1 # Unix SMB/CIFS implementation. Tests for NT and posix ACL manipulation
2 # Copyright (C) Matthieu Patou <mat@matws.net> 2009-2010
3 # Copyright (C) Andrew Bartlett 2012
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
19 """Tests for the Samba3 NT -> posix ACL layer"""
21 from samba.ntacls import setntacl, getntacl, checkset_backend
22 from samba.dcerpc import xattr, security, smb_acl, idmap
23 from samba.param import LoadParm
24 from samba.tests import TestCaseInTempDir
25 from samba import provision
28 from samba.samba3 import smbd, passdb
29 from samba.samba3 import param as s3param
31 # To print a posix ACL use:
32 # for entry in posix_acl.acl:
33 # print "a_type: %d" % entry.a_type
34 # print "a_perm: %o" % entry.a_perm
35 # print "uid: %d" % entry.uid
36 # print "gid: %d" % entry.gid
38 class PosixAclMappingTests(TestCaseInTempDir):
40 def test_setntacl(self):
42 acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
43 setntacl(lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
45 def test_setntacl_smbd_getntacl(self):
47 acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
48 setntacl(lp,self.tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True)
49 facl = getntacl(lp,self.tempf, direct_db_access=True)
50 anysid = security.dom_sid(security.SID_NT_SELF)
51 self.assertEquals(facl.as_sddl(anysid),acl)
53 def test_setntacl_smbd_setposixacl_getntacl(self):
55 acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
56 setntacl(lp,self.tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True)
58 # This will invalidate the ACL, as we have a hook!
59 smbd.set_simple_acl(self.tempf, 0640)
61 # However, this only asks the xattr
63 facl = getntacl(lp, self.tempf, direct_db_access=True)
64 self.assertTrue(False)
68 def test_setntacl_invalidate_getntacl(self):
70 acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
71 setntacl(lp, self.tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True)
73 # This should invalidate the ACL, as we include the posix ACL in the hash
74 (backend_obj, dbname) = checkset_backend(lp, None, None)
75 backend_obj.wrap_setxattr(dbname,
76 self.tempf, "system.fake_access_acl", "")
78 #however, as this is direct DB access, we do not notice it
79 facl = getntacl(lp, self.tempf, direct_db_access=True)
80 anysid = security.dom_sid(security.SID_NT_SELF)
81 self.assertEquals(acl, facl.as_sddl(anysid))
83 def test_setntacl_invalidate_getntacl_smbd(self):
85 acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
86 setntacl(lp, self.tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
88 # This should invalidate the ACL, as we include the posix ACL in the hash
89 (backend_obj, dbname) = checkset_backend(lp, None, None)
90 backend_obj.wrap_setxattr(dbname,
91 self.tempf, "system.fake_access_acl", "")
93 #the hash would break, and we return an ACL based only on the mode, except we set the ACL using the 'ntvfs' mode that doesn't include a hash
94 facl = getntacl(lp, self.tempf)
95 anysid = security.dom_sid(security.SID_NT_SELF)
96 self.assertEquals(acl, facl.as_sddl(anysid))
98 def test_setntacl_smbd_invalidate_getntacl_smbd(self):
100 acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
101 simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x001200a9;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;WO;;;WD)"
102 os.chmod(self.tempf, 0750)
103 setntacl(lp, self.tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
105 # This should invalidate the ACL, as we include the posix ACL in the hash
106 (backend_obj, dbname) = checkset_backend(lp, None, None)
