traffic: new version of model with packet_rate, version number

[samba.git] / python / samba / tests / security.py

diff --git a/python/samba/tests/security.py b/python/samba/tests/security.py
index d2938aacb02cd624104797f86546d157c6741787..1b1c1557eee452ff29b8d180fa5fff7a7792f4df 100644 (file)
--- a/python/samba/tests/security.py
+++ b/python/samba/tests/security.py
@@ -19,6 +19,10 @@
 
 import samba.tests
 from samba.dcerpc import security
+from samba.security import access_check
+from samba import ntstatus
+from samba import NTSTATUSError
+
 
 class SecurityTokenTests(samba.tests.TestCase):
 
@@ -62,15 +66,15 @@ class SecurityDescriptorTests(samba.tests.TestCase):
         self.assertEquals(desc.type, 0x8004)
 
     def test_from_sddl_invalidsddl(self):
-        self.assertRaises(TypeError,security.descriptor.from_sddl, "foo",security.dom_sid("S-2-0-0"))
+        self.assertRaises(TypeError, security.descriptor.from_sddl, "foo", security.dom_sid("S-2-0-0"))
 
     def test_from_sddl_invalidtype1(self):
-        self.assertRaises(TypeError, security.descriptor.from_sddl, security.dom_sid('S-2-0-0-512'),security.dom_sid("S-2-0-0"))
+        self.assertRaises(TypeError, security.descriptor.from_sddl, security.dom_sid('S-2-0-0-512'), security.dom_sid("S-2-0-0"))
 
     def test_from_sddl_invalidtype2(self):
         sddl = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"
         self.assertRaises(TypeError, security.descriptor.from_sddl, sddl,
-                "S-2-0-0")
+                          "S-2-0-0")
 
     def test_as_sddl(self):
         text = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"
@@ -86,8 +90,7 @@ class SecurityDescriptorTests(samba.tests.TestCase):
         text = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"
         dom = security.dom_sid("S-2-0-0")
         desc1 = security.descriptor.from_sddl(text, dom)
-        self.assertRaises(TypeError, desc1.as_sddl,text)
-
+        self.assertRaises(TypeError, desc1.as_sddl, text)
 
     def test_as_sddl_no_domainsid(self):
         dom = security.dom_sid("S-2-0-0")
@@ -135,9 +138,31 @@ class PrivilegeTests(samba.tests.TestCase):
 
     def test_privilege_name(self):
         self.assertEquals("SeShutdownPrivilege",
-                security.privilege_name(security.SEC_PRIV_SHUTDOWN))
+                          security.privilege_name(security.SEC_PRIV_SHUTDOWN))
 
     def test_privilege_id(self):
         self.assertEquals(security.SEC_PRIV_SHUTDOWN,
-                security.privilege_id("SeShutdownPrivilege"))
+                          security.privilege_id("SeShutdownPrivilege"))
+
 
+class CheckAccessTests(samba.tests.TestCase):
+
+    def test_check_access(self):
+        desc = security.descriptor.from_sddl("O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)", security.dom_sid("S-2-0-0"))
+        token = security.token()
+
+        self.assertEqual(access_check(desc, token, 0), 0)
+
+        params = (
+            (security.SEC_FLAG_SYSTEM_SECURITY,
+             ntstatus.NT_STATUS_PRIVILEGE_NOT_HELD),
+            (security.SEC_STD_READ_CONTROL, ntstatus.NT_STATUS_ACCESS_DENIED)
+        )
+
+        for arg, num in params:
+            try:
+                result = access_check(desc, token, arg)
+            except Exception as e:
+                self.assertTrue(isinstance(e, NTSTATUSError))
+                e_num, e_msg = e.args
+                self.assertEqual(num, e_num)