1 # Unix SMB/CIFS implementation. Tests for NT and posix ACL manipulation
2 # Copyright (C) Matthieu Patou <mat@matws.net> 2009-2010
3 # Copyright (C) Andrew Bartlett 2012
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
19 """Tests for the Samba3 NT -> posix ACL layer"""
21 from samba
.ntacls
import setntacl
, getntacl
, checkset_backend
22 from samba
.dcerpc
import xattr
, security
, smb_acl
, idmap
23 from samba
.param
import LoadParm
24 from samba
.tests
import TestCaseInTempDir
25 from samba
import provision
28 from samba
.samba3
import smbd
, passdb
29 from samba
.samba3
import param
as s3param
31 # To print a posix ACL use:
32 # for entry in posix_acl.acl:
33 # print "a_type: %d" % entry.a_type
34 # print "a_perm: %o" % entry.a_perm
35 # if entry.a_type == smb_acl.SMB_ACL_USER:
36 # print "uid: %d" % entry.uid
37 # if entry.a_type == smb_acl.SMB_ACL_GROUP:
38 # print "gid: %d" % entry.gid
40 class PosixAclMappingTests(TestCaseInTempDir
):
42 def print_posix_acl(self
, posix_acl
):
44 for entry
in posix_acl
.acl
:
45 aclstr
+= "a_type: %d\n" % entry
.a_type
46 aclstr
+= "a_perm: %o\n" % entry
.a_perm
47 if entry
.a_type
== smb_acl
.SMB_ACL_USER
:
48 aclstr
+= "uid: %d\n" % entry
.info
.uid
49 if entry
.a_type
== smb_acl
.SMB_ACL_GROUP
:
50 aclstr
+= "gid: %d\n" % entry
.info
.gid
53 def test_setntacl(self
):
54 acl
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
55 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=False)
57 def test_setntacl_smbd_getntacl(self
):
58 acl
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
59 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=True)
60 facl
= getntacl(self
.lp
, self
.tempf
, direct_db_access
=True)
61 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
62 self
.assertEquals(facl
.as_sddl(anysid
),acl
)
64 def test_setntacl_smbd_setposixacl_getntacl(self
):
65 acl
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
66 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=True)
68 # This will invalidate the ACL, as we have a hook!
69 smbd
.set_simple_acl(self
.tempf
, 0640)
71 # However, this only asks the xattr
73 facl
= getntacl(self
.lp
, self
.tempf
, direct_db_access
=True)
74 self
.assertTrue(False)
78 def test_setntacl_invalidate_getntacl(self
):
79 acl
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
80 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=True)
82 # This should invalidate the ACL, as we include the posix ACL in the hash
83 (backend_obj
, dbname
) = checkset_backend(self
.lp
, None, None)
84 backend_obj
.wrap_setxattr(dbname
,
85 self
.tempf
, "system.fake_access_acl", "")
87 #however, as this is direct DB access, we do not notice it
88 facl
= getntacl(self
.lp
, self
.tempf
, direct_db_access
=True)
89 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
90 self
.assertEquals(acl
, facl
.as_sddl(anysid
))
92 def test_setntacl_invalidate_getntacl_smbd(self
):
93 acl
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
94 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=False)
96 # This should invalidate the ACL, as we include the posix ACL in the hash
97 (backend_obj
, dbname
) = checkset_backend(self
.lp
, None, None)
98 backend_obj
.wrap_setxattr(dbname
,
99 self
.tempf
, "system.fake_access_acl", "")
101 #the hash would break, and we return an ACL based only on the mode, except we set the ACL using the 'ntvfs' mode that doesn't include a hash
102 facl
= getntacl(self
.lp
, self
.tempf
)
103 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
104 self
.assertEquals(acl
, facl
.as_sddl(anysid
))
106 def test_setntacl_smbd_invalidate_getntacl_smbd(self
):
107 acl
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
108 simple_acl_from_posix
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x001200a9;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
109 os
.chmod(self
.tempf
, 0750)
110 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=False)
112 # This should invalidate the ACL, as we include the posix ACL in the hash
113 (backend_obj
, dbname
) = checkset_backend(self
.lp
, None, None)
114 backend_obj
.wrap_setxattr(dbname
,
115 self
.tempf
