3 # Unix SMB/CIFS implementation.
4 # Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
6 # This program is free software; you can redistribute it and/or modify
7 # it under the terms of the GNU General Public License as published by
8 # the Free Software Foundation; either version 3 of the License, or
9 # (at your option) any later version.
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
16 # You should have received a copy of the GNU General Public License
17 # along with this program. If not, see <http://www.gnu.org/licenses/>.
21 from samba
.dcerpc
import security
23 class SecurityTokenTests(unittest
.TestCase
):
25 self
.token
= security
.token()
27 def test_is_system(self
):
28 self
.assertFalse(self
.token
.is_system())
30 def test_is_anonymous(self
):
31 self
.assertFalse(self
.token
.is_anonymous())
33 def test_has_builtin_administrators(self
):
34 self
.assertFalse(self
.token
.has_builtin_administrators())
36 def test_has_nt_authenticated_users(self
):
37 self
.assertFalse(self
.token
.has_nt_authenticated_users())
39 def test_has_priv(self
):
40 self
.assertFalse(self
.token
.has_privilege(security
.SEC_PRIV_SHUTDOWN
))
42 def test_set_priv(self
):
43 self
.assertFalse(self
.token
.has_privilege(security
.SEC_PRIV_SHUTDOWN
))
44 self
.assertFalse(self
.token
.set_privilege(security
.SEC_PRIV_SHUTDOWN
))
45 self
.assertTrue(self
.token
.has_privilege(security
.SEC_PRIV_SHUTDOWN
))
48 class SecurityDescriptorTests(unittest
.TestCase
):
50 self
.descriptor
= security
.descriptor()
52 def test_from_sddl(self
):
53 desc
= security
.descriptor
.from_sddl("O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)", security
.dom_sid("S-2-0-0"))
54 self
.assertEquals(desc
.group_sid
, security
.dom_sid('S-2-0-0-512'))
55 self
.assertEquals(desc
.owner_sid
, security
.dom_sid('S-1-5-32-548'))
56 self
.assertEquals(desc
.revision
, 1)
57 self
.assertEquals(desc
.sacl
, None)
58 self
.assertEquals(desc
.type, 0x8004)
60 def test_from_sddl_invalidsddl(self
):
61 self
.assertRaises(TypeError,security
.descriptor
.from_sddl
, "foo",security
.dom_sid("S-2-0-0"))
63 def test_from_sddl_invalidtype1(self
):
64 self
.assertRaises(TypeError,security
.descriptor
.from_sddl
, security
.dom_sid('S-2-0-0-512'),security
.dom_sid("S-2-0-0"))
66 def test_from_sddl_invalidtype1(self
):
67 sddl
= "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"
68 self
.assertRaises(TypeError,security
.descriptor
.from_sddl
, sddl
,"S-2-0-0")
70 def test_as_sddl(self
):
71 text
= "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"
72 dom
= security
.dom_sid("S-2-0-0")
73 desc1
= security
.descriptor
.from_sddl(text
, dom
)
74 desc2
= security
.descriptor
.from_sddl(desc1
.as_sddl(dom
), dom
)
75 self
.assertEquals(desc1
.group_sid
, desc2
.group_sid
)
76 self
.assertEquals(desc1
.owner_sid
, desc2
.owner_sid
)
77 self
.assertEquals(desc1
.sacl
, desc2
.sacl
)
78 self
.assertEquals(desc1
.type, desc2
.type)
80 def test_as_sddl_invalid(self
):
81 text
= "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"
82 dom
= security
.dom_sid("S-2-0-0")
83 desc1
= security
.descriptor
.from_sddl(text
, dom
)
84 self
.assertRaises(TypeError, desc1
.as_sddl
,text
)
87 def test_as_sddl_no_domainsid(self
):
88 dom
= security
.dom_sid("S-2-0-0")
89 text
= "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"
90 desc1
= security
.descriptor
.from_sddl(text
, dom
)
91 desc2
= security
.descriptor
.from_sddl(desc1
.as_sddl(), dom
)
92 self
.assertEquals(desc1
.group_sid
, desc2
.group_sid
)
93 self
.assertEquals(desc1
.owner_sid
, desc2
.owner_sid
)
94 self
.assertEquals(desc1
.sacl
, desc2
.sacl
)
95 self
.assertEquals(desc1
.type, desc2
.type)
97 def test_domsid_nodomsid_as_sddl(self
):
98 dom
= security
.dom_sid("S-2-0-0")
99 text
= "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"
100 desc1
= security
.descriptor
.from_sddl(text
, dom
)
101 self
.assertNotEqual(desc1
.as_sddl(), desc1
.as_sddl(dom
))
104 class DomSidTests(unittest
.TestCase
):
105 def test_parse_sid(self
):
106 sid
= security
.dom_sid("S-1-5-21")
107 self
.assertEquals("S-1-5-21", str(sid
))
109 def test_sid_equal(self
):
110 sid1
= security
.dom_sid("S-1-5-21")
111 sid2
= security
.dom_sid("S-1-5-21")
112 self
.assertEquals(sid1
, sid1
)
113 self
.assertEquals(sid1
, sid2
)
115 def test_random(self
):
116 sid
= security
.random_sid()
117 self
.assertTrue(str(sid
).startswith("S-1-5-21-"))
120 sid
= security
.random_sid()
121 self
.assertTrue(repr(sid
).startswith("dom_sid('S-1-5-21-"))
124 class PrivilegeTests(unittest
.TestCase
):
125 def test_privilege_name(self
):
126 self
.assertEquals("SeShutdownPrivilege", security
.privilege_name(security
.SEC_PRIV_SHUTDOWN
))
128 def test_privilege_id(self
):
129 self
.assertEquals(security
.SEC_PRIV_SHUTDOWN
, security
.privilege_id("SeShutdownPrivilege"))