107 backend_obj.wrap_setxattr(dbname,
108 self.tempf, "system.fake_access_acl", "")
110 #the hash will break, and we return an ACL based only on the mode
111 facl = getntacl(lp, self.tempf, direct_db_access=False)
112 anysid = security.dom_sid(security.SID_NT_SELF)
113 self.assertEquals(simple_acl_from_posix, facl.as_sddl(anysid))
115 def test_setntacl_getntacl_smbd(self):
117 acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
118 setntacl(lp, self.tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True)
119 facl = getntacl(lp, self.tempf, direct_db_access=False)
120 anysid = security.dom_sid(security.SID_NT_SELF)
121 self.assertEquals(facl.as_sddl(anysid),acl)
123 def test_setntacl_smbd_getntacl_smbd(self):
125 acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
126 setntacl(lp, self.tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
127 facl = getntacl(lp, self.tempf, direct_db_access=False)
128 anysid = security.dom_sid(security.SID_NT_SELF)
129 self.assertEquals(facl.as_sddl(anysid),acl)
131 def test_setntacl_smbd_setposixacl_getntacl_smbd(self):
133 acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
134 simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x00120089;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;WO;;;WD)"
135 setntacl(lp, self.tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
136 # This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
137 smbd.set_simple_acl(self.tempf, 0640)
138 facl = getntacl(lp, self.tempf, direct_db_access=False)
139 anysid = security.dom_sid(security.SID_NT_SELF)
140 self.assertEquals(simple_acl_from_posix, facl.as_sddl(anysid))
142 def test_setntacl_smbd_setposixacl_group_getntacl_smbd(self):
144 acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
145 BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
146 simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x00120089;;;BA)(A;;0x00120089;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;WO;;;WD)"
147 setntacl(lp,self.tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
148 # This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
149 s3conf = s3param.get_context()
150 s4_passdb = passdb.PDB(s3conf.get("passdb backend"))
151 (BA_gid,BA_type) = s4_passdb.sid_to_id(BA_sid)
152 smbd.set_simple_acl(self.tempf, 0640, BA_gid)
154 # This should re-calculate an ACL based on the posix details
155 facl = getntacl(lp,self.tempf, direct_db_access=False)
156 anysid = security.dom_sid(security.SID_NT_SELF)
157 self.assertEquals(simple_acl_from_posix, facl.as_sddl(anysid))
159 def test_setntacl_smbd_getntacl_smbd_gpo(self):
161 acl = "O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
162 setntacl(lp, self.tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
163 facl = getntacl(lp, self.tempf, direct_db_access=False)
164 domsid = security.dom_sid("S-1-5-21-2212615479-2695158682-2101375467")
165 self.assertEquals(facl.as_sddl(domsid),acl)
167 def test_setntacl_getposixacl(self):
169 acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
170 setntacl(lp, self.tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
171 facl = getntacl(lp, self.tempf)
172 anysid = security.dom_sid(security.SID_NT_SELF)
173 self.assertEquals(facl.as_sddl(anysid),acl)
174 posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
176 def test_setposixacl_getposixacl(self):
178 smbd.set_simple_acl(self.tempf, 0640)
179 posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
180 self.assertEquals(posix_acl.count, 4)