, "system.fake_access_acl", "")
117 #the hash will break, and we return an ACL based only on the mode
118 facl
= getntacl(self
.lp
, self
.tempf
, direct_db_access
=False)
119 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
120 self
.assertEquals(simple_acl_from_posix
, facl
.as_sddl(anysid
))
122 def test_setntacl_smbd_dont_invalidate_getntacl_smbd(self
):
123 # set an ACL on a tempfile
124 acl
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
125 os
.chmod(self
.tempf
, 0750)
126 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=False)
128 # now influence the POSIX ACL->SD mapping it returns something else than
129 # what was set previously
130 # this should not invalidate the hash and the complete ACL should still
132 self
.lp
.set("profile acls", "yes")
133 # we should still get back the ACL (and not one mapped from POSIX ACL)
134 facl
= getntacl(self
.lp
, self
.tempf
, direct_db_access
=False)
135 self
.lp
.set("profile acls", "no")
136 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
137 self
.assertEquals(acl
, facl
.as_sddl(anysid
))
139 def test_setntacl_getntacl_smbd(self
):
140 acl
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
141 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=True)
142 facl
= getntacl(self
.lp
, self
.tempf
, direct_db_access
=False)
143 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
144 self
.assertEquals(facl
.as_sddl(anysid
),acl
)
146 def test_setntacl_smbd_getntacl_smbd(self
):
147 acl
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
148 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=False)
149 facl
= getntacl(self
.lp
, self
.tempf
, direct_db_access
=False)
150 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
151 self
.assertEquals(facl
.as_sddl(anysid
),acl
)
153 def test_setntacl_smbd_setposixacl_getntacl_smbd(self
):
154 acl
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
155 simple_acl_from_posix
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x00120089;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
156 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=False)
157 # This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
158 smbd
.set_simple_acl(self
.tempf
, 0640)
159 facl
= getntacl(self
.lp
, self
.tempf
, direct_db_access
=False)
160 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
161 self
.assertEquals(simple_acl_from_posix
, facl
.as_sddl(anysid
))
163 def test_setntacl_smbd_setposixacl_group_getntacl_smbd(self
):
164 acl
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
165 BA_sid
= security
.dom_sid(security
.SID_BUILTIN_ADMINISTRATORS
)
166 simple_acl_from_posix
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x00120089;;;BA)(A;;0x00120089;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
167 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=False)
168 # This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
169 s4_passdb
= passdb
.PDB(self
.lp
.get("passdb backend"))
170 (BA_gid
,BA_type
) = s4_passdb
.sid_to_id(BA_sid
)
171 smbd
.set_simple_acl(self
.tempf
, 0640, BA_gid
)
173 # This should re-calculate an ACL based on the posix details
174 facl
= getntacl(self
.lp
,self
.tempf
, direct_db_access
=False)
175 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
176 self
.assertEquals(simple_acl_from_posix
, facl
.as_sddl(anysid
))
178 def test_setntacl_smbd_getntacl_smbd_gpo(self
):
179 acl
= "O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
180 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=False)
181 facl
= getntacl(self
.lp
, self
.tempf
, direct_db_access
=False)
182 domsid
= security
.dom_sid("S-1-5-21-2212615479-2695158682-2101375467")
183 self
.assertEquals(facl
.as_sddl(domsid
),acl
)
185 def test_setntacl_getposixacl(self
):
186 acl
= "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
187 setntacl(self
.lp
, self
.tempf
, acl
, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs
=False)
188 facl
= getntacl(self
.lp
, self
.tempf
)
189 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
190 self
.assertEquals(facl
.as_sddl(anysid
),acl
)
191 posix_acl
= smbd
.get_sys_acl(self
.tempf
, smb_acl
