dir_add_acl_str)
1064 self.assertTrue(self.file_ace_check(self.oi_dir, dir_ace))
1066 # nested file 'oi_dir/file-1' should NOT have inherited I/CHANGE
1067 child_file_ace = self.ace_parse_str(inherited_ace_str)
1068 self.assertTrue(self.file_ace_check(self.f1, child_file_ace) == False)
1070 # nested dir 'oi_dir/nested' should have I/CHANGE
1071 child_dir_ace = self.ace_parse_str(inherited_ace_str)
1072 self.assertTrue(self.file_ace_check(self.nested_dir, child_dir_ace))
1074 # nested file 'oi_dir/nested/file-2' should NOT have inherited I/CHANGE
1075 child_file_ace = self.ace_parse_str(inherited_ace_str)
1076 self.assertTrue(self.file_ace_check(self.f2, child_file_ace) == False)
1078 # nested dir 'oi_dir/nested/nested_again' should have NOT I/CHANGE
1079 child_dir_ace = self.ace_parse_str(inherited_ace_str)
1080 self.assertTrue(self.file_ace_check(self.nested_again_dir, child_dir_ace) == False)
1081 # nested file 'oi_dir/nested/nested_again/file-3' should NOT have inherited I/CHANGE
1082 child_file_ace = self.ace_parse_str(inherited_ace_str)
1083 self.assertTrue(self.file_ace_check(self.f3, child_file_ace) == False)
1085 except BlackboxProcessError as e:
1088 def test_simple_cioinp_delete(self):
1089 """test smbcacls '--propagate-inheritance --delete' which attempts to delete
1090 the ACL for the file and additionally use inheritance rules to propagate
1091 appropriate changes to children
1093 This test adds an ACL with (CI)(OI)(NP)(CHANGE)
1094 (NP) - no propagation should not propagate the changes any further containers
1098 +-tar_test_dir/ (OI)(CI)(I)(F)
1099 +-oi_dir/ (OI)(CI)(I)(F), (CI)(OI)(NP)(CHANGE)
1100 | +-file.1 (I)(F), (I)(CHANGE)
1101 | +-nested/ (OI)(CI)(I)(F), (I)(CHANGE)
1106 +-tar_test_dir/ (OI)(CI)(I)(F)
1107 +-oi_dir/ (OI)(CI)(I)(F)
1109 | +-nested/ (OI)(CI)(I)(F)
1110 | +-file.2 (I)(F)"""
1112 dir_add_acl_str = "ACL:%s:ALLOWED/OI|CI|NP/CHANGE" % self.user
1113 inherited_ace_str = "ACL:%s:ALLOWED/I/CHANGE" % self.user
1116 self.smb_cacls(["--add", dir_add_acl_str, self.oi_dir])
1118 self.smb_cacls(["--add", inherited_ace_str, self.f1])
1120 self.smb_cacls(["--add", inherited_ace_str, self.nested_dir])
1122 self.smb_cacls(["--propagate-inheritance", "--delete",
1123 dir_add_acl_str, self.oi_dir])
1125 # check top level container 'oi_dir' does NOT have OI|CI|NP/READ
1126 dir_ace = self.ace_parse_str(dir_add_acl_str)
1127 self.assertTrue(self.file_ace_check(self.oi_dir, dir_ace) == False)
1129 # nested file 'oi_dir/file-1' should NOT have inherited I/CHANGE
1130 child_file_ace = self.ace_parse_str(inherited_ace_str)
1131 self.assertTrue(self.file_ace_check(self.f1, child_file_ace) == False)
1133 # nested dir 'oi_dir/nested' should NOT have inherited I/CHANGE
1134 child_dir_ace = self.ace_parse_str(inherited_ace_str)
1135 self.assertTrue(self.file_ace_check(self.nested_dir, child_dir_ace) == False)
1136 except BlackboxProcessError as e:
1139 def test_simple_oinp_delete(self):
1140 """test smbcacls '--propagate-inheritance --delete' which attempts to delete the
1141 ACL for the file and additionally use inheritance rules to propagate
1142 appropriate changes to children
1144 This test adds an ACL with (OI)(NP)(CHANGE)
1145 (NP) - no propagation should not propagate the changes any further containers
1149 +-tar_test_dir/ (OI)(CI)(I)(F)
1150 +-oi_dir/ (OI)(CI)(I)(F), (OI)(NP)(CHANGE)
1151 | +-file.1 (I)(F), (I)(CHANGE)
1152 | +-nested/ (OI)(CI)(I)(F)
1157 +-tar_test_dir/ (OI)(CI)(I)(F)
1158 +-oi_dir/ (OI)(CI)(I)(F)
1160 | +-nested/ (OI)(CI)(I)(F)
1161 | +-file.2 (I)(F)"""
1163 dir_add_acl_str = "ACL:%s:ALLOWED/OI|NP/CHANGE" % self.user
1164 inherited_ace_str = "ACL:%s:ALLOWED/I/CHANGE" % self.user
1167 # set up 'before' permissions
1168 self.smb_cacls(["--add", dir_add_acl_str, self.oi_dir])
1170 self.smb_cacls(["--add", inherited_ace_str, self.f1])
1172 self.smb_cacls(["--propagate-inheritance", "--delete",
1173 dir_add_acl_str, self.oi_dir])
1175 # check top level container 'oi_dir' does NOT have OI|NP/READ
