1 # Unix SMB/CIFS implementation. Tests for NT and posix ACL manipulation
2 # Copyright (C) Matthieu Patou <mat@matws.net> 2009-2010
3 # Copyright (C) Andrew Bartlett 2012
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
19 """Tests for the Samba3 NT -> posix ACL layer"""
21 from samba
.ntacls
import setntacl
, getntacl
, checkset_backend
22 from samba
.dcerpc
import xattr
, security
, smb_acl
, idmap
23 from samba
.param
import LoadParm
24 from samba
.tests
import TestCaseInTempDir
25 from samba
import provision
28 from samba
.samba3
import smbd
, passdb
29 from samba
.samba3
import param
as s3param
31 # To print a posix ACL use:
32 # for entry in posix_acl.acl:
33 # print "a_type: %d" % entry.a_type
34 # print "a_perm: %o" % entry.a_perm
35 # if entry.a_type == smb_acl.SMB_ACL_USER:
36 # print "uid: %d" % entry.uid
37 # if entry.a_type == smb_acl.SMB_ACL_GROUP:
38 # print "gid: %d" % entry.gid
40 class PosixAclMappingTests(TestCaseInTempDir
):
42 def test_setntacl(self
):
43 acl
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
44 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=False)
46 def test_setntacl_smbd_getntacl(self
):
47 acl
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
48 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=True)
49 facl
= getntacl(self
.lp
, self
.tempf
, direct_db_access
=True)
50 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
51 self
.assertEquals(facl
.as_sddl(anysid
),acl
)
53 def test_setntacl_smbd_setposixacl_getntacl(self
):
54 acl
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
55 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=True)
57 # This will invalidate the ACL, as we have a hook!
58 smbd
.set_simple_acl(self
.tempf
, 0640)
60 # However, this only asks the xattr
62 facl
= getntacl(self
.lp
, self
.tempf
, direct_db_access
=True)
63 self
.assertTrue(False)
67 def test_setntacl_invalidate_getntacl(self
):
68 acl
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
69 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=True)
71 # This should invalidate the ACL, as we include the posix ACL in the hash
72 (backend_obj
, dbname
) = checkset_backend(self
.lp
, None, None)
73 backend_obj
.wrap_setxattr(dbname
,
74 self
.tempf
, "system.fake_access_acl", "")
76 #however, as this is direct DB access, we do not notice it
77 facl
= getntacl(self
.lp
, self
.tempf
, direct_db_access
=True)
78 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
79 self
.assertEquals(acl
, facl
.as_sddl(anysid
))
81 def test_setntacl_invalidate_getntacl_smbd(self
):
82 acl
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
83 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=False)
85 # This should invalidate the ACL, as we include the posix ACL in the hash
86 (backend_obj
, dbname
) = checkset_backend(self
.lp
, None, None)
87 backend_obj
.wrap_setxattr(dbname
,
88 self
.tempf
, "system.fake_access_acl", "")
90 #the hash would break, and we return an ACL based only on the mode, except we set the ACL using the 'ntvfs' mode that doesn't include a hash
91 facl
= getntacl(self
.lp
, self
.tempf
)
92 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
93 self
.assertEquals(acl
, facl
.as_sddl(anysid
))
95 def test_setntacl_smbd_invalidate_getntacl_smbd(self
):
96 acl
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
97 simple_acl_from_posix
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x001200a9;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
98 os
.chmod(self
.tempf
, 0750)
99 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=False)
101 # This should invalidate the ACL, as we include the posix ACL in the hash
102 (backend_obj
, dbname
) = checkset_backend(self
.lp
, None, None)
103 backend_obj
.wrap_setxattr(dbname
,
104 self
.tempf
, "system.fake_access_acl", "")
106 #the hash will break, and we return an ACL based only on the mode
107 facl
= getntacl(self
.lp
, self
.tempf
, direct_db_access
=False)