.SMB_ACL_TYPE_ACCESS
)
193 def test_setposixacl_getposixacl(self
):
194 smbd
.set_simple_acl(self
.tempf
, 0640)
195 posix_acl
= smbd
.get_sys_acl(self
.tempf
, smb_acl
.SMB_ACL_TYPE_ACCESS
)
196 self
.assertEquals(posix_acl
.count
, 4, self
.print_posix_acl(posix_acl
))
198 self
.assertEquals(posix_acl
.acl
[0].a_type
, smb_acl
.SMB_ACL_USER_OBJ
)
199 self
.assertEquals(posix_acl
.acl
[0].a_perm
, 6)
201 self
.assertEquals(posix_acl
.acl
[1].a_type
, smb_acl
.SMB_ACL_GROUP_OBJ
)
202 self
.assertEquals(posix_acl
.acl
[1].a_perm
, 4)
204 self
.assertEquals(posix_acl
.acl
[2].a_type
, smb_acl
.SMB_ACL_OTHER
)
205 self
.assertEquals(posix_acl
.acl
[2].a_perm
, 0)
207 self
.assertEquals(posix_acl
.acl
[3].a_type
, smb_acl
.SMB_ACL_MASK
)
208 self
.assertEquals(posix_acl
.acl
[3].a_perm
, 6)
210 def test_setposixacl_getntacl(self
):
212 smbd
.set_simple_acl(self
.tempf
, 0750)
214 facl
= getntacl(self
.lp
, self
.tempf
)
215 self
.assertTrue(False)
217 # We don't expect the xattr to be filled in in this case
220 def test_setposixacl_getntacl_smbd(self
):
221 s4_passdb
= passdb
.PDB(self
.lp
.get("passdb backend"))
222 group_SID
= s4_passdb
.gid_to_sid(os
.stat(self
.tempf
).st_gid
)
223 user_SID
= s4_passdb
.uid_to_sid(os
.stat(self
.tempf
).st_uid
)
224 smbd
.set_simple_acl(self
.tempf
, 0640)
225 facl
= getntacl(self
.lp
, self
.tempf
, direct_db_access
=False)
226 acl
= "O:%sG:%sD:(A;;0x001f019f;;;%s)(A;;0x00120089;;;%s)(A;;;;;WD)" % (user_SID
, group_SID
, user_SID
, group_SID
)
227 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
228 self
.assertEquals(acl
, facl
.as_sddl(anysid
))
230 def test_setposixacl_dir_getntacl_smbd(self
):
231 s4_passdb
= passdb
.PDB(self
.lp
.get("passdb backend"))
232 user_SID
= s4_passdb
.uid_to_sid(os
.stat(self
.tempdir
).st_uid
)
233 BA_sid
= security
.dom_sid(security
.SID_BUILTIN_ADMINISTRATORS
)
234 s4_passdb
= passdb
.PDB(self
.lp
.get("passdb backend"))
235 (BA_id
,BA_type
) = s4_passdb
.sid_to_id(BA_sid
)
236 self
.assertEquals(BA_type
, idmap
.ID_TYPE_BOTH
)
237 SO_sid
= security
.dom_sid(security
.SID_BUILTIN_SERVER_OPERATORS
)
238 (SO_id
,SO_type
) = s4_passdb
.sid_to_id(SO_sid
)
239 self
.assertEquals(SO_type
, idmap
.ID_TYPE_BOTH
)
240 smbd
.chown(self
.tempdir
, BA_id
, SO_id
)
241 smbd
.set_simple_acl(self
.tempdir
, 0750)
242 facl
= getntacl(self
.lp
, self
.tempdir
, direct_db_access
=False)
243 acl
= "O:BAG:SOD:(A;;0x001f01ff;;;BA)(A;;0x001200a9;;;SO)(A;;;;;WD)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;0x001200a9;;;CG)(A;OICIIO;0x001200a9;;;WD)"
245 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
246 self
.assertEquals(acl
, facl
.as_sddl(anysid
))
248 def test_setposixacl_group_getntacl_smbd(self
):
249 BA_sid
= security
.dom_sid(security
.SID_BUILTIN_ADMINISTRATORS
)
250 s4_passdb
= passdb
.PDB(self
.lp
.get("passdb backend"))
251 (BA_gid
,BA_type
) = s4_passdb
.sid_to_id(BA_sid
)
252 group_SID
= s4_passdb
.gid_to_sid(os
.stat(self
.tempf
).st_gid
)
253 user_SID
= s4_passdb
.uid_to_sid(os
.stat(self
.tempf
).st_uid
)
254 self
.assertEquals(BA_type
, idmap
.ID_TYPE_BOTH
)
255 smbd
.set_simple_acl(self
.tempf
, 0640, BA_gid
)
256 facl
= getntacl(self
.lp
, self
.tempf
, direct_db_access
=False)
257 domsid
= passdb
.get_global_sam_sid()
258 acl
= "O:%sG:%sD:(A;;0x001f019f;;;%s)(A;;0x00120089;;;BA)(A;;0x00120089;;;%s)(A;;;;;WD)" % (user_SID
, group_SID
, user_SID
, group_SID
)
259 anysid
= security
.dom_sid(security
.SID_NT_SELF
)
260 self
.assertEquals(acl
, facl
.as_sddl(anysid
))
262 def test_setposixacl_getposixacl(self
):
263 smbd
.set_simple_acl(self
.tempf
, 0640)
264 posix_acl
= smbd
.get_sys_acl(self
.tempf
, smb_acl
.SMB_ACL_TYPE_ACCESS
)
265 self
.assertEquals(posix_acl
.count
, 4, self
.print_posix_acl(posix_acl
))
267 self
.assertEquals(posix_acl
.acl
[0].a_type
, smb_acl
.SMB_ACL_USER_OBJ
)
268 self
.assertEquals(posix_acl
.acl
[0].a_perm
, 6)
270 self
.assertEquals(posix_acl
.acl
[1].a_type
, smb_acl
.SMB_ACL_GROUP_OBJ
)
271 self
.assertEquals(posix_acl
.acl
[1].a_perm
, 4)
273 self
.assertEquals(posix_acl
.acl
[2].a_type
, smb_acl
.SMB_ACL_OTHER
)
274 self
.assertEquals(posix_acl
.acl
[2].a_perm