182 self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_USER_OBJ)
183 self.assertEquals(posix_acl.acl[0].a_perm, 6)
185 self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
186 self.assertEquals(posix_acl.acl[1].a_perm, 4)
188 self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
189 self.assertEquals(posix_acl.acl[2].a_perm, 0)
191 self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_MASK)
192 self.assertEquals(posix_acl.acl[3].a_perm, 6)
194 def test_setposixacl_getntacl(self):
197 smbd.set_simple_acl(self.tempf, 0750)
199 facl = getntacl(lp, self.tempf)
200 self.assertTrue(False)
202 # We don't expect the xattr to be filled in in this case
205 def test_setposixacl_getntacl_smbd(self):
207 s3conf = s3param.get_context()
208 s4_passdb = passdb.PDB(s3conf.get("passdb backend"))
209 group_SID = s4_passdb.gid_to_sid(os.stat(self.tempf).st_gid)
210 user_SID = s4_passdb.uid_to_sid(os.stat(self.tempf).st_uid)
211 smbd.set_simple_acl(self.tempf, 0640)
212 facl = getntacl(lp, self.tempf, direct_db_access=False)
213 acl = "O:%sG:%sD:(A;;0x001f019f;;;%s)(A;;0x00120089;;;%s)(A;;WO;;;WD)" % (user_SID, group_SID, user_SID, group_SID)
214 anysid = security.dom_sid(security.SID_NT_SELF)
215 self.assertEquals(acl, facl.as_sddl(anysid))
217 def test_setposixacl_group_getntacl_smbd(self):
219 BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
220 s3conf = s3param.get_context()
221 s4_passdb = passdb.PDB(s3conf.get("passdb backend"))
222 (BA_gid,BA_type) = s4_passdb.sid_to_id(BA_sid)
223 group_SID = s4_passdb.gid_to_sid(os.stat(self.tempf).st_gid)
224 user_SID = s4_passdb.uid_to_sid(os.stat(self.tempf).st_uid)
225 self.assertEquals(BA_type, idmap.ID_TYPE_BOTH)
226 smbd.set_simple_acl(self.tempf, 0640, BA_gid)
227 facl = getntacl(lp, self.tempf, direct_db_access=False)
228 domsid = passdb.get_global_sam_sid()
229 acl = "O:%sG:%sD:(A;;0x001f019f;;;%s)(A;;0x00120089;;;BA)(A;;0x00120089;;;%s)(A;;WO;;;WD)" % (user_SID, group_SID, user_SID, group_SID)
230 anysid = security.dom_sid(security.SID_NT_SELF)
231 self.assertEquals(acl, facl.as_sddl(anysid))
233 def test_setposixacl_getposixacl(self):
235 smbd.set_simple_acl(self.tempf, 0640)
236 posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
237 self.assertEquals(posix_acl.count, 4)
239 self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_USER_OBJ)
240 self.assertEquals(posix_acl.acl[0].a_perm, 6)
242 self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
243 self.assertEquals(posix_acl.acl[1].a_perm, 4)
245 self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
246 self.assertEquals(posix_acl.acl[2].a_perm, 0)
248 self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_MASK)
249 self.assertEquals(posix_acl.acl[3].a_perm, 7)
251 def test_setposixacl_group_getposixacl(self):
253 BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
254 s3conf = s3param.get_context()
255 s4_passdb = passdb.PDB(s3conf.get("passdb backend"))
256 (BA_gid,BA_type) = s4_passdb.sid_to_id(BA_sid)
257 self.assertEquals(BA_type, idmap.ID_TYPE_BOTH)
258 smbd.set_simple_acl(self.tempf, 0670, BA_gid)
259 posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
261 self.assertEquals(posix_acl.count, 5)
263 self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_USER_OBJ)
264 self.assertEquals(posix_acl.acl[0].a_perm, 6)
266 self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
267 self.assertEquals(posix_acl.acl[1].a_perm, 7)
269 self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
270 self.assertEquals(posix_acl.acl[2].a_perm, 0)