108 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
109 self
.assertEquals(simple_acl_from_posix
, facl
.as_sddl(anysid
))
111 def test_setntacl_smbd_dont_invalidate_getntacl_smbd(self
):
112 # set an ACL on a tempfile
113 acl
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
114 os
.chmod(self
.tempf
, 0750)
115 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=False)
117 # now influence the POSIX ACL->SD mapping it returns something else than
118 # what was set previously
119 # this should not invalidate the hash and the complete ACL should still
121 self
.lp
.set("profile acls", "yes")
122 # we should still get back the ACL (and not one mapped from POSIX ACL)
123 facl
= getntacl(self
.lp
, self
.tempf
, direct_db_access
=False)
124 self
.lp
.set("profile acls", "no")
125 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
126 self
.assertEquals(acl
, facl
.as_sddl(anysid
))
128 def test_setntacl_getntacl_smbd(self
):
129 acl
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
130 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=True)
131 facl
= getntacl(self
.lp
, self
.tempf
, direct_db_access
=False)
132 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
133 self
.assertEquals(facl
.as_sddl(anysid
),acl
)
135 def test_setntacl_smbd_getntacl_smbd(self
):
136 acl
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
137 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=False)
138 facl
= getntacl(self
.lp
, self
.tempf
, direct_db_access
=False)
139 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
140 self
.assertEquals(facl
.as_sddl(anysid
),acl
)
142 def test_setntacl_smbd_setposixacl_getntacl_smbd(self
):
143 acl
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
144 simple_acl_from_posix
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x00120089;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
145 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=False)
146 # This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
147 smbd
.set_simple_acl(self
.tempf
, 0640)
148 facl
= getntacl(self
.lp
, self
.tempf
, direct_db_access
=False)
149 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
150 self
.assertEquals(simple_acl_from_posix
, facl
.as_sddl(anysid
))
152 def test_setntacl_smbd_setposixacl_group_getntacl_smbd(self
):
153 acl
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
154 BA_sid
= security
.dom_sid(security
.SID_BUILTIN_ADMINISTRATORS
)
155 simple_acl_from_posix
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x00120089;;;BA)(A;;0x00120089;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
156 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=False)
157 # This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
158 s4_passdb
= passdb
.PDB(self
.lp
.get("passdb backend"))
159 (BA_gid
,BA_type
) = s4_passdb
.sid_to_id(BA_sid
)
160 smbd
.set_simple_acl(self
.tempf
, 0640, BA_gid
)
162 # This should re-calculate an ACL based on the posix details
163 facl
= getntacl(self
.lp
,self
.tempf
, direct_db_access
=False)
164 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
165 self
.assertEquals(simple_acl_from_posix
, facl
.as_sddl(anysid
))
167 def test_setntacl_smbd_getntacl_smbd_gpo(self
):
168 acl
= "O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
169 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=False)
170 facl
= getntacl(self
.lp
, self
.tempf
, direct_db_access
=False)
171 domsid
= security
.dom_sid("S-1-5-21-2212615479-2695158682-2101375467")
172 self
.assertEquals(facl
.as_sddl(domsid
),acl
)
174 def test_setntacl_getposixacl(self
):
175 acl
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
176 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=False)
177 facl
= getntacl(self
.lp
, self
.tempf
)
178 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
179 self
.assertEquals(facl
.as_sddl(anysid
),acl
)
180 posix_acl
= smbd
.get_sys_acl(self
.tempf
, smb_acl
.SMB_ACL_TYPE_ACCESS
)
