source4/libcli/security/tests/bindings.py

   1 #!/usr/bin/python
   2
   3 # Unix SMB/CIFS implementation.
   4 # Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
   5 #
   6 # This program is free software; you can redistribute it and/or modify
   7 # it under the terms of the GNU General Public License as published by
   8 # the Free Software Foundation; either version 3 of the License, or
   9 # (at your option) any later version.
  10 #
  11 # This program is distributed in the hope that it will be useful,
  12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14 # GNU General Public License for more details.
  15 #
  16 # You should have received a copy of the GNU General Public License
  17 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18 #
  19
  20 import unittest
  21 from samba.dcerpc import security
  22
  23 class SecurityTokenTests(unittest.TestCase):
  24     def setUp(self):
  25         self.token = security.token()
  26
  27     def test_is_system(self):
  28         self.assertFalse(self.token.is_system())
  29
  30     def test_is_anonymous(self):
  31         self.assertFalse(self.token.is_anonymous())
  32
  33     def test_has_builtin_administrators(self):
  34         self.assertFalse(self.token.has_builtin_administrators())
  35
  36     def test_has_nt_authenticated_users(self):
  37         self.assertFalse(self.token.has_nt_authenticated_users())
  38
  39     def test_has_priv(self):
  40         self.assertFalse(self.token.has_privilege(security.SEC_PRIV_SHUTDOWN))
  41
  42     def test_set_priv(self):
  43         self.assertFalse(self.token.has_privilege(security.SEC_PRIV_SHUTDOWN))
  44         self.assertFalse(self.token.set_privilege(security.SEC_PRIV_SHUTDOWN))
  45         self.assertTrue(self.token.has_privilege(security.SEC_PRIV_SHUTDOWN))
  46
  47
  48 class SecurityDescriptorTests(unittest.TestCase):
  49     def setUp(self):
  50         self.descriptor = security.descriptor()
  51
  52     def test_from_sddl(self):
  53         desc = security.descriptor.from_sddl("O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)", security.dom_sid("S-2-0-0"))
  54         self.assertEquals(desc.group_sid, security.dom_sid('S-2-0-0-512'))
  55         self.assertEquals(desc.owner_sid, security.dom_sid('S-1-5-32-548'))
  56         self.assertEquals(desc.revision, 1)
  57         self.assertEquals(desc.sacl, None)
  58         self.assertEquals(desc.type, 0x8004)
  59
  60     def test_from_sddl_invalidsddl(self):
  61         self.assertRaises(TypeError,security.descriptor.from_sddl, "foo",security.dom_sid("S-2-0-0"))
  62
  63     def test_from_sddl_invalidtype1(self):
  64         self.assertRaises(TypeError,security.descriptor.from_sddl, security.dom_sid('S-2-0-0-512'),security.dom_sid("S-2-0-0"))
  65
  66     def test_from_sddl_invalidtype1(self):
  67         sddl = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"
  68         self.assertRaises(TypeError,security.descriptor.from_sddl, sddl,"S-2-0-0")
  69
  70     def test_as_sddl(self):
  71         text = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"
  72         dom = security.dom_sid("S-2-0-0")
  73         desc1 = security.descriptor.from_sddl(text, dom)
  74         desc2 = security.descriptor.from_sddl(desc1.as_sddl(dom), dom)
  75         self.assertEquals(desc1.group_sid, desc2.group_sid)
  76         self.assertEquals(desc1.owner_sid, desc2.owner_sid)
  77         self.assertEquals(desc1.sacl, desc2.sacl)
  78         self.assertEquals(desc1.type, desc2.type)
  79
  80     def test_as_sddl_invalid(self):
  81         text = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"
  82         dom = security.dom_sid("S-2-0-0")
  83         desc1 = security.descriptor.from_sddl(text, dom)
  84         self.assertRaises(TypeError, desc1.as_sddl,text)
  85
  86
  87     def test_as_sddl_no_domainsid(self):
  88         dom = security.dom_sid("S-2-0-0")
  89         text = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"
  90         desc1 = security.descriptor.from_sddl(text, dom)
  91         desc2 = security.descriptor.from_sddl(desc1.as_sddl(), dom)
  92         self.assertEquals(desc1.group_sid, desc2.group_sid)
  93         self.assertEquals(desc1.owner_sid, desc2.owner_sid)
  94         self.assertEquals(desc1.sacl, desc2.sacl)
  95         self.assertEquals(desc1.type, desc2.type)
  96
  97     def test_domsid_nodomsid_as_sddl(self):
  98         dom = security.dom_sid("S-2-0-0")
  99         text = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"
 100         desc1 = security.descriptor.from_sddl(text, dom)
 101         self.assertNotEqual(desc1.as_sddl(), desc1.as_sddl(dom))
 102
 103
 104 class DomSidTests(unittest.TestCase):
 105     def test_parse_sid(self):
 106         sid = security.dom_sid("S-1-5-21")
 107         self.assertEquals("S-1-5-21", str(sid))
 108
 109     def test_sid_equal(self):
 110         sid1 = security.dom_sid("S-1-5-21")
 111         sid2 = security.dom_sid("S-1-5-21")
 112         self.assertEquals(sid1, sid1)
 113         self.assertEquals(sid1, sid2)
 114
 115     def test_random(self):
 116         sid = security.random_sid()
 117         self.assertTrue(str(sid).startswith("S-1-5-21-"))
 118
 119     def test_repr(self):
 120         sid = security.random_sid()
 121         self.assertTrue(repr(sid).startswith("dom_sid('S-1-5-21-"))
 122
 123
 124 class PrivilegeTests(unittest.TestCase):
 125     def test_privilege_name(self):
 126         self.assertEquals("SeShutdownPrivilege", security.privilege_name(security.SEC_PRIV_SHUTDOWN))
 127
 128     def test_privilege_id(self):
 129         self.assertEquals(security.SEC_PRIV_SHUTDOWN, security.privilege_id("SeShutdownPrivilege"))
 130