1 # Unix SMB/CIFS implementation. Tests for NT and posix ACL manipulation
2 # Copyright (C) Matthieu Patou <mat@matws.net> 2009-2010
3 # Copyright (C) Andrew Bartlett 2012
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
19 """Tests for the Samba3 NT -> posix ACL layer"""
21 from samba.ntacls import setntacl, getntacl, XattrBackendError
22 from samba.dcerpc import xattr, security, smb_acl
23 from samba.param import LoadParm
24 from samba.tests import TestCase, TestSkipped
25 from samba import provision
28 from samba.samba3 import smbd, passdb
29 from samba.samba3 import param as s3param
31 class PosixAclMappingTests(TestCase):
33 def test_setntacl(self):
36 path = os.environ['SELFTEST_PREFIX']
37 acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
38 tempf = os.path.join(path,"pytests"+str(int(100000*random.random())))
39 open(tempf, 'w').write("empty")
40 setntacl(lp, tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
43 def test_setntacl_smbd_getntacl(self):
47 path = os.environ['SELFTEST_PREFIX']
48 acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
49 tempf = os.path.join(path,"pytests"+str(int(100000*random.random())))
50 open(tempf, 'w').write("empty")
51 setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True)
52 facl = getntacl(lp,tempf)
53 anysid = security.dom_sid(security.SID_NT_SELF)
54 self.assertEquals(facl.as_sddl(anysid),acl)
57 def test_setntacl_getntacl_smbd(self):
61 path = os.environ['SELFTEST_PREFIX']
62 acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
63 tempf = os.path.join(path,"pytests"+str(int(100000*random.random())))
64 open(tempf, 'w').write("empty")
65 setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
66 facl = getntacl(lp,tempf, direct_db_access=True)
67 anysid = security.dom_sid(security.SID_NT_SELF)
68 self.assertEquals(facl.as_sddl(anysid),acl)
71 def test_setntacl_smbd_getntacl_smbd(self):
75 path = os.environ['SELFTEST_PREFIX']
76 acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
77 tempf = os.path.join(path,"pytests"+str(int(100000*random.random())))
78 open(tempf, 'w').write("empty")
79 setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True)
80 facl = getntacl(lp,tempf, direct_db_access=True)
81 anysid = security.dom_sid(security.SID_NT_SELF)
82 self.assertEquals(facl.as_sddl(anysid),acl)
85 def test_setntacl_getposixacl(self):
89 path = os.environ['SELFTEST_PREFIX']
90 acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
91 tempf = os.path.join(path,"pytests"+str(int(100000*random.random())))
92 open(tempf, 'w').write("empty")
93 setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
94 facl = getntacl(lp,tempf)
95 anysid = security.dom_sid(security.SID_NT_SELF)
96 self.assertEquals(facl.as_sddl(anysid),acl)
97 posix_acl = smbd.get_sys_acl(tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
100 def test_setntacl_sysvol_check_getposixacl(self):
103 s3conf = s3param.get_context()
105 path = os.environ['SELFTEST_PREFIX']
106 acl = provision.SYSVOL_ACL
107 tempf = os.path.join(path,"pytests"+str(int(100000*random.random())))
108 open(tempf, 'w').write("empty")
109 domsid = passdb.get_global_sam_sid()
110 setntacl(lp,tempf,acl,str(domsid), use_ntvfs=False)
111 facl = getntacl(lp,tempf)
112 self.assertEquals(facl.as_sddl(domsid),acl)
113 posix_acl = smbd.get_sys_acl(tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
115 # check that it matches:
129 super(PosixAclMappingTests, self).setUp()
130 s3conf = s3param.get_context()
131 s3conf.load(self.get_loadparm().configfile)