182 def test_setposixacl_getposixacl(self
):
183 smbd
.set_simple_acl(self
.tempf
, 0640)
184 posix_acl
= smbd
.get_sys_acl(self
.tempf
, smb_acl
.SMB_ACL_TYPE_ACCESS
)
185 self
.assertEquals(posix_acl
.count
, 4)
187 self
.assertEquals(posix_acl
.acl
[0].a_type
, smb_acl
.SMB_ACL_USER_OBJ
)
188 self
.assertEquals(posix_acl
.acl
[0].a_perm
, 6)
190 self
.assertEquals(posix_acl
.acl
[1].a_type
, smb_acl
.SMB_ACL_GROUP_OBJ
)
191 self
.assertEquals(posix_acl
.acl
[1].a_perm
, 4)
193 self
.assertEquals(posix_acl
.acl
[2].a_type
, smb_acl
.SMB_ACL_OTHER
)
194 self
.assertEquals(posix_acl
.acl
[2].a_perm
, 0)
196 self
.assertEquals(posix_acl
.acl
[3].a_type
, smb_acl
.SMB_ACL_MASK
)
197 self
.assertEquals(posix_acl
.acl
[3].a_perm
, 6)
199 def test_setposixacl_getntacl(self
):
201 smbd
.set_simple_acl(self
.tempf
, 0750)
203 facl
= getntacl(self
.lp
, self
.tempf
)
204 self
.assertTrue(False)
206 # We don't expect the xattr to be filled in in this case
209 def test_setposixacl_getntacl_smbd(self
):
210 s4_passdb
= passdb
.PDB(self
.lp
.get("passdb backend"))
211 group_SID
= s4_passdb
.gid_to_sid(os
.stat(self
.tempf
).st_gid
)
212 user_SID
= s4_passdb
.uid_to_sid(os
.stat(self
.tempf
).st_uid
)
213 smbd
.set_simple_acl(self
.tempf
, 0640)
214 facl
= getntacl(self
.lp
, self
.tempf
, direct_db_access
=False)
215 acl
= "O:%sG:%sD:(A;;0x001f019f;;;%s)(A;;0x00120089;;;%s)(A;;;;;WD)" % (user_SID
, group_SID
, user_SID
, group_SID
)
216 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
217 self
.assertEquals(acl
, facl
.as_sddl(anysid
))
219 def test_setposixacl_dir_getntacl_smbd(self
):
220 s4_passdb
= passdb
.PDB(self
.lp
.get("passdb backend"))
221 user_SID
= s4_passdb
.uid_to_sid(os
.stat(self
.tempdir
).st_uid
)
222 BA_sid
= security
.dom_sid(security
.SID_BUILTIN_ADMINISTRATORS
)
223 s4_passdb
= passdb
.PDB(self
.lp
.get("passdb backend"))
224 (BA_id
,BA_type
) = s4_passdb
.sid_to_id(BA_sid
)
225 self
.assertEquals(BA_type
, idmap
.ID_TYPE_BOTH
)
226 SO_sid
= security
.dom_sid(security
.SID_BUILTIN_SERVER_OPERATORS
)
227 (SO_id
,SO_type
) = s4_passdb
.sid_to_id(SO_sid
)
228 self
.assertEquals(SO_type
, idmap
.ID_TYPE_BOTH
)
229 smbd
.chown(self
.tempdir
, BA_id
, SO_id
)
230 smbd
.set_simple_acl(self
.tempdir
, 0750)
231 facl
= getntacl(self
.lp
, self
.tempdir
, direct_db_access
=False)
232 acl
= "O:BAG:SOD:(A;;0x001f01ff;;;BA)(A;;0x001200a9;;;SO)(A;;;;;WD)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;0x001200a9;;;CG)(A;OICIIO;0x001200a9;;;WD)"
234 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
235 self
.assertEquals(acl
, facl
.as_sddl(anysid
))
237 def test_setposixacl_group_getntacl_smbd(self
):
238 BA_sid
= security
.dom_sid(security
.SID_BUILTIN_ADMINISTRATORS
)
239 s4_passdb
= passdb
.PDB(self
.lp
.get("passdb backend"))
240 (BA_gid
,BA_type
) = s4_passdb
.sid_to_id(BA_sid
)
241 group_SID
= s4_passdb
.gid_to_sid(os
.stat(self
.tempf
).st_gid
)
242 user_SID
= s4_passdb
.uid_to_sid(os
.stat(self
.tempf
).st_uid
)
243 self
.assertEquals(BA_type
, idmap
.ID_TYPE_BOTH
)
244 smbd
.set_simple_acl(self
.tempf
, 0640, BA_gid
)
245 facl
= getntacl(self
.lp
, self
.tempf
, direct_db_access
=False)
246 domsid
= passdb
.get_global_sam_sid()
247 acl
= "O:%sG:%sD:(A;;0x001f019f;;;%s)(A;;0x00120089;;;BA)(A;;0x00120089;;;%s)(A;;;;;WD)" % (user_SID
, group_SID
, user_SID
, group_SID
)
248 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
249 self
.assertEquals(acl
, facl
.as_sddl(anysid
))
251 def test_setposixacl_getposixacl(self
):
252 smbd
.set_simple_acl(self
.tempf
, 0640)
253 posix_acl
= smbd
.get_sys_acl(self
.tempf
, smb_acl
.SMB_ACL_TYPE_ACCESS
)
254 self
.assertEquals(posix_acl
.count
, 4)
256 self
.assertEquals(posix_acl
.acl
[0].a_type
, smb_acl
.SMB_ACL_USER_OBJ
)
257 self
.assertEquals(posix_acl
.acl
[0].a_perm
, 6)
259 self
.assertEquals(posix_acl
.acl
[1].a_type
, smb_acl
.SMB_ACL_GROUP_OBJ
)
260 self
.assertEquals(posix_acl
.acl
[1].a_perm
, 4)
262 self
.assertEquals(posix_acl
.acl
