def test_applies_to_this_folder_only(test_dir):
"""
#60103
"""
result = win_dacl.set_permissions(
obj_name=test_dir,
principal="Backup Operators",
permissions="full_control",
access_mode="grant",
applies_to="this_folder_only",
obj_type="file",
reset_perms=False,
protected=None,
)
assert result is True
expected = {
"Not Inherited": {
"Backup Operators": {
"grant": {
"applies to": "This folder only",
"permissions": "Full control",
}
}
}
}
result = win_dacl.get_permissions(
obj_name=test_dir,
principal="Backup Operators",
obj_type="file",
)
assert result == expected
def test_present_perms_reset_no_inherit(reg_vars, clean):
reg.present(
name=reg_vars.name,
vname=reg_vars.vname,
vdata=reg_vars.vdata,
win_perms={"Everyone": {
"perms": "full_control"
}},
win_deny_perms={"Guest": {
"perms": "full_control"
}},
win_perms_reset=True,
win_inheritance=False,
)
permissions = win_dacl.get_permissions(obj_name=reg_vars.name,
obj_type="registry")
expected = {
"Guest": {
"deny": {
"permissions": "Full Control",
"applies to": "This key and subkeys",
}
},
"Everyone": {
"grant": {
"permissions": "Full Control",
"applies to": "This key and subkeys",
}
},
}
assert permissions["Not Inherited"] == expected
assert not win_dacl.get_inheritance(obj_name=reg_vars.name,
obj_type="registry")
assert permissions["Inherited"] == {}
def test_get_permissions(self):
'''
Test the get_permissions function
'''
self.assertTrue(
win_dacl.set_permissions(obj_name=self.obj_name,
principal='Backup Operators',
permissions='full_control',
access_mode='grant',
obj_type=self.obj_type,
reset_perms=False,
protected=None))
expected = {
'Not Inherited': {
'Backup Operators': {
'grant': {
'applies to': 'Not Inherited (file)',
'permissions': 'Full control'
}
}
}
}
self.assertEqual(
win_dacl.get_permissions(obj_name=self.obj_name,
principal='Backup Operators',
obj_type=self.obj_type), expected)
def test_get_set_permissions(test_file):
result = win_dacl.set_permissions(
obj_name=str(test_file),
principal="Backup Operators",
permissions="full_control",
access_mode="grant",
obj_type="file",
reset_perms=False,
protected=None,
)
assert result is True
expected = {
"Not Inherited": {
"Backup Operators": {
"grant": {
"applies to": "This folder only",
"permissions": "Full control",
}
}
}
}
result = win_dacl.get_permissions(
obj_name=str(test_file),
principal="Backup Operators",
obj_type="file",
)
assert result == expected
def test_present(reg_vars):
"""
Test reg.present
"""
expected = {
"comment": "Added {} to {}".format(reg_vars.vname, reg_vars.name),
"changes": {
"reg": {
"Added": {
"Inheritance": True,
"Perms": {
"Deny": None,
"Grant": None
},
"Value": reg_vars.vdata,
"Key": reg_vars.name,
"Owner": None,
"Entry": reg_vars.vname,
}
}
},
"name": reg_vars.name,
"result": True,
}
assert (reg.present(name=reg_vars.name,
vname=reg_vars.vname,
vdata=reg_vars.vdata) == expected)
permissions = win_dacl.get_permissions(obj_name=reg_vars.name,
obj_type="registry")
assert permissions["Not Inherited"] == {}
def test_get_permissions(self):
"""
Test the get_permissions function
"""
self.assertTrue(
win_dacl.set_permissions(
obj_name=self.obj_name,
principal="Backup Operators",
permissions="full_control",
access_mode="grant",
obj_type=self.obj_type,
reset_perms=False,
protected=None,
)
)
expected = {
"Not Inherited": {
"Backup Operators": {
"grant": {
"applies to": "Not Inherited (file)",
"permissions": "Full control",
}
}
}
}
self.assertEqual(
