python/samba/tests/samba_tool/ntacl.py

   1 # Unix SMB/CIFS implementation.
   2 # Copyright (C) Andrew Bartlett 2012
   3 #
   4 # Based on user.py:
   5 # Copyright (C) Sean Dague <sdague@linux.vnet.ibm.com> 2011
   6 #
   7 # This program is free software; you can redistribute it and/or modify
   8 # it under the terms of the GNU General Public License as published by
   9 # the Free Software Foundation; either version 3 of the License, or
  10 # (at your option) any later version.
  11 #
  12 # This program is distributed in the hope that it will be useful,
  13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15 # GNU General Public License for more details.
  16 #
  17 # You should have received a copy of the GNU General Public License
  18 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19 #
  20
  21 import os
  22 import time
  23 import ldb
  24 from samba.tests.samba_tool.base import SambaToolCmdTest
  25 import random
  26
  27
  28 class NtACLCmdSysvolTestCase(SambaToolCmdTest):
  29     """Tests for samba-tool ntacl sysvol* subcommands"""
  30
  31     def test_ntvfs(self):
  32         (result, out, err) = self.runsubcmd("ntacl", "sysvolreset",
  33                                             "--use-ntvfs")
  34         self.assertCmdSuccess(result, out, err)
  35         self.assertEqual(out, "", "Shouldn't be any output messages")
  36         self.assertIn("Please note that POSIX permissions have NOT been changed, only the stored NT ACL", err)
  37
  38     def test_s3fs(self):
  39         (result, out, err) = self.runsubcmd("ntacl", "sysvolreset",
  40                                             "--use-s3fs")
  41
  42         self.assertCmdSuccess(result, out, err)
  43         self.assertEqual(err, "", "Shouldn't be any error messages")
  44         self.assertEqual(out, "", "Shouldn't be any output messages")
  45
  46     def test_ntvfs_check(self):
  47         (result, out, err) = self.runsubcmd("ntacl", "sysvolreset",
  48                                             "--use-ntvfs")
  49         self.assertCmdSuccess(result, out, err)
  50         self.assertEqual(out, "", "Shouldn't be any output messages")
  51         self.assertIn("Please note that POSIX permissions have NOT been changed, only the stored NT ACL", err)
  52         # Now check they were set correctly
  53         (result, out, err) = self.runsubcmd("ntacl", "sysvolcheck")
  54         self.assertCmdSuccess(result, out, err)
  55         self.assertEqual(err, "", "Shouldn't be any error messages")
  56         self.assertEqual(out, "", "Shouldn't be any output messages")
  57
  58     def test_s3fs_check(self):
  59         (result, out, err) = self.runsubcmd("ntacl", "sysvolreset",
  60                                             "--use-s3fs")
  61
  62         self.assertCmdSuccess(result, out, err)
  63         self.assertEqual(err, "", "Shouldn't be any error messages")
  64         self.assertEqual(out, "", "Shouldn't be any output messages")
  65
  66         # Now check they were set correctly
  67         (result, out, err) = self.runsubcmd("ntacl", "sysvolcheck")
  68         self.assertCmdSuccess(result, out, err)
  69         self.assertEqual(err, "", "Shouldn't be any error messages")
  70         self.assertEqual(out, "", "Shouldn't be any output messages")
  71
  72
  73 class NtACLCmdGetSetTestCase(SambaToolCmdTest):
  74     """Tests for samba-tool ntacl get/set subcommands"""
  75
  76     acl = "O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
  77
  78     def test_ntvfs(self):
  79         path = os.environ['SELFTEST_PREFIX']
  80         tempf = os.path.join(path, "pytests" + str(int(100000 * random.random())))
  81         open(tempf, 'w').write("empty")
  82
  83         (result, out, err) = self.runsubcmd("ntacl", "set", self.acl, tempf,
  84                                             "--use-ntvfs")
  85         self.assertCmdSuccess(result, out, err)
  86         self.assertEqual(out, "", "Shouldn't be any output messages")
  87         self.assertIn("Please note that POSIX permissions have NOT been changed, only the stored NT ACL", err)
  88
  89     def test_s3fs(self):
  90         path = os.environ['SELFTEST_PREFIX']
  91         tempf = os.path.join(path, "pytests" + str(int(100000 * random.random())))
  92         open(tempf, 'w').write("empty")
  93
  94         (result, out, err) = self.runsubcmd("ntacl", "set", self.acl, tempf,
  95                                             "--use-s3fs")
  96
  97         self.assertCmdSuccess(result, out, err)
  98         self.assertEqual(err, "", "Shouldn't be any error messages")
  99         self.assertEqual(out, "", "Shouldn't be any output messages")
 100
 101     def test_ntvfs_check(self):
 102         path = os.environ['SELFTEST_PREFIX']
 103         tempf = os.path.join(path, "pytests" + str(int(100000 * random.random())))
 104         open(tempf, 'w').write("empty")
 105
 106         (result, out, err) = self.runsubcmd("ntacl", "set", self.acl, tempf,
 107                                             "--use-ntvfs")
 108         self.assertCmdSuccess(result, out, err)
 109         self.assertEqual(out, "", "Shouldn't be any output messages")
 110         self.assertIn("Please note that POSIX permissions have NOT been changed, only the stored NT ACL", err)
 111
 112         # Now check they were set correctly
 113         (result, out, err) = self.runsubcmd("ntacl", "get", tempf,
 114                                             "--use-ntvfs", "--as-sddl")
 115         self.assertCmdSuccess(result, out, err)
 116         self.assertEqual(err, "", "Shouldn't be any error messages")
 117         self.assertEqual(self.acl + "\n", out, "Output should be the ACL")
 118