272 self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_GROUP)
273 self.assertEquals(posix_acl.acl[3].a_perm, 7)
274 self.assertEquals(posix_acl.acl[3].info.gid, BA_gid)
276 self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_MASK)
277 self.assertEquals(posix_acl.acl[4].a_perm, 7)
279 def test_setntacl_sysvol_check_getposixacl(self):
281 s3conf = s3param.get_context()
282 acl = provision.SYSVOL_ACL
283 domsid = passdb.get_global_sam_sid()
284 setntacl(lp, self.tempf,acl,str(domsid), use_ntvfs=False)
285 facl = getntacl(lp, self.tempf)
286 self.assertEquals(facl.as_sddl(domsid),acl)
287 posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
289 LA_sid = security.dom_sid(str(domsid)+"-"+str(security.DOMAIN_RID_ADMINISTRATOR))
290 BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
291 SO_sid = security.dom_sid(security.SID_BUILTIN_SERVER_OPERATORS)
292 SY_sid = security.dom_sid(security.SID_NT_SYSTEM)
293 AU_sid = security.dom_sid(security.SID_NT_AUTHENTICATED_USERS)
295 s4_passdb = passdb.PDB(s3conf.get("passdb backend"))
297 # These assertions correct for current plugin_s4_dc selftest
298 # configuration. When other environments have a broad range of
299 # groups mapped via passdb, we can relax some of these checks
300 (LA_uid,LA_type) = s4_passdb.sid_to_id(LA_sid)
301 self.assertEquals(LA_type, idmap.ID_TYPE_UID)
302 (BA_gid,BA_type) = s4_passdb.sid_to_id(BA_sid)
303 self.assertEquals(BA_type, idmap.ID_TYPE_BOTH)
304 (SO_gid,SO_type) = s4_passdb.sid_to_id(SO_sid)
305 self.assertEquals(SO_type, idmap.ID_TYPE_BOTH)
306 (SY_gid,SY_type) = s4_passdb.sid_to_id(SY_sid)
307 self.assertEquals(SO_type, idmap.ID_TYPE_BOTH)
308 (AU_gid,AU_type) = s4_passdb.sid_to_id(AU_sid)
309 self.assertEquals(AU_type, idmap.ID_TYPE_BOTH)
311 self.assertEquals(posix_acl.count, 9)
313 self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_GROUP)
314 self.assertEquals(posix_acl.acl[0].a_perm, 7)
315 self.assertEquals(posix_acl.acl[0].info.gid, BA_gid)
317 self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_USER)
318 self.assertEquals(posix_acl.acl[1].a_perm, 6)
319 self.assertEquals(posix_acl.acl[1].info.uid, LA_uid)
321 self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
322 self.assertEquals(posix_acl.acl[2].a_perm, 0)
324 self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_USER_OBJ)
325 self.assertEquals(posix_acl.acl[3].a_perm, 6)
327 self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
328 self.assertEquals(posix_acl.acl[4].a_perm, 7)
330 self.assertEquals(posix_acl.acl[5].a_type, smb_acl.SMB_ACL_GROUP)
331 self.assertEquals(posix_acl.acl[5].a_perm, 5)
332 self.assertEquals(posix_acl.acl[5].info.gid, SO_gid)
334 self.assertEquals(posix_acl.acl[6].a_type, smb_acl.SMB_ACL_GROUP)
335 self.assertEquals(posix_acl.acl[6].a_perm, 7)
336 self.assertEquals(posix_acl.acl[6].info.gid, SY_gid)
338 self.assertEquals(posix_acl.acl[7].a_type, smb_acl.SMB_ACL_GROUP)
339 self.assertEquals(posix_acl.acl[7].a_perm, 5)
340 self.assertEquals(posix_acl.acl[7].info.gid, AU_gid)
342 self.assertEquals(posix_acl.acl[8].a_type, smb_acl.SMB_ACL_MASK)
343 self.assertEquals(posix_acl.acl[8].a_perm, 7)
346 # check that it matches:
348 # user:root:rwx (selftest user actually)
350 # group:Local Admins:rwx
358 # This is in this order in the NDR smb_acl (not re-orderded for display)
365 # uid: 0 (selftest user actually)
399 def test_setntacl_policies_check_getposixacl(self):
401 s3conf = s3param.get_context()
402 acl = provision.POLICIES_ACL
404 domsid = passdb.get_global_sam_sid()
405 setntacl(lp, self.tempf,acl,str(domsid), use_ntvfs=False)
