python/samba/tests/upgradeprovision.py

   1 # Unix SMB/CIFS implementation.
   2 # Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
   3 #
   4 # This program is free software; you can redistribute it and/or modify
   5 # it under the terms of the GNU General Public License as published by
   6 # the Free Software Foundation; either version 3 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # This program is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU General Public License
  15 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16 #
  17
  18 """Tests for samba.upgradeprovision."""
  19
  20 import os
  21 from samba.upgradehelpers import (usn_in_range, dn_sort,
  22                                   update_secrets,
  23                                   construct_existor_expr)
  24 from samba.descriptor import get_diff_sds
  25 from samba.tests.provision import create_dummy_secretsdb
  26 from samba.tests import TestCaseInTempDir
  27 from samba import Ldb
  28 from ldb import SCOPE_BASE
  29 import samba.tests
  30 from samba.dcerpc import security
  31
  32 def dummymessage(a=None, b=None):
  33     pass
  34
  35
  36 class UpgradeProvisionTestCase(TestCaseInTempDir):
  37     """Some simple tests for individual functions in the provisioning code.
  38     """
  39     def test_usn_in_range(self):
  40         range = [5, 25, 35, 55]
  41
  42         vals = [3, 26, 56]
  43
  44         for v in vals:
  45             self.assertFalse(usn_in_range(v, range))
  46
  47         vals = [5, 20, 25, 35, 36]
  48
  49         for v in vals:
  50             self.assertTrue(usn_in_range(v, range))
  51
  52     def test_dn_sort(self):
  53         # higher level comes after lower even if lexicographicaly closer
  54         # ie dc=tata,dc=toto (2 levels), comes after dc=toto
  55         # even if dc=toto is lexicographicaly after dc=tata, dc=toto
  56         self.assertEquals(dn_sort("dc=tata,dc=toto", "dc=toto"), 1)
  57         self.assertEquals(dn_sort("dc=zata", "dc=tata"), 1)
  58         self.assertEquals(dn_sort("dc=toto,dc=tata",
  59                                     "cn=foo,dc=toto,dc=tata"), -1)
  60         self.assertEquals(dn_sort("cn=bar, dc=toto,dc=tata",
  61                                     "cn=foo, dc=toto,dc=tata"), -1)
  62
  63     def test_get_diff_sds(self):
  64         domsid = security.dom_sid('S-1-5-21')
  65
  66         sddl = "O:SAG:DUD:AI(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)\
  67 (A;CI;RP LCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CISA;WP;;;WD)"
  68         sddl1 = "O:SAG:DUD:AI(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)\
  69 (A;CI;RP LCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CISA;WP;;;WD)"
  70         sddl2 = "O:BAG:DUD:AI(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)\
  71 (A;CI;RP LCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CISA;WP;;;WD)"
  72         sddl3 = "O:SAG:BAD:AI(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)\
  73 (A;CI;RP LCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CISA;WP;;;WD)"
  74         sddl4 = "O:SAG:DUD:AI(A;CI;RPWPCRCCLCLORCWOWDSW;;;BA)\
  75 (A;CI;RP LCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CISA;WP;;;WD)"
  76         sddl5 = "O:SAG:DUD:AI(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)\
  77 (A;CI;RP LCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)"
  78         sddl6 = "O:SAG:DUD:AI(A;CIID;RPWPCRCCLCLORCWOWDSW;;;SA)\
  79 (A;CIID;RP LCLORC;;;AU)(A;CIID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)\
  80 (A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)\
  81 (A;CI;RP LCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CISA;WP;;;WD)(AU;CIIDSA;WP;;;WD)"
  82
  83         self.assertEquals(get_diff_sds(security.descriptor.from_sddl(sddl, domsid),
  84                                        security.descriptor.from_sddl(sddl1, domsid),
  85                                        domsid), "")
  86         txt = get_diff_sds(security.descriptor.from_sddl(sddl, domsid),
  87                            security.descriptor.from_sddl(sddl2, domsid),
  88                            domsid)
  89         self.assertEquals(txt, "\tOwner mismatch: SA (in ref) BA(in current)\n")
  90         txt = get_diff_sds(security.descriptor.from_sddl(sddl, domsid),
  91                            security.descriptor.from_sddl(sddl3, domsid),
  92                            domsid)
  93         self.assertEquals(txt, "\tGroup mismatch: DU (in ref) BA(in current)\n")
  94         txt = get_diff_sds(security.descriptor.from_sddl(sddl, domsid),
  95                            security.descriptor.from_sddl(sddl4, domsid),
  96                            domsid)
  97         txtmsg = "\tPart dacl is different between reference and current here\
  98  is the detail:\n\t\t(A;CI;RPWPCRCCLCLORCWOWDSW;;;BA) ACE is not present in\
  99  the reference\n\t\t(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA) ACE is not present in\
 100  the current\n"
 101         self.assertEquals(txt, txtmsg)
 102
 103         txt = get_diff_sds(security.descriptor.from_sddl(sddl, domsid),
 104                            security.descriptor.from_sddl(sddl5, domsid),
 105                            domsid)
 106         self.assertEquals(txt, "\tCurrent ACL hasn't a sacl part\n")
 107         self.assertEquals(get_diff_sds(security.descriptor.from_sddl(sddl, domsid),
 108                                        security.descriptor.from_sddl(sddl6, domsid),
 109                                        domsid), "")
 110
 111     def test_construct_existor_expr(self):
 112         res = construct_existor_expr([])
 113         self.assertEquals(res, "")
 114
 115         res = construct_existor_expr(["foo"])
 116         self.assertEquals(res, "(|(foo=*))")
 117
 118         res = construct_existor_expr(["foo", "bar"])
 119         self.assertEquals(res, "(|(foo=*)(bar=*))")
 120
 121
 122 class UpdateSecretsTests(samba.tests.TestCaseInTempDir):
 123
 124     def setUp(self):
 125         super(UpdateSecretsTests, self).setUp()
 126         self.referencedb = create_dummy_secretsdb(
 127             os.path.join(self.tempdir, "ref.ldb"))
 128
 129     def _getEmptyDb(self):
 130         return Ldb(os.path.join(self.tempdir, "secrets.ldb"))
 131
 132     def _getCurrentFormatDb(self):
 133         return create_dummy_secretsdb(
 134             os.path.join(self.tempdir, "secrets.ldb"))
 135
 136     def test_trivial(self):
 137         # Test that updating an already up-to-date secretsdb works fine
 138         self.secretsdb = self._getCurrentFormatDb()
 139         self.assertEquals(None,
 140             update_secrets(self.referencedb, self.secretsdb, dummymessage))
 141
 142     def test_update_modules(self):
 143         empty_db = self._getEmptyDb()
 144         update_secrets(self.referencedb, empty_db, dummymessage)
 145         newmodules = empty_db.search(base="@MODULES", scope=SCOPE_BASE)
 146         refmodules = self.referencedb.search(base="@MODULES", scope=SCOPE_BASE)
 147         self.assertEquals(newmodules.msgs, refmodules.msgs)
 148
 149     def tearDown(self):
 150         for name in ["ref.ldb", "secrets.ldb", "secrets.tdb", "secrets.tdb.bak", "secrets.ntdb"]:
 151             path = os.path.join(self.tempdir, name)
 152             if os.path.exists(path):
 153                 os.unlink(path)
 154         super(UpdateSecretsTests, self).tearDown()
 155
 156