[2].a_type
, smb_acl
.SMB_ACL_OTHER
)
263 self
.assertEquals(posix_acl
.acl
[2].a_perm
, 0)
265 self
.assertEquals(posix_acl
.acl
[3].a_type
, smb_acl
.SMB_ACL_MASK
)
266 self
.assertEquals(posix_acl
.acl
[3].a_perm
, 7)
268 def test_setposixacl_dir_getposixacl(self
):
269 smbd
.set_simple_acl(self
.tempdir
, 0750)
270 posix_acl
= smbd
.get_sys_acl(self
.tempdir
, smb_acl
.SMB_ACL_TYPE_ACCESS
)
271 self
.assertEquals(posix_acl
.count
, 4)
273 self
.assertEquals(posix_acl
.acl
[0].a_type
, smb_acl
.SMB_ACL_USER_OBJ
)
274 self
.assertEquals(posix_acl
.acl
[0].a_perm
, 7)
276 self
.assertEquals(posix_acl
.acl
[1].a_type
, smb_acl
.SMB_ACL_GROUP_OBJ
)
277 self
.assertEquals(posix_acl
.acl
[1].a_perm
, 5)
279 self
.assertEquals(posix_acl
.acl
[2].a_type
, smb_acl
.SMB_ACL_OTHER
)
280 self
.assertEquals(posix_acl
.acl
[2].a_perm
, 0)
282 self
.assertEquals(posix_acl
.acl
[3].a_type
, smb_acl
.SMB_ACL_MASK
)
283 self
.assertEquals(posix_acl
.acl
[3].a_perm
, 7)
285 def test_setposixacl_group_getposixacl(self
):
286 BA_sid
= security
.dom_sid(security
.SID_BUILTIN_ADMINISTRATORS
)
287 s4_passdb
= passdb
.PDB(self
.lp
.get("passdb backend"))
288 (BA_gid
,BA_type
) = s4_passdb
.sid_to_id(BA_sid
)
289 self
.assertEquals(BA_type
, idmap
.ID_TYPE_BOTH
)
290 smbd
.set_simple_acl(self
.tempf
, 0670, BA_gid
)
291 posix_acl
= smbd
.get_sys_acl(self
.tempf
, smb_acl
.SMB_ACL_TYPE_ACCESS
)
293 self
.assertEquals(posix_acl
.count
, 5)
295 self
.assertEquals(posix_acl
.acl
[0].a_type
, smb_acl
.SMB_ACL_USER_OBJ
)
296 self
.assertEquals(posix_acl
.acl
[0].a_perm
, 6)
298 self
.assertEquals(posix_acl
.acl
[1].a_type
, smb_acl
.SMB_ACL_GROUP_OBJ
)
299 self
.assertEquals(posix_acl
.acl
[1].a_perm
, 7)
301 self
.assertEquals(posix_acl
.acl
[2].a_type
, smb_acl
.SMB_ACL_OTHER
)
302 self
.assertEquals(posix_acl
.acl
[2].a_perm
, 0)
304 self
.assertEquals(posix_acl
.acl
[3].a_type
, smb_acl
.SMB_ACL_GROUP
)
305 self
.assertEquals(posix_acl
.acl
[3].a_perm
, 7)
306 self
.assertEquals(posix_acl
.acl
[3].info
.gid
, BA_gid
)
308 self
.assertEquals(posix_acl
.acl
[4].a_type
, smb_acl
.SMB_ACL_MASK
)
309 self
.assertEquals(posix_acl
.acl
[4].a_perm
, 7)
311 def test_setntacl_sysvol_check_getposixacl(self
):
312 acl
= provision
.SYSVOL_ACL
313 domsid
= passdb
.get_global_sam_sid()
314 setntacl(self
.lp
, self
.tempf
,acl
,str(domsid
), use_ntvfs
=False)
315 facl
= getntacl(self
.lp
, self
.tempf
)
316 self
.assertEquals(facl
.as_sddl(domsid
),acl
)
317 posix_acl
= smbd
.get_sys_acl(self
.tempf
, smb_acl
.SMB_ACL_TYPE_ACCESS
)
319 LA_sid
= security
.dom_sid(str(domsid
)+"-"+str(security
.DOMAIN_RID_ADMINISTRATOR
))
320 BA_sid
= security
.dom_sid(security
.SID_BUILTIN_ADMINISTRATORS
)
321 SO_sid
= security
.dom_sid(security
.SID_BUILTIN_SERVER_OPERATORS
)
322 SY_sid
= security
.dom_sid(security
.SID_NT_SYSTEM
)
323 AU_sid
= security
.dom_sid(security
.SID_NT_AUTHENTICATED_USERS
)
325 s4_passdb
= passdb
.PDB(self
.lp
.get("passdb backend"))
327 # These assertions correct for current plugin_s4_dc selftest
328 # configuration. When other environments have a broad range of
329 # groups mapped via passdb, we can relax some of these checks
330 (LA_uid
,LA_type
) = s4_passdb
.sid_to_id(LA_sid
)
331 self
.assertEquals(LA_type
, idmap
.ID_TYPE_UID
)
332 (BA_gid
,BA_type
) = s4_passdb
.sid_to_id(BA_sid
)
333 self
.assertEquals(BA_type
, idmap
.ID_TYPE_BOTH
)
334 (SO_gid
,SO_type
) = s4_passdb
.sid_to_id(SO_sid
)
335 self
.assertEquals(SO_type
, idmap
.ID_TYPE_BOTH
)
336 (SY_gid
,SY_type
) = s4_passdb
.sid_to_id(SY_sid
)
337 self
.assertEquals(SO_type
, idmap
.ID_TYPE_BOTH
)
338 (AU_gid
,AU_type
) = s4_passdb
.sid_to_id(AU_sid
)
339 self
.assertEquals(AU_type
, idmap
.ID_TYPE_BOTH
)
341 self
.assertEquals(posix_acl
.count
, 13)
343 self
.assertEquals(posix_acl
.acl
[0].a_type
, smb_acl
.SMB_ACL_GROUP
)
344 self
.assertEquals(posix_acl
.acl
[0].a_perm
, 7)
345 self
.assertEquals(posix_acl
.acl
[0].info
.gid
, BA_gid
)
347 self
.assertEquals(posix_acl