, 0)
276 self
.assertEquals(posix_acl
.acl
[3].a_type
, smb_acl
.SMB_ACL_MASK
)
277 self
.assertEquals(posix_acl
.acl
[3].a_perm
, 7)
279 def test_setposixacl_dir_getposixacl(self
):
280 smbd
.set_simple_acl(self
.tempdir
, 0750)
281 posix_acl
= smbd
.get_sys_acl(self
.tempdir
, smb_acl
.SMB_ACL_TYPE_ACCESS
)
282 self
.assertEquals(posix_acl
.count
, 4, self
.print_posix_acl(posix_acl
))
284 self
.assertEquals(posix_acl
.acl
[0].a_type
, smb_acl
.SMB_ACL_USER_OBJ
)
285 self
.assertEquals(posix_acl
.acl
[0].a_perm
, 7)
287 self
.assertEquals(posix_acl
.acl
[1].a_type
, smb_acl
.SMB_ACL_GROUP_OBJ
)
288 self
.assertEquals(posix_acl
.acl
[1].a_perm
, 5)
290 self
.assertEquals(posix_acl
.acl
[2].a_type
, smb_acl
.SMB_ACL_OTHER
)
291 self
.assertEquals(posix_acl
.acl
[2].a_perm
, 0)
293 self
.assertEquals(posix_acl
.acl
[3].a_type
, smb_acl
.SMB_ACL_MASK
)
294 self
.assertEquals(posix_acl
.acl
[3].a_perm
, 7)
296 def test_setposixacl_group_getposixacl(self
):
297 BA_sid
= security
.dom_sid(security
.SID_BUILTIN_ADMINISTRATORS
)
298 s4_passdb
= passdb
.PDB(self
.lp
.get("passdb backend"))
299 (BA_gid
,BA_type
) = s4_passdb
.sid_to_id(BA_sid
)
300 self
.assertEquals(BA_type
, idmap
.ID_TYPE_BOTH
)
301 smbd
.set_simple_acl(self
.tempf
, 0670, BA_gid
)
302 posix_acl
= smbd
.get_sys_acl(self
.tempf
, smb_acl
.SMB_ACL_TYPE_ACCESS
)
304 self
.assertEquals(posix_acl
.count
, 5, self
.print_posix_acl(posix_acl
))
306 self
.assertEquals(posix_acl
.acl
[0].a_type
, smb_acl
.SMB_ACL_USER_OBJ
)
307 self
.assertEquals(posix_acl
.acl
[0].a_perm
, 6)
309 self
.assertEquals(posix_acl
.acl
[1].a_type
, smb_acl
.SMB_ACL_GROUP_OBJ
)
310 self
.assertEquals(posix_acl
.acl
[1].a_perm
, 7)
312 self
.assertEquals(posix_acl
.acl
[2].a_type
, smb_acl
.SMB_ACL_OTHER
)
313 self
.assertEquals(posix_acl
.acl
[2].a_perm
, 0)
315 self
.assertEquals(posix_acl
.acl
[3].a_type
, smb_acl
.SMB_ACL_GROUP
)
316 self
.assertEquals(posix_acl
.acl
[3].a_perm
, 7)
317 self
.assertEquals(posix_acl
.acl
[3].info
.gid
, BA_gid
)
319 self
.assertEquals(posix_acl
.acl
[4].a_type
, smb_acl
.SMB_ACL_MASK
)
320 self
.assertEquals(posix_acl
.acl
[4].a_perm
, 7)
322 def test_setntacl_sysvol_check_getposixacl(self
):
323 acl
= provision
.SYSVOL_ACL
324 domsid
= passdb
.get_global_sam_sid()
325 setntacl(self
.lp
, self
.tempf
,acl
,str(domsid
), use_ntvfs
=False)
326 facl
= getntacl(self
.lp
, self
.tempf
)
327 self
.assertEquals(facl
.as_sddl(domsid
),acl
)
328 posix_acl
= smbd
.get_sys_acl(self
.tempf
, smb_acl
.SMB_ACL_TYPE_ACCESS
)
330 nwrap_module_so_path
= os
.getenv('NSS_WRAPPER_MODULE_SO_PATH')
331 nwrap_module_fn_prefix
= os
.getenv('NSS_WRAPPER_MODULE_FN_PREFIX')
333 nwrap_winbind_active
= (nwrap_module_so_path
!= "" and
334 nwrap_module_fn_prefix
== "winbind")
336 LA_sid
= security
.dom_sid(str(domsid
)+"-"+str(security
.DOMAIN_RID_ADMINISTRATOR
))
337 BA_sid
= security
.dom_sid(security
.SID_BUILTIN_ADMINISTRATORS
)
338 SO_sid
= security
.dom_sid(security
.SID_BUILTIN_SERVER_OPERATORS
)
339 SY_sid
= security
.dom_sid(security
.SID_NT_SYSTEM
)
340 AU_sid
= security
.dom_sid(security
.SID_NT_AUTHENTICATED_USERS
)
342 s4_passdb
= passdb
.PDB(self
.lp
.get("passdb backend"))
344 # These assertions correct for current ad_dc selftest
345 # configuration. When other environments have a broad range of
346 # groups mapped via passdb, we can relax some of these checks
347 (LA_uid
,LA_type
) = s4_passdb
.sid_to_id(LA_sid
)
348 self
.assertEquals(LA_type
, idmap
.ID_TYPE_UID
)
349 (BA_gid
,BA_type
) = s4_passdb
.sid_to_id(BA_sid
)
350 self
.assertEquals(BA_type
, idmap
.ID_TYPE_BOTH
)
351 (SO_gid
,SO_type
) = s4_passdb
.sid_to_id(SO_sid
)
352 self
.assertEquals(SO_type
, idmap
.ID_TYPE_BOTH
)
353 (SY_gid
,SY_type
) = s4_passdb
.sid_to_id(SY_sid
)
354 self
.assertEquals(SO_type
, idmap
.ID_TYPE_BOTH
)
355 (AU_gid
,AU_type
) = s4_passdb
.sid_to_id(AU_sid
)
356 self
.assertEquals(AU_type
, idmap
.ID_TYPE_BOTH
)
358 self
.assertEquals(posix_acl
.count
, 13, self
.print_posix_acl(posix_acl
))
360 self
.assertEquals(posix_acl
.acl
[0].a_type
, smb_acl
.SMB_ACL_GROUP
)
361 self
.assertEquals(posix_acl
.acl
[0].a_perm
, 7)
362 self
