Example #1
0
    def test_setposixacl_group_getposixacl(self):
        BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
        s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
        (BA_gid,BA_type) = s4_passdb.sid_to_id(BA_sid)
        self.assertEquals(BA_type, idmap.ID_TYPE_BOTH)
        smbd.set_simple_acl(self.tempf, 0670, BA_gid)
        posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)

        self.assertEquals(posix_acl.count, 5, self.print_posix_acl(posix_acl))

        self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_USER_OBJ)
        self.assertEquals(posix_acl.acl[0].a_perm, 6)

        self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
        self.assertEquals(posix_acl.acl[1].a_perm, 7)

        self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
        self.assertEquals(posix_acl.acl[2].a_perm, 0)

        self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_GROUP)
        self.assertEquals(posix_acl.acl[3].a_perm, 7)
        self.assertEquals(posix_acl.acl[3].info.gid, BA_gid)

        self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_MASK)
        self.assertEquals(posix_acl.acl[4].a_perm, 7)
Example #2
0
    def test_setposixacl_group_getposixacl(self):
        BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
        s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
        (BA_gid,BA_type) = s4_passdb.sid_to_id(BA_sid)
        self.assertEquals(BA_type, idmap.ID_TYPE_BOTH)
        smbd.set_simple_acl(self.tempf, 0o670, BA_gid)
        posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)

        self.assertEquals(posix_acl.count, 5, self.print_posix_acl(posix_acl))

        self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_USER_OBJ)
        self.assertEquals(posix_acl.acl[0].a_perm, 6)

        self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
        self.assertEquals(posix_acl.acl[1].a_perm, 7)

        self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
        self.assertEquals(posix_acl.acl[2].a_perm, 0)

        self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_GROUP)
        self.assertEquals(posix_acl.acl[3].a_perm, 7)
        self.assertEquals(posix_acl.acl[3].info.gid, BA_gid)

        self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_MASK)
        self.assertEquals(posix_acl.acl[4].a_perm, 7)
Example #3
0
 def test_setntacl_smbd_setposixacl_getntacl_smbd(self):
     acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
     simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x00120089;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
     setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
     # This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
     smbd.set_simple_acl(self.tempf, 0640)
     facl = getntacl(self.lp, self.tempf, direct_db_access=False)
     anysid = security.dom_sid(security.SID_NT_SELF)
     self.assertEquals(simple_acl_from_posix, facl.as_sddl(anysid))
Example #4
0
 def test_setposixacl_getntacl_smbd(self):
     s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
     group_SID = s4_passdb.gid_to_sid(os.stat(self.tempf).st_gid)
     user_SID = s4_passdb.uid_to_sid(os.stat(self.tempf).st_uid)
     smbd.set_simple_acl(self.tempf, 0o640)
     facl = getntacl(self.lp, self.tempf, direct_db_access=False)
     acl = "O:%sG:%sD:(A;;0x001f019f;;;%s)(A;;0x00120089;;;%s)(A;;;;;WD)" % (user_SID, group_SID, user_SID, group_SID)
     anysid = security.dom_sid(security.SID_NT_SELF)
     self.assertEquals(acl, facl.as_sddl(anysid))
Example #5
0
 def test_setposixacl_getntacl(self):
     acl = ""
     smbd.set_simple_acl(self.tempf, 0750)
     try:
         facl = getntacl(self.lp, self.tempf)
         self.assertTrue(False)
     except TypeError:
         # We don't expect the xattr to be filled in in this case
         pass
Example #6
0
 def test_setposixacl_getntacl_smbd(self):
     s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
     group_SID = s4_passdb.gid_to_sid(os.stat(self.tempf).st_gid)
     user_SID = s4_passdb.uid_to_sid(os.stat(self.tempf).st_uid)
     smbd.set_simple_acl(self.tempf, 0640)
     facl = getntacl(self.lp, self.tempf, direct_db_access=False)
     acl = "O:%sG:%sD:(A;;0x001f019f;;;%s)(A;;0x00120089;;;%s)(A;;;;;WD)" % (user_SID, group_SID, user_SID, group_SID)
     anysid = security.dom_sid(security.SID_NT_SELF)
     self.assertEquals(acl, facl.as_sddl(anysid))
Example #7
0
 def test_setposixacl_getntacl(self):
     acl = ""
     smbd.set_simple_acl(self.tempf, 0o750)
     try:
         facl = getntacl(self.lp, self.tempf)
         self.assertTrue(False)
     except TypeError:
         # We don't expect the xattr to be filled in in this case
         pass
Example #8
0
 def test_setntacl_smbd_setposixacl_getntacl_smbd(self):
     acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
     simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x00120089;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
     setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
     # This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
     smbd.set_simple_acl(self.tempf, 0o640)
     facl = getntacl(self.lp, self.tempf, direct_db_access=False)
     anysid = security.dom_sid(security.SID_NT_SELF)
     self.assertEquals(simple_acl_from_posix, facl.as_sddl(anysid))
Example #9
0
    def test_setntacl_smbd_setposixacl_getntacl(self):
        acl = ACL
        setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=True,
                 session_info=self.get_session_info())