406 facl = getntacl(lp, self.tempf)
407 self.assertEquals(facl.as_sddl(domsid),acl)
408 posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
410 LA_sid = security.dom_sid(str(domsid)+"-"+str(security.DOMAIN_RID_ADMINISTRATOR))
411 BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
412 SO_sid = security.dom_sid(security.SID_BUILTIN_SERVER_OPERATORS)
413 SY_sid = security.dom_sid(security.SID_NT_SYSTEM)
414 AU_sid = security.dom_sid(security.SID_NT_AUTHENTICATED_USERS)
415 PA_sid = security.dom_sid(str(domsid)+"-"+str(security.DOMAIN_RID_POLICY_ADMINS))
417 s4_passdb = passdb.PDB(s3conf.get("passdb backend"))
419 # These assertions correct for current plugin_s4_dc selftest
420 # configuration. When other environments have a broad range of
421 # groups mapped via passdb, we can relax some of these checks
422 (LA_uid,LA_type) = s4_passdb.sid_to_id(LA_sid)
423 self.assertEquals(LA_type, idmap.ID_TYPE_UID)
424 (BA_gid,BA_type) = s4_passdb.sid_to_id(BA_sid)
425 self.assertEquals(BA_type, idmap.ID_TYPE_BOTH)
426 (SO_gid,SO_type) = s4_passdb.sid_to_id(SO_sid)
427 self.assertEquals(SO_type, idmap.ID_TYPE_BOTH)
428 (SY_gid,SY_type) = s4_passdb.sid_to_id(SY_sid)
429 self.assertEquals(SO_type, idmap.ID_TYPE_BOTH)
430 (AU_gid,AU_type) = s4_passdb.sid_to_id(AU_sid)
431 self.assertEquals(AU_type, idmap.ID_TYPE_BOTH)
432 (PA_gid,PA_type) = s4_passdb.sid_to_id(PA_sid)
433 self.assertEquals(PA_type, idmap.ID_TYPE_BOTH)
435 self.assertEquals(posix_acl.count, 10)
437 self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_GROUP)
438 self.assertEquals(posix_acl.acl[0].a_perm, 7)
439 self.assertEquals(posix_acl.acl[0].info.gid, BA_gid)
441 self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_USER)
442 self.assertEquals(posix_acl.acl[1].a_perm, 6)
443 self.assertEquals(posix_acl.acl[1].info.uid, LA_uid)
445 self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
446 self.assertEquals(posix_acl.acl[2].a_perm, 0)
448 self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_USER_OBJ)
449 self.assertEquals(posix_acl.acl[3].a_perm, 6)
451 self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
452 self.assertEquals(posix_acl.acl[4].a_perm, 7)
454 self.assertEquals(posix_acl.acl[5].a_type, smb_acl.SMB_ACL_GROUP)
455 self.assertEquals(posix_acl.acl[5].a_perm, 5)
456 self.assertEquals(posix_acl.acl[5].info.gid, SO_gid)
458 self.assertEquals(posix_acl.acl[6].a_type, smb_acl.SMB_ACL_GROUP)
459 self.assertEquals(posix_acl.acl[6].a_perm, 7)
460 self.assertEquals(posix_acl.acl[6].info.gid, SY_gid)
462 self.assertEquals(posix_acl.acl[7].a_type, smb_acl.SMB_ACL_GROUP)
463 self.assertEquals(posix_acl.acl[7].a_perm, 5)
464 self.assertEquals(posix_acl.acl[7].info.gid, AU_gid)
466 self.assertEquals(posix_acl.acl[8].a_type, smb_acl.SMB_ACL_GROUP)
467 self.assertEquals(posix_acl.acl[8].a_perm, 7)
468 self.assertEquals(posix_acl.acl[8].info.gid, PA_gid)
470 self.assertEquals(posix_acl.acl[9].a_type, smb_acl.SMB_ACL_MASK)
471 self.assertEquals(posix_acl.acl[9].a_perm, 7)
474 # check that it matches:
476 # user:root:rwx (selftest user actually)
478 # group:Local Admins:rwx
487 # This is in this order in the NDR smb_acl (not re-orderded for display)
494 # uid: 0 (selftest user actually)
532 super(PosixAclMappingTests, self).setUp()
533 s3conf = s3param.get_context()
534 s3conf.load(self.get_loadparm().configfile)
535 self.tempf = os.path.join(self.tempdir, "test")
536 open(self.tempf, 'w').write("empty")
539 smbd.unlink(self.tempf)
540 super(PosixAclMappingTests, self).tearDown()