.acl
[1].a_type
, smb_acl
.SMB_ACL_USER
)
348 self
.assertEquals(posix_acl
.acl
[1].a_perm
, 6)
349 self
.assertEquals(posix_acl
.acl
[1].info
.uid
, LA_uid
)
351 self
.assertEquals(posix_acl
.acl
[2].a_type
, smb_acl
.SMB_ACL_OTHER
)
352 self
.assertEquals(posix_acl
.acl
[2].a_perm
, 0)
354 self
.assertEquals(posix_acl
.acl
[3].a_type
, smb_acl
.SMB_ACL_USER_OBJ
)
355 self
.assertEquals(posix_acl
.acl
[3].a_perm
, 6)
357 self
.assertEquals(posix_acl
.acl
[4].a_type
, smb_acl
.SMB_ACL_USER
)
358 self
.assertEquals(posix_acl
.acl
[4].a_perm
, 7)
359 self
.assertEquals(posix_acl
.acl
[4].info
.uid
, BA_gid
)
361 self
.assertEquals(posix_acl
.acl
[5].a_type
, smb_acl
.SMB_ACL_GROUP_OBJ
)
362 self
.assertEquals(posix_acl
.acl
[5].a_perm
, 7)
364 self
.assertEquals(posix_acl
.acl
[6].a_type
, smb_acl
.SMB_ACL_USER
)
365 self
.assertEquals(posix_acl
.acl
[6].a_perm
, 5)
366 self
.assertEquals(posix_acl
.acl
[6].info
.uid
, SO_gid
)
368 self
.assertEquals(posix_acl
.acl
[7].a_type
, smb_acl
.SMB_ACL_GROUP
)
369 self
.assertEquals(posix_acl
.acl
[7].a_perm
, 5)
370 self
.assertEquals(posix_acl
.acl
[7].info
.gid
, SO_gid
)
372 self
.assertEquals(posix_acl
.acl
[8].a_type
, smb_acl
.SMB_ACL_USER
)
373 self
.assertEquals(posix_acl
.acl
[8].a_perm
, 7)
374 self
.assertEquals(posix_acl
.acl
[8].info
.uid
, SY_gid
)
376 self
.assertEquals(posix_acl
.acl
[9].a_type
, smb_acl
.SMB_ACL_GROUP
)
377 self
.assertEquals(posix_acl
.acl
[9].a_perm
, 7)
378 self
.assertEquals(posix_acl
.acl
[9].info
.gid
, SY_gid
)
380 self
.assertEquals(posix_acl
.acl
[10].a_type
, smb_acl
.SMB_ACL_USER
)
381 self
.assertEquals(posix_acl
.acl
[10].a_perm
, 5)
382 self
.assertEquals(posix_acl
.acl
[10].info
.uid
, AU_gid
)
384 self
.assertEquals(posix_acl
.acl
[11].a_type
, smb_acl
.SMB_ACL_GROUP
)
385 self
.assertEquals(posix_acl
.acl
[11].a_perm
, 5)
386 self
.assertEquals(posix_acl
.acl
[11].info
.gid
, AU_gid
)
388 self
.assertEquals(posix_acl
.acl
[12].a_type
, smb_acl
.SMB_ACL_MASK
)
389 self
.assertEquals(posix_acl
.acl
[12].a_perm
, 7)
392 # check that it matches:
394 # user:root:rwx (selftest user actually)
396 # group:Local Admins:rwx
404 # This is in this order in the NDR smb_acl (not re-orderded for display)
411 # uid: 0 (selftest user actually)
445 def test_setntacl_sysvol_dir_check_getposixacl(self
):
446 acl
= provision
.SYSVOL_ACL
447 domsid
= passdb
.get_global_sam_sid()
448 setntacl(self
.lp
, self
.tempdir
,acl
,str(domsid
), use_ntvfs
=False)
449 facl
= getntacl(self
.lp
, self
.tempdir
)
450 self
.assertEquals(facl
.as_sddl(domsid
),acl
)
451 posix_acl
= smbd
.get_sys_acl(self
.tempdir
, smb_acl
.SMB_ACL_TYPE_ACCESS
)
453 LA_sid
= security
.dom_sid(str(domsid
)+"-"+str(security
.DOMAIN_RID_ADMINISTRATOR
))
454 BA_sid
= security
.dom_sid(security
.SID_BUILTIN_ADMINISTRATORS
)
455 SO_sid
= security
.dom_sid(security
.SID_BUILTIN_SERVER_OPERATORS
)
456 SY_sid
= security
.dom_sid(security
.SID_NT_SYSTEM
)
457 AU_sid
= security
.dom_sid(security
.SID_NT_AUTHENTICATED_USERS
)
459 s4_passdb
= passdb
.PDB(self
.lp
.get("passdb backend"))
461 # These assertions correct for current plugin_s4_dc selftest
462 # configuration. When other environments have a broad range of
463 # groups mapped via passdb, we can relax some of these checks
464 (LA_uid
,LA_type
) = s4_passdb
.sid_to_id(LA_sid
)
465 self
.assertEquals(LA_type
, idmap
.ID_TYPE_UID
)
466 (BA_gid
,BA_type
) = s4_passdb
.sid_to_id(BA_sid
)
467 self
.assertEquals(BA_type
, idmap
.ID_TYPE_BOTH
)
468 (SO_gid
,SO_type
) = s4_passdb
.sid_to_id(SO_sid
)
469 self
.assertEquals(SO_type
, idmap
.ID_TYPE_BOTH
)
470 (SY_gid
,SY_type
) = s4_passdb
.sid_to_id(SY_sid
)
471 self
.assertEquals(SO_type
, idmap
.ID_TYPE_BOTH
)
472 (AU_gid
,AU_type
) = s4_passdb
.sid_to_id(AU_sid
)
473 self
.assertEquals(AU_type
, idmap
.ID_TYPE_BOTH
)
475 self
.assertEquals(posix_acl
.count
, 13)
477 self
.assertEquals(posix_acl
.acl
[0].a_type
, smb_acl
.SMB_ACL_GROUP
)
478 self
.assertEquals(posix_acl