        # This will invalidate the ACL, as we have a hook!
        smbd.set_simple_acl(self.tempf, 0o640)

        # However, this only asks the xattr
        self.assertRaises(
            TypeError, getntacl, self.lp, self.tempf, direct_db_access=True)
Example #10
0
    def test_setntacl_smbd_setposixacl_getntacl(self):
        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
        setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True)

        # This will invalidate the ACL, as we have a hook!
        smbd.set_simple_acl(self.tempf, 0o640)

        # However, this only asks the xattr
        try:
            facl = getntacl(self.lp, self.tempf, direct_db_access=True)
            self.assertTrue(False)
        except TypeError:
            pass
Example #11
0
    def test_setntacl_smbd_setposixacl_getntacl(self):
        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
        setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True)

        # This will invalidate the ACL, as we have a hook!
        smbd.set_simple_acl(self.tempf, 0640)

        # However, this only asks the xattr
        try:
            facl = getntacl(self.lp, self.tempf, direct_db_access=True)
            self.assertTrue(False)
        except TypeError:
            pass
Example #12
0
 def test_setposixacl_group_getntacl_smbd(self):
     BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
     s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
     (BA_gid,BA_type) = s4_passdb.sid_to_id(BA_sid)
     group_SID = s4_passdb.gid_to_sid(os.stat(self.tempf).st_gid)
     user_SID = s4_passdb.uid_to_sid(os.stat(self.tempf).st_uid)
     self.assertEquals(BA_type, idmap.ID_TYPE_BOTH)
     smbd.set_simple_acl(self.tempf, 0640, BA_gid)
     facl = getntacl(self.lp, self.tempf, direct_db_access=False)
     domsid = passdb.get_global_sam_sid()
     acl = "O:%sG:%sD:(A;;0x001f019f;;;%s)(A;;0x00120089;;;BA)(A;;0x00120089;;;%s)(A;;;;;WD)" % (user_SID, group_SID, user_SID, group_SID)
     anysid = security.dom_sid(security.SID_NT_SELF)
     self.assertEquals(acl, facl.as_sddl(anysid))
Example #13
0
 def test_setposixacl_group_getntacl_smbd(self):
     BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
     s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
     (BA_gid,BA_type) = s4_passdb.sid_to_id(BA_sid)
     group_SID = s4_passdb.gid_to_sid(os.stat(self.tempf).st_gid)
     user_SID = s4_passdb.uid_to_sid(os.stat(self.tempf).st_uid)
     self.assertEquals(BA_type, idmap.ID_TYPE_BOTH)
     smbd.set_simple_acl(self.tempf, 0o640, BA_gid)
     facl = getntacl(self.lp, self.tempf, direct_db_access=False)
     domsid = passdb.get_global_sam_sid()
     acl = "O:%sG:%sD:(A;;0x001f019f;;;%s)(A;;0x00120089;;;BA)(A;;0x00120089;;;%s)(A;;;;;WD)" % (user_SID, group_SID, user_SID, group_SID)
     anysid = security.dom_sid(security.SID_NT_SELF)
     self.assertEquals(acl, facl.as_sddl(anysid))
Example #14
0
    def test_setntacl_smbd_setposixacl_group_getntacl_smbd(self):
        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
        BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
        simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x00120089;;;BA)(A;;0x00120089;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
        setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
        # This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
        s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
        (BA_gid,BA_type) = s4_passdb.sid_to_id(BA_sid)
        smbd.set_simple_acl(self.tempf, 0640, BA_gid)

        # This should re-calculate an ACL based on the posix details
        facl = getntacl(self.lp,self.tempf, direct_db_access=False)
        anysid = security.dom_sid(security.SID_NT_SELF)
        self.assertEquals(simple_acl_from_posix, facl.as_sddl(anysid))
Example #15
0
    def test_setntacl_smbd_setposixacl_group_getntacl_smbd(self):
        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
        BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
        simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x00120089;;;BA)(A;;0x00120089;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
        setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
        # This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
        s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
        (BA_gid,BA_type) = s4_passdb.sid_to_id(BA_sid)
        smbd.set_simple_acl(self.tempf, 0o640, BA_gid)

