def test_set_tdb_not_open(self):
tempf = self._tmpfilename()
ntacl = xattr.NTACL()
ntacl.version = 1
open(tempf, 'w').write("empty")
try:
self.assertRaises(IOError, samba.xattr_tdb.wrap_setxattr,
os.path.join("nonexistent", "eadb.tdb"), tempf,
"user.unittests", ndr_pack(ntacl))
finally:
os.unlink(tempf)
def test_set_xattr_tdb(self):
tempf = self._tmpfilename()
eadb_path = self._eadbpath()
ntacl = xattr.NTACL()
ntacl.version = 1
open(tempf, 'w').write("empty")
try:
samba.xattr_tdb.wrap_setxattr(eadb_path, tempf, "user.unittests",
ndr_pack(ntacl))
finally:
os.unlink(tempf)
os.unlink(eadb_path)
def test_setntacl_invalidbackend(self):
random.seed()
lp = LoadParm()
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
path = os.environ['SELFTEST_PREFIX']
tempf = os.path.join(path,
"pytests" + str(int(100000 * random.random())))
ntacl = xattr.NTACL()
ntacl.version = 1
open(tempf, 'w').write("empty")
self.assertRaises(XattrBackendError, setntacl, lp, tempf, acl,
"S-1-5-21-2212615479-2695158682-2101375467", "ttdb",
os.path.join(path, "eadbtest.tdb"))
def test_set_xattr_native(self):
if not samba.xattr_native.is_xattr_supported():
raise SkipTest()
ntacl = xattr.NTACL()
ntacl.version = 1
tempf = self._tmpfilename()
open(tempf, 'w').write("empty")
try:
samba.xattr_native.wrap_setxattr(tempf, "user.unittests",
ndr_pack(ntacl))
except IOError:
raise SkipTest("the filesystem where the tests are runned do not support XATTR")
os.unlink(tempf)
def test_setntacl(self):
random.seed()
lp = LoadParm()
path = os.environ['SELFTEST_PREFIX']
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
tempf = os.path.join(path,
"pytests" + str(int(100000 * random.random())))
ntacl = xattr.NTACL()
ntacl.version = 1
open(tempf, 'w').write("empty")
lp.set("posix:eadb", os.path.join(path, "eadbtest.tdb"))
setntacl(lp, tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467")
os.unlink(tempf)
def test_setntacl_getntacl_param(self):
random.seed()
lp = LoadParm()
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
path = os.environ['SELFTEST_PREFIX']
tempf = os.path.join(path,
"pytests" + str(int(100000 * random.random())))
ntacl = xattr.NTACL()
ntacl.version = 1
open(tempf, 'w').write("empty")
setntacl(lp, tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467",
"tdb", os.path.join(path, "eadbtest.tdb"))
facl = getntacl(lp, tempf, "tdb", os.path.join(path, "eadbtest.tdb"))
domsid = security.dom_sid(security.SID_NT_SELF)
self.assertEquals(facl.info.as_sddl(domsid), acl)
os.unlink(tempf)
def test_setntacl_forcenative(self):
if os.getuid() == 0:
raise TestSkipped("Running test as root, test skipped")
random.seed()
lp = LoadParm()
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
path = os.environ['SELFTEST_PREFIX']
tempf = os.path.join(path,
"pytests" + str(int(100000 * random.random())))
ntacl = xattr.NTACL()
ntacl.version = 1
open(tempf, 'w').write("empty")
lp.set("posix:eadb", os.path.join(path, "eadbtest.tdb"))
self.assertRaises(Exception, setntacl, lp, tempf, acl,
"S-1-5-21-2212615479-2695158682-2101375467",
"native")
os.unlink(tempf)
def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None):
eadbname = checkset_backend(lp, backend, eadbfile)
ntacl = xattr.NTACL()
ntacl.version = 1
sid = security.dom_sid(domsid)
sd = security.descriptor.from_sddl(sddl, sid)
ntacl.info = sd
if eadbname is not None:
try:
samba.xattr_tdb.wrap_setxattr(eadbname, file,
xattr.XATTR_NTACL_NAME,
ndr_pack(ntacl))
except Exception:
# FIXME: Don't catch all exceptions, just those related to opening
# xattrdb
print "Fail to open %s" % eadbname
samba.xattr_native.wrap_setxattr(file, xattr.XATTR_NTACL_NAME,
ndr_pack(ntacl))
else:
samba.xattr_native.wrap_setxattr(file, xattr.XATTR_NTACL_NAME,
ndr_pack(ntacl))
def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True, skip_invalid_chown=False, passdb=None):
assert(isinstance(domsid, str) or isinstance(domsid, security.dom_sid))
if isinstance(domsid, str):
sid = security.dom_sid(domsid)
elif isinstance(domsid, security.dom_sid):
sid = domsid
domsid = str(sid)
assert(isinstance(sddl, str) or isinstance(sddl, security.descriptor))
if isinstance(sddl, str):
sd = security.descriptor.from_sddl(sddl, sid)
elif isinstance(sddl, security.descriptor):
sd = sddl
sddl = sd.as_sddl(sid)
if not use_ntvfs and skip_invalid_chown:
# Check if the owner can be resolved as a UID
(owner_id, owner_type) = passdb.sid_to_id(sd.owner_sid)
if ((owner_type != idmap.ID_TYPE_UID) and (owner_type != idmap.ID_TYPE_BOTH)):