.acl
[0].a_perm
, 7)
479 self
.assertEquals(posix_acl
.acl
[0].info
.gid
, BA_gid
)
481 self
.assertEquals(posix_acl
.acl
[1].a_type
, smb_acl
.SMB_ACL_USER
)
482 self
.assertEquals(posix_acl
.acl
[1].a_perm
, 7)
483 self
.assertEquals(posix_acl
.acl
[1].info
.uid
, LA_uid
)
485 self
.assertEquals(posix_acl
.acl
[2].a_type
, smb_acl
.SMB_ACL_OTHER
)
486 self
.assertEquals(posix_acl
.acl
[2].a_perm
, 0)
488 self
.assertEquals(posix_acl
.acl
[3].a_type
, smb_acl
.SMB_ACL_USER_OBJ
)
489 self
.assertEquals(posix_acl
.acl
[3].a_perm
, 7)
491 self
.assertEquals(posix_acl
.acl
[4].a_type
, smb_acl
.SMB_ACL_USER
)
492 self
.assertEquals(posix_acl
.acl
[4].a_perm
, 7)
493 self
.assertEquals(posix_acl
.acl
[4].info
.uid
, BA_gid
)
495 self
.assertEquals(posix_acl
.acl
[5].a_type
, smb_acl
.SMB_ACL_GROUP_OBJ
)
496 self
.assertEquals(posix_acl
.acl
[5].a_perm
, 7)
498 self
.assertEquals(posix_acl
.acl
[6].a_type
, smb_acl
.SMB_ACL_USER
)
499 self
.assertEquals(posix_acl
.acl
[6].a_perm
, 5)
500 self
.assertEquals(posix_acl
.acl
[6].info
.uid
, SO_gid
)
502 self
.assertEquals(posix_acl
.acl
[7].a_type
, smb_acl
.SMB_ACL_GROUP
)
503 self
.assertEquals(posix_acl
.acl
[7].a_perm
, 5)
504 self
.assertEquals(posix_acl
.acl
[7].info
.gid
, SO_gid
)
506 self
.assertEquals(posix_acl
.acl
[8].a_type
, smb_acl
.SMB_ACL_USER
)
507 self
.assertEquals(posix_acl
.acl
[8].a_perm
, 7)
508 self
.assertEquals(posix_acl
.acl
[8].info
.uid
, SY_gid
)
510 self
.assertEquals(posix_acl
.acl
[9].a_type
, smb_acl
.SMB_ACL_GROUP
)
511 self
.assertEquals(posix_acl
.acl
[9].a_perm
, 7)
512 self
.assertEquals(posix_acl
.acl
[9].info
.gid
, SY_gid
)
514 self
.assertEquals(posix_acl
.acl
[10].a_type
, smb_acl
.SMB_ACL_USER
)
515 self
.assertEquals(posix_acl
.acl
[10].a_perm
, 5)
516 self
.assertEquals(posix_acl
.acl
[10].info
.uid
, AU_gid
)
518 self
.assertEquals(posix_acl
.acl
[11].a_type
, smb_acl
.SMB_ACL_GROUP
)
519 self
.assertEquals(posix_acl
.acl
[11].a_perm
, 5)
520 self
.assertEquals(posix_acl
.acl
[11].info
.gid
, AU_gid
)
522 self
.assertEquals(posix_acl
.acl
[12].a_type
, smb_acl
.SMB_ACL_MASK
)
523 self
.assertEquals(posix_acl
.acl
[12].a_perm
, 7)
526 # check that it matches:
528 # user:root:rwx (selftest user actually)
538 def test_setntacl_policies_dir_check_getposixacl(self
):
539 acl
= provision
.POLICIES_ACL
540 domsid
= passdb
.get_global_sam_sid()
541 setntacl(self
.lp
, self
.tempdir
,acl
,str(domsid
), use_ntvfs
=False)
542 facl
= getntacl(self
.lp
, self
.tempdir
)
543 self
.assertEquals(facl
.as_sddl(domsid
),acl
)
544 posix_acl
= smbd
.get_sys_acl(self
.tempdir
, smb_acl
.SMB_ACL_TYPE_ACCESS
)
546 LA_sid
= security
.dom_sid(str(domsid
)+"-"+str(security
.DOMAIN_RID_ADMINISTRATOR
))
547 BA_sid
= security
.dom_sid(security
.SID_BUILTIN_ADMINISTRATORS
)
548 SO_sid
= security
.dom_sid(security
.SID_BUILTIN_SERVER_OPERATORS
)
549 SY_sid
= security
.dom_sid(security
.SID_NT_SYSTEM
)
550 AU_sid
= security
.dom_sid(security
.SID_NT_AUTHENTICATED_USERS
)
551 PA_sid
= security
.dom_sid(str(domsid
)+"-"+str(security
.DOMAIN_RID_POLICY_ADMINS
))
553 s4_passdb
= passdb
.PDB(self
.lp
.get("passdb backend"))
555 # These assertions correct for current plugin_s4_dc selftest
556 # configuration. When other environments have a broad range of
557 # groups mapped via passdb, we can relax some of these checks
558 (LA_uid
,LA_type
) = s4_passdb
.sid_to_id(LA_sid
)
559 self
.assertEquals(LA_type
, idmap
.ID_TYPE_UID
)
560 (BA_gid
,BA_type
) = s4_passdb
.sid_to_id(BA_sid
)
561 self
.assertEquals(BA_type
, idmap
.ID_TYPE_BOTH
)
562 (SO_gid
,SO_type
) = s4_passdb
.sid_to_id(SO_sid
)
563 self
.assertEquals(SO_type
, idmap
.ID_TYPE_BOTH
)
564 (SY_gid
,SY_type
) = s4_passdb
.sid_to_id(SY_sid
)
565 self
.assertEquals(SO_type
, idmap
.ID_TYPE_BOTH
)
566 (AU_gid
,AU_type
) = s4_passdb
.sid_to_id(AU_sid
)
567 self
.assertEquals(AU_type
, idmap
.ID_TYPE_BOTH
)
568 (PA_gid
,PA_type
) = s4_passdb
.sid_to_id(PA_sid
)
569 self
.assertEquals(PA_type