 119     def test_s3fs_check(self):
 120         path = os.environ['SELFTEST_PREFIX']
 121         tempf = os.path.join(path, "pytests" + str(int(100000 * random.random())))
 122         open(tempf, 'w').write("empty")
 123
 124         (result, out, err) = self.runsubcmd("ntacl", "set", self.acl, tempf,
 125                                             "--use-s3fs")
 126         self.assertCmdSuccess(result, out, err)
 127         self.assertEqual(out, "", "Shouldn't be any output messages")
 128         self.assertEqual(err, "", "Shouldn't be any error messages")
 129
 130         # Now check they were set correctly
 131         (result, out, err) = self.runsubcmd("ntacl", "get", tempf,
 132                                             "--use-s3fs", "--as-sddl")
 133         self.assertCmdSuccess(result, out, err)
 134         self.assertEqual(err, "", "Shouldn't be any error messages")
 135         self.assertEqual(self.acl + "\n", out, "Output should be the ACL")
 136
 137 class NtACLCmdChangedomsidTestCase(SambaToolCmdTest):
 138     """Tests for samba-tool ntacl changedomsid subcommand"""
 139
 140     acl = "O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
 141     new_acl="O:S-1-5-21-2212615479-2695158682-2101375468-512G:S-1-5-21-2212615479-2695158682-2101375468-513D:P(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-519)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
 142     domain_sid=os.environ['DOMSID']
 143     new_domain_sid="S-1-5-21-2212615479-2695158682-2101375468"
 144
 145     def test_ntvfs_check(self):
 146         path = os.environ['SELFTEST_PREFIX']
 147         tempf = os.path.join(
 148             path, "pytests" + str(int(100000 * random.random())))
 149         open(tempf, 'w').write("empty")
 150
 151         print("DOMSID: %s", self.domain_sid)
 152
 153         (result, out, err) = self.runsubcmd("ntacl",
 154                                             "set",
 155                                             self.acl,
 156                                             tempf,
 157                                             "--use-ntvfs")
 158         self.assertCmdSuccess(result, out, err)
 159         self.assertEqual(out, "", "Shouldn't be any output messages")
 160         self.assertIn("Please note that POSIX permissions have NOT been "
 161                       "changed, only the stored NT ACL", err)
 162
 163         (result, out, err) = self.runsubcmd("ntacl",
 164                                             "changedomsid",
 165                                             self.domain_sid,
 166                                             self.new_domain_sid,
 167                                             tempf,
 168                                             "--use-ntvfs")
 169         self.assertCmdSuccess(result, out, err)
 170         self.assertEqual(out, "", "Shouldn't be any output messages")
 171         self.assertIn("Please note that POSIX permissions have NOT been "
 172                       "changed, only the stored NT ACL.", err)
 173
 174         # Now check they were set correctly
 175         (result, out, err) = self.runsubcmd("ntacl",
 176                                             "get",
 177                                             tempf,
 178                                             "--use-ntvfs",
 179                                             "--as-sddl")
 180         self.assertCmdSuccess(result, out, err)
 181         self.assertEqual(err, "", "Shouldn't be any error messages")
 182         self.assertEqual(self.new_acl + "\n", out, "Output should be the ACL")
 183
 184     def test_s3fs_check(self):
 185         path = os.environ['SELFTEST_PREFIX']
 186         tempf = os.path.join(
 187             path, "pytests" + str(int(100000 * random.random())))
 188         open(tempf, 'w').write("empty")
 189
 190         print("DOMSID: %s" % self.domain_sid)
 191
 192         (result, out, err) = self.runsubcmd("ntacl",
 193                                             "set",
 194                                             self.acl,
 195                                             tempf,
 196                                             "--use-s3fs",
 197                                             "--service=sysvol")
 198         self.assertCmdSuccess(result, out, err)
 199         self.assertEqual(out, "", "Shouldn't be any output messages")
 200         self.assertEqual(err, "", "Shouldn't be any error messages")
 201
 202         (result, out, err) = self.runsubcmd("ntacl",
 203                                             "changedomsid",
 204                                             self.domain_sid,
 205                                             self.new_domain_sid,
 206                                             tempf,
 207                                             "--use-s3fs",
 208                                             "--service=sysvol")
 209         self.assertCmdSuccess(result, out, err)
 210         self.assertEqual(out, "", "Shouldn't be any output messages")
 211         self.assertEqual(err, "", "Shouldn't be any error messages")
 212
 213         # Now check they were set correctly
 214         (result, out, err) = self.runsubcmd("ntacl",
 215                                             "get",
 216                                             tempf,
 217                                             "--use-s3fs",
 218                                             "--as-sddl",
 219                                             "--service=sysvol")
 220         self.assertCmdSuccess(result, out, err)
 221         self.assertEqual(err, "", "Shouldn't be any error messages")
 222         self.assertEqual(self.new_acl + "\n", out, "Output should be the ACL")