# Check if this particular owner SID was domain admins,
# because we special-case this as mapping to
# 'administrator' instead.
if sd.owner_sid == security.dom_sid("%s-%d" % (domsid, security.DOMAIN_RID_ADMINS)):
administrator = security.dom_sid("%s-%d" % (domsid, security.DOMAIN_RID_ADMINISTRATOR))
(admin_id, admin_type) = passdb.sid_to_id(administrator)
# Confirm we have a UID for administrator
if ((admin_type == idmap.ID_TYPE_UID) or (admin_type == idmap.ID_TYPE_BOTH)):
# Set it, changing the owner to 'administrator' rather than domain admins
sd2 = sd
sd2.owner_sid = administrator
smbd.set_nt_acl(file, security.SECINFO_OWNER |security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd2)
# and then set an NTVFS ACL (which does not set the posix ACL) to pretend the owner really was set
use_ntvfs = True
else:
raise XattrBackendError("Unable to find UID for domain administrator %s, got id %d of type %d" % (administrator, admin_id, admin_type))
else:
# For all other owning users, reset the owner to root
# and then set the ACL without changing the owner
#
# This won't work in test environments, as it tries a real (rather than xattr-based fake) chown
os.chown(file, 0, 0)
smbd.set_nt_acl(file, security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd)
if use_ntvfs:
(backend_obj, dbname) = checkset_backend(lp, backend, eadbfile)
ntacl = xattr.NTACL()
ntacl.version = 1
ntacl.info = sd
if dbname is not None:
try:
backend_obj.wrap_setxattr(dbname,
file, xattr.XATTR_NTACL_NAME, ndr_pack(ntacl))
except Exception:
# FIXME: Don't catch all exceptions, just those related to opening
# xattrdb
print "Fail to open %s" % dbname
samba.xattr_native.wrap_setxattr(file, xattr.XATTR_NTACL_NAME,
ndr_pack(ntacl))
else:
samba.xattr_native.wrap_setxattr(file, xattr.XATTR_NTACL_NAME,
ndr_pack(ntacl))
else:
smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd)
def t(dir_id, sddl):
print('start!')
#sddl = "O:SYG:S-1-5-21-3874029520-2253553080-878871061-1113D:PAI(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001201ff;;;S-1-5-21-3874029520-2253553080-878871061-1118)"
print(sddl)
sddl_sub_folder = sddl.replace("D:PAI",
"D:AI").replace("A;OICI", "A;OICIID")
print(sddl_sub_folder)
sddl_file = sddl.replace("D:PAI", "D:AI").replace("A;OICI", "A;ID")
print(sddl_file)
sid = security.dom_sid("S-1-5-21-3874029520-2253553080-878871061")
print(str(sid))
## root sd
sd_root = security.descriptor.from_sddl(sddl, sid)
ntacl_root = xattr.NTACL()
ntacl_root.version = 1
ntacl_root.info = sd_root
ndrpack_root = ndr_pack(ntacl_root)
#print(type(ndrpack))
# sub folder
sd_subfolder = security.descriptor.from_sddl(sddl_sub_folder, sid)
ntacl_subfolder = xattr.NTACL()
ntacl_subfolder.version = 1
ntacl_subfolder.info = sd_subfolder
ndrpack_subfolder = ndr_pack(ntacl_subfolder)
# file
sd_file = security.descriptor.from_sddl(sddl_file, sid)
ntacl_file = xattr.NTACL()
ntacl_file.version = 1
ntacl_file.info = sd_file
ndrpack_file = ndr_pack(ntacl_file)
try:
conn = psycopg2.connect(
"dbname='lportal' user='******' host='localhost' password='******'"
)
except:
print "I am unable to connect to the database."
qid = dir_id #1603237
cur = conn.cursor()
try:
cur.callproc("func_update_ntacl", (
qid,
psycopg2.Binary(ndrpack_root),
psycopg2.Binary(ndrpack_subfolder),
psycopg2.Binary(ndrpack_file),
))
except:
print "I can't call func_update_ntacl"
conn.commit()
cur.close()
cur = conn.cursor()
try:
cur.callproc("func_get_tree", (qid, ))
except:
print "I can't call func_update_ntacl"
conn.commit()
ids = cur.fetchone()[0]
cur.close()
conn.close()
import redis
r = redis.StrictRedis(host='localhost', port=6379, db=0)
for x in ids.split(" "):
r.delete(x)
"A;OICI;", "A;OICIID;")
print('dir - ' + sddl_result)
else:
sddl_result = sddlParent.replace("D:PAI", "D:AI").replace(
"A;OICI;", "A;ID;").replace("A;OICIID;", "A;ID;")
print('file - ' + sddl_result)
# Save generated sddl to db
sid = security.dom_sid("S-1-5-21-3874029520-2253553080-878871061")
try:
sd_root = security.descriptor.from_sddl(sddl_result, sid)
except Exception, e:
print str(e)
ntacl_root = xattr.NTACL()
ntacl_root.version = 1
ntacl_root.info = sd_root
ndrpack_root = ndr_pack(ntacl_root)
cur = conn.cursor()
#updateValInXattr = "UPDATE xattr SET val=%s WHERE name='security.NTACL' and dir_id =%s;"
try:
cur.execute(
"DELETE from xattr where name='security.NTACL' and dir_id =%s;",
(id, ))
except:
print "I can't updateValInXattr"
updateValInXattr = "INSERT INTO xattr(dir_id, name, val) VALUES(%s, %s, %s)"