        # This should re-calculate an ACL based on the posix details
        facl = getntacl(self.lp,self.tempf, direct_db_access=False)
        anysid = security.dom_sid(security.SID_NT_SELF)
        self.assertEquals(simple_acl_from_posix, facl.as_sddl(anysid))
Example #16
0
    def test_setposixacl_dir_getposixacl(self):
        smbd.set_simple_acl(self.tempdir, 0750)
        posix_acl = smbd.get_sys_acl(self.tempdir, smb_acl.SMB_ACL_TYPE_ACCESS)
        self.assertEquals(posix_acl.count, 4, self.print_posix_acl(posix_acl))

        self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_USER_OBJ)
        self.assertEquals(posix_acl.acl[0].a_perm, 7)

        self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
        self.assertEquals(posix_acl.acl[1].a_perm, 5)

        self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
        self.assertEquals(posix_acl.acl[2].a_perm, 0)

        self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_MASK)
        self.assertEquals(posix_acl.acl[3].a_perm, 7)
    def test_setposixacl_getposixacl(self):
        smbd.set_simple_acl(self.tempf, 0640)
        posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
        self.assertEquals(posix_acl.count, 4)

        self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_USER_OBJ)
        self.assertEquals(posix_acl.acl[0].a_perm, 6)

        self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
        self.assertEquals(posix_acl.acl[1].a_perm, 4)

        self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
        self.assertEquals(posix_acl.acl[2].a_perm, 0)

        self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_MASK)
        self.assertEquals(posix_acl.acl[3].a_perm, 7)
Example #18
0
    def test_setposixacl_dir_getposixacl(self):
        smbd.set_simple_acl(self.tempdir, 0o750)
        posix_acl = smbd.get_sys_acl(self.tempdir, smb_acl.SMB_ACL_TYPE_ACCESS)
        self.assertEquals(posix_acl.count, 4, self.print_posix_acl(posix_acl))

        self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_USER_OBJ)
        self.assertEquals(posix_acl.acl[0].a_perm, 7)

        self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
        self.assertEquals(posix_acl.acl[1].a_perm, 5)

        self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
        self.assertEquals(posix_acl.acl[2].a_perm, 0)

        self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_MASK)
        self.assertEquals(posix_acl.acl[3].a_perm, 7)
Example #19
0
    def test_setposixacl_dir_getntacl_smbd(self):
        s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
        user_SID = s4_passdb.uid_to_sid(os.stat(self.tempdir).st_uid)
        BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
        s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
        (BA_id,BA_type) = s4_passdb.sid_to_id(BA_sid)
        self.assertEquals(BA_type, idmap.ID_TYPE_BOTH)
        SO_sid = security.dom_sid(security.SID_BUILTIN_SERVER_OPERATORS)
        (SO_id,SO_type) = s4_passdb.sid_to_id(SO_sid)
        self.assertEquals(SO_type, idmap.ID_TYPE_BOTH)
        smbd.chown(self.tempdir, BA_id, SO_id)
        smbd.set_simple_acl(self.tempdir, 0750)
        facl = getntacl(self.lp, self.tempdir, direct_db_access=False)
        acl = "O:BAG:SOD:(A;;0x001f01ff;;;BA)(A;;0x001200a9;;;SO)(A;;;;;WD)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;0x001200a9;;;CG)(A;OICIIO;0x001200a9;;;WD)"

        anysid = security.dom_sid(security.SID_NT_SELF)
        self.assertEquals(acl, facl.as_sddl(anysid))
Example #20
0
    def test_setposixacl_getposixacl(self):
        smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info())
        posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS,
                                     self.get_session_info())
        self.assertEqual(posix_acl.count, 4, self.print_posix_acl(posix_acl))

        self.assertEqual(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_USER_OBJ)
        self.assertEqual(posix_acl.acl[0].a_perm, 6)

        self.assertEqual(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
        self.assertEqual(posix_acl.acl[1].a_perm, 4)

        self.assertEqual(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
        self.assertEqual(posix_acl.acl[2].a_perm, 0)

        self.assertEqual(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_MASK)
        self.assertEqual(posix_acl.acl[3].a_perm, 7)
Example #21
0
    def test_setposixacl_dir_getntacl_smbd(self):
        s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
        user_SID = s4_passdb.uid_to_sid(os.stat(self.tempdir).st_uid)
        BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
        s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
        (BA_id,BA_type) = s4_passdb.sid_to_id(BA_sid)
        self.assertEquals(BA_type, idmap.ID_TYPE_BOTH)
        SO_sid = security.dom_sid(security.SID_BUILTIN_SERVER_OPERATORS)
        (SO_id,SO_type) = s4_passdb.sid_to_id(SO_sid)
        self.assertEquals(SO_type, idmap.ID_TYPE_BOTH)
        smbd.chown(self.tempdir, BA_id, SO_id)
        smbd.set_simple_acl(self.tempdir, 0o750)
        facl = getntacl(self.lp, self.tempdir, direct_db_access=False)
        acl = "O:BAG:SOD:(A;;0x001f01ff;;;BA)(A;;0x001200a9;;;SO)(A;;;;;WD)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;0x001200a9;;;CG)(A;OICIIO;0x001200a9;;;WD)"

        anysid = security.dom_sid(security.SID_NT_SELF)
        self.assertEquals(acl, facl.as_sddl(anysid))
Example #22
0
 def test_setposixacl_getntacl(self):
     smbd.set_simple_acl(self.tempf, 0o750)
     # We don't expect the xattr to be filled in in this case
     self.assertRaises(TypeError, getntacl, self.lp, self.tempf)