win_dacl.get_permissions(
obj_name=self.obj_name,
principal="Backup Operators",
obj_type=self.obj_type,
),
expected,
)
def test_present_perms(reg_vars, clean):
reg.present(
name=reg_vars.name,
vname=reg_vars.vname,
vdata=reg_vars.vdata,
win_perms={"Backup Operators": {
"perms": "full_control"
}},
win_deny_perms={"Guest": {
"perms": "full_control"
}},
)
permissions = win_dacl.get_permissions(obj_name=reg_vars.name,
obj_type="registry")
expected = {
"deny": {
"permissions": "Full Control",
"applies to": "This key and subkeys"
}
}
assert permissions["Not Inherited"].get("Guest") == expected
expected = {
"grant": {
"permissions": "Full Control",
"applies to": "This key and subkeys"
}
}
assert permissions["Not Inherited"].get("Backup Operators") == expected
def test_rm_permissions(self):
"""
Test the rm_permissions function
"""
self.assertTrue(
win_dacl.set_permissions(
obj_name=self.obj_name,
principal="Backup Operators",
permissions="full_control",
access_mode="grant",
obj_type=self.obj_type,
reset_perms=False,
protected=None,
)
)
self.assertTrue(
win_dacl.rm_permissions(
obj_name=self.obj_name,
principal="Backup Operators",
obj_type=self.obj_type,
)
)
self.assertEqual(
win_dacl.get_permissions(
obj_name=self.obj_name,
principal="Backup Operators",
obj_type=self.obj_type,
),
{},
)
def test_directory_new_reset_no_inherit(tmp_path):
"""
Test file.directory when the directory does not exist
Should just return "New Dir"
"""
path = os.path.join(tmp_path, "test")
ret = file.directory(
name=path,
makedirs=True,
win_perms={"Administrators": {"perms": "full_control"}},
win_deny_perms={"Guest": {"perms": "full_control"}},
win_inheritance=False,
win_perms_reset=True,
)
expected = {path: {"directory": "new"}}
assert ret["changes"] == expected
permissions = win_dacl.get_permissions(path)
expected = {
"Inherited": {},
"Not Inherited": {
"Administrators": {
"grant": {
"applies to": "This folder, subfolders and files",
"permissions": "Full control",
}
},
"Guest": {
"deny": {
"applies to": "This folder, subfolders and files",
"permissions": "Full control",
}
},
},
}
assert permissions == expected
def test_check_perms_test_true(test_file):
with patch.dict(win_dacl.__opts__, {"test": True}):
result = win_dacl.check_perms(
obj_name=str(test_file),
obj_type="file",
ret=None,
owner="Users",
grant_perms={"Backup Operators": {
"perms": "read"
}},
deny_perms={
"NETWORK SERVICE": {
"perms":
["delete", "set_value", "write_dac", "write_owner"]
},
"Backup Operators": {
"perms": ["delete"]
},
},
inheritance=True,
reset=False,
)
expected = {
"changes": {
"owner": "Users",
"grant_perms": {
"Backup Operators": {
"permissions": "read"
}
},
"deny_perms": {
"Backup Operators": {
"permissions": ["delete"]
},
"NETWORK SERVICE": {
"permissions": [
"delete",
"set_value",
"write_dac",
"write_owner",
]
},
},
},
"comment": "",
"name": str(test_file),
"result": None,
}
assert result == expected
result = win_dacl.get_owner(obj_name=str(test_file), obj_type="file")
assert result != "Users"
result = win_dacl.get_permissions(
obj_name=str(test_file),
principal="Backup Operators",
obj_type="file",
)
assert result == {}
def test_get_set_permissions(reg_key):
result = win_dacl.set_permissions(
obj_name=reg_key,
principal="Backup Operators",
permissions="full_control",
access_mode="grant",
obj_type="registry",
reset_perms=False,
protected=None,
)
assert result is True
expected = {
"Not Inherited": {
"Backup Operators": {
