python/samba/tests/ntacls_backup.py

   1 # Unix SMB/CIFS implementation. Tests for ntacls manipulation
   2 # Copyright (C) Andrew Bartlett 2018
   3 # Copyright (C) Joe Guo <joeg@catalyst.net.nz> 2018
   4 #
   5 # This program is free software; you can redistribute it and/or modify
   6 # it under the terms of the GNU General Public License as published by
   7 # the Free Software Foundation; either version 3 of the License, or
   8 # (at your option) any later version.
   9 #
  10 # This program is distributed in the hope that it will be useful,
  11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13 # GNU General Public License for more details.
  14 #
  15 # You should have received a copy of the GNU General Public License
  16 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17 #
  18
  19 """Tests for samba ntacls backup"""
  20 import os
  21
  22 from samba.samba3 import libsmb_samba_internal as libsmb
  23 from samba.samba3 import smbd
  24 from samba import samdb
  25 from samba import ntacls
  26
  27 from samba.auth import system_session
  28 from samba.auth_util import system_session_unix
  29 from samba.dcerpc import security
  30 from samba.tests import env_loadparm
  31 from samba.tests.smbd_base import SmbdBaseTests
  32
  33
  34 class NtaclsBackupRestoreTests(SmbdBaseTests):
  35     """
  36     Tests for NTACLs backup and restore.
  37     """
  38
  39     def setUp(self):
  40         super().setUp()
  41
  42         self.server = os.environ["SERVER"]  # addc
  43         samdb_url = 'ldap://' + self.server
  44
  45         self.service = 'test1'  # service/share to test
  46         # root path for service
  47         self.service_root = os.path.join(
  48             os.environ["LOCAL_PATH"], self.service)
  49
  50         self.smb_conf_path = os.environ['SMB_CONF_PATH']
  51         self.creds = self.insta_creds(template=self.get_credentials())
  52
  53         self.samdb_conn = samdb.SamDB(
  54             url=samdb_url, session_info=system_session(),
  55             credentials=self.creds, lp=env_loadparm())
  56
  57         self.dom_sid = security.dom_sid(self.samdb_conn.get_domain_sid())
  58
  59         # helper will load conf into lp, that's how smbd can find services.
  60         self.ntacls_helper = ntacls.NtaclsHelper(self.service,
  61                                                  self.smb_conf_path,
  62                                                  self.dom_sid)
  63         self.lp = self.ntacls_helper.lp
  64
  65         self.smb_conn = libsmb.Conn(
  66             self.server, self.service, lp=self.lp, creds=self.creds)
  67
  68         self.smb_helper = ntacls.SMBHelper(self.smb_conn, self.dom_sid)
  69
  70         self.tarfile_path = os.path.join(self.tempdir,
  71                                          'ntacls-backup.tar.gz')
  72
  73         # an example file tree
  74         self.tree = {
  75             'file0.txt': b'test file0',
  76             'dir1': {
  77                 'file1.txt': b'test file1',
  78                 'dir2': {}  # an empty dir in dir
  79             },
  80         }
  81
  82         self._delete_tarfile()
  83         self.smb_helper.delete_tree()
  84
  85         self.smb_helper.create_tree(self.tree)
  86         self._check_tree()
  87         # keep a copy of ntacls after tree just created
  88         self.original_ntacls = self.smb_helper.get_ntacls()
  89
  90     def tearDown(self):
  91         self._delete_tarfile()
  92         self.smb_helper.delete_tree()
  93         super().tearDown()
  94
  95     def _delete_tarfile(self):
  96         try:
  97             os.remove(self.tarfile_path)
  98         except OSError:
  99             pass
 100
 101     def _check_tarfile(self):
 102         self.assertTrue(os.path.isfile(self.tarfile_path))
 103
 104     def _check_tree(self):
 105         actual_tree = self.smb_helper.get_tree()
 106         self.assertDictEqual(self.tree, actual_tree)
 107
 108     def test_smbd_mkdir(self):
 109         """
 110         A smoke test for smbd.mkdir API
 111         """
 112
 113         dirpath = os.path.join(self.service_root, 'a-dir')
 114         smbd.mkdir(dirpath, system_session_unix(), self.service)
 115         mode = os.stat(dirpath).st_mode
 116
 117         # This works in conjunction with the TEST_UMASK in smbd_base
 118         # to ensure that permissions are not related to the umask
 119         # but instead the smb.conf settings
 120         self.assertEqual(mode & 0o777, 0o755)
 121         self.assertTrue(os.path.isdir(dirpath))
 122
 123     def test_smbd_create_file(self):
 124         """
 125         A smoke test for smbd.create_file and smbd.unlink API
 126         """
 127
 128         filepath = os.path.join(self.service_root, 'a-file')
 129         smbd.create_file(filepath, system_session_unix(), self.service)
 130         self.assertTrue(os.path.isfile(filepath))
 131
 132         mode = os.stat(filepath).st_mode
 133
 134         # This works in conjunction with the TEST_UMASK in smbd_base
 135         # to ensure that permissions are not related to the umask
 136         # but instead the smb.conf settings
 137         self.assertEqual(mode & 0o777, 0o644)
 138
 139         # As well as checking that unlink works, this removes the
 140         # fake xattrs from the dev/inode based DB
 141         smbd.unlink(filepath, system_session_unix(), self.service)
 142         self.assertFalse(os.path.isfile(filepath))
 143
 144     def test_compare_getntacl(self):
 145         """
 146         Ntacls get from different ways should be the same
 147         """
 148
 149         file_name = 'file0.txt'
 150         file_path = os.path.join(self.service_root, file_name)
 151
 152         sd0 = self.smb_helper.get_acl(file_name, as_sddl=True)
 153
 154         sd1 = self.ntacls_helper.getntacl(
 155             file_path, system_session_unix(), as_sddl=True, direct_db_access=False)
 156
 157         sd2 = self.ntacls_helper.getntacl(
 158             file_path, system_session_unix(), as_sddl=True, direct_db_access=True)
 159
 160         self.assertEqual(sd0, sd1)
 161         self.assertEqual(sd1, sd2)
 162
 163     def test_backup_online(self):
 164         """
 165         Backup service online, delete files, restore and check.
 166         """
 167         ntacls.backup_online(
 168             self.smb_conn, self.tarfile_path, self.dom_sid)
 169         self._check_tarfile()
 170
 171         self.smb_helper.delete_tree()
 172         ntacls.backup_restore(
 173             self.tarfile_path, self.service_root,
 174             self.samdb_conn, self.smb_conf_path)
 175         self._check_tree()
 176
 177         # compare ntacls after restored
 178         self.assertDictEqual(
 179             self.original_ntacls, self.smb_helper.get_ntacls())
 180
 181     def test_backup_offline(self):
 182         """
 183         Backup service offline, delete files, restore and check.
 184         """
 185         ntacls.backup_offline(
 186             self.service_root, self.tarfile_path,
 187             self.smb_conf_path, self.dom_sid)
 188         self._check_tarfile()
 189
 190         self.smb_helper.delete_tree()
 191         ntacls.backup_restore(
 192             self.tarfile_path, self.service_root,
 193             self.samdb_conn, self.smb_conf_path)
 194         self._check_tree()
 195
 196         # compare ntacls after restored
 197         self.assertDictEqual(
 198             self.original_ntacls, self.smb_helper.get_ntacls())