.assertEquals(posix_acl
.acl
[0].info
.gid
, BA_gid
)
364 self
.assertEquals(posix_acl
.acl
[1].a_type
, smb_acl
.SMB_ACL_USER
)
365 if nwrap_winbind_active
:
366 self
.assertEquals(posix_acl
.acl
[1].a_perm
, 7)
368 self
.assertEquals(posix_acl
.acl
[1].a_perm
, 6)
369 self
.assertEquals(posix_acl
.acl
[1].info
.uid
, LA_uid
)
371 self
.assertEquals(posix_acl
.acl
[2].a_type
, smb_acl
.SMB_ACL_OTHER
)
372 self
.assertEquals(posix_acl
.acl
[2].a_perm
, 0)
374 self
.assertEquals(posix_acl
.acl
[3].a_type
, smb_acl
.SMB_ACL_USER_OBJ
)
375 if nwrap_winbind_active
:
376 self
.assertEquals(posix_acl
.acl
[3].a_perm
, 7)
378 self
.assertEquals(posix_acl
.acl
[3].a_perm
, 6)
380 self
.assertEquals(posix_acl
.acl
[4].a_type
, smb_acl
.SMB_ACL_USER
)
381 self
.assertEquals(posix_acl
.acl
[4].a_perm
, 7)
382 self
.assertEquals(posix_acl
.acl
[4].info
.uid
, BA_gid
)
384 self
.assertEquals(posix_acl
.acl
[5].a_type
, smb_acl
.SMB_ACL_GROUP_OBJ
)
385 self
.assertEquals(posix_acl
.acl
[5].a_perm
, 7)
387 self
.assertEquals(posix_acl
.acl
[6].a_type
, smb_acl
.SMB_ACL_USER
)
388 self
.assertEquals(posix_acl
.acl
[6].a_perm
, 5)
389 self
.assertEquals(posix_acl
.acl
[6].info
.uid
, SO_gid
)
391 self
.assertEquals(posix_acl
.acl
[7].a_type
, smb_acl
.SMB_ACL_GROUP
)
392 self
.assertEquals(posix_acl
.acl
[7].a_perm
, 5)
393 self
.assertEquals(posix_acl
.acl
[7].info
.gid
, SO_gid
)
395 self
.assertEquals(posix_acl
.acl
[8].a_type
, smb_acl
.SMB_ACL_USER
)
396 self
.assertEquals(posix_acl
.acl
[8].a_perm
, 7)
397 self
.assertEquals(posix_acl
.acl
[8].info
.uid
, SY_gid
)
399 self
.assertEquals(posix_acl
.acl
[9].a_type
, smb_acl
.SMB_ACL_GROUP
)
400 self
.assertEquals(posix_acl
.acl
[9].a_perm
, 7)
401 self
.assertEquals(posix_acl
.acl
[9].info
.gid
, SY_gid
)
403 self
.assertEquals(posix_acl
.acl
[10].a_type
, smb_acl
.SMB_ACL_USER
)
404 self
.assertEquals(posix_acl
.acl
[10].a_perm
, 5)
405 self
.assertEquals(posix_acl
.acl
[10].info
.uid
, AU_gid
)
407 self
.assertEquals(posix_acl
.acl
[11].a_type
, smb_acl
.SMB_ACL_GROUP
)
408 self
.assertEquals(posix_acl
.acl
[11].a_perm
, 5)
409 self
.assertEquals(posix_acl
.acl
[11].info
.gid
, AU_gid
)
411 self
.assertEquals(posix_acl
.acl
[12].a_type
, smb_acl
.SMB_ACL_MASK
)
412 self
.assertEquals(posix_acl
.acl
[12].a_perm
, 7)
415 # check that it matches:
417 # user:root:rwx (selftest user actually)
419 # group:Local Admins:rwx
427 # This is in this order in the NDR smb_acl (not re-orderded for display)
434 # uid: 0 (selftest user actually)
468 def test_setntacl_sysvol_dir_check_getposixacl(self
):
469 acl
= provision
.SYSVOL_ACL
470 domsid
= passdb
.get_global_sam_sid()
471 setntacl(self
.lp
, self
.tempdir
,acl
,str(domsid
), use_ntvfs
=False)
472 facl
= getntacl(self
.lp
, self
.tempdir
)
473 self
.assertEquals(facl
.as_sddl(domsid
),acl
)
474 posix_acl
= smbd
.get_sys_acl(self
.tempdir
, smb_acl
.SMB_ACL_TYPE_ACCESS
)
476 LA_sid
= security
.dom_sid(str(domsid
)+"-"+str(security
.DOMAIN_RID_ADMINISTRATOR
))
477 BA_sid
= security
.dom_sid(security
.SID_BUILTIN_ADMINISTRATORS
)
478 SO_sid
= security
.dom_sid(security
.SID_BUILTIN_SERVER_OPERATORS
)
479 SY_sid
= security
.dom_sid(security
.SID_NT_SYSTEM
)
480 AU_sid
= security
.dom_sid(security
.SID_NT_AUTHENTICATED_USERS
)
482 s4_passdb
= passdb
.PDB(self
.lp
.get("passdb backend"))
484 # These assertions correct for current ad_dc selftest
485 # configuration. When other environments have a broad range of
486 # groups mapped via passdb, we can relax some of these checks
487 (LA_uid
,LA_type
) = s4_passdb
.sid_to_id(LA_sid
)
488 self
.assertEquals(LA_type
, idmap
.ID_TYPE_UID
)
489 (BA_gid
,BA_type
) = s4_passdb
.sid_to_id(BA_sid
)
490 self
.assertEquals(BA_type
, idmap
.ID_TYPE_BOTH
)
491 (SO_gid
,SO_type
) = s4_passdb
.sid_to_id(SO_sid
)
492 self
.assertEquals(SO_type
, idmap
.ID_TYPE_BOTH
)
493 (SY_gid
,SY_type
) = s4_passdb
.sid_to_id(SY_sid
)
494 self
.assertEquals(SO_type
, idmap
.ID_TYPE_BOTH
)
495 (AU_gid
,AU_type
) = s4_passdb
.sid_to_id(AU_sid
)
496 self
.assertEquals(AU_type
, idmap
.ID_TYPE_BOTH
)
498 self
.assertEquals(posix_acl
.count
, 13, self
.print_posix_acl(posix_acl
))
500 self