"grant": {
"applies to": "This key and subkeys",
"permissions": "Full Control",
}
}
}
}
result = win_dacl.get_permissions(
obj_name=reg_key,
principal="Backup Operators",
obj_type="registry",
)
assert result == expected
def test_copy_security():
with pytest.helpers.temp_file("source_test.file") as source:
# Set permissions on Source
result = win_dacl.set_permissions(
obj_name=str(source),
principal="Backup Operators",
permissions="full_control",
access_mode="grant",
obj_type="file",
reset_perms=False,
protected=None,
)
assert result is True
# Set owner on Source
result = win_dacl.set_owner(obj_name=str(source),
principal="Backup Operators",
obj_type="file")
assert result is True
# Set group on Source
result = win_dacl.set_primary_group(obj_name=str(source),
principal="Backup Operators",
obj_type="file")
assert result is True
with pytest.helpers.temp_file("target_test.file") as target:
# Copy security from Source to Target
result = win_dacl.copy_security(source=str(source),
target=str(target))
assert result is True
# Verify permissions on Target
expected = {
"Not Inherited": {
"Backup Operators": {
"grant": {
"applies to": "This folder only",
"permissions": "Full control",
}
}
}
}
result = win_dacl.get_permissions(
obj_name=str(target),
principal="Backup Operators",
obj_type="file",
)
assert result == expected
# Verify owner on Target
result = win_dacl.get_owner(obj_name=str(target), obj_type="file")
assert result == "Backup Operators"
# Verify group on Target
result = win_dacl.get_primary_group(obj_name=str(target),
obj_type="file")
assert result == "Backup Operators"
def test_check_perms_test_true(self):
"""
Test the check_perms function
"""
with patch.dict(win_dacl.__opts__, {"test": True}):
result = win_dacl.check_perms(
obj_name=self.obj_name,
obj_type=self.obj_type,
ret=None,
owner="Users",
grant_perms={"Backup Operators": {
"perms": "read"
}},
deny_perms={
"NETWORK SERVICE": {
"perms":
["delete", "set_value", "write_dac", "write_owner"]
},
"Backup Operators": {
"perms": ["delete"]
},
},
inheritance=True,
reset=False,
)
expected = {
"changes": {
"owner": "Users",
"perms": {
"Backup Operators": {
"grant": "read",
"deny": ["delete"]
},
"NETWORK SERVICE": {
"deny":
["delete", "set_value", "write_dac", "write_owner"]
},
},
},
"comment": "",
"name": self.obj_name,
"result": None,
}
self.assertDictEqual(result, expected)
self.assertNotEqual(
win_dacl.get_owner(obj_name=self.obj_name, obj_type=self.obj_type),
"Users")
self.assertEqual(
win_dacl.get_permissions(
obj_name=self.obj_name,
principal="Backup Operators",
obj_type=self.obj_type,
),
{},
)
def test_check_perms_test_true(self):
'''
Test the check_perms function
'''
with patch.dict(win_dacl.__opts__, {"test": True}):
result = win_dacl.check_perms(
obj_name=self.obj_name,
obj_type=self.obj_type,
ret=None,
owner='Users',
grant_perms={'Backup Operators': {
'perms': 'read'
}},
deny_perms={
'NETWORK SERVICE': {
'perms':
['delete', 'set_value', 'write_dac', 'write_owner']
},
'Backup Operators': {
'perms': ['delete']
}
},
inheritance=True,
reset=False)
expected = {
'changes': {
'perms': {}
},
'comment': '',
'name': self.obj_name,
'pchanges': {
'owner': 'Users',
'perms': {
'Backup Operators': {
'grant': 'read',
'deny': ['delete']
},
'NETWORK SERVICE': {
'deny':
['delete', 'set_value', 'write_dac', 'write_owner']
}
}
},
'result': None
}
self.assertDictEqual(result, expected)
self.assertNotEqual(
