import samba.tests
from samba.dcerpc import security
+from samba.security import access_check
+from samba import ntstatus
+from samba import NTSTATUSError
+
class SecurityTokenTests(samba.tests.TestCase):
self.assertEquals(desc.type, 0x8004)
def test_from_sddl_invalidsddl(self):
- self.assertRaises(TypeError,security.descriptor.from_sddl, "foo",security.dom_sid("S-2-0-0"))
+ self.assertRaises(TypeError, security.descriptor.from_sddl, "foo", security.dom_sid("S-2-0-0"))
def test_from_sddl_invalidtype1(self):
- self.assertRaises(TypeError, security.descriptor.from_sddl, security.dom_sid('S-2-0-0-512'),security.dom_sid("S-2-0-0"))
+ self.assertRaises(TypeError, security.descriptor.from_sddl, security.dom_sid('S-2-0-0-512'), security.dom_sid("S-2-0-0"))
def test_from_sddl_invalidtype2(self):
sddl = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"
self.assertRaises(TypeError, security.descriptor.from_sddl, sddl,
- "S-2-0-0")
+ "S-2-0-0")
def test_as_sddl(self):
text = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"
text = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"
dom = security.dom_sid("S-2-0-0")
desc1 = security.descriptor.from_sddl(text, dom)
- self.assertRaises(TypeError, desc1.as_sddl,text)
-
+ self.assertRaises(TypeError, desc1.as_sddl, text)
def test_as_sddl_no_domainsid(self):
dom = security.dom_sid("S-2-0-0")
def test_privilege_name(self):
self.assertEquals("SeShutdownPrivilege",
- security.privilege_name(security.SEC_PRIV_SHUTDOWN))
+ security.privilege_name(security.SEC_PRIV_SHUTDOWN))
def test_privilege_id(self):
self.assertEquals(security.SEC_PRIV_SHUTDOWN,
- security.privilege_id("SeShutdownPrivilege"))
+ security.privilege_id("SeShutdownPrivilege"))
+
+class CheckAccessTests(samba.tests.TestCase):
+
+ def test_check_access(self):
+ desc = security.descriptor.from_sddl("O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)", security.dom_sid("S-2-0-0"))
+ token = security.token()
+
+ self.assertEqual(access_check(desc, token, 0), 0)
+
+ params = (
+ (security.SEC_FLAG_SYSTEM_SECURITY,
+ ntstatus.NT_STATUS_PRIVILEGE_NOT_HELD),
+ (security.SEC_STD_READ_CONTROL, ntstatus.NT_STATUS_ACCESS_DENIED)
+ )
+
+ for arg, num in params:
+ try:
+ result = access_check(desc, token, arg)
+ except Exception as e:
+ self.assertTrue(isinstance(e, NTSTATUSError))
+ e_num, e_msg = e.args
+ self.assertEqual(num, e_num)