.assertEquals(posix_acl
.acl
[0].a_type
, smb_acl
.SMB_ACL_GROUP
)
501 self
.assertEquals(posix_acl
.acl
[0].a_perm
, 7)
502 self
.assertEquals(posix_acl
.acl
[0].info
.gid
, BA_gid
)
504 self
.assertEquals(posix_acl
.acl
[1].a_type
, smb_acl
.SMB_ACL_USER
)
505 self
.assertEquals(posix_acl
.acl
[1].a_perm
, 7)
506 self
.assertEquals(posix_acl
.acl
[1].info
.uid
, LA_uid
)
508 self
.assertEquals(posix_acl
.acl
[2].a_type
, smb_acl
.SMB_ACL_OTHER
)
509 self
.assertEquals(posix_acl
.acl
[2].a_perm
, 0)
511 self
.assertEquals(posix_acl
.acl
[3].a_type
, smb_acl
.SMB_ACL_USER_OBJ
)
512 self
.assertEquals(posix_acl
.acl
[3].a_perm
, 7)
514 self
.assertEquals(posix_acl
.acl
[4].a_type
, smb_acl
.SMB_ACL_USER
)
515 self
.assertEquals(posix_acl
.acl
[4].a_perm
, 7)
516 self
.assertEquals(posix_acl
.acl
[4].info
.uid
, BA_gid
)
518 self
.assertEquals(posix_acl
.acl
[5].a_type
, smb_acl
.SMB_ACL_GROUP_OBJ
)
519 self
.assertEquals(posix_acl
.acl
[5].a_perm
, 7)
521 self
.assertEquals(posix_acl
.acl
[6].a_type
, smb_acl
.SMB_ACL_USER
)
522 self
.assertEquals(posix_acl
.acl
[6].a_perm
, 5)
523 self
.assertEquals(posix_acl
.acl
[6].info
.uid
, SO_gid
)
525 self
.assertEquals(posix_acl
.acl
[7].a_type
, smb_acl
.SMB_ACL_GROUP
)
526 self
.assertEquals(posix_acl
.acl
[7].a_perm
, 5)
527 self
.assertEquals(posix_acl
.acl
[7].info
.gid
, SO_gid
)
529 self
.assertEquals(posix_acl
.acl
[8].a_type
, smb_acl
.SMB_ACL_USER
)
530 self
.assertEquals(posix_acl
.acl
[8].a_perm
, 7)
531 self
.assertEquals(posix_acl
.acl
[8].info
.uid
, SY_gid
)
533 self
.assertEquals(posix_acl
.acl
[9].a_type
, smb_acl
.SMB_ACL_GROUP
)
534 self
.assertEquals(posix_acl
.acl
[9].a_perm
, 7)
535 self
.assertEquals(posix_acl
.acl
[9].info
.gid
, SY_gid
)
537 self
.assertEquals(posix_acl
.acl
[10].a_type
, smb_acl
.SMB_ACL_USER
)
538 self
.assertEquals(posix_acl
.acl
[10].a_perm
, 5)
539 self
.assertEquals(posix_acl
.acl
[10].info
.uid
, AU_gid
)
541 self
.assertEquals(posix_acl
.acl
[11].a_type
, smb_acl
.SMB_ACL_GROUP
)
542 self
.assertEquals(posix_acl
.acl
[11].a_perm
, 5)
543 self
.assertEquals(posix_acl
.acl
[11].info
.gid
, AU_gid
)
545 self
.assertEquals(posix_acl
.acl
[12].a_type
, smb_acl
.SMB_ACL_MASK
)
546 self
.assertEquals(posix_acl
.acl
[12].a_perm
, 7)
549 # check that it matches:
551 # user:root:rwx (selftest user actually)
561 def test_setntacl_policies_dir_check_getposixacl(self
):
562 acl
= provision
.POLICIES_ACL
563 domsid
= passdb
.get_global_sam_sid()
564 setntacl(self
.lp
, self
.tempdir
,acl
,str(domsid
), use_ntvfs
=False)
565 facl
= getntacl(self
.lp
, self
.tempdir
)
566 self
.assertEquals(facl
.as_sddl(domsid
),acl
)
567 posix_acl
= smbd
.get_sys_acl(self
.tempdir
, smb_acl
.SMB_ACL_TYPE_ACCESS
)
569 LA_sid
= security
.dom_sid(str(domsid
)+"-"+str(security
.DOMAIN_RID_ADMINISTRATOR
))
570 BA_sid
= security
.dom_sid(security
.SID_BUILTIN_ADMINISTRATORS
)
571 SO_sid
= security
.dom_sid(security
.SID_BUILTIN_SERVER_OPERATORS
)
572 SY_sid
= security
.dom_sid(security
.SID_NT_SYSTEM
)
573 AU_sid
= security
.dom_sid(security
.SID_NT_AUTHENTICATED_USERS
)
574 PA_sid
= security
.dom_sid(str(domsid
)+"-"+str(security
.DOMAIN_RID_POLICY_ADMINS
))
576 s4_passdb
= passdb
.PDB(self
.lp
.get("passdb backend"))
578 # These assertions correct for current ad_dc selftest
579 # configuration. When other environments have a broad range of
580 # groups mapped via passdb, we can relax some of these checks
581 (LA_uid
,LA_type
) = s4_passdb
.sid_to_id(LA_sid
)
582 self
.assertEquals(LA_type
, idmap
.ID_TYPE_UID
)
583 (BA_gid
,BA_type
) = s4_passdb
.sid_to_id(BA_sid
)
584 self
.assertEquals(BA_type
, idmap
.ID_TYPE_BOTH
)
585 (SO_gid
,SO_type
) = s4_passdb
.sid_to_id(SO_sid
)
586 self
.assertEquals(SO_type
, idmap
.ID_TYPE_BOTH
)
587 (SY_gid
,SY_type
) = s4_passdb
.sid_to_id(SY_sid
)
588 self
.assertEquals(SO_type
, idmap
.ID_TYPE_BOTH
)
589 (AU_gid
,AU_type
) = s4_passdb
.sid_to_id(AU_sid
)
590 self
.assertEquals(AU_type
, idmap
.ID_TYPE_BOTH
)
591 (PA_gid
,PA_type
) = s4_passdb
.sid_to_id(PA_sid
)
592 self
.assertEquals(PA_type
, idmap
.ID_TYPE_BOTH
)
594 self
.assertEquals(posix_acl
.count
, 15, self
.print_posix_acl(posix_acl