win_dacl.get_owner(obj_name=self.obj_name, obj_type=self.obj_type),
'Users')
self.assertEqual(
win_dacl.get_permissions(obj_name=self.obj_name,
principal='Backup Operators',
obj_type=self.obj_type), {})
def test_present_perms_no_inherit(reg_vars, clean):
reg.present(
name=reg_vars.name,
vname=reg_vars.vname,
vdata=reg_vars.vdata,
win_inheritance=False,
)
assert not win_dacl.get_inheritance(obj_name=reg_vars.name,
obj_type="registry")
permissions = win_dacl.get_permissions(obj_name=reg_vars.name,
obj_type="registry")
assert permissions["Inherited"] == {}
def test_directory_new_no_inherit(tmp_path):
"""
Test file.directory when the directory does not exist
Should just return "New Dir"
"""
path = os.path.join(tmp_path, "test")
ret = file.directory(
name=path,
makedirs=True,
win_perms={"Administrators": {"perms": "full_control"}},
win_deny_perms={"Guest": {"perms": "full_control"}},
win_inheritance=False,
)
expected = {path: {"directory": "new"}}
assert ret["changes"] == expected
assert not win_dacl.get_inheritance(path)
permissions = win_dacl.get_permissions(path)
assert permissions["Inherited"] == {}
def test_rm_permissions(self):
'''
Test the rm_permissions function
'''
self.assertTrue(win_dacl.set_permissions(obj_name=self.obj_name,
principal='Backup Operators',
permissions='full_control',
access_mode='grant',
obj_type=self.obj_type,
reset_perms=False,
protected=None))
self.assertTrue(win_dacl.rm_permissions(obj_name=self.obj_name,
principal='Backup Operators',
obj_type=self.obj_type))
self.assertEqual(win_dacl.get_permissions(obj_name=self.obj_name,
principal='Backup Operators',
obj_type=self.obj_type),
{})
def test_directory_existing_no_inherit(tmp_path):
path = str(tmp_path)
ret = file.directory(
name=path,
makedirs=True,
win_perms={"Everyone": {"perms": "full_control"}},
win_deny_perms={"Guest": {"perms": ["write_data", "write_attributes"]}},
win_inheritance=False,
)
expected = {
"deny_perms": {"Guest": {"permissions": ["write_data", "write_attributes"]}},
"grant_perms": {"Everyone": {"permissions": "full_control"}},
"inheritance": False,
}
# We are checking these individually because sometimes it will return an
# owner if it is running under the Administrator account
assert ret["changes"]["deny_perms"] == expected["deny_perms"]
assert ret["changes"]["grant_perms"] == expected["grant_perms"]
assert ret["changes"]["inheritance"] == expected["inheritance"]
assert not win_dacl.get_inheritance(path)
permissions = win_dacl.get_permissions(path)
assert permissions["Inherited"] == {}
def test_check_perms(self):
"""
Test the check_perms function
"""
with patch.dict(win_dacl.__opts__, {"test": False}):
result = win_dacl.check_perms(
obj_name=self.obj_name,
obj_type=self.obj_type,
ret={},
owner="Users",
grant_perms={"Backup Operators": {"perms": "read"}},
deny_perms={
"Backup Operators": {"perms": ["delete"]},
"NETWORK SERVICE": {
"perms": [
"delete",
"change_permissions",
"write_attributes",
"write_data",
]
},
},
inheritance=True,
reset=False,
)
expected = {
"changes": {
"owner": "Users",
"perms": {
"Backup Operators": {"grant": "read", "deny": ["delete"]},
"NETWORK SERVICE": {
"deny": [
"delete",
"change_permissions",
"write_attributes",
"write_data",
]
},
},
},
"comment": "",
"name": self.obj_name,
"result": True,
}
self.assertDictEqual(result, expected)
expected = {
"Not Inherited": {
"Backup Operators": {
"grant": {
"applies to": "Not Inherited (file)",
"permissions": "Read",
},
"deny": {