, idmap
.ID_TYPE_BOTH
)
571 self
.assertEquals(posix_acl
.count
, 15)
573 self
.assertEquals(posix_acl
.acl
[0].a_type
, smb_acl
.SMB_ACL_GROUP
)
574 self
.assertEquals(posix_acl
.acl
[0].a_perm
, 7)
575 self
.assertEquals(posix_acl
.acl
[0].info
.gid
, BA_gid
)
577 self
.assertEquals(posix_acl
.acl
[1].a_type
, smb_acl
.SMB_ACL_USER
)
578 self
.assertEquals(posix_acl
.acl
[1].a_perm
, 7)
579 self
.assertEquals(posix_acl
.acl
[1].info
.uid
, LA_uid
)
581 self
.assertEquals(posix_acl
.acl
[2].a_type
, smb_acl
.SMB_ACL_OTHER
)
582 self
.assertEquals(posix_acl
.acl
[2].a_perm
, 0)
584 self
.assertEquals(posix_acl
.acl
[3].a_type
, smb_acl
.SMB_ACL_USER_OBJ
)
585 self
.assertEquals(posix_acl
.acl
[3].a_perm
, 7)
587 self
.assertEquals(posix_acl
.acl
[4].a_type
, smb_acl
.SMB_ACL_USER
)
588 self
.assertEquals(posix_acl
.acl
[4].a_perm
, 7)
589 self
.assertEquals(posix_acl
.acl
[4].info
.uid
, BA_gid
)
591 self
.assertEquals(posix_acl
.acl
[5].a_type
, smb_acl
.SMB_ACL_GROUP_OBJ
)
592 self
.assertEquals(posix_acl
.acl
[5].a_perm
, 7)
594 self
.assertEquals(posix_acl
.acl
[6].a_type
, smb_acl
.SMB_ACL_USER
)
595 self
.assertEquals(posix_acl
.acl
[6].a_perm
, 5)
596 self
.assertEquals(posix_acl
.acl
[6].info
.uid
, SO_gid
)
598 self
.assertEquals(posix_acl
.acl
[7].a_type
, smb_acl
.SMB_ACL_GROUP
)
599 self
.assertEquals(posix_acl
.acl
[7].a_perm
, 5)
600 self
.assertEquals(posix_acl
.acl
[7].info
.gid
, SO_gid
)
602 self
.assertEquals(posix_acl
.acl
[8].a_type
, smb_acl
.SMB_ACL_USER
)
603 self
.assertEquals(posix_acl
.acl
[8].a_perm
, 7)
604 self
.assertEquals(posix_acl
.acl
[8].info
.uid
, SY_gid
)
606 self
.assertEquals(posix_acl
.acl
[9].a_type
, smb_acl
.SMB_ACL_GROUP
)
607 self
.assertEquals(posix_acl
.acl
[9].a_perm
, 7)
608 self
.assertEquals(posix_acl
.acl
[9].info
.gid
, SY_gid
)
610 self
.assertEquals(posix_acl
.acl
[10].a_type
, smb_acl
.SMB_ACL_USER
)
611 self
.assertEquals(posix_acl
.acl
[10].a_perm
, 5)
612 self
.assertEquals(posix_acl
.acl
[10].info
.uid
, AU_gid
)
614 self
.assertEquals(posix_acl
.acl
[11].a_type
, smb_acl
.SMB_ACL_GROUP
)
615 self
.assertEquals(posix_acl
.acl
[11].a_perm
, 5)
616 self
.assertEquals(posix_acl
.acl
[11].info
.gid
, AU_gid
)
618 self
.assertEquals(posix_acl
.acl
[12].a_type
, smb_acl
.SMB_ACL_USER
)
619 self
.assertEquals(posix_acl
.acl
[12].a_perm
, 7)
620 self
.assertEquals(posix_acl
.acl
[12].info
.uid
, PA_gid
)
622 self
.assertEquals(posix_acl
.acl
[13].a_type
, smb_acl
.SMB_ACL_GROUP
)
623 self
.assertEquals(posix_acl
.acl
[13].a_perm
, 7)
624 self
.assertEquals(posix_acl
.acl
[13].info
.gid
, PA_gid
)
626 self
.assertEquals(posix_acl
.acl
[14].a_type
, smb_acl
.SMB_ACL_MASK
)
627 self
.assertEquals(posix_acl
.acl
[14].a_perm
, 7)
630 # check that it matches:
632 # user:root:rwx (selftest user actually)
644 def test_setntacl_policies_check_getposixacl(self
):
645 acl
= provision
.POLICIES_ACL
647 domsid
= passdb
.get_global_sam_sid()
648 setntacl(self
.lp
, self
.tempf
, acl
, str(domsid
), use_ntvfs
=False)
649 facl
= getntacl(self
.lp
, self
.tempf
)
650 self
.assertEquals(facl
.as_sddl(domsid
),acl
)
651 posix_acl
= smbd
.get_sys_acl(self
.tempf
, smb_acl
.SMB_ACL_TYPE_ACCESS
)
653 LA_sid
= security
.dom_sid(str(domsid
)+"-"+str(security
.DOMAIN_RID_ADMINISTRATOR
))
654 BA_sid
= security
.dom_sid(security
.SID_BUILTIN_ADMINISTRATORS
)
655 SO_sid
= security
.dom_sid(security
.SID_BUILTIN_SERVER_OPERATORS
)
656 SY_sid
= security
.dom_sid(security
.SID_NT_SYSTEM
)
657 AU_sid
= security
.dom_sid(security
.SID_NT_AUTHENTICATED_USERS
)
658 PA_sid
= security
.dom_sid(str(domsid
)+"-"+str(security
.DOMAIN_RID_POLICY_ADMINS
))
660 s4_passdb
= passdb
.PDB(self
.lp
.get("passdb backend"))
662 # These assertions correct for current plugin_s4_dc selftest
663 # configuration. When other environments have a broad range of
664 # groups mapped via passdb, we can relax some of these checks
665 (LA_uid
,LA_type
) = s4_passdb
.sid_to_id(LA_sid
)
666 self