))
596 self
.assertEquals(posix_acl
.acl
[0].a_type
, smb_acl
.SMB_ACL_GROUP
)
597 self
.assertEquals(posix_acl
.acl
[0].a_perm
, 7)
598 self
.assertEquals(posix_acl
.acl
[0].info
.gid
, BA_gid
)
600 self
.assertEquals(posix_acl
.acl
[1].a_type
, smb_acl
.SMB_ACL_USER
)
601 self
.assertEquals(posix_acl
.acl
[1].a_perm
, 7)
602 self
.assertEquals(posix_acl
.acl
[1].info
.uid
, LA_uid
)
604 self
.assertEquals(posix_acl
.acl
[2].a_type
, smb_acl
.SMB_ACL_OTHER
)
605 self
.assertEquals(posix_acl
.acl
[2].a_perm
, 0)
607 self
.assertEquals(posix_acl
.acl
[3].a_type
, smb_acl
.SMB_ACL_USER_OBJ
)
608 self
.assertEquals(posix_acl
.acl
[3].a_perm
, 7)
610 self
.assertEquals(posix_acl
.acl
[4].a_type
, smb_acl
.SMB_ACL_USER
)
611 self
.assertEquals(posix_acl
.acl
[4].a_perm
, 7)
612 self
.assertEquals(posix_acl
.acl
[4].info
.uid
, BA_gid
)
614 self
.assertEquals(posix_acl
.acl
[5].a_type
, smb_acl
.SMB_ACL_GROUP_OBJ
)
615 self
.assertEquals(posix_acl
.acl
[5].a_perm
, 7)
617 self
.assertEquals(posix_acl
.acl
[6].a_type
, smb_acl
.SMB_ACL_USER
)
618 self
.assertEquals(posix_acl
.acl
[6].a_perm
, 5)
619 self
.assertEquals(posix_acl
.acl
[6].info
.uid
, SO_gid
)
621 self
.assertEquals(posix_acl
.acl
[7].a_type
, smb_acl
.SMB_ACL_GROUP
)
622 self
.assertEquals(posix_acl
.acl
[7].a_perm
, 5)
623 self
.assertEquals(posix_acl
.acl
[7].info
.gid
, SO_gid
)
625 self
.assertEquals(posix_acl
.acl
[8].a_type
, smb_acl
.SMB_ACL_USER
)
626 self
.assertEquals(posix_acl
.acl
[8].a_perm
, 7)
627 self
.assertEquals(posix_acl
.acl
[8].info
.uid
, SY_gid
)
629 self
.assertEquals(posix_acl
.acl
[9].a_type
, smb_acl
.SMB_ACL_GROUP
)
630 self
.assertEquals(posix_acl
.acl
[9].a_perm
, 7)
631 self
.assertEquals(posix_acl
.acl
[9].info
.gid
, SY_gid
)
633 self
.assertEquals(posix_acl
.acl
[10].a_type
, smb_acl
.SMB_ACL_USER
)
634 self
.assertEquals(posix_acl
.acl
[10].a_perm
, 5)
635 self
.assertEquals(posix_acl
.acl
[10].info
.uid
, AU_gid
)
637 self
.assertEquals(posix_acl
.acl
[11].a_type
, smb_acl
.SMB_ACL_GROUP
)
638 self
.assertEquals(posix_acl
.acl
[11].a_perm
, 5)
639 self
.assertEquals(posix_acl
.acl
[11].info
.gid
, AU_gid
)
641 self
.assertEquals(posix_acl
.acl
[12].a_type
, smb_acl
.SMB_ACL_USER
)
642 self
.assertEquals(posix_acl
.acl
[12].a_perm
, 7)
643 self
.assertEquals(posix_acl
.acl
[12].info
.uid
, PA_gid
)
645 self
.assertEquals(posix_acl
.acl
[13].a_type
, smb_acl
.SMB_ACL_GROUP
)
646 self
.assertEquals(posix_acl
.acl
[13].a_perm
, 7)
647 self
.assertEquals(posix_acl
.acl
[13].info
.gid
, PA_gid
)
649 self
.assertEquals(posix_acl
.acl
[14].a_type
, smb_acl
.SMB_ACL_MASK
)
650 self
.assertEquals(posix_acl
.acl
[14].a_perm
, 7)
653 # check that it matches:
655 # user:root:rwx (selftest user actually)
667 def test_setntacl_policies_check_getposixacl(self
):
668 acl
= provision
.POLICIES_ACL
670 domsid
= passdb
.get_global_sam_sid()
671 setntacl(self
.lp
, self
.tempf
, acl
, str(domsid
), use_ntvfs
=False)
672 facl
= getntacl(self
.lp
, self
.tempf
)
673 self
.assertEquals(facl
.as_sddl(domsid
),acl
)
674 posix_acl
= smbd
.get_sys_acl(self
.tempf
, smb_acl
.SMB_ACL_TYPE_ACCESS
)
676 nwrap_module_so_path
= os
.getenv('NSS_WRAPPER_MODULE_SO_PATH')
677 nwrap_module_fn_prefix
= os
.getenv('NSS_WRAPPER_MODULE_FN_PREFIX')
679 nwrap_winbind_active
= (nwrap_module_so_path
!= "" and
680 nwrap_module_fn_prefix
== "winbind")
682 LA_sid
= security
.dom_sid(str(domsid
)+"-"+str(security
.DOMAIN_RID_ADMINISTRATOR
))
683 BA_sid
= security
.dom_sid(security
.SID_BUILTIN_ADMINISTRATORS
)
684 SO_sid
= security
.dom_sid(security
.SID_BUILTIN_SERVER_OPERATORS
)
685 SY_sid
= security
.dom_sid(security
.SID_NT_SYSTEM
)
686 AU_sid
= security
.dom_sid(security
.SID_NT_AUTHENTICATED_USERS
)
687 PA_sid
= security
.dom_sid(str(domsid
)+"-"+str(security
.DOMAIN_RID_POLICY_ADMINS
))
689 s4_passdb
= passdb
.PDB(self
.lp
.get("passdb backend"))
691 # These assertions correct for current ad_dc selftest
692 # configuration. When other environments have a broad range of
693 # groups mapped via passdb, we can relax some of these checks
694 (LA_uid
,LA_type
) = s4_passdb
.sid_to_id(LA_sid
)
695 self
.assertEquals(LA_type