1176 dir_ace = self.ace_parse_str(dir_add_acl_str)
1177 self.assertTrue(self.file_ace_check(self.oi_dir, dir_ace) == False)
1179 child_file_ace = self.ace_parse_str(inherited_ace_str)
1180 # nested file 'oi_dir/file-1' should NOT have inherited I/CHANGE
1181 self.assertTrue(self.file_ace_check(self.f1, child_file_ace) == False)
1183 except BlackboxProcessError as e:
1186 def test_simple_cinp_delete(self):
1187 """test smbcacls '--propagate-inheritance --delete' which attempts to delete the
1188 ACL for the file and additionally use inheritance rules to propagate
1189 appropriate changes to children
1191 This test adds an ACL with (CI)(NP)(CHANGE)
1192 (NP) - no propagation should not propagate the changes any further containers
1196 +-tar_test_dir/ (OI)(CI)(I)(F)
1197 +-oi_dir/ (OI)(CI)(I)(F), (CI)(NP)(CHANGE)
1199 | +-nested/ (OI)(CI)(I)(F), (I)(CHANGE)
1204 +-tar_test_dir/ (OI)(CI)(I)(F)
1205 +-oi_dir/ (OI)(CI)(I)(F)
1207 | +-nested/ (OI)(CI)(I)(F)
1208 | +-file.2 (I)(F)"""
1210 dir_add_acl_str = "ACL:%s:ALLOWED/CI|NP/CHANGE" % self.user
1211 inherited_ace_str = "ACL:%s:ALLOWED/I/CHANGE" % self.user
1214 self.smb_cacls(["--add", dir_add_acl_str, self.oi_dir])
1216 self.smb_cacls(["--add", inherited_ace_str, self.nested_dir])
1218 self.smb_cacls(["--propagate-inheritance", "--delete",
1219 dir_add_acl_str, self.oi_dir])
1221 # check top level container 'oi_dir' doesn't have CI|NP/READ
1222 dir_ace = self.ace_parse_str(dir_add_acl_str)
1223 self.assertTrue(self.file_ace_check(self.oi_dir, dir_ace) == False)
1225 child_file_ace = self.ace_parse_str(inherited_ace_str)
1226 # nested file 'oi_dir/file-1' should NOT have inherited I/CHANGE
1227 self.assertTrue(self.file_ace_check(self.f1, child_file_ace) == False)
1229 # nested dir 'oi_dir/nested' should NOT have I/CHANGE
1230 child_dir_ace = self.ace_parse_str(inherited_ace_str)
1231 self.assertTrue(self.file_ace_check(self.nested_dir, child_dir_ace) == False)
1233 except BlackboxProcessError as e:
1236 def test_simple_cioi_inhibit(self):
1237 """test smbcacls '--propagate-inheritance --add' which attempts to add the ACL
1238 for the file and additionally use inheritance rules to propagate appropriate
1239 changes to children. In particular it tests that inheritance removed does
1240 indeed prevent inheritance propagation
1242 This test adds an ACL with (CI)(OI)(CHANGE) at oi_dir
1244 Note: Inheritance has been removed ( and ace(s) copied ) at
1245 tar_test_dir/oi_dir/nested
1249 +-tar_test_dir/ (OI)(CI)(I)(F)
1250 +-oi_dir/ (OI)(CI)(I)(F)
1252 | +-nested/ (OI)(CI)(F)
1257 +-tar_test_dir/ (OI)(CI)(I)(F)
1258 +-oi_dir/ (OI)(CI)(I)(F), (CI)(OI)(CHANGE)
1259 | +-file.1 (I)(F), (I)((CHANGE)
1260 | +-nested/ (OI)(CI)(F)
1261 | +-file.2 (I)(F)"""
1262 dir_add_acl_str = "ACL:%s:ALLOWED/OI|CI/CHANGE" % self.user
1263 file_inherited_ace_str = "ACL:%s:ALLOWED/I/CHANGE" % self.user
1264 dir_inherited_ace_str = "ACL:%s:ALLOWED/OI|CI|I/CHANGE" % self.user
1267 # smb_cacls --inherit=copy
1268 self.smb_cacls(["--inherit=copy", self.nested_dir])
1270 self.smb_cacls(["--propagate-inheritance", "--add",
1271 dir_add_acl_str, self.oi_dir])
1273 # check top level container 'oi_dir' has OI|CI/CHANGE
1274 dir_ace = self.ace_parse_str(dir_add_acl_str)
1275 self.assertTrue(self.file_ace_check(self.oi_dir, dir_ace))
1277 # nested file 'oi_dir/file-1' should have inherited I/CHANGE
1278 child_file_ace = self.ace_parse_str(file_inherited_ace_str)
1279 self.assertTrue(self.file_ace_check(self.f1, child_file_ace))
1281 # nested dir 'oi_dir/nested/' should NOT have OI|CI|I/CHANGE
1282 child_dir_ace = self.ace_parse_str(dir_inherited_ace_str)
1283 self.assertTrue(self.file_ace_check(self.nested_dir, child_dir_ace) == False)
1285 # nested file 'oi_dir/nested/file-2' should NOT have I/CHANGE
1286 child_dir_ace = self.ace_parse_str(dir_inherited_ace_str)
1287 self.assertTrue(self.file_ace_check(self.f2, child_dir_ace) == False)
1289 except BlackboxProcessError as e:
git.samba.org / samba.git / blob