.assertEquals(LA_type
, idmap
.ID_TYPE_UID
)
667 (BA_gid
,BA_type
) = s4_passdb
.sid_to_id(BA_sid
)
668 self
.assertEquals(BA_type
, idmap
.ID_TYPE_BOTH
)
669 (SO_gid
,SO_type
) = s4_passdb
.sid_to_id(SO_sid
)
670 self
.assertEquals(SO_type
, idmap
.ID_TYPE_BOTH
)
671 (SY_gid
,SY_type
) = s4_passdb
.sid_to_id(SY_sid
)
672 self
.assertEquals(SO_type
, idmap
.ID_TYPE_BOTH
)
673 (AU_gid
,AU_type
) = s4_passdb
.sid_to_id(AU_sid
)
674 self
.assertEquals(AU_type
, idmap
.ID_TYPE_BOTH
)
675 (PA_gid
,PA_type
) = s4_passdb
.sid_to_id(PA_sid
)
676 self
.assertEquals(PA_type
, idmap
.ID_TYPE_BOTH
)
678 self
.assertEquals(posix_acl
.count
, 15)
680 self
.assertEquals(posix_acl
.acl
[0].a_type
, smb_acl
.SMB_ACL_GROUP
)
681 self
.assertEquals(posix_acl
.acl
[0].a_perm
, 7)
682 self
.assertEquals(posix_acl
.acl
[0].info
.gid
, BA_gid
)
684 self
.assertEquals(posix_acl
.acl
[1].a_type
, smb_acl
.SMB_ACL_USER
)
685 self
.assertEquals(posix_acl
.acl
[1].a_perm
, 6)
686 self
.assertEquals(posix_acl
.acl
[1].info
.uid
, LA_uid
)
688 self
.assertEquals(posix_acl
.acl
[2].a_type
, smb_acl
.SMB_ACL_OTHER
)
689 self
.assertEquals(posix_acl
.acl
[2].a_perm
, 0)
691 self
.assertEquals(posix_acl
.acl
[3].a_type
, smb_acl
.SMB_ACL_USER_OBJ
)
692 self
.assertEquals(posix_acl
.acl
[3].a_perm
, 6)
694 self
.assertEquals(posix_acl
.acl
[4].a_type
, smb_acl
.SMB_ACL_USER
)
695 self
.assertEquals(posix_acl
.acl
[4].a_perm
, 7)
696 self
.assertEquals(posix_acl
.acl
[4].info
.uid
, BA_gid
)
698 self
.assertEquals(posix_acl
.acl
[5].a_type
, smb_acl
.SMB_ACL_GROUP_OBJ
)
699 self
.assertEquals(posix_acl
.acl
[5].a_perm
, 7)
701 self
.assertEquals(posix_acl
.acl
[6].a_type
, smb_acl
.SMB_ACL_USER
)
702 self
.assertEquals(posix_acl
.acl
[6].a_perm
, 5)
703 self
.assertEquals(posix_acl
.acl
[6].info
.uid
, SO_gid
)
705 self
.assertEquals(posix_acl
.acl
[7].a_type
, smb_acl
.SMB_ACL_GROUP
)
706 self
.assertEquals(posix_acl
.acl
[7].a_perm
, 5)
707 self
.assertEquals(posix_acl
.acl
[7].info
.gid
, SO_gid
)
709 self
.assertEquals(posix_acl
.acl
[8].a_type
, smb_acl
.SMB_ACL_USER
)
710 self
.assertEquals(posix_acl
.acl
[8].a_perm
, 7)
711 self
.assertEquals(posix_acl
.acl
[8].info
.uid
, SY_gid
)
713 self
.assertEquals(posix_acl
.acl
[9].a_type
, smb_acl
.SMB_ACL_GROUP
)
714 self
.assertEquals(posix_acl
.acl
[9].a_perm
, 7)
715 self
.assertEquals(posix_acl
.acl
[9].info
.gid
, SY_gid
)
717 self
.assertEquals(posix_acl
.acl
[10].a_type
, smb_acl
.SMB_ACL_USER
)
718 self
.assertEquals(posix_acl
.acl
[10].a_perm
, 5)
719 self
.assertEquals(posix_acl
.acl
[10].info
.uid
, AU_gid
)
721 self
.assertEquals(posix_acl
.acl
[11].a_type
, smb_acl
.SMB_ACL_GROUP
)
722 self
.assertEquals(posix_acl
.acl
[11].a_perm
, 5)
723 self
.assertEquals(posix_acl
.acl
[11].info
.gid
, AU_gid
)
725 self
.assertEquals(posix_acl
.acl
[12].a_type
, smb_acl
.SMB_ACL_USER
)
726 self
.assertEquals(posix_acl
.acl
[12].a_perm
, 7)
727 self
.assertEquals(posix_acl
.acl
[12].info
.uid
, PA_gid
)
729 self
.assertEquals(posix_acl
.acl
[13].a_type
, smb_acl
.SMB_ACL_GROUP
)
730 self
.assertEquals(posix_acl
.acl
[13].a_perm
, 7)
731 self
.assertEquals(posix_acl
.acl
[13].info
.gid
, PA_gid
)
733 self
.assertEquals(posix_acl
.acl
[14].a_type
, smb_acl
.SMB_ACL_MASK
)
734 self
.assertEquals(posix_acl
.acl
[14].a_perm
, 7)
737 # check that it matches:
739 # user:root:rwx (selftest user actually)
741 # group:Local Admins:rwx
750 # This is in this order in the NDR smb_acl (not re-orderded for display)
757 # uid: 0 (selftest user actually)
795 super(PosixAclMappingTests
, self
).setUp()
796 s3conf
= s3param
.get_context()
797 s3conf
.load(self
.get_loadparm().configfile
)
798 s3conf
.set("xattr_tdb:file", os
.path
.join(self
.tempdir
,"xattr.tdb"))
800 self
.tempf
= os
.path
.join(self
.tempdir
, "test")
801 open(self
.tempf
, 'w').write("empty")
804 smbd
.unlink(self
.tempf
)
805 os
.unlink(os
.path
.join(self
.tempdir
,"xattr.tdb"))
806 super(PosixAclMappingTests
, self
).tearDown()