, idmap
.ID_TYPE_UID
)
696 (BA_gid
,BA_type
) = s4_passdb
.sid_to_id(BA_sid
)
697 self
.assertEquals(BA_type
, idmap
.ID_TYPE_BOTH
)
698 (SO_gid
,SO_type
) = s4_passdb
.sid_to_id(SO_sid
)
699 self
.assertEquals(SO_type
, idmap
.ID_TYPE_BOTH
)
700 (SY_gid
,SY_type
) = s4_passdb
.sid_to_id(SY_sid
)
701 self
.assertEquals(SO_type
, idmap
.ID_TYPE_BOTH
)
702 (AU_gid
,AU_type
) = s4_passdb
.sid_to_id(AU_sid
)
703 self
.assertEquals(AU_type
, idmap
.ID_TYPE_BOTH
)
704 (PA_gid
,PA_type
) = s4_passdb
.sid_to_id(PA_sid
)
705 self
.assertEquals(PA_type
, idmap
.ID_TYPE_BOTH
)
707 self
.assertEquals(posix_acl
.count
, 15, self
.print_posix_acl(posix_acl
))
709 self
.assertEquals(posix_acl
.acl
[0].a_type
, smb_acl
.SMB_ACL_GROUP
)
710 self
.assertEquals(posix_acl
.acl
[0].a_perm
, 7)
711 self
.assertEquals(posix_acl
.acl
[0].info
.gid
, BA_gid
)
713 self
.assertEquals(posix_acl
.acl
[1].a_type
, smb_acl
.SMB_ACL_USER
)
714 if nwrap_winbind_active
:
715 self
.assertEquals(posix_acl
.acl
[1].a_perm
, 7)
717 self
.assertEquals(posix_acl
.acl
[1].a_perm
, 6)
718 self
.assertEquals(posix_acl
.acl
[1].info
.uid
, LA_uid
)
720 self
.assertEquals(posix_acl
.acl
[2].a_type
, smb_acl
.SMB_ACL_OTHER
)
721 self
.assertEquals(posix_acl
.acl
[2].a_perm
, 0)
723 self
.assertEquals(posix_acl
.acl
[3].a_type
, smb_acl
.SMB_ACL_USER_OBJ
)
724 if nwrap_winbind_active
:
725 self
.assertEquals(posix_acl
.acl
[3].a_perm
, 7)
727 self
.assertEquals(posix_acl
.acl
[3].a_perm
, 6)
729 self
.assertEquals(posix_acl
.acl
[4].a_type
, smb_acl
.SMB_ACL_USER
)
730 self
.assertEquals(posix_acl
.acl
[4].a_perm
, 7)
731 self
.assertEquals(posix_acl
.acl
[4].info
.uid
, BA_gid
)
733 self
.assertEquals(posix_acl
.acl
[5].a_type
, smb_acl
.SMB_ACL_GROUP_OBJ
)
734 self
.assertEquals(posix_acl
.acl
[5].a_perm
, 7)
736 self
.assertEquals(posix_acl
.acl
[6].a_type
, smb_acl
.SMB_ACL_USER
)
737 self
.assertEquals(posix_acl
.acl
[6].a_perm
, 5)
738 self
.assertEquals(posix_acl
.acl
[6].info
.uid
, SO_gid
)
740 self
.assertEquals(posix_acl
.acl
[7].a_type
, smb_acl
.SMB_ACL_GROUP
)
741 self
.assertEquals(posix_acl
.acl
[7].a_perm
, 5)
742 self
.assertEquals(posix_acl
.acl
[7].info
.gid
, SO_gid
)
744 self
.assertEquals(posix_acl
.acl
[8].a_type
, smb_acl
.SMB_ACL_USER
)
745 self
.assertEquals(posix_acl
.acl
[8].a_perm
, 7)
746 self
.assertEquals(posix_acl
.acl
[8].info
.uid
, SY_gid
)
748 self
.assertEquals(posix_acl
.acl
[9].a_type
, smb_acl
.SMB_ACL_GROUP
)
749 self
.assertEquals(posix_acl
.acl
[9].a_perm
, 7)
750 self
.assertEquals(posix_acl
.acl
[9].info
.gid
, SY_gid
)
752 self
.assertEquals(posix_acl
.acl
[10].a_type
, smb_acl
.SMB_ACL_USER
)
753 self
.assertEquals(posix_acl
.acl
[10].a_perm
, 5)
754 self
.assertEquals(posix_acl
.acl
[10].info
.uid
, AU_gid
)
756 self
.assertEquals(posix_acl
.acl
[11].a_type
, smb_acl
.SMB_ACL_GROUP
)
757 self
.assertEquals(posix_acl
.acl
[11].a_perm
, 5)
758 self
.assertEquals(posix_acl
.acl
[11].info
.gid
, AU_gid
)
760 self
.assertEquals(posix_acl
.acl
[12].a_type
, smb_acl
.SMB_ACL_USER
)
761 self
.assertEquals(posix_acl
.acl
[12].a_perm
, 7)
762 self
.assertEquals(posix_acl
.acl
[12].info
.uid
, PA_gid
)
764 self
.assertEquals(posix_acl
.acl
[13].a_type
, smb_acl
.SMB_ACL_GROUP
)
765 self
.assertEquals(posix_acl
.acl
[13].a_perm
, 7)
766 self
.assertEquals(posix_acl
.acl
[13].info
.gid
, PA_gid
)
768 self
.assertEquals(posix_acl
.acl
[14].a_type
, smb_acl
.SMB_ACL_MASK
)
769 self
.assertEquals(posix_acl
.acl
[14].a_perm
, 7)
772 # check that it matches:
774 # user:root:rwx (selftest user actually)
776 # group:Local Admins:rwx
785 # This is in this order in the NDR smb_acl (not re-orderded for display)
792 # uid: 0 (selftest user actually)
830 super(PosixAclMappingTests
, self
).setUp()
831 s3conf
= s3param
.get_context()
832 s3conf
.load(self
.get_loadparm().configfile
)
833 s3conf
.set("xattr_tdb:file", os
.path
.join(self
.tempdir
,"xattr.tdb"))
835 self
.tempf
= os
.path
.join(self
.tempdir
, "test")
836 open(self
.tempf
, 'w').write("empty")
839 smbd
.unlink(self
.tempf
)
840 os
.unlink(os
.path
.join(self
.tempdir
,"xattr.tdb"))
841 super(PosixAclMappingTests
, self
).tearDown()