"applies to": "Not Inherited (file)",
"permissions": ["Delete"],
},
}
}
}
self.assertDictEqual(
win_dacl.get_permissions(
obj_name=self.obj_name,
principal="Backup Operators",
obj_type=self.obj_type,
),
expected,
)
expected = {
"Not Inherited": {
"NETWORK SERVICE": {
"deny": {
"applies to": "Not Inherited (file)",
"permissions": [
"Change permissions",
"Create files / write data",
"Delete",
"Write attributes",
],
}
}
}
}
self.assertDictEqual(
win_dacl.get_permissions(
obj_name=self.obj_name,
principal="NETWORK SERVICE",
obj_type=self.obj_type,
),
expected,
)
self.assertEqual(
win_dacl.get_owner(obj_name=self.obj_name, obj_type=self.obj_type), "Users"
)
def test_directory_existing_reset_no_inherit(tmp_path):
path = str(tmp_path)
ret = file.directory(
name=path,
makedirs=True,
win_perms={"Everyone": {
"perms": "full_control"
}},
win_deny_perms={
"Guest": {
"perms": ["write_data", "write_attributes"]
}
},
win_perms_reset=True,
win_inheritance=False,
)
expected = {
"deny_perms": {
"Guest": {
"permissions": ["write_data", "write_attributes"]
}
},
"grant_perms": {
"Everyone": {
"permissions": "full_control"
}
},
"inheritance": False,
"remove_perms": {
"Administrators": {
"grant": {
"applies to": "This folder, subfolders and files",
"permissions": "Full control",
},
},
"SYSTEM": {
"grant": {
"applies to": "This folder, subfolders and files",
"permissions": "Full control",
},
},
CURRENT_USER: {
"grant": {
"applies to": "This folder, subfolders and files",
"permissions": "Full control",
},
},
},
}
# We are checking these individually because sometimes it will return an
# owner if it is running under the Administrator account
assert ret["changes"]["deny_perms"] == expected["deny_perms"]
assert ret["changes"]["grant_perms"] == expected["grant_perms"]
assert ret["changes"]["inheritance"] == expected["inheritance"]
assert ret["changes"]["remove_perms"] == expected["remove_perms"]
permissions = win_dacl.get_permissions(path)
expected = {
"Inherited": {},
"Not Inherited": {
"Everyone": {
"grant": {
"applies to": "This folder, subfolders and files",
"permissions": "Full control",
}
},
"Guest": {
"deny": {
"applies to":
"This folder, subfolders and files",
"permissions":
["Create files / write data", "Write attributes"],
}
},
},
}
assert permissions == expected
def test_check_perms(reg_key):
result = win_dacl.check_perms(
obj_name=reg_key,
obj_type="registry",
ret={},
owner="Users",
grant_perms={"Backup Operators": {
"perms": "read"
}},
deny_perms={
"Backup Operators": {
"perms": ["delete"]
},
"NETWORK SERVICE": {
"perms": ["delete", "set_value", "write_dac", "write_owner"]
},
},
inheritance=True,
reset=False,
)
expected = {
"changes": {
"owner": "Users",
"grant_perms": {
"Backup Operators": {
"permissions": "read"
}
},
"deny_perms": {
"Backup Operators": {
"permissions": ["delete"]
},
"NETWORK SERVICE": {
"permissions": [
"delete",
"set_value",
"write_dac",
"write_owner",
]
},
},
},
"comment": "",
"name": reg_key,
"result": True,
}
assert result == expected
expected = {
"Not Inherited": {
"Backup Operators": {
"grant": {
"applies to": "This key and subkeys",
"permissions": "Read",
},
"deny": {
"applies to": "This key and subkeys",
"permissions": ["Delete"],
},
}
}
}
result = win_dacl.get_permissions(
obj_name=reg_key,
principal="Backup Operators",
obj_type="registry",
)
assert result == expected
expected = {
"Not Inherited": {
"NETWORK SERVICE": {
"deny": {
"applies to":
"This key and subkeys",
"permissions": [
"Delete",
"Set Value",
"Write DAC",
"Write Owner",
],
}
}
}
}
result = win_dacl.get_permissions(
obj_name=reg_key,
principal="NETWORK SERVICE",
obj_type="registry",
)
assert result == expected
result = win_dacl.get_owner(obj_name=reg_key, obj_type="registry")
assert result == "Users"
def test_check_perms(self):
'''
Test the check_perms function
'''
with patch.dict(win_dacl.__opts__, {"test": False}):
result = win_dacl.check_perms(
obj_name=self.obj_name,
obj_type=self.obj_type,
ret={},
owner='Users',
grant_perms={'Backup Operators': {
'perms': 'read'
}},
deny_perms={
'Backup Operators': {
'perms': ['delete']
},
'NETWORK SERVICE': {
'perms': [
'delete', 'change_permissions', 'write_attributes',
'write_data'
]
}
},
inheritance=True,
reset=False)
expected = {
'changes': {
'owner': 'Users',
'perms': {
'Backup Operators': {
'grant': 'read',
'deny': ['delete']
},
'NETWORK SERVICE': {
'deny': [
'delete', 'change_permissions', 'write_attributes',
'write_data'
]
}
}
},
'comment': '',
'name': self.obj_name,
'pchanges': {
'perms': {}
},
'result': True
}
self.assertDictEqual(result, expected)
expected = {
'Not Inherited': {
'Backup Operators': {
'grant': {
'applies to': 'Not Inherited (file)',
'permissions': 'Read'
},
'deny': {
'applies to': 'Not Inherited (file)',
'permissions': ['Delete']
}
}
}
}
self.assertDictEqual(
win_dacl.get_permissions(obj_name=self.obj_name,
principal='Backup Operators',
obj_type=self.obj_type), expected)
expected = {
'Not Inherited': {
'NETWORK SERVICE': {
'deny': {
'applies to':
'Not Inherited (file)',
'permissions': [
'Delete', 'Create files / write data',
'Write attributes', 'Change permissions'
]
}
}
}
}
self.assertDictEqual(
win_dacl.get_permissions(obj_name=self.obj_name,
principal='NETWORK SERVICE',
obj_type=self.obj_type), expected)
self.assertEqual(
win_dacl.get_owner(obj_name=self.obj_name, obj_type=self.obj_type),
'Users')
def test_check_perms(test_file):
result = win_dacl.check_perms(
obj_name=str(test_file),
obj_type="file",
ret={},
owner="Users",
grant_perms={"Backup Operators": {
"perms": "read"
}},
deny_perms={
"Backup Operators": {
"perms": ["delete"]
},
"NETWORK SERVICE": {
"perms": [
"delete",
"change_permissions",
"write_attributes",
"write_data",
]
},
},
inheritance=True,
reset=False,
)
expected = {
"changes": {
"owner": "Users",
"grant_perms": {
"Backup Operators": {
"permissions": "read"
}
},
"deny_perms": {
"Backup Operators": {
"permissions": ["delete"]
},
"NETWORK SERVICE": {
"permissions": [
"delete",
"change_permissions",
"write_attributes",
"write_data",
]
},
},
},
"comment": "",
"name": str(test_file),
"result": True,
}
assert result == expected
expected = {
"Not Inherited": {
"Backup Operators": {
"deny": {
"applies to": "This folder only",
"permissions": ["Delete"],
},
"grant": {
"applies to": "This folder only",
"permissions": "Read"
},
}
}
}
result = win_dacl.get_permissions(
obj_name=str(test_file),
principal="Backup Operators",
obj_type="file",
)
assert result == expected
expected = {
"Not Inherited": {
"NETWORK SERVICE": {
"deny": {
"applies to":
"This folder only",
"permissions": [
"Change permissions",
"Create files / write data",
"Delete",
"Write attributes",
],
}
}
}
}
result = win_dacl.get_permissions(
obj_name=str(test_file),
principal="NETWORK SERVICE",
obj_type="file",
)
assert result == expected
result = win_dacl.get_owner(obj_name=str(test_file), obj_type="file")
assert result == "Users"